This course leads to the CREST Practitioner Security Analyst (CPSA) and CREST Registered Penetration Tester (CRT) examinations.
Live online events
-
9 December5 days, 09:00 AM GMT - 05:00 PM GMT
-
Elearning
Course Access: 1 Year, 100% online course, 24-hr remote access to a virtual lab, Instructor Email and One-To-One Online Support, CREST Exam Vouchers Included- £2,750.00 excl. VAT
Description
Day 1
Appendix A: Soft Skills and Assessment Management
Module 1: Engagement Lifecycle (A1)
Module 2: Law and Compliance (A2)
Module 3: Scoping (A3)
Module 4: Understanding, Explaining and Managing Risk (A4)
Module 5: Record Keeping, Interim Reporting and Final Results (A5)
Appendix A Quiz
Appendix B: Core Technical Skills
Module 1: IP Protocols (B1)
Module 2: Network Architectures (B2)
Module 3: Network Mapping and Target Identification (B4)
Guided Exercise: Network Mapping and Target Identification (B4) (CRT)
Guided Exercise: Interpreting Tool Output (B5) (CRT)
Module 4: Filtering Avoidance Techniques (B6)
Module 5: OS Fingerprinting (B8)
Guided Exercise: OS Fingerprinting (B8) (CRT)
Guided Exercise: Application Fingerprinting and Evaluating Unknown Services (B9) (CRT)
Module 6: Cryptography (B11)
Module 7: Applications of Cryptography (B12)
Module 8: File System Permissions (B13)
Guided Exercise: File System Permissions (B13) (CRT)
Module 9: Audit Techniques (B14)
Appendix B Quiz
Day 2
Appendix C: Background Information Gathering & Open Source
Module 1: Registration Records (C1)
Module 2: Domain Name Server (DNS) (C2)
Guided Exercise: Domain Name Server (DNS) (C2) (CRT)
Module 3: Google Hacking and Web Enumeration (C4)
Module 4: Information Leakage from Mail Headers (C6)
Appendix C Quiz
Appendix D: Networking Equipment
Module 1: Management Protocols (D1)
Guided Exercise: Management Protocols (D1) (CRT)
Module 2: Network Traffic Analysis (D2)
Module 2: Network Traffic Analysis (D2)
Module 4: IPsec (D4)
Module 5: VoIP (D5)
Module 6: Wireless (D6)
Module 7: Configuration Analysis (D7)
Appendix D Quiz
Day 3
Appendix E: Microsoft Windows Security Assessment
Module 1: Domain Reconnaissance (E1)
Guided Exercise: Domain Reconnaissance and Active Directory (E1 & E3) (CRT)
Module 2: User Enumeration (E2)
Guided Exercise: User Enumeration (E2) (CRT)
Module 3: Active Directory (E3)
Module 4: Windows Passwords (E4)
Module 5: Windows Vulnerabilities (E5)
Guided Exercise: Windows Vulnerabilities and Common Windows Applications (E5 & E9) (CRT)
Module 6: Windows Patch Management Strategies (E6)
Module 7: Desktop Lockdown (E7)
Module 8: Exchange (E8)
Module 9: Common Windows Applications (E9)
Appendix E Quiz
Appendix F: Unix Security Assessment
Module 1: User Enumeration (F1)
Guided Exercise: User Enumeration (F1) (CRT)
Module 2: UNIX/Linux Vulnerabilities (F2)
Guided Exercise: Unix Vulnerabilities (F2) (CRT)
Module 3: FTP (F3)
Guided Exercise: FTP (F3) (CRT)
Module 4: Sendmail/SMTP (F4)
Guided Exercise: Sendmail/SMTP (F4) (CRT)
Module 5: Network File System (NFS) (F5)
Guided Exercise: Network File System (NFS) (F5) (CRT)
Module 6: R-Services (F6)
Guided Exercise: R-Services (F6) (CRT)
Module 7: X11 (F7)
Guided Exercise: X11 (F7) (CRT)
Module 8: RPC Services (F8)
Guided Exercise: RPC Services (F8) (CRT)
Module 9: SSH (F9)
Guided Exercise: SSH (F9) (CRT)
Appendix F Quiz
Day 4
Appendix G: Web Technologies
Module 1: Web Server Operation & Web Servers and Their Flaws (G1 & G2)
Guided Exercise: Web Server Operation (G1) (CRT)
Guided Exercise: Web Servers & Their Flaws (G2) (CRT)
Module 2: Web Enterprise Architectures (G3)
Module 3: Web Protocols (G4)
Guided Exercise: Web Protocols (G4) (CRT)
Module 4: Web Markup Languages (G5)
Module 5: Web Programming Languages (G6)
Module 6: Web Application Servers (G7)
Guided Exercise: Web Application Servers (G7) (CRT)
Module 7: Web APIs (G8)
Module 8: Web Sub-Components (G9)
Appendix G Quiz
Appendix H: Web Testing Methodologies
Web Application Reconnaissance (H1)
Threat Modelling and Attack Vectors (H2)
Information Gathering from Web Mark-up (H3)
Authentication Mechanisms (H4)
Authorisation Mechanisms (H5)
Input Validation (H6)
Information Disclosure in Error Messages (H8)
Use of Cross Site Scripting (XSS) (H9)
Use of Injection Attacks (H1)
Session Handling (H11)
Encryption (H12)
Source Code Review (H13)
Appendix H Quiz
Day 5
Appendix I: Web Testing Techniques
Guided Exercise: Web Site Structure Discovery (I1) (CRT)
Guided Exercise: Cross Site Scripting Attacks (I2) (CRT)
Guided Exercise: SQL Injection (I3) (CRT)
Guided Exercise: Parameter Manipulation (I6) (CRT)
SQL Injection (I3)
Appendix J: Databases
Module 1: Databases
Module 2: Microsoft SQL Server (J1)
Guided Exercise: Microsoft SQL Server (J1) (CRT)
Module 3: Oracle RDBMS (J2)
Guided Exercise: Oracle RDBMS (J2) (CRT)
Module 4: MySQL (J3)
Guided Exercise: MySQL (J3) (CRT)
Appendix J Quiz
CPSA Mock Exam
CRT Mock Exam
Accreditation
Audience Profile
- Penetration Tester
- Ethical hackers
- Red Team members
- Vulnerability Tester
- Security Analyst
- Vulnerability Assessment Analyst
- Network Security Operations
Exam Information
Exam Vouchers included (CPSA and CRT)