CREST CPSA/CRT Bootcamp

CREST Accredited
training programme.

bt_bb_section_bottom_section_coverage_image

https://icsiglobal.com/wp-content/uploads/2020/08/floating_image_04.png

Why choose the ICSI CREST CPSA/CRT Bootcamp?

This CREST accredited training course will prepare students for the CREST CPSA theoretical and CRT practical exam. The CREST Registered Penetration Tester examination is recognised by the NCSC as providing the minimum standard for CHECK Team Member status and is designed to assess a candidate’s ability to carry out basic vulnerability assessment and penetration testing tasks.

https://icsiglobal.com/wp-content/uploads/2022/03/crest-atp.png

Curriculum
What's included
Duration and Delivery
Prices and Financing
Career Services
FAQ

Curriculum

During the Bootcamp, candidates will take the following courses to prepare for the CREST exams.

https://icsiglobal.com/wp-content/uploads/2022/02/shutterstock_717740953-1.png

Bootcamp PreWork course 00. ICSI | CYBERSECURITY ESSENTIALS

This course teaches the basics regarding Information Security, including a holistic view of modern network security, operating system hardening, firewalls, Encryption, Application Security, Incident Response and Recovery. There are no special prerequisites for you to meet to successfully start this course.

What you'll learn

Course Outline: ICSI | CyberSecurity Essentials

Module 1: Information Security

Lessons:

What is Security
Confidentiality, Integrity and Availability triad
Privacy
Non-Repudiation
Types of Attacks
Threats, Vulnerabilities and Risk
Risk Management

Review Questions

Module 2: Identification, Authentication and Authorisation

Lessons:

Identification
Authentication
Password and Multifactor Authentication
Biometrics
Authorization

Review Questions

Module 3: Access Control

Lessons:

Access Control Lists (ACLs)
Access Control Models and Methodologies
Discretionary Access Control
Mandatory Access Control
Role-based Access Control

Review Questions

Module 4: Law and Compliance

Lessons:

Laws and Regulations
Compliance (Regulatory & Industry Compliance)

Review Questions

Module 5: Fundamentals of Encryption

Lessons:

The History of Encryption
Modern Encryption Methods
Windows and Linux Encryption
Hashing

Review Questions

Labs:

Enabling BitLocker
Encrypting a Folder Using EFS
Use HashGenerator to generate hashes
Use Ophcrack to crack password hashes

Module 6: Network Infrastructure and Security

Lessons:

IP Protocols
Management Protocols
Routers and Switches
Firewalls
Firewall Implementation
Proxy Servers
Windows Firewalls
Linux Firewalls
Wireless Security
Mobile Device Security
Network Security Tools

Review Questions

Labs:

Configuring Windows Firewall
Configuring iptables Rules

Module 7: Microsoft Windows Infrastructure

Lessons:

Active Directory Domain Services
Group Policy Objects
Configuring Windows
Windows Update

Review Questions

Labs:

Password Policies

Module 8: UNIX / Linux Server

Lessons:

Configuring Linux
Third Party Software Updates
Core Operating System updates

Review Questions

Labs:

Linux File Permissions
Disabling Linux Services

Module 9: Assessing System Security

Lessons:

Risk Assessment
Conducting an Initial Assessment
Probing the Network
Vulnerabilities
Documenting Security

Review Questions

Labs:

Probing the Network using Nmap
Identify details regarding a specific vulnerability

Module 10: Application Security

Lessons:

Software Development Vulnerabilities
Buffer Overflows
Input Validation Attacks
Authentication, Authorisation and Cryptographic Attacks
Web Security
Database Security
Application Security tools

Review Questions

Module 11: Incident Response and Recovery

Lessons:

What is Incident Response
The Incident Response Process Model
Why Incident Response is needed
Disaster Recovery
Business Continuity
Fault Tolerance

Review Questions

Labs:

Backup Windows 10
Backup files using CPIO
Backup files with TAR

https://icsiglobal.com/wp-content/uploads/2022/02/shutterstock_1493468873-1.png

CREST Accredited, 20 MSc Cybersecurity credits 01.ICSI | Certified Penetration Tester (CPT)

This course teaches penetration testing and will illustrate how to think like an attacker and use industry standard tools to perform penetration testing. Students will learn and perform the different phases of penetration testing assessments. The students will also learn to report the results of their assessments.

