CSTL UNIX Security Knowledge

Please click on the following tabs to reveal the knowledge depth required for a successful pass of the CSTL exam.

You will be given a random selection of questions. Please note exam content is subject to change due to circumstances beyond our control – use this as a guide and email us if you have any queries.

  • Can identify Unix hosts on a target network.
  • Can demonstrate and explain the enumeration of data from a variety of common network services on various platforms including:
    • Filesystems or resources shared remotely, such as NFS and SMB
    • SMTP • SSH • Telnet • SNMP and RID cyclin
  • Is aware of legacy user enumeration techniques such as rusers and rwho.
  • Can enumerate RPC services and identify thosewith known security vulnerabilities.
  • Understands users, groups and password policies, including complexity requirements and lock-out.
  • Understands how to avoid causing a denial of service by locking-out accounts.
  • Understands UNIX password hashing algorithms and their associated security attributes.
  • Understands how passwords are stored and protected and can demonstrate how they can be recovered.
  • Understands and can demonstrate off-line password cracking using dictionary and brute-force attacks.
  • Can demonstrate the recovery of password hashes when given physical access to a UNIX host.
  • Understands the format of the passwd, shadow, group and gshadow files.
  • Understands and can demonstrate Local privilege escalation techniques, e.g. through the manipulation of insecure file system permissions.
  • Understands and can demonstrate the local exploitation of Solaris and Linux operating system vulnerabilities.

  • Understands and can demonstratethe remote exploitation of Solaris and Linux operating system vulnerabilities.
  • Understands and can demonstrate commonpost-exploitation activities, including:
    • obtaining locally stored clear-text passwords
    • password recovery (exfiltration and cracking)
    • lateral movement
    • checking OS and third party software application patch levels
    • deriving a list of missing security patches
    • reversion of OS and software components to previous state.
  • Understands FTP and can demonstrate how a poorly configured FTP server can be exploited,e.g. the downloading of arbitrary files, the uploading and over-writing of files, and the modification of file system permissions.
  • Understands the security implications of anonymous FTP access.
  • Understands TFTP and can demonstrate how a poorly configured TFTP server can be exploited, e.g. the downloading of arbitrary files, the uploading over-writing of files.
  • Understands and can exploit TFTP within a Cisco environment.
  • Understands NFS and its associated security attributesand can demonstrate how exports can be identified.
  • Can demonstrate how a poorly configured NFS service can lead to thecompromise of a server, allow a user to escalate privileges and/or gainfurther access to a host, e.g. through the creation of SUID-root files, the modification of files and file system permissions, and UID/GID manipulation.
  • Understands the concepts of root squashing, nosuid and noexec options.
  • Understands how NFS exports can be restricted at both a host and file level.
  • Understands the Berkeley r-services and their associated security attributes and can demonstrate how trust relationships can:
    • lead to the compromise of a server
    • allow a user to escalate privileges and/or gain further accessto a host, e.g. through the use, creation or modification of .rhosts and/or /etc/hosts.equiv files

  • Understand that SSH can be used for port forwarding and file transfer.
  • Understands SSH and its associated security attributes, including thedifferent versions of the protocol, version fingerprinting and howthe service can be used to provide a number of remote access services.
  • Can demonstrate how trust relationships can lead to the compromise of a server, allow a user to escalate privileges and/or gain further access to a host, e.g. through the use, creation or modification of --/.ssh/authorized_keys files.
  • Demonstrate ability to use forwardand reverse port forwarding.
  • Understands X and its associated securityattributes, and can demonstrate how insecure sessions can be exploited, e.g. by obtaining screen shots, capturing keystrokes andinjecting commands into open terminals.
  • Can describe the differences between X and %SYSRC and the typical use cases within a test.
  • Understands and can demonstrate validusername discovery via EXPN and VRFY.
  • Awareness of recent sendmail vulnerabilities and abilityto exploit them if possible.
  • Understands mail relaying.
  • Understands backported patches, and the effect they have on scanning tools.
  • Understands OS lifecycle management.
  • Understands enterprise patchingstrategies for Linux.
    Understands patchingin air-gapped environments.
    Understands security implications of installing software outside of OS package manager.

Understands purpose of using sudo rather than logging in as root.
Understands difference between sudo and su.
Demonstrates ability to exploit weak sudo configuration.