Select course by Certification/Exam Body or by Topic Below

CREST Registered Penetration Tester (C-RPT)

The CREST penetration testing course takes students of varying IT experience levels and re-skills them so that they can enter the industry not as a trainee but as qualified Penetration Tester making them productive from day one. This is an Accredited CREST Training course. This is THE Penetration Tester Training that you need to have!

This in-depth, hands-on, 2-week course will take you into a rewarding and lucrative career in the Cyber Security world.


To help you forge a successful career within this sector we will thoroughly prepare you to gain two (2) of the most relevant, in-demand, industry-recognized qualifications; which are:

+ CREST Practitioner Security Analyst (CPSA)
+ CREST Registered Penetration Tester (CRT)

Course Style:

The CREST penetration testing course training combines Instructor-led, Virtual Instructor-led, and self-paced e-Learning modules. This “blended learning” approach integrates classroom, hands-on lab exercises, and project teamwork to provide both the theoretical and practical training needed to make individuals Cyber Security professionals.

The course will allow our students to leave as sought-after professionals, well-equipped with the in-demand job skills and certifications needed to be employed as technically well-rounded professionals in any Cyber Security team.

Course Structure

Step 1 – You meet the pre-requisite requirements (see below)
Step 2 – Receive 2 weeks of instructor lead training.
Step 3 – Enrolled Delegates are issued with a Pearson VUE exam voucher for CPSA exam to be taken anytime.
Step 4 – Delegates are given access to our iLab services for 30 days.
                The instructor is contactable by email to support practical classes & exercises.
Step 5 – The iLab will give delegates continued access to the learning environment to practice all the skills you have been taught on the course.
Step 6 – Take the CRT exam at a Crest testing centre near you.

The Penetration tester course will allow our students to leave as sought-after professionals, well-equipped with the in-demand job skills and certifications needed to be employed as technically well-rounded professionals in any Cyber Security team.

   11000+ Trained Globally- including FTSE 250
   Classroom based small, highly interactive sessions.
   Widest range of Cyber courses – Select on your exact needs.
   The best content developed by qualified professionals.
   Great value – Exceptional quality at a great price.
British Computer Society

Book Your Course

Not sure which course is right for you?


Call us on 020 8840 4496 and we’ll help you try and find the best course for you.

DateLocationPriceCourse Booking
18th Feb - 01 Mar, 2019London-EalingClick here -->
September 02-13, 2019London-EalingClick here -->
November 26-07, 2018London-EalingClick here -->

Email us for best price!


[recaptcha size:compact]

Course Syllabus

Security Concepts

  • Introduction to security
  • CIA/DAD triangles
  • Defense in depth
  • Main reasons why hacker succeed

Risk management

  • Threat modelling
  • Risk assessment process
  • Risk treatment
  • Risk management and Penetration testing
  • LAB: Threat modelling

Law & Compliance

  • UK legislation:
  • Computer Misuse act 1990
  • Human Rights Act 1998
  • Data Protection Act 1998
  • Police and Justice Act 2006
  • Penetration testing and legislation
  • Regulatory issues

Attack phases

  • Hacking attack phases
  • Techniques for scanning the network
  • Techniques for resource enumeration
  • Google hacking
  • DEMO: Google hacking (using advanced operators, elmah.axd, online devices, targeting specific domain, file type, …)
  • OS and service fingerprinting
  • DEMO: OS and service fingerprinting and EoP (Homework)
  • LAB: Reconnaissance
  • LAB: scanning ports and services with nmap
  • DEMO: Enumerating: DNS, SNMP, AD, SMTP

Penetration testing

  • Penetration testing explained
  • Penetration testing phases
  • Difference between vulnerability scanning and penetration testing
  • How to write a Penetration testing report
  • DEMO: Example penetration testing report
  • DEMO: Vulnerability scanning using various tools (nmap, ZAP, Accunetix WVS, Nessus)
  • LAB: Vulnerability scanning (network and Web)

TCP/IP protocols

  • OSI and TCP/IP models
  • Network layer protocols: IP protocol v4
  • Network layer protocols: IP protocol v6
  • Network layer protocols: ICMP
  • Network layer protocols: IPsec
  • Transport layer protocols: TCP
  • Transport layer protocol: UDP
  • Application layer protocols: DNS, DHCP, SSH, SNMP, TFTP, NTP
  • Other protocols: , Cisco Reverse Telnet, CDP, HSRP, VRRP, VTP, STP, TACACS+
  • Layer 2 protocols: ARP
  • VoIP
  • Cabling and network types: CAT 5 / Fibre , 10/100/1000baseT, Token ring
  • Cisco configuration files and security
  • LAB: Analysing traffic with Wireshark and Microsoft Message analyser
  • LAB: Analysing traffic with Network miner
  • DEMO: Cisco configuration files, Mikrotik configuration files

