There are core areas of technical knowledge that need to be understood ready to pass your CSTM exam. Our full syllabus can be found on our website, below highlights the key knowledge areas that need to be understood in order to pass your CSTM exam. The Cyber Scheme‘s CSTM training maps the CSTM syllabus and will give you the confidence to sit our NCSC-accredited exam knowing the topics and knowledge domains that are likely to come up.
Book here for our CSTM training
P Protocols
- Understands lPv4 and IPv6 and their associated security attributes
- Understands common IP/Ethernet protocols and their associated security attributes, including:
- • TCP • UDP • ICMP • ARP • DHCP • DNS • CDR HSRP • VRRP • VTP • STP • TACACS+
- Understands the security implications of using clear-text protocols, such as Telnet and FTP
File Permissions
- Understands and can demonstrate the manipulation of file system permission on UNIX-like and Windows operating systems.
- Can find “interesting’ files on an operating system, e.g. those with insecure or “unusual” permissions, or containing user account passwords.
- Can identify running processes on UNIX-like and Windows operating systems and exploit vulnerabilities to escalate privileges.
- Understands technical, logistical, financial and other constraints and is able to take these into account without compromising the effectiveness of the penetration test.
- Understands and can demonstrate the detection and manipulation of weak registry ACLs.
- Cryptography
- Understands cryptography and its use in a networked environment.
- Understands common encrypted protocols and software applications, such as SSH, SSL, IPSEC and PGP.
- Understands wireless protocols that support cryptographic functions, including: WEP; WPA; WPA2; TKIP; EAP; LEAP; PEAP Understands their associated security attributes and how they can be attacked.
- Understands the differences between symmetric and asymmetric cryptography and can give examples of each.
- Understands common cryptographic algorithms, such as DES, 3DES, RSA, RC4 and AES, including their security attributes and how they can be attacked.
- Understands common hash functions, such as MD5, SHA1 and SHA256including their security attributes and how they can be attacked.
- Understands different authentication methods such as passwords and certificates.
- Understands the generation and role of HMACs.
- Understands PKI and the concepts of IKE Certificate Authorities and trusted third parties.
- Understands the difference between encoding and encrypting.
- Understand the dangers of implementing custom cryptography.
- Understand the differences between encryption modes (EBC, CBC, GCM, etc).
- Understand best practices around key management.
Pivoting
- Understand the concept of pivoting through compromised devices.
- Can demonstrate pivoting through a number of devices in order to gain access to targets on a distant subnet.
- Network Pivoting Techniques e.g.
- • Windows netsh Port Forwarding • SSH • SOCKS Proxy • Local Port Forwarding • Remote Port Forwarding • Proxychains • Graphtcp • Web SOCKS – reGeorg • Metasploit • sshuttle • chisel • SharpChisel • gost • Rpivot • RevSocks • plink • ngrok
Tools
- Can use a variety of tools during a penetration test, selecting the most appropriate tool to meet a particular requirement.
- Understand the limitations of automated testing.
- Interpret and understand the output of tools, including those used for port scanning, vulnerability scanning, enumeration, exploitation and traffic capture.
- Can identify when tool output can and can not be trusted. Can demonstrate an approach to verifying to output.
- Can effectively use command line during assurance testing.
- Packet Generation
- Understands the different types of packets that are likely to be encountered during a penetration test.
- Understands packet fragmentation.
- Port Scanning
- Understands different TCP connection states.
- Understands and can demonstrate active techniques for discovery of nodes on a network, such as:
- SYN and TCP-Connect scanning
- FIN/NULL and XMAS scanning
- UDP port scanning
- TCP ping scanning
- ICMP scanning
Identification
- Can identify the network services offered by a host by banner inspection.
- Can state the purpose of an identified network service and determine its type and version.
- Understands the methods associated with unknown service identification, enumeration and validation.
- Understands advanced analysis techniques for unknown services and protocols.
- Fingerprinting
- Understands active and passive operating system fingerprinting techniques and can demonstrate their use during a penetration test.
- Traffic Filtering
- Understands network traffic filtering and where this may occur in a network.
- Understands the devices and technology that implement traffic filtering, such as firewalls, and can advise on their configuration.
- Can demonstrate methods by which traffic filters can be bypassed.
- Understands network access control systems, such as 802.1x and MAC address filtering, and can demonstrate how these technologies can be bypassed.
Patch Levels
- Understands Microsoft patch management strategies and tools, including:
- Microsoft Systems Management Server (SMS)
- Microsoft Software Update Service (SUS
- Microsoft Windows Server Update Services (WSUS)
- Microsoft Baseline Security Analyser (MBSA)
- Understands network access control systems, such as 802.1x and MAC address filtering, and can demonstrate how these technologies can be bypassed.
Build Review
- Demonstrate the ability to perform a security build review of common operating systems
- Understands and can test against common build standards such as CIS benchmarks.
Hardware Security
- Understands the concepts behind common microprocessor vulnerabilities such as Spectre and Meltdown
- Understands the concepts behind side-channel attacks such as timing analysis and power analysis
- Understands how side-channel attacks can aid crypt analysis and otherwise expose sensitive data
- Understands common risks associated with Bluetooth, including:
- Bluesnarfing
- Bluejacking
- Bluebugging.
Book your CSTM exam here