CSTL Core Technical Knowledge

Please click on the following tabs to reveal the knowledge depth required for a successful pass of the CSTL exam.

You will be given a random selection of questions. Please note exam content is subject to change due to circumstances beyond our control – use this as a guide and email us if you have any queries.

  • Understands lPv4 and IPv6 and their associated security attributes.
  • Understands common IP/Ethernet protocols and their associated security attributes, including:
    • TCP • UDP • ICMP • ARP • DHCP • DNS • CDR HSRP • VRRP • VTP • STP • TACACS+.
  • Understands the security implications of using clear-text protocols,such as Telnet and FTP.
  • Understands and can demonstrate the manipulation of file system permissionon UNIX-like and Windows operating systems.
  • Can find "interesting' files on an operating system, e.g. those with insecureor "unusual" permissions, or containing user account passwords.
  • Can identify running processes on UNIX-like and Windows operating systemsand exploit vulnerabilities to escalate privileges.
  • Understands technical, logistical, financial and other constraintsand is able to take these into account without compromising theeffectiveness of the penetration test.
  • Understands and can demonstrate the detectionand manipulation of weak registry ACLs.
  • Understands cryptography and its use in a networked environment.
  • Understands common encrypted protocols and software applications, such as SSH, SSL, IPSEC and PGP.
  • Understands wireless protocols that support cryptographic functions, including: WEP; WPA; WPA2; TKIP; EAP; LEAP; PEAP Understands their associated security attributes and how they can be attacked.
  • Understands the differences between symmetric and asymmetric cryptography and can give examples of each.
  • Understands common cryptographic algorithms, such as DES, 3DES, RSA, RC4 and AES, including their security attributes and how they can be attacked
  • Understands common hash functions, such as MD5, SHA1 and SHA256including their security attributes and how they can be attacked.
  • Understands different authentication methods such as passwords and certificates.
  • Understands the generation and role of HMACs.
  • Understands PKI and the concepts of IKE Certificate Authorities and trusted third parties.
  • Understands the difference between encoding and encrypting.
  • Understand the dangers of implementing custom cryptography.
  • Understand the differences between encryption modes (EBC, CBC, GCM, etc).
  • Understand best practices around key management.
  • Identify and exploit weaknessesin custom cryptography.
  • Understand the concept of pivoting through compromised devices.
  • Can demonstrate pivoting through a number of devicesin order to gain access to targets on a distant subnet.
  • Network Pivoting Techniques e.g.
    • Windows netsh Port Forwarding
    • SSH o SOCKS Proxy o Local Port Forwarding o Remote Port Forwarding
    • Proxychains • Graphtcp • Web SOCKS - reGeorg • Metasploit
    • sshuttle • chisel o SharpChisel • gost • Rpivot • RevSocks • plink • ngrok • Basic Pivoting Types o Listen - Listen o Listen - Connect o Connect - Connect

  • Can use a variety of tools during a penetration test, selecting the most appropriate tool to meet a particular requirement.
  • Understand the limitations of automated testing.
  • Interpret and understand the output of tools, including those used for port scanning, vulnerability scanning, enumeration, exploitation and traffic capture.
  • Can identify when tool output can and can not be trusted. Can demonstrate an approach to verifying to output.
  • Can effectively use command line during assurance testing.
  • Demonstrate ability to carry out testing when tools are not available or functional.
  • Understands the different types of packets that are likely to be encountered during a penetration test.
  • Understands packet fragmentation.
  • Can generate arbitrary packets, includingTCP, UDP, ICMP and ARP, modifying packet parameters as required, e.g. source anddestination IP addresses, source anddestination ports, and TTL.
  • Understands ARP spoofing and can demonstrate this technique in a safe and reliable way.
  • Understands different TCP connection states.
  • Understands and can demonstrate active techniques for discovery of nodes on a network, such as:
    • SYN and TCP-Connect scanning
    • FIN/NULL and XMAS scanning
    • UDP port scanning
    • TCP ping scanning
    • ICMP scanning.
  • Can identify the network services offered by a host by banner inspection.
  • Can state the purpose of an identified network service and determine its type and version.
  • Understands the methods associated with unknown service identification, enumeration and validation.
  • Understands advanced analysis techniquesfor unknown services and protocols.

  • Understands active and passive operating system fingerprinting techniquesand can demonstrate their use during a penetration test.
  • Understands network traffic filtering and where this may occur in a network.
  • Understands the devices and technology that implement traffic filtering, such as firewalls,and can advise on their configuration.
  • Can demonstrate methods by which traffic filters can be bypassed.
  • Understands network access control systems, such as 802.1x and MAC address filtering, and can demonstrate
  • how these technologies can be bypassed.
  • Understands Microsoft patch management strategies and tools, including:
    • Microsoft Systems Management Server (SMS)
    • Microsoft Software Update Service (SUS)
    • Microsoft Windows Server Update Services (WSUS)
    • Microsoft Baseline Security Analyser (MBSA)
  • Understands network access control systems, such as 802.1x and MAC address filtering, and can demonstrate how these technologies can be bypassed.
  • Demonstrate the ability to perform a security build reviewof common operating systems.
  • Understands and can test against common build standardssuch as CIS benchmarks.
  • Can map technical controls to a customer’s business requirements and intents, justifyingthe need to tighten or relax them wherenecessary to meet business needs.
  • Understands the concepts behind common microprocessorvulnerabilities such as Spectre and Meltdown.
  • Understands the concepts behind side-channel attackssuch as timing analysis and power analysis.
  • Understands how side-channel attacks can aid cryptanalysisand otherwise expose sensitive data.
  • Understands common risks associated with Bluetooth, including:
    • Bluesnarfing • Bluejacking • Bluebugging