Login to profile

CREST Certified Simulated Attack Specialist

Following the recent update to the CREST Registered Penetration Tester (CRT) exam and our dedication to enhancing and updating our exams, we are excited to share that, in 2024, we will be implementing significant changes to this exam.

The upcoming changes will ultimately improve the overall exam experience. However, if you fall into one of the following categories, we encourage you to book and take the current exam as soon as possible to minimise the impact of the transition:

  • You’ve taken the exam before and are due to renew in the next 6 months or so; or
  • You’re planning a re-take, having attempted the exam before; or
  • You have been studying for the exam and are ready to take it

We will be keeping this webpage up to date and sharing detailed information on all the changes as and when they are ready.

 



Book now with Pearson Vue for the written element of this exam

 

The CREST Certified Simulated Attack Specialist (CCSAS) examination tests candidates’ knowledge and expertise delivering technical components of a Simulated Attack, specifically exploitation of client vulnerabilities through Trojanised files, phishing campaigns, implant development, evasion skills and lateral movement within a compromised network.
This exam is considered a specialism to the existing CREST Certified Infrastructure certification, which is a mandatory prerequisite for all candidates wishing to complete this examination. While it is acknowledged that there is significant overlap with the existing Certified Infrastructure exam syllabus this examination is set at a significantly higher level of detail in a number of areas.  For the avoidance of doubt, all candidates wishing to sit the CCSAS examination must have a valid certificate for the CREST Certified Infrastructure qualification.

Examination Format
The examination consists of three components:

  • multiple choice
  • written, comprising a selection of long form questions that require detailed answers
  • practical

Candidates are required to meet or exceed a two-thirds pass mark in both sections independently in order to pass the exam overall.

You can download the following documents from the links below:

Syllabus for the CCSAS examination
Notes for Candidates to aid examination preparation

Cost
For costs and availability please refer to individual country booking.

To pass the exam, the candidate must pass both sections. The written elements of the examination are delivered at Pearson Vue test centres; the practical element is delivered at a CREST examination centre. Candidates must hold a valid pass in the written element of this examination in order to sit the practical element.

Recommended Preparation Material
The CREST Assessors panel regularly identifies common themes and consolidates common questions and answers from candidates and from the industry in relation to the CREST certification examinations. Candidates are advised to familiarise themselves with these, although they are free to disregard them if they wish.

CREST recommends that candidates familiarise themselves with the content in our FAQS which have been created specifically for those attempting a practical examination.

The following material and media have been cited as helpful preparation for this examination by previous candidates:

Reading Material:
Red Team Field Manual V2 (RTFM) (by Ben Clarke)
Hacking Exposed 7:  Network Security Secrets and Solutions (by Stuart McClure/Joel Scambray/George Kurtz)
Metasploit Unleashed Guide
Hackers Playbook (by Peter Kim)
Network Security Assessment (by O’Reilly, 2nd edition)
Targeted Cyber Attacks (by Syngress)
Metasploit – The Penetration Tester’s Guide (by David Kennedy)

Websites:
http://vulnhub.com – free vulnerable images

Courses:
Offensive Security Virtual Labs
Certified Information Systems Security Professional (CISSP)

How to Book – Practical Element
The practical element of this exam is available at a CREST Exam Centre. Please complete the booking form for your region and email it to [email protected].

UK Examinations Booking Form

Useful Information for Candidates
Details of the Logistics and Timings of CREST examinations can be found in the Examination Preparation pages for your country of choice
CREST’s Policy for Candidates requiring special arrangements including additional time to accommodate a medical condition (including examinations delivered via Pearson Vue.
Terms and Conditions for CREST Examinations (includes hard disk drive wiping policy)