Examination Preparation Material

The following is a summary of the preparation material for the CREST Penetration Testing and Intrusion Analysis examinations that has been recommended by previous candidates:

Penetration testing

CPSA CRT PEN CCT INF CCT APP CC SAM CC SAS CC TIM CCT WS GENERAL
Reading Material
Network Security Assessment
Hacking Exposed Linux
Red Team Field Manual (RTFM)  ✓
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
Grey Hat Hacking
The Art of Exploitation
Hacking Exposed 7: Network Security Secrets and Solutions
The Oracle Hacker’s Handbook: Hacking and Defending Oracle
Red Hat Linux Networking and System Administration
TCP/IP Illustrated (vol.1, 2nd edition)
The Art Of Software Security Assessment
Unix in a Nutshell
Web Application Hackers Handbook
The Browser Hacker’s Handbook
SQL Injection: Attacks and Defence
Targeted Cyber Attack
Practical Cryptography
Networked Communications and Compliance with the Law
Metasploit Unleashed Guide
Network Warrior  ✓
Blue Team Incident Response
Hackers Playbook
Metasploit – The Penetration Tester’s Guide
Websites
VulnHub: http://vulnhub.com (free vulnerable images)
www.owasp.org (Goat projects, various)
www.securitytube.net
www.legislation.gov.uk
Courses
Web Application Hackers’ Handbook – CREST ACCREDITED
Certified Security Testing Associate – CREST ACCREDITED
Certified Security Testing Professional – CREST ACCREDITED  ✓
Certified Application Security Tester – CREST ACCREDITED
Certified Wireless Security Analyst – CREST ACCREDITED
Certified Penetration Tester – CREST ACCREDITED
CREST Scheme Team Member – CREST ACCREDITED
App Sec Hacker – CREST ACCREDITED
C-Registered Penetration Tester – CREST ACCREDITED  ✓  ✓
Certified Ethical Hacker Passport
Certified Ethical Hacker Exam Preparation Course
Offensive Security
Certified Information Systems Security Professional (CISSP)

 

Intrusion Analysis

CR IA NIA HIA MRE CC IM CR TSA GENERAL
Reading Material
Red Team Field Manual (RTFM)
Hacking Exposed 7: Network Security Secrets and Solutions
Hacking Exposed – Scanning and Enumeration
The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory
Malware Forensic Field Guide for Windows Systems
Practical Malware Analysis
Reversing: Secrets of reverse engineering
Practical Cryptography
Networked Communications and Compliance with the Law
Network Fundamentals:  CCNA Exploration Companion Guide
Real Digital Forensics
TCP/IP Illustrated
Network Forensics – Tracking Hackers through Cyberspace
Incident Response and Computer Forensics
Websites
http://overapi.com/
http://www.unixiwz.net/techtips/sql-injection.html
http://opensecuritytraining.info/CISSP-5-C.html
www.legislation.gov.uk
www.cesg.gov.uk
http://wiki.opf-labs.org/display/TR/PDF+Tools+(by+Didier+Stevens)
http://www.sans.org/reading-room/whitepapers/incident/creating-managing-incident-response-team-large-company-1821
http://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Case Studies
https://www.sans.org/reading-room/whitepapers/casestudies
Courses
Malware Investigations (CMI)CREST ACCREDITED
Advanced Forensic Investigation (CFIS)CREST ACCREDITED
Intrusion Analysis and Digital Forensics EssentialsCREST ACCREDITED
InfoSec Skills PCIAACREST ACCREDITED
Certified Information Systems Security Professional (CISSP)
Information Security Masters Courses

Threat Intelligence

 Reading Material
Definitive Guide to Cyber Threat Intelligence
Psychology of Intelligence Analysis