Login to profile

CREST Certified Simulated Attack Specialist

Book now with Pearson Vue for the written element of this exam

The CREST Certified Simulated Attack Specialist (CCSAS) examination tests candidates’ knowledge and expertise delivering technical components of a Simulated Attack, specifically exploitation of client vulnerabilities through Trojanised files, phishing campaigns, implant development, evasion skills and lateral movement within a compromised network.
This exam is considered a specialism to the existing CREST Certified Infrastructure certification, which is a mandatory prerequisite for all candidates wishing to complete this examination. While it is acknowledged that there is significant overlap with the existing Certified Infrastructure exam syllabus this examination is set at a significantly higher level of detail in a number of areas.  For the avoidance of doubt, all candidates wishing to sit the CCSAS examination must have a valid certificate for the CREST Certified Infrastructure qualification.

Examination Format
The examination consists of three components:

  • multiple choice
  • written, comprising a selection of long form questions that require detailed answers
  • practical

Candidates are required to meet or exceed a two-thirds pass mark in both sections independently in order to pass the exam overall.

You can download the following documents from the links below:

Syllabus for the CCSAS examination
Notes for Candidates to aid examination preparation

For costs and availability please refer to individual country booking.

To pass the exam, the candidate must pass both sections. The written elements of the examination are delivered at Pearson Vue test centres; the practical element is delivered at a CREST examination centre. Candidates must hold a valid pass in the written element of this examination in order to sit the practical element.

Recommended Preparation Material
The CREST Assessors panel regularly identifies common themes and consolidates common questions and answers from candidates and from the industry in relation to the CREST certification examinations. Candidates are advised to familiarise themselves with these, although they are free to disregard them if they wish.

CREST recommends that candidates familiarise themselves with the content in our FAQS which have been created specifically for those attempting a practical examination.

The following material and media have been cited as helpful preparation for this examination by previous candidates:

Reading Material:
Red Team Field Manual V2 (RTFM) (by Ben Clarke)
Hacking Exposed 7:  Network Security Secrets and Solutions (by Stuart McClure/Joel Scambray/George Kurtz)
Metasploit Unleashed Guide
Hackers Playbook (by Peter Kim)
Network Security Assessment (by O’Reilly, 2nd edition)
Targeted Cyber Attacks (by Syngress)
Metasploit – The Penetration Tester’s Guide (by David Kennedy)

http://vulnhub.com – free vulnerable images

Offensive Security Virtual Labs
Certified Information Systems Security Professional (CISSP)

How to Book – Practical Element
The practical element of this exam is available at a CREST Exam Centre. Please complete the booking form for your region and email it to [email protected].

Australasia Examinations Booking Form
Singapore Examinations Booking Form 
UK Examinations Booking Form

Useful Information for Candidates
Details of the Logistics and Timings of CREST examinations can be found in the Examination Preparation pages for your country of choice
CREST’s Policy for Candidates requiring special arrangements including additional time to accommodate a medical condition (including examinations delivered via Pearson Vue.
Terms and Conditions for CREST Examinations (includes hard disk drive wiping policy)