CSTM/CSTL Information Gathering

Please click on the following tabs to reveal the knowledge depth required for a successful pass of the CSTM or CSTL exam.

You will be given a random selection of questions. Please note exam content is subject to change due to circumstances beyond our control – use this as a guide and email us if you have any queries.

  • Understands the format of a WHOIS record and can obtain such a record to derive information about an IP address and/or domain.

  • Understands the Domain Name Service (DNS) including queries and responses, zone transfers, and the structure and purpose of records, including:

• SOA • NS • MX •A •AAAA •CNAME •PTR

• TXT (including use in DMARC policies)

• HINFO •SVR

  • Can demonstrate how a DNS server can be queried to obtain the information detailed in these records.
  • Can demonstrate how a DNS server can be queried to reveal other information that might reveal target systems or indicate the presence of security vulnerabilities.
  • Can identify the presence of dangling DNS entries and understands the associated security vulnerabilities (e.g. susceptibility to subdomain takeover)
  • Can interrogate a website to obtain information about a target network, such as the name and contact details of the network administrator.
  • Can analyse information from a target web site, both from displayed content and from within the HTML source.
  • Can use search engines, news groups, mailing lists and other services to obtain information about a target network, such as the name and contact details of the network administrator.
  • Can analyse e-mail headers to identify system information.

    • Can obtain information about a target network from information leaked in email headers, HTML meta tags and other locations, such as an internal network IP addresses.

 

  • Can enumerate services, their software types and versions, using banner grabbing techniques.
  • Can retrieve information from SNMP services and understands the MIB structure pertaining to the identification of security vulnerabilities.
  • Understands common phishing techniques and how these can lead to compromise.
  • Recognises when vulnerabilities discovered elsewhere can be leveraged as part of a phishing campaign.