Network devices

  • Switches (Hubs)
  • Routers
  • Firewalls
  • Honeypots
  • DEMO: Tunnelling traffic through firewalls
  • LAB: Iptables basic settings

Wi-Fi protocols and security

  • WEP and vulnerabilities
  • WPA and vulnerabilities
  • WPA2 and vulnerabilities
  • DEMO: Cracking WEP
  • DEMO/LAB: Cracking WPA2
  • DEMO: Rogue Wi-Fi access point

MitM attacks

  • ARP spoofing
  • DNS spoofing
  • MAC duplicating
  • DHCP attacks
  • Other MitM attacks
  • DEMO: ARP spoofing, basic MitM attacks
  • LAB: MitM attacks (ARP spoofing with arpspoof in Linux and Cain&Abel in windows)


  • Cryptography basics
  • About encryption (history, symmetric and asymmetric encryption basics)
  • Encryption protocols (DES, 3DES, AES, RC4)
  • Encoding and protocols
  • Hashing and protocols (MD5, SHA-1, SHA-2, SHA-3)
  • PKI 101
  • PKI algorithms and integrity codes (RSA, HMAC)
  • HTTPS and protocols: SSL (NOT TO BE USED ANYMORE), TLS
  • LAB: Testing HTTPS supported protocols
  • LAB: MitM attacks (MitMf – Man in the middle framework tool ): ARP, DNS, java script and HTML injection, smb credentials steeling, SSLStrip, SSLStrip+ and other attacks possible)

Tools showcase (basic concepts and usage) – DEMO

  • nc, ncat, cryptcat
  • nmap, port service, vulnerability scanning
  • metasploit framework

Tools showcase – LAB

  • nc, ncat, cryptcat
  • nmap, port service, vulnerability scanning
  • metasploit framework

Pivoting with various tools

  • DEMO: Pivoting with metasploit framework
  • LAB: Pivoting with metasploit framework
  • DEMO:ssh local and remote port forwarding
  • DEMO: Pivoting through windows client
  • LAB: Pivoting through windows client

Windows OS

  • Windows basic troubleshooting, commands and services hacker would use ((ipconfig, nslookup, net, netstat, nbatstat, sc, netsh, ftp, tftp, telnet, arp, wscript, cscript, add services through command shell, batch scripts, process list, kill process, ipconfig, tracert, …)
  • File permission basics
  • Registry and permissions
  • AD 101 (DC, GC, FSMO, master browser)
  • Domain reconnaissance
  • User and group enumeration (NetBIOS, SNMP, AD)
  • Windows passwords: LM (SHUDN’T BE USED ANYMORE), NTLM, NTLMv2
  • LAB: user and group enumeration on windows AD using various techniques
  • LAB: resetting local and AD password
  • LAB: Cracking windows passwords (Brute force, dictionary, precomputed hashes) using cain, john and or hashcat
  • DEMO: Pass the hash
  • LAB: “stealing” NTLMv2 hash from client surfing the web in MitM attack
  • Windows patching techniques
  • RDP
  • EoP (Elevation of privilege) on windows
  • Post exploitation techniques, and “shell” escapes
  • MS Exchange attack vectors
  • Common windows application vulnerabilities

Linux OS

  • Bash basics
  • Linux basic troubleshooting commands and services hacker would use (ifconfig, ip, arp, netstat, traceroute, smbclient, rpcclient, service, systemctl, journalctl, /etc/network/interfaces, add service to autostart, mount, mkfs, fdisk, start and configure: apache, ftp, tftp, ssh…)
  • Linux file permissions basics
  • User enumeration on Unix like systems
  • Gaining remote access to linux systems through remotely exploitable, publicly available vulnerabilities
  • Sendmail/SMTP publicly known exploits
  • NFS
  • R* services
  • X11
  • RPC services
  • SSH

Web applications security incidents

  • Introduction to web application security
  • Various attacks on web applications
  • Web application attack statistics (Verizon DBIR, AKAMAI state of the Internet report, White Hat security

Web technologies and concepts

  • History
  • Multi-tier architecture
  • Web technologies concepts
  • HTTP protocol
  • Encoding
  • HTTP protocol methods
  • HTTP protocol status codes
  • Cookies
  • Cookie protection
  • HTML
  • XML
  • SOAP
  • Parameter tampering concepts
  • OWASP: Top 10
  • OWASP: Testing guide
  • Various web debugger proxy tools
  • LAB: Burp proxy (FREE edition) parameter tampering
  • LAB: Burp proxy (FREE edition) Crawling
  • LAB: Burp proxy (FREE edition) Using Repeater and Intruder
  • LAB: ZAP proxy automated scanning

