CREST Practitioner Intrusion Analyst Training in South Africa

Target Audience

• Aspiring information security personnel who wish to be part of an incident response team
• Existing practitioners wishing to become CREST Registered
• System administrators who are responding to attacks
• Incident handlers who wish to expand their knowledge into Digital Forensics
• Government departments who wish to raise and baseline skills across all security teams
• Law enforcement officers or detectives who want to expand their investigative skills
• Information security managers who would like to brush up on the latest techniques and processes in order to understand information security implications
• Anyone meeting the pre-requisites who is considering a career in Intrusion Analysis or Digital Forensics

A good appreciation of the technical aspects of ICT and one year’s experience in network / server technical administration / operations. QACYSEC – Cyber Security Bootcamp is recommended.

MODULE 1 - Soft Skills and Incident Handling

• Engagement Lifecycle Management
• Incident Chronology
• Law & Compliance
• Record Keeping, Interim Reporting & Final Results
• Threat Assessment

MODULE 2 - Core Technical Skills

• IP Protocols
• Network Architectures
• Common Classes of Tools
• OS Fingerprinting
• Application Fingerprinting
• Network Access Control Analysis
• Cryptography
• Applications of Cryptography
• File System Permissions
• Host Analysis Techniques
• Understanding Common Data Formats

MODULE 3 - Background Information Gathering & Open Source

• Registration Records
• Domain Name Server (DNS)
• Open Source Investigation and Web Enumeration
• Extraction of Document Meta Data
• Community Knowledge

MODULE 4 - Network Intrusion Analysis

• Network Traffic Capture
• Data Sources and Network Log Sources
• Network Configuration Security Issues
• Unusual Protocol Behaviour
• Beaconing
• Encryption
• Command and Control Channels
• Exfiltration of Data
• Incoming Attacks
• Reconnaissance
• Internal Spread and Privilege Escalation
• False Positive Acknowledgement

MODULE 5 - Analysing Host Intrusions

• Host-Based Data Acquisition
• Live Analysis Laboratory Set-up
• Windows File System Essentials
• Windows File Structures
• Application File Structures
• Windows Registry Essentials
• Identifying Suspect Files
• Storage Media
• Memory Analysis
• Infection Vectors
• Malware Behaviours and Anti-Forensics
• Rootkit Identification
• Live Malware Analysis

MODULE 6 - Reverse Engineering Malware

• Windows Anti-Reverse Engineering
• Functionality Identification
• Windows NT Architecture
• Windows API Development
• Binary code structure
• Cryptographic Techniques
• Processor Architectures
• Windows Executable File Formats
• Hiding Techniques
• Malware Reporting
• Binary Obfuscation
• Behavioural Analysis

MODULE 7 - CPIA Exam Preparation & Mock Exam

• CPIA- Examination Guidance
• CPIA- Mock Examination

EXAM - Booked directly via CREST

The CREST Practitioner Intrusion Analyst (CPIA) examination is an entry level qualification that tests a candidate’s knowledge in all three subject areas of network intrusion, host intrusion and malware reverse engineering at a basic level below that of the main

Registered and Certified qualifications.

Success will confer the CREST Practitioner status to the individual. This qualification is a prerequisite for the CREST Registered Intrusion Analyst (CRIA) examination and comprises a multiple choice written only examination.

CREST Accredited Training

CREST has assessed and accredited this training course confirming alignment with 100% of the CREST CPIA exam syllabus.