CSTM UNIX Security Knowledge
Please click on the following tabs to reveal the knowledge depth required for a successful pass of the CSTM exam.
You will be given a random selection of questions. Please note exam content is subject to change due to circumstances beyond our control – use this as a guide and email us if you have any queries.
- Can identify Unix hosts on a target network.
- Can demonstrate and explain the enumeration of data from a variety of common network services on various platforms including:
• Filesystems or resources shared remotely, such as NFS and SMB
• SMTP • SSH • Telnet • SNMP and RID cyclin
- Is aware of legacy user enumeration techniques such as rusers and rwho.
- Can enumerate RPC services and identify thosewith known security vulnerabilities.
Understands users, groups and password policies, including complexity requirements and lock-out.
Understands how to avoid causing a denial of service by locking-out accounts.
Understands UNIX password hashing algorithms and their associated security attributes.
Understands how passwords are stored and protected and can demonstrate how they can be recovered.
Understands and can demonstrate off-line password cracking using dictionary and brute-force attacks.
Can demonstrate the recovery of password hashes when given physical access to a UNIX host.
- Understands and can demonstrate Local privilege escalation techniques, e.g. through the manipulation of insecure file system permissions.
- Understands and can demonstrate commonpost-exploitation activities, including:
• obtaining locally stored clear-text passwords
• password recovery (exfiltration and cracking)
• lateral movement
• checking OS and third party software application patch levels
• deriving a list of missing security patches
• reversion of OS and software components to previous state.
- Understands FTP and can demonstrate how a poorly configured FTP server can be exploited,e.g. the downloading of arbitrary files, the uploading and over-writing of files, and the modification of file system permissions.
- Understands the security implications of anonymous FTP access.
- Understands TFTP and can demonstrate how a poorly configured TFTP server can be exploited, e.g. the downloading of arbitrary files, the uploading over-writing of files.
- Understands and can exploit TFTP within a Cisco environment.
- Understands NFS and its associated security attributesand can demonstrate how exports can be identified.
- Can demonstrate how a poorly configured NFS service can lead to thecompromise of a server, allow a user to escalate privileges and/or gainfurther access to a host, e.g. through the creation of SUID-root files, the modification of files and file system permissions, and UID/GID manipulation.
- Understands the concepts of root squashing, nosuid and noexec options.
- Understands how NFS exports can be restricted at both a host and file level.
- Understands the Berkeley r-services and their associated security attributes and can demonstrate how trust relationships can:
• lead to the compromise of a server
• allow a user to escalate privileges and/or gain further accessto a host, e.g. through the use, creation or modification of .rhosts and/or /etc/hosts.equiv files
- Understand that SSH can be used for port forwarding and file transfer.
- Understands SSH and its associated security attributes, including thedifferent versions of the protocol, version fingerprinting and howthe service can be used to provide a number of remote access services.
- Can demonstrate how trust relationships can lead to the compromise of a server, allow a user to escalate privileges and/or gain further access to a host, e.g. through the use, creation or modification of --/.ssh/authorized_keys files.
- Understands and can demonstrate validusername discovery via EXPN and VRFY.
- Awareness of recent sendmail vulnerabilities and abilityto exploit them if possible.
- Understands mail relaying.
- Understands backported patches, and the effect they have on scanning tools.
- Understands OS lifecycle management.
Understands purpose of using sudo rather than logging in as root.
Understands difference between sudo and su.
Demonstrates ability to exploit weak sudo configuration.