CREST Practitioner Intrusion Analyst (CPIA)

Prerequisites

A good appreciation of the technical aspects of ICT and one year’s experience in network/ server technical administration/ operations

Target Audience:

• Aspiring information security personnel who wish to be part of an incident response team
• Existing practitioners wishing to become CREST Registered
• System administrators who are responding to attacks
• Incident handlers who wish to expand their knowledge into Digital Forensics
• Government departments who wish to raise and baseline skills across all security teams
• Law enforcement officers or detectives who want to expand their investigative skills
• Information security managers who would like to brush up on the latest techniques and processes in order to understand information security implications
• Designed for people within or entering security operations
• Technical blue team certification that tests incident analysis
• Developed and trained by CREST Training Partner (Not yet for this certification, coming soon)
• Also comes with a format for those with 0 cyber experience

MODULE 1- Soft Skills and Incident Handling

• Engagement Lifecycle Management
• Incident Chronology
• Law & Compliance
• Record Keeping, Interim Reporting & Final Results
• Threat Assessment

MODULE 2- Core Technical Skills

• IP Protocols
• Network Architectures
• Common Classes of Tools
• OS Fingerprinting
• Network Access Control Analysis
• Cryptography
• Applications of Cryptography
• File System Permissions
• Host Analysis Techniques
• Understanding Common Data Formats

MODULE 3- Background Information Gathering & Open Source

• Registration Records
• Domain Name Server (DNS)
• Open Source Investigation and Web Renumeration
• Extraction of Document Meta Data
• Community Knowledge

MODULE 4- Network Intrusion Analysis

• Network Traffic Capture
• Data Sources and Network Log Sources
• Network Configuration Security Issues
• Unusual Protocol Behaviour
• Beaconing
• Encryption
• Command and Control Channels
• Exfiltration of Data
• Incoming Attacks
• Reconnaissance
• Internal Spread and Privilege Escalation
• False Positive Acknowledgement

MODULE 5- Analysing Host Intrusions

• Host-Based Data Acquisition
• Live Analysis Laboratory Set-up
• Windows File System Essentials
• Windows File Structures
• Application File Structures
• Windows Registry Essentials
• Identifying Suspect Files
• Storage Media
• Memory Analysis
• Infection Vectors
• Malware Behaviours and Anti-Forensics
• Rootkit Identification
• Live Malware Analysis

MODULE 6- Reverse Engineering Malware

• Windows Anti-Reverse Engineering
• Functionality Identification
• Windows NT Architecture
• Windows API Development
• Binary code structure
• Cryptographic Techniques
• Processor Architectures
• Windows Executable File Formats
• Hiding Techniques
• Malware Reporting
• Binary Obfuscation
• Behavioural Analysis

MODULE 7- CPIA Exam Preparation & Mock Exam

• CPIA- Examination Guidance
• CPIA- Mock Examination

EXAM - Booked directly via CREST

The CREST Practitioner Intrusion Analyst (CPIA) examination is an entry level qualification that tests a candidate’s knowledge in all three subject areas of network intrusion, host intrusion and malware reverse engineering at a basic level below that of the main

Registered and Certified qualifications.

Success will confer the CREST Practitioner status to the individual. This qualification is a prerequisite for the CREST Registered Intrusion Analyst (CRIA) examination and comprises a multiple choice written only examination.

CREST Accredited Training

CREST has assessed and accredited this training course confirming alignment with 100% of the CREST CPIA exam syllabus.

‍