CREST Registered Penetration Tester

CREST Registered Penetration Tester

About this Course
Tech Type
Premium
Code
QACRPT
Duration
5 Days
 

Special Notices
The course PenTesting tools and VMs all pre-downloaded and provided on a USB stick (over 70Gb). These are yours to keep so you can re-run the course as many times as you wish or use them for future reference.

The CRT course leads to the CREST Registered Tester (CRT) examination, which is recognised by the NCSC as providing the minimum standard for CHECK Team Member status and is designed to assess a candidate’s ability to carry out basic vulnerability assessment and penetration testing tasks.

The CREST Registered Tester exam is a practical assessment, where the candidate will be expected to find known vulnerabilities across common network, application and database technologies aimed at assessing the candidate’s technical knowledge of penetration testing methodology and skills against reference networks, hosts and applications.

A pass at CPSA level is a pre-requisite for the Registered Tester examination and success at both CPSA and CRT will confer the CREST Registered status to the individual. An individual passing the CPSA but failing the practical element, which is this CRT exam, will still retain the CPSA Practitioner certificate and may apply to re-take the CRT practical exam at a later date, when they feel that they are ready to do so. Individuals who pass the CRT exam can request that their information be provided to the NCSC to be considered for CHECK Team Member Status. CPSA is available as a separate course.

Target Audience

• Aspiring information security personnel who wish to be part of a PenTest team
• System administrators who are responding to attacks
• Incident handlers who wish to expand their knowledge into Penetration Testing and Digital Forensics
• Government departments who wish to raise and baseline skills across all security teams
• Law enforcement officers or detectives who want to expand their investigative skills
• Information security managers who would like to brush up on the latest techniques and processes inorder to understand information security implications
• Anyone meeting the pre-requisites who is considering a career in Penetration Testing

 
Prerequisites
A pass at CPSA level is a pre-requisite for the Registered Tester examination.

Structure
The course consists of nine modules:

Module 1 – Core Technical Skills
Module 2 – Background Information Gathering & Open Source
Module 3 – Networking Equipment
Module 4 – Microsoft Windows Security Assessment
Module 5 – Unix Security Assessment
Module 6 – Web Technologies
Module 7 – Web Testing Techniques
Module 8 – Databases
Module 9 - Preparation for the CRT exam

Assessment
Continual assessment, with topic quizzes, module tests and practical exercises ensure that you understand the knowledge and learn the skills delivered in each module.

 
Course Outline
MODULE 1 - Core Technical Skills

• Network Mapping & Target Identification
• Interpreting Tool Output
• OS Fingerprinting
• Application Fingerprinting and Evaluating Unknown Services
• File System Permissions

MODULE 2 - Background Information Gathering & Open Source

• Domain Name Server (DNS)

MODULE 3 - Networking Equipment

• Management Protocols

MODULE 4 - Microsoft Windows Security Assessment

• Domain Reconnaissance
• User Enumeration
• Active Directory
• Windows Vulnerabilities
• Common Windows Applications

MODULE 5 - Unix Security Assessment

• User Enumeration
• Unix Vulnerabilities
• FTP
• Sendmail / SMTP
• Network File System (NFS)
• R* services
• X11

MODULE 6 - Web Technologies

• Web Server Operation
• Web Servers & their Flaws
• Web Protocols
• Web Application Serers

MODULE 7 - Web Testing Techniques

• Web Site Structure Discovery
• Cross Site Scripting Attacks
• SQL Injection
• Parameter Manipulation

MODULE 8 - Databases

• Microsoft SQL Server
• Oracle RDBMS
• Web / App / Database Connectivity
• RPC services
• SSH

MODULE 9 - Preparation for CRT exam

• CRT - Examination Guidance
• CRT - Practice Exam