What you'll learn

Course: ICSI | CPT Certified Penetration Tester

This course is designed to teach how to perform penetration tests, how to think like an attacker and also demonstrates the tools needed to perform penetration testing.

Students will learn and perform information gathering, target discovery and enumeration, vulnerability mapping, system exploitation including Windows Domain attacks, and Azure AD (Active Directory), privilege escalation and maintaining access to compromised systems with over 40 detailed hands-on labs.

Module 1: Introduction to Kali Linux

Lessons:

Kali Linux History
Kali Linux Installation
Kali Linux Configuration
Basic Search Utilities

Labs:

Finding Files
Starting and Stopping Services

Module 2: Introduction to Penetration Testing

Lessons:

What is Penetration testing
Benefits of Penetration Testing
Vulnerability Scans
Methodologies
Ethical Issues
Legal Issues

Review Questions

Module 3: Standards

Lessons:

Penetration Testing Execution Standard (PTES)
PCI DSS
NIST 800-115
CREST UK
OWASP Top 10
ISO 27002

Review Questions

Module 4: Network Essentials

Lessons:

TCP/IP
IP Protocols
Network Architectures
Domain Name Server (DNS)
Management Protocols
Network Protocols
Using Netcat

Labs

Using Netcat

Module 5: Cryptography

Lessons:

Basics of Cryptography
History of Encryption
Symmetric Encryption
Asymmetric (Public Key) Encryption
Digital Signatures
Hashing
MAC and HMAC
Encoding
Password Crackers
Steganography
Cryptanalysis

Review Questions

Module 6: Scripting

Lessons:

Scripting
Windows PowerShell (Command Line Interface)
Linux Shell (Command Line Interface)

Labs:

Writing a Simple Bash Script

Module 7: Information Gathering

Lessons:

Passive Information Gathering
Registration Records
Google Searching
Active Information Gathering
DNS Enumeration
Host Discovery
Port and Operating System Discovery
Fingerprinting and Enumeration

Labs:

Using Shodan
DNS Enumeration
Host Discovery
Port and operating System Discovery
Fingerprinting and Enumeration
Information Gathering

Module 8: Vulnerability Assessment

Lessons:

Vulnerabilities
Packet Capture
Network Scanners
Nmap NSE
Metasploit Framework
Web Application Scanners

Labs:

Using Wireshark
Using OpenVas
Using Nmap Scripts
Using Metasploit Framework
Finding Vulnerabilities

Module 9: Reconnaissance and Exploitation of Windows Services

Lessons:

Important Windows Files
Windows Logs
The Registry
Active Directory Roles
Active Directory Database
Active Directory Reconnaissance
User and System Enumeration
Windows Vulnerabilities
Windows Privilege Escalation
Antivirus Evasion
Harvesting Credentials
Windows Password Cracking

Labs:

Active Directory Reconnaissance
User and System Enumeration
Windows Vulnerabilities
Windows Privilege Escalation
Evading Windows Defender
Responder
Dumping Credentials from Memory
Extract SAM File from Windows Registry
Attacking SMB

Module 10: Reconnaissance and Exploitation of Linux/UNIX Services

Lessons:

Linux Permissions Review
User Enumeration
Linux/Unix Service Enumeration
Linux/Unix Vulnerabilities
Linux Privilege Escalation
Linux/Unix Passwords

Labs

User Enumeration
Service Enumeration
Exploit ProFTP
Linux Privilege Escalation
Linux/Unix Vulnerabilities

Module 11: Reconnaissance and Exploitation of Web-Based Applications

Lessons:

Web Protocols
Web Servers
Web Application Structure Discovery
Cross-Site Scripting (XSS)
SQL Injection
Directory Traversal
File Uploads
Command Execution

