CSTM/CSTL Information Gathering

Please click on the following tabs to reveal the knowledge depth required for a successful pass of the CSTM or CSTL exam.

You will be given a random selection of questions. Please note exam content is subject to change due to circumstances beyond our control – use this as a guide and email us if you have any queries.

  • Understands the format of a WHOIS record and can obtainsuch a record to derive information about an IP address and/or domain.
  • Understands the Domain Name Service (DNS) including queries andresponses, zone transfers, and the structureand purpose of records, including:
    • SOA • NS • MX •A •AAAA •CNAME •PTR
    • TXT (including use in DMARC policies)
    • HINFO •SVR
  • Can demonstrate how a DNS server can be queriedto obtain the information detailed in these records.
  • Can demonstrate how a DNS server can be queriedto reveal other information that might reveal target systemsor indicate the presence of security vulnerabilities.
  • Can identify the presence of dangling DNS entries andunderstands the associated security vulnerabilities(e.g. susceptibility to subdomain takeover).
  • Can interrogate a website to obtain information about a target network,such as the name and contact details of the network administrator.
  • Can analyse information from a target web site, both from displayed content and from within the HTML source.
  • Can use search engines, news groups, mailing lists and other services to obtain information abouta target network, such as the name and contact details of the network administrator.
  • Can analyse e-mail headers to identify system information.

  • Can obtain information about a target network from information leaked in email headers,HTML meta tags and other locations, such as an internal network IP addresses.
  • Can enumerate services, their software types and versions, using banner grabbing techniques.
  • Can retrieve information from SNMP services and understands theMIB structure pertaining to the identification of security vulnerabilities.
  • Understands common phishing techniques and how these can lead to compromise.
  • Recognises when vulnerabilities discovered elsewhere can be leveraged as part of a phishing campaign.