Web application frameworks

  • NET / Silverlight (NOT TO BE USED ANYMORE)
  • LAB: Decompiling Silverlight application
  • PHP
  • Java
  • LAB: Decompiling Java application
  • Flash
  • LAB: Decompiling Flash application

Web servers concepts and differences

  • MS IIS
  • Apache
  • Tomcat
  • Web server vulnerabilities
  • LAB: Hacking Tomcat server

Bypassing client side controls

  • Parameter tampering
  • Client side attacks
  • DEMO: Client side attack example (DLL hijacking)
  • Hidden form fields
  • Session cookies and cookie protection
  • DEMO: Cookie analysis
  • URL parameters
  • Referrer header
  • LAB: Cookie analysis and parameter tampering
  • How to defend against this type of attacks

Authentication attacks

  • Authentication/Authorization concepts
  • Authentication methods: Basic
  • Authentication methods: Digest
  • Authentication methods: Integrated Windows
  • Authentication methods: Form based
  • Authentication methods: Client certificate
  • LAB: Analysing various authentication types
  • LAB: Password cracking with burp
  • LAB: Password cracking with hydra
  • How to defend against this type of attacks

Design/Implementation flaws

  • Bad passwords
  • Authentication susceptible to Brute-force
  • Verbose failure messages
  • Unprotected transmission of credentials
  • Change and forgotten password functionality
  • Remember me functionality
  • User impersonation functionality
  • How to defend against this type of attacks

OWASP TOP 10: Injection (A1)

  • SQL injection explained
  • DEMO: SQLi (simple, complex, automated)
  • LAB: SQLi simple
  • LAB: from SQLi to reverse shell
  • LAB: SQLi automation using SQLMap tool
  • LDAP injection explained
  • OS command injection explained
  • LAB: from OS command injection to shell
  • How to defend against this type of attacks


  • Cross Site Scripting types explained
  • DEMO: stored and reflected XSS
  • LAB: simple reflected XSS
  • LAB: cookie stealing using XSS
  • LAB: from XSS to shell using BeeF (Browser Exploitation toolkit)
  • How to defend against this type of attacks

OWASP TOP 10: Broken authentication and session management (A2)

  • Session management and vulnerabilities
  • Cookie weaknesses
  • Cookie stealing techniques
  • DEMO: Trace.axd, Elmah.axh

Other common web application vulnerabilities

  • DoR (Direct Object references)
  • LAB: DoR
  • How to defend against this type of attacks
  • File inclusion: local (LFI)
  • File inclusion: remote (RFI)
  • Directory traversal
  • Null byte attacks
  • DEMO/LAB: LFI, RFI with directory traversal
  • File upload issues
  • DEMO: from image to root in few minutes
  • LAB: from image to root

Microsoft SQL server

  • Common attack vectors
  • Privilege escalation through database connection
  • DEMO: MS SQL server EoP through database connection

Oracle RDBMS

  • Common attack vectors
  • Oracle default accounts
  • Version identification
  • DEMO: ORACLE RDBMS version identification and default user accounts


  • Common attack vectors
  • Privilege escalation through database connection
  • DEMO: MySQL UDF exploit

Web application database connectivity

  • MS SQL server authentication methods and connection
  • Oracle server authentication methods and connection
  • MySQL server authentication methods and connection
  • MS Access authentication methods and connection

BoF (Buffer overflow)

  • Computer architecture and Assembly language intro
  • BoF attacks and examples (stack, SEH)
  • DEMO: Simple stack BoF from fuzzing to exploit
  • DEMO: Simple stack SEH BoF exploit
  • HOMEWORK: Simple stack BoF from fuzzing to exploit
  • BoF protection techniques

Additional Information



using VMware, Virtual box, Hyper-V – at least one of mentioned platforms

being able to create and use VMs, configure networking (bridge, NAT) in abovementioned platforms

understand that VMs can be converted from one platform to another


being able to configure IP settings on various windows and Linux OSs

being able to configure routing and manipulate routing tables on windows and Linux OSs

understanding basic troubleshooting tools and being able to fix troubleshoot networking issues related to IP, DNS, DG,

Operating System

being able to perform software installation, uninstallation, OS updates at least on windows and preferably Linux OSs

know how to create users and add users to groups at least on widows and preferably Linux OSs

being able to troubleshoot computer boot issues


Know how to enter the BIOS and modify various settings

Understand boot sequence and preferably BIOS POST procedure

General knowledge

general computer user knowledge related to:

Internet browsing,

file copy and paste

file permissions

command line tools usage and understanding on command vs. switches

compression tool usage

good understanding on different file types on windows and what to do with them

Soft skills

Being able to work in a stressful situations

Being able to learn without supervision

Being able to think out of the box

Who should attend

This training is intended for individuals who wish to have a rewarding and lucrative career in the Cyber Security world.

We Accept

Course List