Understands common risks associated with Bluetooth, including: • Bluesnarfing • Bluejacking • Bluebugging

–

Understands how side-channel attacks can aid cryptanalysis and otherwise expose sensitive data

–

Understands the concepts behind side-channel attacks such as timing analysis and power analysis

–

Understands the concepts behind common microprocessor vulnerabilities such as Spectre and Meltdown

Understands and can test against common build standards such as CIS benchmarks

–

Demonstrate the ability to perform a security build review of common operating systems

Can obtain operating system patch levels on UNIX-like and Windows operating systems

–

Understands Microsoft patch management strategies and tools, including:
• Microsoft Systems Management Server (SMS)
• Microsoft Software Update Service (SUS)
• Microsoft Windows Server Update Services (WSUS)
• Microsoft Baseline Security Analyser (MBSA)

Understands network access control systems, such as 802.1x and MAC address filtering, and can demonstrate how these technologies can be bypassed

–

Can demonstrate methods by which traffic filters can be bypassed

–

Understands the devices and technology that implement traffic filtering, such as firewalls, and can advise on their configuration

–

Understands network traffic filtering and where this may occur in a network

Understands active and passive operating system fingerprinting techniques and can demonstrate their use during a penetration test

Understands advanced analysis techniques for unknown services and protocols

–

Understands the methods associated with unknown service identification, enumeration and validation

–

Can state the purpose of an identified network service and determine its type and version

–

Can identify the network services offered by a host by banner inspection

Understands and can demonstrate active techniques for discovery of nodes on a network, such as:
• SYN and TCP-Connect scanning
• FIN/NULL and XMAS scanning
• UDP port scanning
• TCP ping scanning
• ICMP scanning

–

Understands different TCP connection states

Understands packet fragmentation

–

Understands the different types of packets that are likely to be encountered during a penetration test

Can effectively use command line during assurance testing

–

Can identify when tool output can and can not be trusted. Can demonstrate an approach to verifying tool output

–

Interpret and understand the output of tools, including those used for port scanning, vulnerability scanning, enumeration, exploitation and traffic capture

–

Understand the limitations of automated testing

–

Can use a variety of tools during a penetration test, selecting the most appropriate tool to meet a particular requirement

Network Pivoting Techniques e.g.
• Windows netsh Port Forwarding
• SSH
• SOCKS Proxy
• Local Port Forwarding
• Remote Port Forwarding
• Proxychains
• Graphtcp
• Web SOCKS – reGeorg
• Metasploit
• sshuttle
• chisel
• SharpChisel
• gost
• Rpivot
• RevSocks
• plink
• ngrok
• Basic Pivoting Types
• Listen – Listen
• Listen – Connect
• Connect – Connect

–

Can demonstrate pivoting through a number of devices in order to gain access to targets on a distant subnet

–

Understand the concept of pivoting through compromised devices

Identify and exploit weaknesses in custom cryptography

–

Understand best practices around key management

–

Understand the differences between encryption modes (EBC, CBC, GCM, etc)

–

Understand the dangers of implementing custom cryptography

–

Understands the difference between encoding and encrypting

–

Understands PKI and the concepts of IKE Certificate Authorities and trusted third parties

–

Understands the generation and role of HMACs

–

Understands different authentication methods such as passwords and certificates

–

Understands common hash functions, such as MD5, SHA1 and SHA256 including their security attributes and how they can be attacked

–

Understands common cryptographic algorithms, such as DES, 3DES, RSA, RC4 and AES, including their security attributes and how they can be attacked

–

Understands the differences between symmetric and asymmetric cryptography and can give examples of each

–

Understands wireless protocols that support cryptographic functions, including: WEP; WPA; WPA2; TKIP; EAP; LEAP; PEAP Understands their associated security attributes and how they can be attacked

–

Understands common encrypted protocols and software applications, such as SSH, SSL, IPSEC and PGP 

–

Understands cryptography and its use in a networked environment

Can identify running processes on UNIX-like and Windows operating systems and exploit vulnerabilities to escalate privileges

–

Can find “interesting’ files on an operating system, e.g. those with insecure or “unusual” permissions, or containing user account passwords

–

Understands and can demonstrate the manipulation of file system permission on UNIX-like and Windows operating systems

Understands the security implications of using clear-text protocols,such as Telnet and FTP

–

Understands common IP/Ethernet protocols and their associated security attributes, including: • TCP • UDP • ICMP • ARP • DHCP • DNS • CDR HSRP • VRRP • VTP • STP • TACACS+

–

Understands lPv4 and IPv6 and their associated security attributes