Crest Registered Security Analyst, CRSA

This course is the perfect preparation for the skills, that candidates are expected to know, in readiness for the CREST CRSA practical examination.

Attendees will be helped to sharpen, and improve their hands-on penetration testing knowledge, against reference networks, hosts, and applications. This is very much a ‘roll-your-sleeves-up-and-get-stuck-in’, intensive practical training course.

The CREST Registered Penetration Tester qualification, is recognised by the National Cyber Security Centre (NCSC), as providing the minimum standard for CHECK Team Member status.

Cyber Skills Training - Image of a woman

Course Style

Live Instructor Led. Face-to-Face or Attend-From-Any-Where

Skill up and get certified, guaranteed

What is included?

  • 5 days of training
  • Course material/Slides
  • Examination Fees
  • 96.9% Certification Success in First Attempt
  • Classroom training Or Attend-From-Any-Where
  • Training delivered by Professionals with enormous industry experience 
  • Total comprehensive exam preparation

What you will Learn?

Attendees will learn the common set of core skills and knowledge, that demonstrates that they can perform an infrastructure and web application vulnerability scan using commonly available tools; and interpret the results. These include:

  • Core Technical Skills – OS fingerprinting, cryptography and network mapping
  • Information Gathering & Open Source – Google Hacking and DNS checks
  • Networking Equipment – configuration analysis and networking protocols
  • Windows and Unix Security Assessments – common vulnerabilities and patch management
  • Web Testing Techniques

Who should attend?

  • Aspiring information security personnel who wish to be part of a Pen Test team
  • System administrators who are responding to attacks
  • Incident handlers who wish to expand their knowledge into Penetration Testing and Digital Forensics
  • Government departments who wish to raise and baseline skills across all security teams
  • Law enforcement officers or detectives who want to expand their investigative skills
  • Information security managers who would like to brush up on the latest techniques and processes in order to understand information security implications
  • Anyone meeting the pre-requisites who is considering a career in Penetration Testing

Course Dates

18 – 22 Mar,2024
15 – 19 Apr,2024
17 – 21 Jun,2024
16 – 20 Sep,2024
18 – 22 Nov,2024

Course Outline

Appendix A Core Technical Skills

A1 Using Tools and Interpreting Output
A2 OS Fingerprinting

Appendix B Internet Information Gathering and Reconnaissance


Appendix C Networks

C1 Network Connections
C2 VLAN Tagging
C3 IPv4
C4 Network Mapping
C5 Network Devices
C6 Network Filtering
C7 Traffic Analysis
C10 Service Identification
C11 Host Discovery

Appendix D – Network Services
D1 Unencrypted Services
D3 Name Resolution Services
D4 Management Services
D5 Desktop Access
D6 IPsec
D14 Berkeley R* Services
D15 X
D16 Finger
D17 RPC Services
D19 SMTP and Mail Servers

Appendix E – Microsoft Windows Security Assessment

E1 Windows Reconnaissance
E2 Windows Network Enumeration
E3 Active Directory Enumeration
E4 Windows Passwords
E5 Windows Processes
E6 Windows File Permissions
E7 Registry
E8 Windows Remote Exploitation
E9 Windows Local Exploitation
E10 Windows Post Exploitation
E11 Windows Patch Management
E12 Windows Desktop Lockdown
E13 Common Windows Applications

Appendix F – Linux / UNIX Security Assessment

F1 Linux / UNIX Reconnaissance
F2 Linux / UNIX Network Enumeration
F3 Linux / UNIX Passwords
F4 Linux / UNIX File Permissions
F5 Linux / UNIX Processes
F7 Linux / UNIX Local Exploitation
F8 Linux / UNIX Post Exploitation

Appendix G – Web Technologies

G1 Web Servers
G2 Web Application Frameworks
G3 Common Web Applications
G4 Web Protocols
G5 Mark Up Languages
G6 Web Application Reconnaissance
G7 Information Gathering
G8 Web Authentication
G9 Web Authorisation
G10 Input Validation
G11 Cross Site Scripting
G12 SQL Injection
G13 Mail Injection
G14 OS Command Injection
G15 Sessions
G16 Cookies
G17 Session Hijacking
G18 Cross Site Request Forgery
G19 Web Cryptography
G20 Parameter Manipulation
G21 Directory Traversal
G22 File Uploads
G23 Web Application Logic Flaws

Appendix H – Databases

H1 SQL Relational Databases
H2 Microsoft SQL Server
H3 Oracle RDBMS
H5 PT009.05 PostgreSQL



Attendance of the CPSA course or a CPSA certification is a pre-requisite for this course.

Are you ready to get started?