CSTM/CSTL Information Gathering
Please click on the following tabs to reveal the knowledge depth required for a successful pass of the CSTM or CSTL exam.
You will be given a random selection of questions. Please note exam content is subject to change due to circumstances beyond our control – use this as a guide and email us if you have any queries.
- Understands the format of a WHOIS record and can obtain such a record to derive information about an IP address and/or domain.
- Understands the Domain Name Service (DNS) including queries and responses, zone transfers, and the structure and purpose of records, including:
• SOA • NS • MX •A •AAAA •CNAME •PTR
• TXT (including use in DMARC policies)
• HINFO •SVR
- Can demonstrate how a DNS server can be queried to obtain the information detailed in these records.
- Can demonstrate how a DNS server can be queried to reveal other information that might reveal target systems or indicate the presence of security vulnerabilities.
- Can identify the presence of dangling DNS entries and understands the associated security vulnerabilities (e.g. susceptibility to subdomain takeover)
- Can interrogate a website to obtain information about a target network, such as the name and contact details of the network administrator.
- Can analyse information from a target web site, both from displayed content and from within the HTML source.
- Can use search engines, news groups, mailing lists and other services to obtain information about a target network, such as the name and contact details of the network administrator.
- Can analyse e-mail headers to identify system information.
- Can obtain information about a target network from information leaked in email headers, HTML meta tags and other locations, such as an internal network IP addresses.
- Can enumerate services, their software types and versions, using banner grabbing techniques.
- Can retrieve information from SNMP services and understands the MIB structure pertaining to the identification of security vulnerabilities.
- Understands common phishing techniques and how these can lead to compromise.
- Recognises when vulnerabilities discovered elsewhere can be leveraged as part of a phishing campaign.