
CSTM Core Technical Knowledge
Please click on the following tabs to reveal the knowledge depth required for a successful pass of the CSTM exam.
You will be given a random selection of questions. Please note exam content is subject to change due to circumstances beyond our control – use this as a guide and email us if you have any queries.
- Understands lPv4 and IPv6 and their associated security attributes.
- Understands common IP/Ethernet protocols and their associated security attributes, including:
• TCP • UDP • ICMP • ARP • DHCP • DNS • CDR HSRP • VRRP • VTP • STP • TACACS+. - Understands the security implications of using clear-text protocols,such as Telnet and FTP.
- Understands and can demonstrate the manipulation of file system permissionon UNIX-like and Windows operating systems.
- Can find "interesting' files on an operating system, e.g. those with insecureor "unusual" permissions, or containing user account passwords.
- Can identify running processes on UNIX-like and Windows operating systemsand exploit vulnerabilities to escalate privileges.
- Understands technical, logistical, financial and other constraintsand is able to take these into account without compromising theeffectiveness of the penetration test.
- Understands and can demonstrate the detectionand manipulation of weak registry ACLs.
- Understands cryptography and its use in a networked environment.
- Understands common encrypted protocols and software applications, such as SSH, SSL, IPSEC and PGP.
- Understands wireless protocols that support cryptographic functions, including: WEP; WPA; WPA2; TKIP; EAP; LEAP; PEAP Understands their associated security attributes and how they can be attacked.
- Understands the differences between symmetric and asymmetric cryptography and can give examples of each.
- Understands common cryptographic algorithms, such as DES, 3DES, RSA, RC4 and AES, including their security attributes and how they can be attacked.
- Understands common hash functions, such as MD5, SHA1 and SHA256including their security attributes and how they can be attacked.
- Understands different authentication methods such as passwords and certificates.
- Understands the generation and role of HMACs.
- Understands PKI and the concepts of IKE Certificate Authorities and trusted third parties.
- Understands the difference between encoding and encrypting.
- Understand the dangers of implementing custom cryptography.
- Understand the differences between encryption modes (EBC, CBC, GCM, etc).
- Understand best practices around key management.
-
- Understand the concept of pivoting through compromised devices.
-
- Can demonstrate pivoting through a number of devicesin order to gain access to targets on a distant subnet.
-
- Network Pivoting Techniques e.g.
• Windows netsh Port Forwarding
• SSH • SOCKS Proxy • Local Port Forwarding • Remote Port Forwarding
• Proxychains • Graphtcp • Web SOCKS - reGeorg • Metasploit
• sshuttle • chisel • SharpChisel • gost • Rpivot • RevSocks • plink • ngrok - Basic Pivoting Types • Listen - Listen • Listen - Connect • Connect - Connect
- Network Pivoting Techniques e.g.
- Can use a variety of tools during a penetration test, selecting the most appropriate tool to meet a particular requirement.
- Understand the limitations of automated testing.
- Interpret and understand the output of tools, including those used for port scanning, vulnerability scanning, enumeration, exploitation and traffic capture.
- Can identify when tool output can and can not be trusted. Can demonstrate an approach to verifying to output.
- Can effectively use command line during assurance testing.
- Understands the different types of packets that are likely to be encountered during a penetration test.
- Understands packet fragmentation.
-
- Understands different TCP connection states.
- Understands and can demonstrate active techniques for discovery of nodes on a network, such as:
• SYN and TCP-Connect scanning
• FIN/NULL and XMAS scanning
• UDP port scanning
• TCP ping scanning
• ICMP scanning.
- Can identify the network services offered by a host by banner inspection.
- Can state the purpose of an identified network service and determine its type and version.
- Understands the methods associated with unknown service identification, enumeration and validation.
- Understands advanced analysis techniquesfor unknown services and protocols.
-
- Understands active and passive operating system fingerprinting techniques and can demonstrate their use during a penetration test.
- Understands network traffic filtering and where this may occur in a network.
- Understands the devices and technology that implement traffic filtering, such as firewalls,and can advise on their configuration.
- Can demonstrate methods by which traffic filters can be bypassed.
- Understands network access control systems, such as 802.1x and MAC address filtering, and can demonstrate
- how these technologies can be bypassed.
- Understands Microsoft patch management strategies and tools, including:
• Microsoft Systems Management Server (SMS)
• Microsoft Software Update Service (SUS)
• Microsoft Windows Server Update Services (WSUS)
• Microsoft Baseline Security Analyser (MBSA)
- Understands network access control systems, such as 802.1x and MAC address filtering, and can demonstrate how these technologies can be bypassed.
-
- Demonstrate the ability to perform a security build review of common operating systems.
-
- Understands and can test against common build standardssuch as CIS benchmarks.
- Understands the concepts behind common microprocessor vulnerabilities such as Spectre and Meltdown.
- Understands the concepts behind side-channel attackssuch as timing analysis and power analysis.
- Understands how side-channel attacks can aid cryptanalysisand otherwise expose sensitive data.
- Understands common risks associated with Bluetooth, including:• Bluesnarfing • Bluejacking • Bluebugging