
CSTM UNIX Security Knowledge
Please click on the following tabs to reveal the knowledge depth required for a successful pass of the CSTM exam.
You will be given a random selection of questions. Please note exam content is subject to change due to circumstances beyond our control – use this as a guide and email us if you have any queries.
- Can identify Unix hosts on a target network.
- Can demonstrate and explain the enumeration of data from a variety of common network services on various platforms including:• Filesystems or resources shared remotely, such as NFS and SMB• SMTP • SSH • Telnet • SNMP and RID cycling
- Is aware of legacy user enumeration techniques such as rusers and rwho.
- Can enumerate RPC services and identify those with known security vulnerabilities.
- Understands users, groups and password policies, including complexity requirements and lock-out.
- Understands how to avoid causing a denial-of-service by locking-out accounts.
- Understands UNIX password hashing algorithms and their associated security attributes.
- Understands how passwords are stored and protected and can demonstrate how they can be recovered.
- Understands and can demonstrate off-line password cracking using dictionary and brute-force attacks.
- Can demonstrate the recovery of password hashes when given physical access to a UNIX host.
- Understands and can demonstrate Local privilege escalation techniques, e.g. through the manipulation of insecure file system permissions.
- Understands and can demonstrate common post-exploitation activities, including:
• Obtaining locally stored clear-text passwords
• Password recovery (exfiltration and cracking)
• Lateral movement
• Checking OS and third party software application patch levels
• Deriving a list of missing security patches
• Reversion of OS and software components to previous state.
- Understands FTP and can demonstrate how a poorly configured FTP server can be exploited,e.g. the downloading of arbitrary files, the uploading and over-writing of files, and the modification of file system permissions.
- Understands the security implications of anonymous FTP access.
- Understands TFTP and can demonstrate how a poorly configured TFTP server can be exploited, e.g. the downloading of arbitrary files, the uploading over-writing of files.
- Understands and can exploit TFTP within a Cisco environment.
- Understands NFS and its associated security attributes and can demonstrate how exports can be identified.
- Can demonstrate how a poorly configured NFS service can lead to the compromise of a server, allow a user to escalate privileges and/or gain further access to a host, e.g. through the creation of SUID-root files, the modification of files and file system permissions, and UID/GID manipulation.
- Understands the concepts of root squashing, nosuid and noexec options.
- Understands how NFS exports can be restricted at both a host and file level.
- Understands the Berkeley r-services and their associated security attributes and can demonstrate how trust relationships can:
• Lead to the compromise of a server
• Allow a user to escalate privileges and/or gain further accessto a host, e.g. through the use, creation or modification of .rhosts and/or /etc/hosts.equiv files
- Understand that SSH can be used for port forwarding and file transfer.
- Understands SSH and its associated security attributes, including the different versions of the protocol, version fingerprinting and how the service can be used to provide a number of remote access services.
- Can demonstrate how trust relationships can lead to the compromise of a server, allow a user to escalate privileges and/or gain further access to a host, e.g. through the use, creation or modification of --/.ssh/authorized_keys files.
- Understands and can demonstrate valid username discovery via EXPN and VRFY.
- Awareness of recent sendmail vulnerabilities and ability to exploit them if possible.
- Understands mail relaying.
- Understands backported patches, and the effect they have on scanning tools.
- Understands OS lifecycle management.
- Understands purpose of using sudo rather than logging in as root.
- Understands difference between sudo and su.
- Demonstrates ability to exploit weak sudo configuration.