I have now attended the AST QSTM course and wanted to share my experience with everyone.
The AST course is designed to give anyone a really good oversight of computer security and I would highly recomended this course if you are totally new to security as this course will bring you up to speed. The course does cover a lot of material and there is a lot to take in, there are around 600+ slides to go through but afterwards you will have a much better understanding of computer security and it is inportant that you do have an understanding of this. Below you can see some of the topics coved in the first three days.
AST Points covered:
- Key security standards and issues.
- Professional / ethical behaviour in the area of vulnerability testing.
- Key communications and project management skills for vulnerability testing.
- The OSI model of networking.
- IP, TCP, UDP and ICMP protocols including IP based routing and the TCP state chart.
- Key network services including DNS.
- How a TCP/IP network can be profiled and have its topology mapped.
- How to configure and manage a network Device.
- How to subvert a network and bypass net work based security mechanisms.
- The role and function of service in a network enabled environment and the techniques associated with service enumeration.
- How critical service dependences within a net-work enabled environment can be enumerated and validated.
- How services should be managed and can be manipulated and exploited.
- How applications and operating systems should be configured and managed, and the ways in which they can be subverted
On the third day you will be given a multiple choice question sheet where you get an hour to answer 80 questions. There are 20 that are put in there as ‘kind of test questions’ I never knew this untill afterwards. I felt that some of the questions they asked were very hard and not based on something you would use in penentration testing day in and day out, it was more like if you needed to know you could quickly look it up, for example one of the questions I had was ‘What does the b flag do in nmap?’ I have used nmap many times before and never once used the b flag.
The QSTM course is two days, one day pratical and the other exams. In the pratical you go through some of the skills required to pass the exam and get to mess about in the labs. This was a lot of fun and I learned more from this than the AST course. I can’t go into too much detail as I don’t want to give anything away but again a list below shows what is covered. On the last day you have the pratical exam and a small viva. I found the pratical fun and frustrating as my Mac was having problems with a static IP address and keept dropping the ip so every few minutes I had to refresh my IP, this is what cost me so in the end I run out of time and could not do all five questions. I also found on both the written and pratical that a good understanding of some business networks would help a lot. I have never really had any hands on networking experience and some of the questions I felt, I could not answer as I didnt know what I was looking for. A good example of this was a question asked ‘If terminal services was running on a given machine’ I done the scan, got the result but I was not sure what I was looking for as I have never scanned a machine with terminal services on it so could not really answer the question and took a guess. I think the best advice I could give to anyone who has not had a lot of Penetration experience is setup windows server 2003 and install everything you can find and do a nmap scan to see what ports are open and what services work on each one.
QSTM Points covered:
- Common authentication processes
- Discussion of penetration testing scenarios
- Report writing best practices
- Case studies of the various laws
- ARP spoofing and a man-in-the-middle attack
- Subnet masks
- Google hacking
- Port scanning
- Banner grabbing
- Fingerprinting network devices
- Service enumeration
- Vulnerability scanning
- Application enumeration
- Brute forcing
- Session hijacking
- Cross site scripting
- Exploitation frameworks
- SQL injection
Overall I really enjoyed the course and hope I passed but saying that I have taken away a few things that I can now work on and hope once I sort myself out I can then have another crack at it, if I was not successful. I done my course with www.encription.co.uk and I must say all the staff were really helpful and friendly and the lunch time meals were outstanding.
Okay so I got my result back and I didn’t pass which I expected, I am of course a little bit gutted that I didnt pass but I think the main important thing is all the stuff I got back from the training and what I took away from it. I can now focus on where I went wrong, what stuff I didn’t know and build on this and I do plan on taking this exam again or using the expierence to help pass other exams.