Our CREST-Approved Penetration Testing Practitioner training is designed for intermediate level penetration testing professionals. It will provide participants with the skills and knowledge required to conduct authorised attempts to penetrate computer systems or networks and physical premises—using realistic threat techniques—to evaluate their security and detect potential vulnerabilities.
Training is aligned to support individuals seeking to undertake the CREST Registered Penetration Tester (CRT) exam.
This training can be delivered virtually, at our London or Bristol facilities, or at our clients’ premises; training is typically for group bookings only.
If the CRT qualification is achieved, it can—alongside security clearance vetting—be used to acquire the UK NCSC’s CHECK Team Member certification status.
Aim Show more Show less
By the end of this training, you will be able to demonstrably use both new and existing skills to penetrate computer systems or networks effectively and professionally—using realistic threat techniques—to evaluate their security and detect potential vulnerabilities.
Audience Show more Show less
Intermediate level cyber security professionals who wish to safely consolidate and practise their skills using ethical hacking tools, and advance the necessary techniques to fulfil security testing responsibilities. Example roles might include:
- Information Security Specialists
- Cyber Security Specialists
- (Cyber) Security Consultants
- Vulnerability Assessors
- Penetration Testers
- Ethical Hackers
- Red Team/Penetration Testing team members
Learning outcomes Show more Show less
- Demonstrate effective use of current tools and techniques used by industry-qualified cyber security penetration testers.
- Use tools, techniques, and procedures to remotely exploit and establish persistence on a target.
- Analyse tools and frameworks that are most readily available to hackers seeking to attack an organisation.
- Identify and analyse physical, functional or behavioural relationships to develop understanding of attackers and their objectives.
- Evaluate host-based security products and how those products reduce vulnerability to exploitation.
- Assess the robustness of security systems and designs.
- Prioritise the various risks associated with security testing.
- Carry out attack and defense operations for the purpose of exercises and vulnerability assessment and detection.
- Manage senior stakeholders.
- Create and present clear and concise technical documentation to technical and non-technical third parties.
Prerequisites Show more Show less
- In-depth knowledge and working experience of networking and the TCP protocol.
- Exposure of working in a Red Team/Penetration Testing team.
- Experience of conducting vulnerability assessments of Windows and Linux operating systems.
- Working experience of using the command line with Linux and Windows.
- Ideally Ethical Hacking Associate training or CREST’s CPSA qualification – or equivalent.
- Knowledge of business practices within your organisation, your organisation’s risk management processes and any IT user security policies.
- For virtual/remote training a good internet connection/sufficient bandwidth is required, with full audio and video capability.
Syllabus Show more Show less
This training can be tailored to an industry or for a defined audience, with various durations. Example topics typically include:
- Network Mapping and Target Identification
- OS Fingerprinting
- Application Fingerprinting and Evaluating Unknown Services
- File System Permissions
- Domain Name System
- Management Protocols
Windows Services, Enumerations and Exploitations
- Domain Reconnaissance
- System Users Enumeration
- Windows Active Directory
- Common Windows Application and Windows Vulnerability
Linux Services, Enumerations and Exploitations
- User Enumeration
- Unix Vulnerabilities
- FTP Security Assessment
- Sendmail / SMTP
- Network File System (NFS)
- R* Services
- X11 Service
- RPC services
Web Application Technologies and their Vulnerabilities
- Web Site Structure Discovery
- Web Servers & their Flaws
- Websites and Application Servers
- Structure Discovery
- Cross Site Scripting Attacks
- SQL Injection
Database Enumeration and Vulnerabilities
- MySQL Database
- MS SQL Database
- Oracle Database
- Oracle RDBMS
- CRT Practice Exam Preparation
- PGI Assessment