The following is a summary of the preparation material for the CREST Penetration Testing and Intrusion Analysis examinations that has been recommended by previous candidates:
Penetration testing
| CPSA | CRT PEN | CCT INF | CCT APP | CC SAM | CC SAS | CC TIM | CCT WS | GENERAL | |
| Reading Material | |||||||||
| Network Security Assessment | ✓ | ✓ | ✓ | ✓ | |||||
| Hacking Exposed Linux | ✓ | ✓ | |||||||
| Red Team Field Manual (RTFM) | ✓ | ✓ | ✓ | ✓ | ✓ | ||||
| Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning | ✓ | ✓ | |||||||
| Grey Hat Hacking | ✓ | ✓ | |||||||
| The Art of Exploitation | ✓ | ||||||||
| Hacking Exposed 7: Network Security Secrets and Solutions | ✓ | ✓ | ✓ | ||||||
| The Oracle Hacker’s Handbook: Hacking and Defending Oracle | ✓ | ✓ | |||||||
| Red Hat Linux Networking and System Administration | ✓ | ||||||||
| TCP/IP Illustrated (vol.1, 2nd edition) | ✓ | ||||||||
| The Art Of Software Security Assessment | ✓ | ||||||||
| Unix in a Nutshell | ✓ | ||||||||
| Web Application Hackers Handbook | ✓ | ✓ | |||||||
| The Browser Hacker’s Handbook | ✓ | ||||||||
| SQL Injection: Attacks and Defence | ✓ | ||||||||
| Targeted Cyber Attack | ✓ | ✓ | |||||||
| Practical Cryptography | ✓ | ||||||||
| Networked Communications and Compliance with the Law | ✓ | ||||||||
| Metasploit Unleashed Guide | ✓ | ||||||||
| Network Warrior | ✓ | ✓ | |||||||
| Blue Team Incident Response | ✓ | ||||||||
| Hackers Playbook | ✓ | ✓ | |||||||
| Metasploit – The Penetration Tester’s Guide | ✓ | ✓ | |||||||
| Websites | |||||||||
| VulnHub: http://vulnhub.com (free vulnerable images) | ✓ | ✓ | ✓ | ||||||
| www.owasp.org (Goat projects, various) | ✓ | ||||||||
| www.securitytube.net | ✓ | ✓ | |||||||
| www.legislation.gov.uk | ✓ | ||||||||
| Courses | |||||||||
| Infosec Skills Ltd – CREST Approved Training Provider | ✓ | ✓ | |||||||
| Net Security Training – CREST Approved Training Provider | ✓ | ✓ | |||||||
| Trustwave, SpiderLabs – CREST Approved Training Provider | ✓ | ||||||||
| Web Application Hackers’ Handbook – CREST ACCREDITED | ✓ | ✓ | |||||||
| Certified Security Testing Associate – CREST ACCREDITED | ✓ | ||||||||
| Certified Security Testing Professional – CREST ACCREDITED | ✓ | ✓ | |||||||
| Certified Application Security Tester – CREST ACCREDITED | ✓ | ||||||||
| Certified Wireless Security Analyst – CREST ACCREDITED | ✓ | ✓ | |||||||
| Certified Penetration Tester (CPT) – CREST ACCREDITED | ✓ | ||||||||
| CREST Scheme Team Member – CREST ACCREDITED | ✓ | ||||||||
| App Sec Hacker – CREST ACCREDITED | ✓ | ||||||||
| C-Registered Penetration Tester – CREST ACCREDITED | ✓ | ✓ | |||||||
| Certified Ethical Hacker Passport | ✓ | ✓ | |||||||
| Certified Ethical Hacker Exam Preparation Course | ✓ | ✓ | |||||||
| Offensive Security | ✓ | ✓ | ✓ | ||||||
| Certified Information Systems Security Professional (CISSP) | ✓ | ||||||||
Intrusion Analysis
| CPIA | CR IA | NIA | HIA | MRE | CC IM | CR TSA | GENERAL | |
| Reading Material | ||||||||
| Red Team Field Manual (RTFM) | ✓ | |||||||
| Hacking Exposed 7: Network Security Secrets and Solutions | ✓ | |||||||
| Hacking Exposed – Scanning and Enumeration | ✓ | ✓ | ||||||
| The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory | ✓ | ✓ | ✓ | ✓ | ||||
| Malware Forensic Field Guide for Windows Systems | ✓ | ✓ | ||||||
| Practical Malware Analysis | ✓ | ✓ | ✓ | ✓ | ||||
| Reversing: Secrets of reverse engineering | ✓ | |||||||
| Practical Cryptography | ✓ | |||||||
| Networked Communications and Compliance with the Law | ✓ | |||||||
| Network Fundamentals: CCNA Exploration Companion Guide | ✓ | ✓ | ✓ | |||||
| Real Digital Forensics | ✓ | ✓ | ||||||
| TCP/IP Illustrated | ✓ | ✓ | ||||||
| Network Forensics – Tracking Hackers through Cyberspace | ✓ | |||||||
| Incident Response and Computer Forensics | ✓ | |||||||
| Websites | ||||||||
| http://overapi.com/ | ✓ | ✓ | ||||||
| http://www.unixiwz.net/techtips/sql-injection.html | ✓ | |||||||
| http://opensecuritytraining.info/CISSP-5-C.html | ✓ | |||||||
| www.legislation.gov.uk | ✓ | |||||||
| www.cesg.gov.uk | ✓ | |||||||
| http://wiki.opf-labs.org/display/TR/PDF+Tools+(by+Didier+Stevens) | ✓ | |||||||
| http://www.sans.org/reading-room/whitepapers/incident/creating-managing-incident-response-team-large-company-1821 | ✓ | |||||||
| http://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901 | ✓ | |||||||
| http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf | ✓ | |||||||
| Case Studies | ||||||||
| https://www.sans.org/reading-room/whitepapers/casestudies | ✓ | |||||||
| Courses | ||||||||
| Malware Investigations (CMI) – CREST ACCREDITED | ✓ | ✓ | ||||||
| Advanced Forensic Investigation (CFIS) – CREST ACCREDITED | ✓ | |||||||
| Intrusion Analysis and Digital Forensics Essentials – CREST ACCREDITED | ✓ | ✓ | ||||||
| InfoSec Skills PCIAA – CREST ACCREDITED | ✓ | |||||||
| Certified Information Systems Security Professional (CISSP) | ||||||||
| Information Security Masters Courses | ✓ |
Threat Intelligence
| Courses |
| Crucial Academy – CREST Approved Training Provider |
| Reading Material |
| Definitive Guide to Cyber Threat Intelligence |
| Psychology of Intelligence Analysis |