Select Page
Home / CRPT- CREST Registered Penetration Tester

CRPT- CREST Registered Penetration Tester |Live Online and Face-to-Face in Class

CREST Registered Penetration Tester TRAINING

CREST Penetration Tester Training Basic Information 

  • CREST Penetration Tester Training Duration : 70 Hours
  • 95.8% Certification Success in First Attempt
  • Classroom and Live Online  batches available
  • Training delivered by Professionals
  • Dumps and Simulations available for Practice
  • Certified Trainers with enormous industry experience
  • Important Insights on Certification preparation

Book Your Course

Date Location   Course Booking
08-19 Jun, 2020 London W1  
07-18 Sep, 2020 London W1  
07-18 Dec, 2020 London W1  



  • CREST Registered Penetration Tester
  •  Virtualization using VMware, Virtual box, Hyper-V – at least one of mentioned platforms
  • being able to create and use VMs, configure networking (bridge, NAT) in abovementioned platforms
  • understand that VMs can be converted from one platform to another
  • Networking

                        CREST Tester Exam Information (English Language)

COST £895 + VAT
FORMAT Multiple-choice, multiple-answer + Practical

                  Penetration Tester Exam Information (Other* Languages)

COST £895 + VAT
FORMAT Multiple-choice, multiple-answer + Practical

* French, German, Brazilian Portuguese, Spanish, Japanese, Simplified Chinese, Korean



Are you looking for any of these Penetration tester training, Penetration tester course, crest registered tester, crest CRT Course, CREST registered penetration tester you are at the right place where we prepare attendees to pass the examination with 95% Success Rate.

The CREST penetration testing course takes students of varying IT experience levels and re-skills them so that they can enter the industry not as a trainee but as qualified Penetration Tester making them productive from day one. This is an Accredited CREST Training course. This is THE Penetration Tester Training that you need to have!

This in-depth, hands-on, 2-week course will take you into a rewarding and lucrative career in the Cyber Security world.


To help you forge a successful career within this sector we will thoroughly prepare you to gain two (2) of the most relevant, in-demand, industry-recognized qualifications; which are:

+ CREST Practitioner Security Analyst (CPSA)
+ CREST Registered Penetration Tester (CRT)


Course Syllabus:

CREST Penetration Tester Training Security Concepts

  • Introduction to security
  • CIA/DAD triangles
  • Defense in depth
  • Main reasons why hacker succeed

CREST Penetration Tester Course Risk management

  • Threat modelling
  • Risk assessment process
  • Risk treatment
  • Risk management and Penetration testing
  • LAB: Threat modelling

CREST Penetration Tester Course Law & Compliance

  • UK legislation:
  • Computer Misuse act 1990
  • Human Rights Act 1998
  • Data Protection Act 1998
  • Police and Justice Act 2006
  • Penetration testing and legislation
  • Regulatory issues

Attack phases

  • Hacking attack phases
  • Techniques for scanning the network
  • Techniques for resource enumeration
  • Google hacking
  • DEMO: Google hacking (using advanced operators, elmah.axd, online devices, targeting specific domain, file type, …)
  • OS and service fingerprinting
  • DEMO: OS and service fingerprinting and EoP (Homework)
  • LAB: Reconnaissance
  • LAB: scanning ports and services with nmap
  • DEMO: Enumerating: DNS, SNMP, AD, SMTP

Penetration testing

  • Penetration testing explained
  • Penetration testing phases
  • Difference between vulnerability scanning and penetration testing
  • How to write a Penetration testing report
  • DEMO: Example penetration testing report
  • DEMO: Vulnerability scanning using various tools (nmap, ZAP, Accunetix WVS, Nessus)
  • LAB: Vulnerability scanning (network and Web)

TCP/IP protocols

  • OSI and TCP/IP models
  • Network layer protocols: IP protocol v4
  • Network layer protocols: IP protocol v6
  • Network layer protocols: ICMP
  • Network layer protocols: IPsec
  • Transport layer protocols: TCP
  • Transport layer protocol: UDP
  • Application layer protocols: DNS, DHCP, SSH, SNMP, TFTP, NTP
  • Other protocols: , Cisco Reverse Telnet, CDP, HSRP, VRRP, VTP, STP, TACACS+
  • Layer 2 protocols: ARP
  • VoIP
  • Cabling and network types: CAT 5 / Fibre , 10/100/1000baseT, Token ring
  • Cisco configuration files and security
  • LAB: Analysing traffic with Wireshark and Microsoft Message analyser
  • LAB: Analysing traffic with Network miner
  • DEMO: Cisco configuration files, Mikrotik configuration files