Labs:

XSS
SQL Injection
Directory Traversal
File Uploads
Command Execution

Module 12: Databases

Lessons

Databases
Microsoft SQL Server
Oracle RDBMS
MySQL

Labs

Assessing Databases

Module 13: Lateral Movement

Lessons

Discovery
Windows Situational Awareness
Linux Situational Awareness
Lateral Movement

Labs

Pass the Hash
Port Forwarding

Module 14: Data Exfiltration

Lessons

Data from Local System
Data Exfiltration with Frameworks

Labs

Data Exfiltration with Metasploit

Module 15: Maintaining Access and Covering Tracks

Lessons

Persistence
Windows Persistence
Windows Persistence with Scheduled Tasks
.bash Startup File Manipulation
Local Job Scheduling
Linux Persistence by Adding User Accounts
Windows Persistence by Adding User Accounts

Labs

Maintaining Access

Module 16: Pen Testing Cloud Services (Azure)

Lessons

Introduction to Cloud Computing
Cloud Security
Threats and Attacks
Azure
Azure AD
Access Control
Attacking Azure with PowerZure

Labs

Attacking Azure

https://icsiglobal.com/wp-content/uploads/2022/02/shutterstock_1860560143.png

CREST Accredited 02.ICSI | Certified Web Penetration Tester (CWPT)

This course is based on OWASP Top Ten and is designed to educate those who develop, administer and secure web applications about the most common web application security vulnerabilities, the potential impact of exploiting these weaknesses and basic approaches to mitigating web application security risks.

What you'll learn

Course Outline: ICSI Certified Web Penetration Tester (CWPT)

Module 1: HTTP Protocol Overview

Lessons:

Important HTTP Methods
HTTP Status Codes
Cookies
Web Application Architecture
OWASP Top 10

Labs

Detecting HTTP Methods
Exploiting the PUT Method

Module 2: Web Vulnerability Scanners and Proxies

Lessons:

Burp Proxy
OpenVas
Nikto, Wapiti

Labs

Using Nikto
Web Vulnerability Scanners

Module 3: Profiling the Web Server

Lessons:

Nmap
Metasploit Auxiliary Modules

Labs

Scanning the Web Server

Module 4: Injection

Lessons:

Command Injection
SQL Injection
Mitigation of Injection

Labs

Authentication Bypass
SQL Injection

Module 5: Broken Authentication

Lessons:

Authentication Protocols and Weaknesses
Username Enumeration
Attacking Tomcat’s Password with Metasploit
Brute Forcing Credentials with Hydra
Mitigation of Broken Authentication

Labs:

Using Tomcat Manager to Execute Code
Username Enumeration and Brute Forcing

Module 6: Sensitive Data Exposure

Lessons:

Plaintext Protocols and Data Exposure
Mitigation of Sensitive Data Exposure

Labs:

Taking Advantage of the robots.txt file
Finding Sensitive Data on Web Applications

Module 7: XML External Entities (XXE)

Lessons:

XXE External Entities
Mitigation of XML External Entities (XXE)

Labs:

XXE Exploitation

Module 8: Broken Access Control

Lessons:

Directory Traversal Overview
Mitigation of Broken Access Control

Labs:

Remote File Inclusion
Local File Inclusion
Attacking Path Traversal

Module 9: Security Misconfiguration

Lessons:

Understanding Security Misconfiguration
Using Dirb to detect Security Misconfiguration Issues
Mitigation of Security Misconfiguration

Labs:

Security Misconfiguration

Module 10: Cross-Site Scripting (XSS)

Lessons:

Types of Cross-Site Scripting
Using Burp to Test for XSS Vulnerabilities
Mitigation of Cross-Site Scripting (XSS)

Labs

Reflected Cross Site Scripting (XSS)
Stored XSS – Stealing User Cookie
Exploiting Stored XSS Using the Header
Identifying XSS Vulnerabilities

