CSTM UNIX Security Knowledge

Please click on the following tabs to reveal the knowledge depth required for a successful pass of the CSTM exam.

You will be given a random selection of questions. Please note exam content is subject to change due to circumstances beyond our control – use this as a guide and email us if you have any queries.

  • Can identify Unix hosts on a target network.
  • Can demonstrate and explain the enumeration of data from a variety of common network services on various platforms including:• Filesystems or resources shared remotely, such as NFS and SMB• SMTP • SSH • Telnet • SNMP and RID cycling
  • Is aware of legacy user enumeration techniques such as rusers and rwho.
  • Can enumerate RPC services and identify those with known security vulnerabilities.

 

  • Understands users, groups and password policies, including complexity requirements and lock-out.
  • Understands how to avoid causing a denial-of-service by locking-out accounts.
  • Understands UNIX password hashing algorithms and their associated security attributes.
  • Understands how passwords are stored and protected and can demonstrate how they can be recovered.
  • Understands and can demonstrate off-line password cracking using dictionary and brute-force attacks.
  • Can demonstrate the recovery of password hashes when given physical access to a UNIX host.

  • Understands and can demonstrate Local privilege escalation techniques, e.g. through the manipulation of insecure file system permissions.

  • Understands and can demonstrate common post-exploitation activities, including:

    • Obtaining locally stored clear-text passwords

    • Password recovery (exfiltration and cracking)

    • Lateral movement

    • Checking OS and third party software application patch levels

    • Deriving a list of missing security patches

    • Reversion of OS and software components to previous state.

  • Understands FTP and can demonstrate how a poorly configured FTP server can be exploited,e.g. the downloading of arbitrary files, the uploading and over-writing of files, and the modification of file system permissions.
  • Understands the security implications of anonymous FTP access.
  • Understands TFTP and can demonstrate how a poorly configured TFTP server can be exploited, e.g. the downloading of arbitrary files, the uploading over-writing of files.
  • Understands and can exploit TFTP within a Cisco environment.

  • Understands NFS and its associated security attributes and can demonstrate how exports can be identified.
  • Can demonstrate how a poorly configured NFS service can lead to the compromise of a server, allow a user to escalate privileges and/or gain further access to a host, e.g. through the creation of SUID-root files, the modification of files and file system permissions, and UID/GID manipulation.
  • Understands the concepts of root squashing, nosuid and noexec options.
  • Understands how NFS exports can be restricted at both a host and file level.
  • Understands the Berkeley r-services and their associated security attributes and can demonstrate how trust relationships can:

• Lead to the compromise of a server

• Allow a user to escalate privileges and/or gain further accessto a host, e.g. through the use, creation or modification of .rhosts and/or /etc/hosts.equiv files


  • Understand that SSH can be used for port forwarding and file transfer.
  • Understands SSH and its associated security attributes, including the different versions of the protocol, version fingerprinting and how the service can be used to provide a number of remote access services.
  • Can demonstrate how trust relationships can lead to the compromise of a server, allow a user to escalate privileges and/or gain further access to a host, e.g. through the use, creation or modification of --/.ssh/authorized_keys files.

  • Understands and can demonstrate valid username discovery via EXPN and VRFY.
  • Awareness of recent sendmail vulnerabilities and ability to exploit them if possible.
  • Understands mail relaying.

  • Understands backported patches, and the effect they have on scanning tools.
  • Understands OS lifecycle management.
  • Understands purpose of using sudo rather than logging in as root.
  • Understands difference between sudo and su.
  • Demonstrates ability to exploit weak sudo configuration.