The following is a summary of the preparation material for the CREST Penetration Testing and Intrusion Analysis examinations that has been recommended by previous candidates:
Penetration testing
CPSA | CRT PEN | CCT INF | CCT APP | CC SAM | CC SAS | GENERAL | |
Reading Material | |||||||
Network Security Assessment | ✓ | ✓ | ✓ | ✓ | |||
Hacking Exposed Linux | ✓ | ✓ | |||||
Red Team Field Manual (RTFM) | ✓ | ✓ | ✓ | ✓ | ✓ | ||
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning | ✓ | ✓ | |||||
Grey Hat Hacking | ✓ | ✓ | |||||
The Art of Exploitation | ✓ | ||||||
Hacking Exposed 7: Network Security Secrets and Solutions | ✓ | ✓ | ✓ | ||||
The Oracle Hacker’s Handbook: Hacking and Defending Oracle | ✓ | ✓ | |||||
Red Hat Linux Networking and System Administration | ✓ | ||||||
TCP/IP Illustrated (vol.1, 2nd edition) | ✓ | ||||||
The Art Of Software Security Assessment | ✓ | ||||||
Unix in a Nutshell | ✓ | ||||||
Web Application Hackers Handbook | ✓ | ✓ | |||||
The Browser Hacker’s Handbook | ✓ | ||||||
SQL Injection: Attacks and Defence | ✓ | ||||||
Targeted Cyber Attack | ✓ | ✓ | |||||
Practical Cryptography | ✓ | ||||||
Networked Communications and Compliance with the Law | ✓ | ||||||
Metasploit Unleashed Guide | ✓ | ||||||
Network Warrior | ✓ | ✓ | |||||
Blue Team Incident Response | ✓ | ||||||
Hackers Playbook | ✓ | ✓ | |||||
Metasploit – The Penetration Tester’s Guide | ✓ | ✓ | |||||
Websites | |||||||
VulnHub: http://vulnhub.com (free vulnerable images) | ✓ | ✓ | ✓ | ||||
www.owasp.org (Goat projects, various) | ✓ | ||||||
www.securitytube.net | ✓ | ✓ | |||||
www.legislation.gov.uk | ✓ | ||||||
Courses | |||||||
Austerbury Ltd – CREST Approved Training Provider | ✓ | ||||||
ICSI Ltd – CREST Approved Training Provider | ✓ | ✓ | |||||
iHackLabs – CREST Aprpoved Training Provider | ✓ | ✓ | |||||
Immersive Labs – CREST Approved Training Provider | ✓ | ✓ | |||||
QA – CREST Approved Training Provider | ✓ | ✓ | |||||
Cyberskills Training – CREST Approved Training Provider | ✓ | ✓ | |||||
Trustwave SpiderLabs – CREST Approved Training Provider | ✓ | ||||||
Certified Ethical Hacker Passport | ✓ | ✓ | |||||
Certified Ethical Hacker Exam Preparation Course | ✓ | ✓ | |||||
Offensive Security | ✓ | ✓ | ✓ | ||||
Certified Information Systems Security Professional (CISSP) | ✓ | ||||||
Intrusion Analysis
CPIA | CR IA | NIA | HIA | MRE | CC IM | CR TSA | GENERAL | |
Reading Material | ||||||||
Red Team Field Manual (RTFM) | ✓ | |||||||
Hacking Exposed 7: Network Security Secrets and Solutions | ✓ | |||||||
Hacking Exposed – Scanning and Enumeration | ✓ | ✓ | ||||||
The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory | ✓ | ✓ | ✓ | ✓ | ||||
Malware Forensic Field Guide for Windows Systems | ✓ | ✓ | ||||||
Practical Malware Analysis | ✓ | ✓ | ✓ | ✓ | ||||
Reversing: Secrets of reverse engineering | ✓ | |||||||
Practical Cryptography | ✓ | |||||||
Networked Communications and Compliance with the Law | ✓ | |||||||
Network Fundamentals: CCNA Exploration Companion Guide | ✓ | ✓ | ✓ | |||||
Real Digital Forensics | ✓ | ✓ | ||||||
TCP/IP Illustrated | ✓ | ✓ | ||||||
Network Forensics – Tracking Hackers through Cyberspace | ✓ | |||||||
Incident Response and Computer Forensics | ✓ | |||||||
Websites | ||||||||
http://overapi.com/ | ✓ | ✓ | ||||||
http://www.unixiwz.net/techtips/sql-injection.html | ✓ | |||||||
http://opensecuritytraining.info/CISSP-5-C.html | ✓ | |||||||
www.legislation.gov.uk | ✓ | |||||||
www.cesg.gov.uk | ✓ | |||||||
http://wiki.opf-labs.org/display/TR/PDF+Tools+(by+Didier+Stevens) | ✓ | |||||||
http://www.sans.org/reading-room/whitepapers/incident/creating-managing-incident-response-team-large-company-1821 | ✓ | |||||||
http://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901 | ✓ | |||||||
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf | ✓ | |||||||
Case Studies | ||||||||
https://www.sans.org/reading-room/whitepapers/casestudies | ✓ | |||||||
Courses | ||||||||
PGI Cyber Academy – CREST Approved Training Provider | ✓ | ✓ | ||||||
Certified Information Systems Security Professional (CISSP) | ||||||||
Information Security Masters Courses | ✓ |
Threat Intelligence
Courses | CPTIA | CRTIA | CCTIM |
Crucial Academy – CREST Approved Training Provider | ✓ | ✓ | |
PGI Cyber Academy- CREST Approved Training Provider | ✓ | ✓ | ✓ |
Reading Material | |||
Definitive Guide to Cyber Threat Intelligence | |||
Psychology of Intelligence Analysis |