Professional Development

Other forthcoming dates

Book your training three months in advance of the course start date and get a 10% discount

Courses available in

  • 7Safe courses in us
  • 7Safe courses in cyprus
  • 7Safe courses in ireland
  • 7Safe courses in england

CSTA is accredited by CREST and helps you prepare for the CREST Registered Penetration Tester examination

Read more

Covering the IISP skill areas of D2 (Security Testing), A6 (Legal and Regulatory Environment), B2 (Risk Management) and C1 (Security Architecture).

  • CPE Credits: 32
  • MSc credits: 15

CSTA Ethical Hacking: Hands-On

This 4 day ethical hacking training course is a hands-on journey into the hacking mind-set, examining and practically applying the tools and techniques that an external threat may use to launch "infrastructure" attacks on your organisation, and the various stages of that attack, or equally a penetration test, from initial information gathering, target scanning and enumeration through to gaining access, exploitation, privilege escalation and retaining access. Practical in-depth hands-on exercises using various tools reinforce the theory as you experiment with a Windows 20​12 domain (server and workstation) plus a Linux server. The course demonstrates cyber-attack techniques - there's no better way to understand how attackers gather information and undertake attacks than by doing them yourself - but this is always done with defence in mind and countermeasures are discussed throughout, enabling delegates to identify the threats and understand the strategies, techniques and policies required to defend their critical information

You will be awarded the Certified Security Testing Associate (CSTA) qualification on successful completion of the exam included at the end of the training course.

Frequently Asked Questions (FAQ)

For more information on this course, please email the Education team or contact us on +44(0)1763 285285

  • Course content

    • Motivations behind hacking
    • The hacking scene
    • Methodology

    Networking Refresher
    • Sniffing traffic

    Information Discovery
    • Useful information
    • Sources – websites, metadata, search engines, DNS, social engineering

    Target Scanning
    • Host discovery
    • Por t scanning techniques
    • Banner grabbing

    Vulnerability Assessment
    • Causes of vulnerabilities
    • The classic buffer overflow
    • Vulnerability tracking
    • Scanning
    • Client-side vulnerabilities

    Attacking Windows
    • Windows enumeration
    • Metasploit
    • Client-side exploits

    Privilege Escalation – Windows
    • Local information gathering
    • Metasploit’s Meterpreter
    • Keyloggers
    • Password storage
    • Password extraction
    • Password cracking techniques
    • Cached Domain Credentials
    • Windows network authentication
    • Access tokens
    • Pass the hash

    Attacking Linux
    • Exploitation
    • Web shells
    • Pivoting the attack
    • Online password cracking
    • ARP Poisoning Man in the Middle

     Privilege Escalation – Linux
    • Standard streams
    • Privilege escalation by exploit
    • Commercial penetration testing tools
    • Password storage
    • Password cracking
    • Permission errors
    • Sudo
    • SUID
    • Flawed shell scripts

    Retaining Access
    • Backdoors
    • Trojan Horses
    • Delivery mechanisms
    • Botnets
    • Bypassing client-side security

    Covering Tracks
    • Hiding backdoors
    • Simple obfuscation
    • Rootkits
    • Anti-forensics
    • Log manipulation
    • Connection laundering


    CSTA Exam

  • Prerequisites

    An understanding of TCP/IP networking, e.g.

    • Are you familiar with the OSI model? Can you name a layer 2 and layer 3 protocol?
    • Can you describe at a high-level how a request reaches a web server through Ethernet, IP and TCP?
    • What function does ARP perform?
    • How does a system know whether or not a gateway is required?
    • What is a TCP port?

    Be comfortable with Windows and Linux command line. As a guideline, you should be able to tick off the following (without heavy recourse to Google):

    • Understand how switches change the way commands work
    • How does adding > affect a command?
    • Understand the difference between cd /folder/file and cd folder/file (i.e. what does / at the front of the path do?)
    • Understand the difference between ../file and ./file
    • Understand how to pull up built-in help for a command
  • Benefits
    • Learn a number of methodologies for undertaking an infrastructure penetration test
    • Acquire effective techniques to identify exploits and vulnerabilities
    • Improve your ability to respond effectively to cyber threats
    • An industry recognised qualification, accredited by CREST and the IISP
    • Helps you prepare for the CREST Registered Penetration Tester (CRT) examination
  • Target Audience
    The course is ideally suited to anyone with responsibility for, or with an interest in, the security of IT systems, such as: system administrators, auditors, IT security officers, information security professionals and budding penetration testers.

For more information on this course, please email the Education team or contact us on +44(0)1763 285285

« Back