Examination Preparation Material

The following is a summary of the preparation material for the CREST Penetration Testing and Intrusion Analysis examinations that has been recommended by previous candidates:

Penetration testing

CPSA CRT PEN CCT INF CCT APP CC SAM CC SAS CCT WS GENERAL
Reading Material
Network Security Assessment
Hacking Exposed Linux
Red Team Field Manual (RTFM)  ✓
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
Grey Hat Hacking
The Art of Exploitation
Hacking Exposed 7: Network Security Secrets and Solutions
The Oracle Hacker’s Handbook: Hacking and Defending Oracle
Red Hat Linux Networking and System Administration
TCP/IP Illustrated (vol.1, 2nd edition)
The Art Of Software Security Assessment
Unix in a Nutshell
Web Application Hackers Handbook
The Browser Hacker’s Handbook
SQL Injection: Attacks and Defence
Targeted Cyber Attack
Practical Cryptography
Networked Communications and Compliance with the Law
Metasploit Unleashed Guide
Network Warrior  ✓
Blue Team Incident Response
Hackers Playbook
Metasploit – The Penetration Tester’s Guide
Websites
VulnHub: http://vulnhub.com (free vulnerable images)
www.owasp.org (Goat projects, various)
www.securitytube.net
www.legislation.gov.uk
Courses
Austerbury Ltd – CREST Approved Training Provider
ICSI Ltd – CREST Approved Training Provider
Immersive Labs – CREST Approved Training Provider
QA – CREST Approved Training Provider
Net Security Training – CREST Approved Training Provider
Trustwave, SpiderLabs – CREST Approved Training Provider
Certified Ethical Hacker Passport
Certified Ethical Hacker Exam Preparation Course
Offensive Security
Certified Information Systems Security Professional (CISSP)

 

Intrusion Analysis

 CPIA CR IA NIA HIA MRE CC IM CR TSA GENERAL
Reading Material
Red Team Field Manual (RTFM)
Hacking Exposed 7: Network Security Secrets and Solutions
Hacking Exposed – Scanning and Enumeration
The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory
Malware Forensic Field Guide for Windows Systems
Practical Malware Analysis
Reversing: Secrets of reverse engineering
Practical Cryptography
Networked Communications and Compliance with the Law
Network Fundamentals:  CCNA Exploration Companion Guide
Real Digital Forensics
TCP/IP Illustrated
Network Forensics – Tracking Hackers through Cyberspace
Incident Response and Computer Forensics
Websites
http://overapi.com/
http://www.unixiwz.net/techtips/sql-injection.html
http://opensecuritytraining.info/CISSP-5-C.html
www.legislation.gov.uk
www.cesg.gov.uk
http://wiki.opf-labs.org/display/TR/PDF+Tools+(by+Didier+Stevens)
http://www.sans.org/reading-room/whitepapers/incident/creating-managing-incident-response-team-large-company-1821
http://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Case Studies
https://www.sans.org/reading-room/whitepapers/casestudies
Courses
Certified Information Systems Security Professional (CISSP)
Information Security Masters Courses

Threat Intelligence

 Courses CRTIA CCTIM
Crucial Academy – CREST Approved Training Provider
 Reading Material
Definitive Guide to Cyber Threat Intelligence
Psychology of Intelligence Analysis