This article highlights the key areas of information gathering you need to understand to pass the CSTM exam. Our full syllabus can be found on our website showing all key areas of knowledge for CSTM. The Cyber Scheme‘s CSTM training maps the CSTM syllabus and will give you the confidence to sit our NCSC-accredited exam knowing the topics and knowledge domains that are likely to come up.
Book here for our CSTM training
Domain Registration
Understands the format of a WHOIS record and can obtain such a record to derive information about an IP address and/or domain.
DNS
Can demonstrate how a DNS server can be queried to obtain the information detailed in these records.
Understands the Domain Name Service (DNS) including queries and responses, zone transfers, and the structure and purpose of records, including:
- SOA • NS • MX •A •AAAA •CNAME •PTR• TXT (including use in DMARC policies)• HINFO •SVR
Can demonstrate how a DNS server can be queried to reveal other information that might reveal target systems or indicate the presence of security vulnerabilities.
Can identify the presence of dangling DNS entries and understands the associated security vulnerabilities (e.g. susceptibility to subdomain takeover)
Website Analysis
Can interrogate a website to obtain information about a target network, such as the name and contact details of the network administrator.
Can analyse information from a target web site, both from displayed content and from within the HTML source.
Search Engines, News groups & Mailing lists
Can use search engines, news groups, mailing lists and other services to obtain information about a target network, such as the name and contact details of the network administrator.
Can analyse e-mail headers to identify system information.
Information Leakage
Can obtain information about a target network from information leaked in email headers, HTML meta tags and other locations, such as an internal network IP addresses.
Banner Grabbing
Can enumerate services, their software types and versions, using banner grabbing techniques.
SNMP
Can retrieve information from SNMP services and understands the MIB structure pertaining to the identification of security vulnerabilities.
Phishing
Understands common phishing techniques and how these can lead to compromise.
Recognises when vulnerabilities discovered elsewhere can be leveraged as part of a phishing campaign.