Network devices

  • Switches (Hubs)
  • Routers
  • Firewalls
  • Honeypots
  • DEMO: Tunnelling traffic through firewalls
  • LAB: Iptables basic settings

Wi-Fi protocols and security

  • WEP and vulnerabilities
  • WPA and vulnerabilities
  • WPA2 and vulnerabilities
  • DEMO: Cracking WEP
  • DEMO/LAB: Cracking WPA2
  • DEMO: Rogue Wi-Fi access point

MitM attacks

  • ARP spoofing
  • DNS spoofing
  • MAC duplicating
  • DHCP attacks
  • Other MitM attacks
  • DEMO: ARP spoofing, basic MitM attacks
  • LAB: MitM attacks (ARP spoofing with arpspoof in Linux and Cain&Abel in windows)


  • Cryptography basics
  • About encryption (history, symmetric and asymmetric encryption basics)
  • Encryption protocols (DES, 3DES, AES, RC4)
  • Encoding and protocols
  • Hashing and protocols (MD5, SHA-1, SHA-2, SHA-3)
  • PKI 101
  • PKI algorithms and integrity codes (RSA, HMAC)
  • HTTPS and protocols: SSL (NOT TO BE USED ANYMORE), TLS
  • LAB: Testing HTTPS supported protocols
  • LAB: MitM attacks (MitMf – Man in the middle framework tool ): ARP, DNS, java script and HTML injection, smb credentials steeling, SSLStrip, SSLStrip+ and other attacks possible)

Tools showcase (basic concepts and usage) – DEMO

  • nc, ncat, cryptcat
  • nmap, port service, vulnerability scanning
  • metasploit framework

Tools showcase – LAB

  • nc, ncat, cryptcat
  • nmap, port service, vulnerability scanning
  • metasploit framework

Pivoting with various tools

  • DEMO: Pivoting with metasploit framework
  • LAB: Pivoting with metasploit framework
  • DEMO:ssh local and remote port forwarding
  • DEMO: Pivoting through windows client
  • LAB: Pivoting through windows client

Windows OS

  • Windows basic troubleshooting, commands and services hacker would use ((ipconfig, nslookup, net, netstat, nbatstat, sc, netsh, ftp, tftp, telnet, arp, wscript, cscript, add services through command shell, batch scripts, process list, kill process, ipconfig, tracert, …)
  • File permission basics
  • Registry and permissions
  • AD 101 (DC, GC, FSMO, master browser)
  • Domain reconnaissance
  • User and group enumeration (NetBIOS, SNMP, AD)
  • Windows passwords: LM (SHUDN’T BE USED ANYMORE), NTLM, NTLMv2
  • LAB: user and group enumeration on windows AD using various techniques
  • LAB: resetting local and AD password
  • LAB: Cracking windows passwords (Brute force, dictionary, precomputed hashes) using cain, john and or hashcat
  • DEMO: Pass the hash
  • LAB: “stealing” NTLMv2 hash from client surfing the web in MitM attack
  • Windows patching techniques
  • RDP
  • EoP (Elevation of privilege) on windows
  • Post exploitation techniques, and “shell” escapes
  • MS Exchange attack vectors
  • Common windows application vulnerabilities

Linux OS

  • Bash basics
  • Linux basic troubleshooting commands and services hacker would use (ifconfig, ip, arp, netstat, traceroute, smbclient, rpcclient, service, systemctl, journalctl, /etc/network/interfaces, add service to autostart, mount, mkfs, fdisk, start and configure: apache, ftp, tftp, ssh…)
  • Linux file permissions basics
  • User enumeration on Unix like systems
  • Gaining remote access to linux systems through remotely exploitable, publicly available vulnerabilities
  • Sendmail/SMTP publicly known exploits
  • NFS
  • R* services
  • X11
  • RPC services
  • SSH

Web applications security incidents

  • Introduction to web application security
  • Various attacks on web applications
  • Web application attack statistics (Verizon DBIR, AKAMAI state of the Internet report, White Hat security