Module 11: Using Components with Known Vulnerabilities

Lessons:

Examples
Searching for Vulnerabilities
Mitigation of Using Components with Known Vulnerabilities

Review Questions

Labs:

Identifying Web App Vulnerabilities

https://icsiglobal.com/wp-content/uploads/2022/02/shutterstock_1714927594-2.png

CREST Accredited Training04. CREST CPSA Exam Preparation

The CPSA course leads to the CREST Practitioner Security Analyst (CPSA) examination, which is an entry level qualification that tests a candidate’s knowledge in assessing operating systems and common network services at a basic level below that; of the main CRT and CCT qualifications.

What you'll learn

Course: CREST CPSA Exam Preparation

Module 1: Soft Skills and Assessment Management

Lessons:

Engagement Lifecycle
Law and Compliance
Scoping
Understanding, Explaining and Managing Risk
Record Keeping, Interim Reporting and Final Results

Review Questions

Module 2: Core Technical Skills

Lessons:

IP Protocols
Network Architectures
Network mapping and Target Identification
Filtering Avoidance Techniques
OS Fingerprinting
Application Fingerprinting and Evaluating Unknown Services
Cryptography
Applications of Cryptography
File System Permissions
Audit Techniques

Review Questions

Module 3: Background Information Gathering and Open Source

Lessons:

Registration Records
Domain Name Server (DNS)
Google Hacking and Web Enumeration
Information Leakage from Mail Headers

Review Questions

Module 4: Networking Equipment

Lessons:

Management Protocols
Network Traffic Analysis
Networking Protocols
IPsec
VoIP
Wireless
Configuration Analysis

Review Questions

Module 5: Microsoft Windows Security Assessment

Lessons:

Domain Reconnaissance
User Enumeration
Active Directory
Windows Passwords
Windows Vulnerabilities
Windows Patch Management Strategies
Desktop Lockdown
Exchange
Common Windows Applications

Review Questions

Module 6: UNIX Security Assessment

Lessons:

User Enumeration
UNIX/Linux Vulnerabilities
FTP
Sendmail/SMTP
Network File System (NFS)
R-Services
X11
RPC Services
SSH

Review Questions

Module 7: Web Technologies

Lessons:

Web Server Operation & Web Servers and Their Flaws
Web Enterprise Architectures
Web Protocols
Web Markup Languages
Web Programming Languages
Web Application Servers
Web APIs
Web Sub-Components

Review Questions

Module 8: Web-Testing Methodologies

Lessons:

Web Application Reconnaissance
Threat Modelling and Attack Vectors
Information gathering from Web Mark-up
Authentication Mechanisms
Authorisation Mechanisms
Input Validation
Information Disclosure in Error Messages
Use of Cross Site Scripting (XSS)
Use of Injection Attacks
Session Handling
Encryption
Source Code Review

Review Questions

Module 9: Web Testing Techniques

Lessons:

Web Site Structure Discovery
Cross Site Scripting Attacks
SQL Injection
Parameter Manipulation

Review Questions

Module 10: Databases

Lessons:

Databases
Microsoft SQL Server
Oracle RDBMS
MySQL

Review Questions

https://icsiglobal.com/wp-content/uploads/2022/02/shutterstock_314852288.png

CREST Accredited Training05. CREST CRT Exam Preparation

The CREST Registered Penetration Tester examination is recognized by the NCSC as providing the minimum standard for CHECK Team Member status and is designed to assess a candidate’s ability to carry out basic vulnerability assessment and penetration testing tasks.

