25,000+ Courses Nationwide
0345 4506120

Certified Security Testing Associate

Our five-day ethical hacking training course is a hands-on journey into the hacking mind-set, examining and practically applying the tools and techniques that an external threat may use to launch “infrastructure” attacks on your organisation.

The various stages of that attack, or equally a penetration test, are explored from initial information gathering, target scanning and enumeration through to gaining access, exploitation, privilege escalation and retaining access. Practical in-depth hands-on exercises using various tools reinforce the theory as you experiment with a Windows 2012 domain (server and workstation) plus a Linux server.

The course demonstrates cyber-attack techniques but this is always done with defence in mind and countermeasures are discussed throughout, enabling delegates to identify the threats and understand the strategies, techniques and policies required to defend their critical information.

The course is ideally suited to anyone looking to improve their career prospects or transitioning into a cyber security role, including:

  • Network engineers
  • Systems administrators
  • Systems architects or developers
  • IT security officers
  • Information security professionals
  • Budding penetration testers

Select specific date to see price, venue and full details.

Learning Objectives

You will learn a series of attack methodologies and gain practical experience using a range of tools to undertake an infrastructure penetration test across a multi-OS environment.

Once you are able to identify and exploit vulnerabilities in a safe manner, you will be introduced to a range of defensive countermeasures, allowing you to protect your network and respond to cyber threats.

This course will provide you with the following:

  • An understanding of the risks and how to mitigate them
  • Learn a number of methodologies for undertaking an infrastructure penetration test
  • Acquire effective techniques to identify exploits and vulnerabilities
  • Improve your ability to respond effectively to cyber threats
  • Valuable preparation and hands-on practice in preparation for the CREST
  • Registered Penetration Tester (CRT) examination


Basic understanding of TCP/IP networking

  • Are you familiar with the OSI model?
  • Can you name a layer 2 and layer 3 protocol?
  • What function does ARP perform?
  • Can you describe at a high-level how a request reaches a web server through Ethernet, IP and TCP?
  • How does a system know whether or not a gateway is required?
  • What is a TCP port?

Be comfortable with Windows and Linux command line. As a guideline, you should be able to tick off the following (without heavy recourse to Google):

  • Understand how switches change the way commands work
  • How does adding > affect a command?
  • Understand the difference between cd /folder/file and cd folder/file (i.e. what does / at the front of the path do?)
  • Understand the difference between ../file and ./file
  • Understand how to pull up built-in help for a command

Course Content

1. Introduction
a. Motivations behind hacking
b. The hacking scene
c. Methodology

2. Networking Refresher
a. Sniffing Traffic – Wireshark, Ettercap

3. Information Discovery
a. Information Gathering – wget, metadata, pdfinfo and extract
b. DNS – dig, zone transfers, DNSenum and Fierce

4. Target Scanning
a. Host Discovery – Nmap and Netdiscover
b. Port Scanning with Nmap – Connect, SYN and UDP scans, OS detection
c. Banner Grabbing – Amap, Netcat, Nmap, Nmap scripts (NSE)

5. Vulnerability Assessment
a. Nikto
b. Nessus

6. Attacking Windows
a. Windows Enumeration – (SNMP, IPC$)
b. Enum4linux
c. RID Cycling – Enum4linux, Cain
d. Metasploit
e. Client-side Exploits – Internet Explorer, Metasploit Auxiliary modules

7. Privilege Escalation – Windows
a. Information Gathering with Meterpreter – Stuxnet exploit, Meterpreter scripts
b. Privilege Escalation – Keylogging, Service Configuration
c. Password Cracking – John The Ripper, Cain, Rainbow tables
d. Brute-Force Password Attacks
e. Attacks on Cached Domain Credentials
f. Token Stealing – PsExec, Incognito, local admin to domain admin
g. Pass the Hash

8. Attacking Linux
a. Linux User Enumeration
b. Linux Exploitation without Metasploit
c. Online Password Cracking – Medusa
d. User Defined Functions
e. ARP Poisoning Man in the Middle – clear-text protocols, secured protocols

9. Privilege Escalation – Linux
a. Exploiting sudo through File Permissions
b. Exploiting SUID and Flawed Scripts – logic errors
c. Further Shell Script Flaws – command injection, path exploits
d. Privilege Escalation via NFS
e. Cracking Linux Passwords

10. Pivoting the Connection
a. Pivoting with Meterpreter
b. Port Forwarding

11. Retaining Access
a. Netcat as a Backdoor
b. Dark Comet RAT – Metasploit Handlers, a full end-to-end attack

12. Covering Tracks
a. Alternative Data Streams
b. Dark Comet

Exams & Certification

Those delegates successfully passing the exam at the end of the course will be awarded the Certified Security Testing Associate (CSTA) qualification.

Related Courses

Privacy Notice

In order to provide you with the service requested we will need to retain and use your contact information in accordance with our Privacy Notice. If you choose to provide us with this information you explicitly consent to us using the information as necessary to provide the requested service to you. If you do not agree please do not proceed to request the service from us.

Marketing Permissions

Would you like to receive our newsletter and other information on products and services which we think will be of interest to you by email. We will always treat your information with care and in accordance with our Privacy Notice. You are free to withdraw this permission at any time.


We work with the best