CSTM Core Technical Knowledge

Please click on the following tabs to reveal the knowledge depth required for a successful pass of the CSTM exam.

You will be given a random selection of questions. Please note exam content is subject to change due to circumstances beyond our control – use this as a guide and email us if you have any queries.

  • Understands lPv4 and IPv6 and their associated security attributes.
  • Understands common IP/Ethernet protocols and their associated security attributes, including:
    • TCP • UDP • ICMP • ARP • DHCP • DNS • CDR HSRP • VRRP • VTP • STP • TACACS+.
  • Understands the security implications of using clear-text protocols,such as Telnet and FTP.

  • Understands and can demonstrate the manipulation of file system permissionon UNIX-like and Windows operating systems.
  • Can find "interesting' files on an operating system, e.g. those with insecureor "unusual" permissions, or containing user account passwords.
  • Can identify running processes on UNIX-like and Windows operating systemsand exploit vulnerabilities to escalate privileges.
  • Understands technical, logistical, financial and other constraintsand is able to take these into account without compromising theeffectiveness of the penetration test.
  • Understands and can demonstrate the detectionand manipulation of weak registry ACLs.

  • Understands cryptography and its use in a networked environment.
  • Understands common encrypted protocols and software applications, such as SSH, SSL, IPSEC and PGP.
  • Understands wireless protocols that support cryptographic functions, including: WEP; WPA; WPA2; TKIP; EAP; LEAP; PEAP Understands their associated security attributes and how they can be attacked.
  • Understands the differences between symmetric and asymmetric cryptography and can give examples of each.
  • Understands common cryptographic algorithms, such as DES, 3DES, RSA, RC4 and AES, including their security attributes and how they can be attacked.
  • Understands common hash functions, such as MD5, SHA1 and SHA256including their security attributes and how they can be attacked.
  • Understands different authentication methods such as passwords and certificates.
  • Understands the generation and role of HMACs.
  • Understands PKI and the concepts of IKE Certificate Authorities and trusted third parties.
  • Understands the difference between encoding and encrypting.
  • Understand the dangers of implementing custom cryptography.
  • Understand the differences between encryption modes (EBC, CBC, GCM, etc).
  • Understand best practices around key management.
    • Understand the concept of pivoting through compromised devices.
    • Can demonstrate pivoting through a number of devicesin order to gain access to targets on a distant subnet.
    • Network Pivoting Techniques e.g.
      • Windows netsh Port Forwarding
      • SSH • SOCKS Proxy • Local Port Forwarding • Remote Port Forwarding
      • Proxychains • Graphtcp • Web SOCKS - reGeorg • Metasploit
      • sshuttle • chisel • SharpChisel • gost • Rpivot • RevSocks • plink • ngrok
    • Basic Pivoting Types • Listen - Listen • Listen - Connect • Connect - Connect

 


  • Can use a variety of tools during a penetration test, selecting the most appropriate tool to meet a particular requirement.
  • Understand the limitations of automated testing.
  • Interpret and understand the output of tools, including those used for port scanning, vulnerability scanning, enumeration, exploitation and traffic capture.
  • Can identify when tool output can and can not be trusted. Can demonstrate an approach to verifying to output.
  • Can effectively use command line during assurance testing.

  • Understands the different types of packets that are likely to be encountered during a penetration test.
  • Understands packet fragmentation.
    • Understands different TCP connection states.
  • Understands and can demonstrate active techniques for discovery of nodes on a network, such as:
    • SYN and TCP-Connect scanning
    • FIN/NULL and XMAS scanning
    • UDP port scanning
    • TCP ping scanning
    • ICMP scanning.

 

  • Can identify the network services offered by a host by banner inspection.
  • Can state the purpose of an identified network service and determine its type and version.
  • Understands the methods associated with unknown service identification, enumeration and validation.
  • Understands advanced analysis techniquesfor unknown services and protocols.

    • Understands active and passive operating system fingerprinting techniques and can demonstrate their use during a penetration test.

 

  • Understands network traffic filtering and where this may occur in a network.
  • Understands the devices and technology that implement traffic filtering, such as firewalls,and can advise on their configuration.
  • Can demonstrate methods by which traffic filters can be bypassed.
  • Understands network access control systems, such as 802.1x and MAC address filtering, and can demonstrate
  • how these technologies can be bypassed.

  • Understands Microsoft patch management strategies and tools, including:

    • Microsoft Systems Management Server (SMS)

    • Microsoft Software Update Service (SUS)

    • Microsoft Windows Server Update Services (WSUS)

    • Microsoft Baseline Security Analyser (MBSA)

  • Understands network access control systems, such as 802.1x and MAC address filtering, and can demonstrate how these technologies can be bypassed.

 

    • Demonstrate the ability to perform a security build review of common operating systems.
    • Understands and can test against common build standardssuch as CIS benchmarks.

 

  • Understands the concepts behind common microprocessor vulnerabilities such as Spectre and Meltdown.
  • Understands the concepts behind side-channel attackssuch as timing analysis and power analysis.
  • Understands how side-channel attacks can aid cryptanalysisand otherwise expose sensitive data.
  • Understands common risks associated with Bluetooth, including:• Bluesnarfing • Bluejacking • Bluebugging