What you'll learn

Course: CREST CRT Exam Preparation

Module 1: Core Technical Skills

Labs:

Network Mapping and Target Identification
Interpreting Tool Output
OS Fingerprinting
Application Fingerprinting and Evaluating Unknown Services
File System Permissions

Module 2: Background Information gathering and Open Source

Labs:

Domain Name Server (DNS)

Module 3: Networking Equipment

Labs:

Management Protocols

Module 4: Microsoft Windows Security Assessment

Labs:

Domain Reconnaissance and Active Directory
User Enumeration
Windows Vulnerabilities and Common Windows Applications

Module 5: UNIX Security Assessment

Labs:

User Enumeration
UNIX Vulnerabilities
FTP
Sendmail/SMTP
Network File System (NFS)
R-Services
X11
RPC Services
SSH

Module 6: Web Technologies

Labs:

Web Server Operation
Web Servers and Their Flaws
Web Protocols
Web Application Servers

Module 7: Web Testing Techniques

Labs:

Web Site Structure Discovery
Cross Site Scripting Attacks
SQL Injection
Parameter Manipulation

Module 8: Databases

Labs:

Microsoft SQL Server
Oracle RDBMS
MySQL

Speak to an advisor

What's included

Hands-On Labs

24-hr remote access to a virtual lab, train and practice your skills in your own time

100% online course

Online learning sessions combined with on-demand study material and 24/7 labs

Support

Instructor Email and One-To-One Online Support

Career Services

You’ve invested in a specialised education that is in great demand. We’ll help you make sure people know it

Multiple payment options

Different options to accommodate your budget

Exam Preparation

Practice Quizzes and MOCK Exam along with CREST exam vouchers

Speak to an advisor

Duration and Delivery

Fast and flexible programme
that gives you a powerful head start

Delivery Method

Flexible online learning sessions combined with on-demand study material and 24/7 labs

Duration

12 months duration (part-time)

Dates

Monthly enrolments

Speak to an advisor

Prices and Financing

Pay Per Course

100% online course
Instructor Email and One-To-One Online Support
On-demand study material
1 Year Access
24/7 remote access to Labs
Practice Quizzes and MOCK Exam
Certificate of Completion
1 Course
-----------------
-----------------

£750

(Choose CPSA or CRT Exam Prep. Course)

Buy Now - CPSA Exam Prep. £750

Buy Now - CRT Exam Prep. £750

Pay in Full

100% online course
Instructor Email and One-To-One Online Support
On-demand study material
1 Year Access
24/7 remote access to Labs
Practice Quizzes and MOCK Exam
Certificate of Completion
5 Courses
Career Services
CREST Exam Vouchers (CPSA&CRT)

£5000

(Pay in Full - £4,000 SAVE 20%)

Buy Now £4,000

Get an interest-free loan with Knoma

Pay with Knoma, and spread the cost of your tuition in 12 monthly payments at 0% and with no extra fees of any kind.

Flexible Student Loan

Pay with Lendwise, as low as *£119.45 per month over a five year period . *Conditions apply.

Future Earnings Agreements with StepEx

You can start your Bootcamp now and pay once you get a high-paying job. Contact us to learn more.

Speak to an advisor

Career Services

You’ve invested in a specialised education that is in great demand. We’ll help you make sure people know it.

CV writing services

LinkedIn profile

Cover
letter

Personal
Statement

Interview
coaching

Speak to an advisor

FAQ

Read our answers to the most common questions from interested students like yourself.

01.

What are the entry requirements?

Candidates over the age of 18 are eligible to enrol in the programme, having minimum 1-2 years working experience in a related field and can demonstrate good knowledge of the English language.

02.

What are the certification requirements?

The CREST CRT certification is granted to all who have obtained the following two certifications.

CREST Practitioner Security Analyst (CPSA)
CREST Registered Penetration Tester (CRT)

03.

Is this an online programme?

Yes. This programme is 100% online. Students can do it from the comfort of their own home or wherever they have a computer and internet.

04.

What is the examination format?

CREST Practitioner Security Analyst

The examination is a multiple choice written assessment and is a pre-requisite for sitting the CREST Registered Penetration Tester examination. The examination is delivered at Pearson Vue test centres.

CREST Registered Penetration Tester

The CREST Registered penetration tester exam is a practical assessment where the candidate will be expected to find known vulnerabilities across common network, application and database technologies and a multiple choice section aimed at assessing the candidates technical knowledge and is delivered at a CREST examination centre.

Speak to an advisor