The CREST Registered Penetration Tester (CRT) exam syllabus defines the areas that are assessed within the CRT exam. 

Candidates will be expected to find known vulnerabilities across common networks, applications, infrastructure and databases. CRT validates a practitioner’s ability to conduct vulnerability scans using commonly available tools and to interpret the results.  

Successful CRT candidates will be able to demonstrate that they are qualified for hands on Pen Test Roles (indicative of 3+ years of experience) with respect to: 

Core Technical Skills 

The candidate will demonstrate the use of prescribed tools to interpret output and be able to conduct fingerprinting. 

Internet Information Gathering and Reconnaissance 

The candidate will have a good understanding of DNS, including SOA, NS, MX, A, AAAA, CNAME, PTR, TXT, HINFO, SVT, as well as DNS queries, passive DNS monitoring and dangling DNS entries and their vulnerabilities. 

Networks 

The candidate will demonstrate a good understanding of network connections, VLAN Tagging, IPv4, network mapping, devices and filtering, traffic analysis (intercept and monitor (PCAP)), TCP, UDP, Service Identification and Host Discovery. 

Network Services 

The candidate will have a good understanding of the concepts of Unencrypted Services (Telnet, FTP, SNMP, HTTP), TLS/SSL, Name Resolution Services (DNS, NetBIOS/WINS, LLMNR, mDNS),  Management Services, (Telnet, Cisco Reverse Talent), SSH, HTTP, Remote Powershell, WMI, WinRM, RDP, VNC, X), Desktop Access, IPsec, FTP, TFTP. SNMP. SSH, NFS and its security attributes, SMB including Win File shares and Samba, LDAP, Berkely R* Services and trust relationships, Finger, RPC Services, NTP and SMTP and Mail Servers. 

Microsoft Windows Security 

The candidate will demonstrate a good understanding of Windows reconnaissance, network and active directory enumeration, Windows passwords, processes and file permissions, registry, Windows remote and local exploitation, post exploitation, patch management, Windows desktop lockdown and common Windows applications. 

Linux/UNIX Security Assessment 

The candidate will have a good understanding of Linux/Unix reconnaissance, Linux/Unix network enumeration, Linux/Unix passwords, Linux/Unix file permissions and Linux/Unix processes. 

Web Technologies 

The candidate will have a good understanding of web servers, web app frameworks (including .NET, J2EE, Coldfusion, Ruby on Rails, NodeJS, Django, Flask), common web applications, web protocols, mark up languages, web app reconnaissance, information gathering, web authentication and authorisation, input validation, XSS, SQL, mail and OS command injection, sessions, cookies, session hijacking, XS request forgery, web cryptography, parameter manipulation, directory traversal, file uploads and web app logic flaws.    

Databases 

The candidate will have a good understanding of SQL relational databases, MS SQL servers, Oracle RDBMS, MySQL and PostgreSQL, understand user enumeration of usernames, Unix vulnerabilities, FTP, SMTP, NFS, R* Services, X11, RPC services and SSH.

The full syllabus is available here.