Crest Registered Security Analyst, CRSA
This course is the perfect preparation for the skills, that candidates are expected to know, in readiness for the CREST CRSA practical examination.
Attendees will be helped to sharpen, and improve their hands-on penetration testing knowledge, against reference networks, hosts, and applications. This is very much a ‘roll-your-sleeves-up-and-get-stuck-in’, intensive practical training course.
The CREST Registered Penetration Tester qualification, is recognised by the National Cyber Security Centre (NCSC), as providing the minimum standard for CHECK Team Member status.
Course Style
Live Instructor Led. Face-to-Face or Attend-From-Any-Where
What is included?
- 5 days of training
- Course material/Slides
- Examination Fees
- 96.9% Certification Success in First Attempt
- Classroom training Or Attend-From-Any-Where
- Training delivered by Professionals with enormous industry experience
- Total comprehensive exam preparation
What you will Learn?
Attendees will learn the common set of core skills and knowledge, that demonstrates that they can perform an infrastructure and web application vulnerability scan using commonly available tools; and interpret the results. These include:
- Core Technical Skills – OS fingerprinting, cryptography and network mapping
- Information Gathering & Open Source – Google Hacking and DNS checks
- Networking Equipment – configuration analysis and networking protocols
- Windows and Unix Security Assessments – common vulnerabilities and patch management
- Web Testing Techniques
Who should attend?
- Aspiring information security personnel who wish to be part of a Pen Test team
- System administrators who are responding to attacks
- Incident handlers who wish to expand their knowledge into Penetration Testing and Digital Forensics
- Government departments who wish to raise and baseline skills across all security teams
- Law enforcement officers or detectives who want to expand their investigative skills
- Information security managers who would like to brush up on the latest techniques and processes in order to understand information security implications
- Anyone meeting the pre-requisites who is considering a career in Penetration Testing
Course Dates
18 – 22 Mar,2024
15 – 19 Apr,2024
17 – 21 Jun,2024
16 – 20 Sep,2024
18 – 22 Nov,2024
Course Outline
Appendix A Core Technical Skills
A1 Using Tools and Interpreting Output
A2 OS Fingerprinting
Appendix B Internet Information Gathering and Reconnaissance
B1 DNS
Appendix C Networks
C1 Network Connections
C2 VLAN Tagging
C3 IPv4
C4 Network Mapping
C5 Network Devices
C6 Network Filtering
C7 Traffic Analysis
C8 TCP
C9 UDP
C10 Service Identification
C11 Host Discovery
Appendix D – Network Services
D1 Unencrypted Services
D2 TLS / SSL
D3 Name Resolution Services
D4 Management Services
D5 Desktop Access
D6 IPsec
D7 FTP
D10 SSH
D11 NFS
D12 SMB
D13 LDAP
D14 Berkeley R* Services
D15 X
D16 Finger
D17 RPC Services
D18 NTP
D19 SMTP and Mail Servers
Appendix E – Microsoft Windows Security Assessment
E1 Windows Reconnaissance
E2 Windows Network Enumeration
E3 Active Directory Enumeration
E4 Windows Passwords
E5 Windows Processes
E6 Windows File Permissions
E7 Registry
E8 Windows Remote Exploitation
E9 Windows Local Exploitation
E10 Windows Post Exploitation
E11 Windows Patch Management
E12 Windows Desktop Lockdown
E13 Common Windows Applications
Appendix F – Linux / UNIX Security Assessment
F1 Linux / UNIX Reconnaissance
F2 Linux / UNIX Network Enumeration
F3 Linux / UNIX Passwords
F4 Linux / UNIX File Permissions
F5 Linux / UNIX Processes
F7 Linux / UNIX Local Exploitation
F8 Linux / UNIX Post Exploitation
Appendix G – Web Technologies
G1 Web Servers
G2 Web Application Frameworks
G3 Common Web Applications
G4 Web Protocols
G5 Mark Up Languages
G6 Web Application Reconnaissance
G7 Information Gathering
G8 Web Authentication
G9 Web Authorisation
G10 Input Validation
G11 Cross Site Scripting
G12 SQL Injection
G13 Mail Injection
G14 OS Command Injection
G15 Sessions
G16 Cookies
G17 Session Hijacking
G18 Cross Site Request Forgery
G19 Web Cryptography
G20 Parameter Manipulation
G21 Directory Traversal
G22 File Uploads
G23 Web Application Logic Flaws
Appendix H – Databases
H1 SQL Relational Databases
H2 Microsoft SQL Server
H3 Oracle RDBMS
H4 MySQL
H5 PT009.05 PostgreSQL
Prerequisites
Attendance of the CPSA course or a CPSA certification is a pre-requisite for this course.