Course Summary

CREST: Practitioner Intrusion Analyst (CPIA) is designed to provide you with intermediate-level skills in detecting, analyzing, and responding to network and host-based intrusions. This course covers a range of techniques and tools for identifying malicious activities, performing forensic analysis, and implementing security measures. You will learn to handle real-world intrusion scenarios, analyze attack patterns, and enhance organizational security.

What you will learn:

• You will understand intermediate concepts and techniques in intrusion detection and analysis.
• You will learn to use advanced tools and methodologies to identify and investigate intrusions.
• You will gain skills in performing detailed forensic analysis on compromised systems.
• You will develop expertise in analyzing attack patterns and understanding their implications.
• You will learn to implement and recommend robust security measures to prevent future intrusions.

Module 1: Soft Skills and Incident Handling
• The candidate will understand the Engagement Lifecycle, Incident Chronology, Record Keeping, Interim Reporting and Results and Threat
Assessment.

Module 2: Core Technical Skills
• The candidate will demonstrate an understanding of IP protocols, Network Architectures, Commons Classes of Tools, OS Fingerprinting, Application Fingerprinting, Network Access Control Analysis, Cryptography, Applications of Cryptography, File System Permissions, Host Analysis Techniques and Understanding Common Data Formats.

Module 3: Background Information Gathering and Open Source
• The candidate will demonstrate an understanding of Registration Records, DNS, Open-Source Investigation and Web Enumeration, Extraction of Document Meta Date and Community Knowledge.

Module 4: Network Intrusion Analysis
• The candidate will understand the Network Traffic Capture, Data Sources and Network Log Sources, Network Configuration Security Issues, Unusual Protocol Behavior, Beaconing, Encryption, Command and Control Channels, Exfiltration of Data, Incoming Attacks, Reconnaissance, Internal Spread and Privilege Escalation, Web Based Attacks and False
Positive Acknowledgement.

Module 5: Analyzing Host Intrusions
• The candidate will demonstrate an understanding of Host-based Data Acquisition, Windows File System Essentials, Windows File Structures, Application File Structures, Windows Registry Essentials, Identifying
Suspect Files, Storage Media, Memory Analysis, Infection Vectors, Malware Behaviors and Anti-Forensics, Rootkit Identification, Live Malware Analysis and Linux OS File Structures.

Module 6: Malware Analysis/Reverse Engineering
• The candidate will have a high-level understanding of Functionality Identification, Cryptographic Techniques, Windows Executable File Formats, Hiding Techniques and Behavioral Analysis.

There are no prerequisites to this course.

The CPIA Examination is comprised of one hundred and twenty (120) multiple choice questions to be completed over a 2-hour period with a result of 60% or more required to achieve a pass, 2.5 hours in total. The CPIA is a closed book exam. Therefore, no books, written notes, internet access or other electronic devices is allowed. Pass mark: Successful candidates must score 60% of the available marks.

Following your booking, a confirmation message will be sent to all participants, ensuring you're well-informed of your successful enrollment. Calendar placeholders will also be dispatched to assist you in scheduling your commitments around the course. Rest assured, all course materials and access to necessary labs or platforms will be provided no later than one week before the course begins, allowing you ample time to prepare and engage fully with the learning experience ahead.

Our comprehensive training package includes all the necessary materials and resources to facilitate a full learning experience. Enrollees will be provided with detailed course content, encompassing a wide array of topics to ensure a thorough understanding of the subject matter. Additionally, participants will receive a certificate of completion to recognize their dedication and hard work. It's important to note that while the course fee covers all training materials and experiences, the examination fee for certification is not included but can be purchased separately.

Questions About This Course?