CREST CPSA/CRT Bootcamp (with exam vouchers)

This course will prepare students for the CREST CPSA theoretical and CRT practical exam, as a CREST accredited course, it is closely aligned with the CREST CPSA / CRT technical syllabus. The CREST Registered Penetration Tester examination is recognised by the NCSC as providing the minimum standard for CHECK Team Member status and is designed to assess a candidate’s ability to carry out basic vulnerability assessment and penetration testing tasks.

Interested in attending? Have a suggestion about running this event near you?
Register your interest now

  • Elearning

    Course Access: 1 Year, 100% online course, 24-hr remote access to a virtual lab, Instructor Email and One-To-One Online Support, CREST Exam Vouchers Included
    • £1,666.67 excl. VAT


Day 1

Appendix A: Soft Skills and Assessment Management
Module 1: Engagement Lifecycle (A1)
Module 2: Law and Compliance (A2)
Module 3: Scoping (A3)
Module 4: Understanding, Explaining and Managing Risk (A4)
Module 5: Record Keeping, Interim Reporting and Final Results (A5)
Appendix A Quiz

Appendix B: Core Technical Skills
Module 1: IP Protocols (B1)
Module 2: Network Architectures (B2)
Module 3: Network Mapping and Target Identification (B4)
Guided Exercise: Network Mapping and Target Identification (B4) (CRT)
Guided Exercise: Interpreting Tool Output (B5) (CRT)
Module 4: Filtering Avoidance Techniques (B6)
Module 5: OS Fingerprinting (B8)
Guided Exercise: OS Fingerprinting (B8) (CRT)
Guided Exercise: Application Fingerprinting and Evaluating Unknown Services (B9) (CRT)
Module 6: Cryptography (B11)
Module 7: Applications of Cryptography (B12)
Module 8: File System Permissions (B13)
Guided Exercise: File System Permissions  (B13) (CRT)
Module 9: Audit Techniques (B14)
Appendix B Quiz

Day 2

Appendix C: Background Information Gathering & Open Source
Module 1: Registration Records (C1)
Module 2: Domain Name Server (DNS) (C2)
Guided Exercise: Domain Name Server (DNS) (C2) (CRT)
Module 3: Google Hacking and Web Enumeration (C4)
Module 4: Information Leakage from Mail Headers (C6)
Appendix C Quiz

Appendix D: Networking Equipment
Module 1: Management Protocols (D1)
Guided Exercise: Management Protocols (D1) (CRT)
Module 2: Network Traffic Analysis (D2)
Module 2: Network Traffic Analysis (D2)
Module 4: IPsec (D4)
Module 5: VoIP (D5)
Module 6: Wireless (D6)
Module 7: Configuration Analysis (D7)
Appendix D Quiz

Day 3

Appendix E: Microsoft Windows Security Assessment
Module 1: Domain Reconnaissance (E1)
Guided Exercise: Domain Reconnaissance and Active Directory (E1 & E3) (CRT)
Module 2: User Enumeration (E2)
Guided Exercise: User Enumeration (E2) (CRT)
Module 3: Active Directory (E3)
Module 4: Windows Passwords (E4)
Module 5: Windows Vulnerabilities (E5)
Guided Exercise: Windows Vulnerabilities and Common Windows Applications (E5 & E9) (CRT)
Module 6: Windows Patch Management Strategies (E6)
Module 7: Desktop Lockdown (E7)
Module 8: Exchange (E8)
Module 9: Common Windows Applications (E9)
Appendix E Quiz

Appendix F: Unix Security Assessment
Module 1: User Enumeration (F1)
Guided Exercise: User Enumeration (F1) (CRT)
Module 2: UNIX/Linux Vulnerabilities (F2)
Guided Exercise: Unix Vulnerabilities (F2) (CRT)
Module 3: FTP (F3)
Guided Exercise: FTP (F3) (CRT)
Module 4: Sendmail/SMTP (F4)
Guided Exercise: Sendmail/SMTP (F4) (CRT)
Module 5: Network File System (NFS) (F5)
Guided Exercise: Network File System (NFS) (F5) (CRT)
Module 6: R-Services (F6)
Guided Exercise: R-Services (F6) (CRT)
Module 7: X11 (F7)
Guided Exercise: X11 (F7) (CRT)
Module 8: RPC Services (F8)
Guided Exercise: RPC Services (F8) (CRT)
Module 9: SSH (F9)
Guided Exercise: SSH (F9) (CRT)
Appendix F Quiz

Day 4

Appendix G: Web Technologies
Module 1: Web Server Operation & Web Servers and Their Flaws (G1 & G2)
Guided Exercise: Web Server Operation (G1) (CRT)
Guided Exercise: Web Servers & Their Flaws (G2) (CRT)
Module 2: Web Enterprise Architectures (G3)
Module 3: Web Protocols (G4)
Guided Exercise: Web Protocols (G4) (CRT)
Module 4: Web Markup Languages (G5)
Module 5: Web Programming Languages (G6)
Module 6: Web Application Servers (G7)
Guided Exercise: Web Application Servers (G7) (CRT)
Module 7: Web APIs (G8)
Module 8: Web Sub-Components (G9)
Appendix G Quiz

Appendix H: Web Testing Methodologies
Web Application Reconnaissance (H1)
Threat Modelling and Attack Vectors (H2)
Information Gathering from Web Mark-up (H3)
Authentication Mechanisms (H4)
Authorisation Mechanisms (H5)
Input Validation (H6)
Information Disclosure in Error Messages (H8)
Use of Cross Site Scripting (XSS) (H9)
Use of Injection Attacks (H1)
Session Handling (H11)
Encryption (H12)
Source Code Review (H13)
Appendix H Quiz

Day 5

Appendix I: Web Testing Techniques
Guided Exercise: Web Site Structure Discovery (I1) (CRT)
Guided Exercise: Cross Site Scripting Attacks (I2) (CRT)
Guided Exercise: SQL Injection (I3) (CRT)
Guided Exercise: Parameter Manipulation (I6) (CRT)
SQL Injection (I3)

Appendix J: Databases
Module 1: Databases
Module 2: Microsoft SQL Server (J1)
Guided Exercise: Microsoft SQL Server (J1) (CRT)
Module 3: Oracle RDBMS (J2)
Guided Exercise: Oracle RDBMS (J2) (CRT)
Module 4: MySQL (J3)
Guided Exercise: MySQL (J3) (CRT)
Appendix J Quiz

CPSA Mock Exam
CRT Mock Exam



Audience Profile

  • Penetration Tester
  • Ethical hackers
  • Red Team members
  • Vulnerability Tester
  • Security Analyst
  • Vulnerability Assessment Analyst
  • Network Security Operations

Exam Information

Exam Vouchers included (CPSA and CRT)

Subscribe to Newsletter

Enter your email address to register to our newsletter subscription delivered on regular basis! 


© Copyright ICSI, Limited
(International CyberSecurity Institute) 2023