Web technologies and concepts

  • History
  • Multi-tier architecture
  • Web technologies concepts
  • HTTP protocol
  • Encoding
  • HTTP protocol methods
  • HTTP protocol status codes
  • Cookies
  • Cookie protection
  • HTML
  • XML
  • SOAP
  • Parameter tampering concepts
  • OWASP: Top 10
  • OWASP: Testing guide
  • Various web debugger proxy tools
  • LAB: Burp proxy (FREE edition) parameter tampering
  • LAB: Burp proxy (FREE edition) Crawling
  • LAB: Burp proxy (FREE edition) Using Repeater and Intruder
  • LAB: ZAP proxy automated scanning

Web application frameworks

  • NET / Silverlight (NOT TO BE USED ANYMORE)
  • LAB: Decompiling Silverlight application
  • PHP
  • Java
  • LAB: Decompiling Java application
  • Flash
  • LAB: Decompiling Flash application

Web servers concepts and differences

  • MS IIS
  • Apache
  • Tomcat
  • Web server vulnerabilities
  • LAB: Hacking Tomcat server

Bypassing client side controls

  • Parameter tampering
  • Client side attacks
  • DEMO: Client side attack example (DLL hijacking)
  • Hidden form fields
  • Session cookies and cookie protection
  • DEMO: Cookie analysis
  • URL parameters
  • Referrer header
  • LAB: Cookie analysis and parameter tampering
  • How to defend against this type of attacks

Authentication attacks

  • Authentication/Authorization concepts
  • Authentication methods: Basic
  • Authentication methods: Digest
  • Authentication methods: Integrated Windows
  • Authentication methods: Form based
  • Authentication methods: Client certificate
  • LAB: Analysing various authentication types
  • LAB: Password cracking with burp
  • LAB: Password cracking with hydra
  • How to defend against this type of attacks

Design/Implementation flaws

  • Bad passwords
  • Authentication susceptible to Brute-force
  • Verbose failure messages
  • Unprotected transmission of credentials
  • Change and forgotten password functionality
  • Remember me functionality
  • User impersonation functionality
  • How to defend against this type of attacks

OWASP TOP 10: Injection (A1)

  • SQL injection explained
  • DEMO: SQLi (simple, complex, automated)
  • LAB: SQLi simple
  • LAB: from SQLi to reverse shell
  • LAB: SQLi automation using SQLMap tool
  • LDAP injection explained
  • OS command injection explained
  • LAB: from OS command injection to shell
  • How to defend against this type of attacks


  • Cross Site Scripting types explained
  • DEMO: stored and reflected XSS
  • LAB: simple reflected XSS
  • LAB: cookie stealing using XSS
  • LAB: from XSS to shell using BeeF (Browser Exploitation toolkit)
  • How to defend against this type of attacks

OWASP TOP 10: Broken authentication and session management (A2)

  • Session management and vulnerabilities
  • Cookie weaknesses
  • Cookie stealing techniques
  • DEMO: Trace.axd, Elmah.axh

Other common web application vulnerabilities

  • DoR (Direct Object references)
  • LAB: DoR
  • How to defend against this type of attacks
  • File inclusion: local (LFI)
  • File inclusion: remote (RFI)
  • Directory traversal
  • Null byte attacks
  • DEMO/LAB: LFI, RFI with directory traversal
  • File upload issues
  • DEMO: from image to root in few minutes
  • LAB: from image to root

Microsoft SQL server

  • Common attack vectors
  • Privilege escalation through database connection
  • DEMO: MS SQL server EoP through database connection

Oracle RDBMS

  • Common attack vectors
  • Oracle default accounts
  • Version identification
  • DEMO: ORACLE RDBMS version identification and default user accounts


  • Common attack vectors
  • Privilege escalation through database connection
  • DEMO: MySQL UDF exploit

Web application database connectivity

  • MS SQL server authentication methods and connection
  • Oracle server authentication methods and connection
  • MySQL server authentication methods and connection
  • MS Access authentication methods and connection

BoF (Buffer overflow)

  • Computer architecture and Assembly language intro
  • BoF attacks and examples (stack, SEH)
  • DEMO: Simple stack BoF from fuzzing to exploit
  • DEMO: Simple stack SEH BoF exploit
  • HOMEWORK: Simple stack BoF from fuzzing to exploit
  • BoF protection techniques

Audience to the course:

The CREST Penetration Tester Training certification – a globally recognized professional requirement in the IT Security domain, is best suited for:

  • IT Auditors
  • Managers, Directors and Executives
  • System Architects
  • Compliance Specialists
  • Risk Specialists
  • Business Analysts

Course Enquiry

    Your Name *

    Your Email *

    Course *

    Telephone *

    Your Message