How to Study for the White Hat Hacker Associate Certification (CWA) (2024)

Since I first announced the new Null Byte recognition for excellence a few weeks ago, several of you have written me asking, "How can I study for this certification exam, and what material will be covered on the exam?" Now I have an answer for you.

How to Study for the White Hat Hacker Associate Certification (CWA) (1)

The White Hat Hacker Associate (CWA) will cover 14 domains or areas. Everything you need to know is here on Null Byte. There will be no questions that are not covered here on this site, guaranteed.

It's important to note that this is an entry-level certification and not a professional certification. As such, it will emphasize the basics of each of these 14 domains without going into great depth. There will not be labs on the CWA, though, there will be labs with the CWE and the CWP. The questions will be strictly multiple choice. If you know the basic concepts, you should be able to pass this exam and then begin to work your way toward the more advanced CWE and the CWP.

The 14 domains and their weight on the exam, as well as the articles you should read and know to prepare for the CWA, are:

1. The Role of the White Hat Hacker - 3%

This is probably the one area I have written the least on. The idea here is that the successful CWA needs to understand what a White Hat Hacker is and what they do. The CWA needs to understand that a White Hat Hacker may work in pentesting, information security, cyber warfare, and espionage among a number of industries. In addition, the CWA must be familiar with the hacker methodology.

  • Hack Like a Pro: The Hacker Methodology
  • The Essential Skills to Become a Master Hacker

2. IT Fundamentals - 10%

To be a White Hat Hacker, there are some IT fundamentals that you must know. For instance, you need to understand the basics of Linux, networking, and TCP/IP. It's important to understand Linux, as it is the hacker platform, for good reason.

  • Linux Basics for the Aspiring Hacker (Series)
  • Why Every Hacker Should Know Linux

You can pick up some basic networking from the first two articles below, and some TCI/IP basics from the forensics article.

  • Linux Basics for the Aspiring Hacker, Part 6 (Networking Basics)
  • Networking Basics for the Aspiring Hacker

3. Passive Reconnaissance - 8%

This section starts the standard hacking process, beginning with passive reconnaissance. This is reconnaissance that cannot be detected by the target. You should be familiar with Shodan and Netcraft and how to abuse DNS for reconnaissance and finally, a bit of SNMP.

  • How to Find Vulnerable Targets Using the Shodan Search Engine
  • How to Conduct Passive Recon of a Potential Target with Netcraft
  • Hack Like a Pro: Abusing DNS for Reconnaissance
  • Hack Like a Pro: How to Exploit SNMP for Reconnaissance

4. Active Reconnaissance & Port Scanning - 10%

Port scanning may be among one the most fundamental skills of the hacker, and Nmap may be the most fundamental tools of the hacker. The following two guides on Nmap and Hping3 should be sufficient for you to pass this section of the exam.

  • How to Conduct Active Recon on Your Target with Hping3

5. Social Engineering - 5%

I have written little here on social engineering, but many of the hacks I have detailed include some measure of social engineering, such as getting people to click on a PDF, Word, or MCL file. In addition, you should be familiar with the Social Engineering Toolkit and social engineering techniques.

  • How to Spear Phish with the Social Engineering Toolkit (SET)

6. Basics of Password Cracking - 10%

The CWA must understand the basics and principles of password hacking/cracking. You should read my series on password cracking and be familiar with some of the password cracking tools such as Cain and Abel, John the Ripper, Hashcat, and THC-Hydra.

  • Hack Like a Pro: How to Crack Passwords (Series)

7. Basics of Metasploit - 7%

Although the CWA won't go into great detail on using Metasploit, to successfully pass the CWA exam, you should understand the basic concepts and commands of Metasploit, such as what is an exploit, payload, target, LHOST, RHOST etc. I suggest you read and study the following series.

  • Metasploit Basics for the Aspiring Hacker (Series)

8. Basics of Cryptography - 5%

The CWA is not expected to be a cryptographer, but they should be familiar with the concepts of symmetric vs. asymmetric cryptography, PKI, hashes, etc. The test questions on the exam will be limited to the terms and concepts in the following article.

  • Hack Like a Pro: Cryptography Basics for the Aspiring Hacker

9. Basics of Sniffing - 5%

Sniffing is a rudimentary skill for both the network engineer and White Hat Hacker. To pass the CWA, you should understand what sniffing is and how to use such tools as Wireshark. Check out the following article for help on Wireshark.

10. Basics of Snort - 5%

Snort is the world's most widely used intrusion detection system (IDS). Understanding how it works will make you a better security engineer and hacker. The CWA will be expected to understand the basics of Snort operation and the structure of a Snort rule.

  • How to Evade an Intrusion Detection System Using Snort

11. Basics of Vulnerability Scanning - 7%

Vulnerability scanning is critical to discovering known vulnerabilities in website, applications, and operating systems. The CWA should be familiar with the concepts and limitations of vulnerability scanning. To prepare for the exam, take a look at these three articles:

  • How to Find Vulnerabilities for Any Website Using Nikto

12. SQL Injection & Database Hacking - 5%

SQL injection is one of the best ways for hackers to get to the hacker's pot of gold, the database. The successful CWA should understand the basics of SQL Injection and database hacking. To study for this section of the exam, check out my Hacking Databases series and the excellent article on SQL injection by Allen Freeman listed below.

  • How to Hack Databases (Series)

13. Wireless Hacking - 10%

Any hacker worth their salt needs to understand the basics of wireless hacking. To pass the exam, you must distinguish between the different types of wireless security (WEP, WPA, and WPA2), as well as the basic tools and techniques of wireless hacking.

To study for this portion of the exam, make sure to read:

  • How to Hack Wi-Fi: Getting Started with the Aircrack-ng Suite
  • How to Hack Wi-Fi: Cracking WPA2 Passwords with Aircrack-ng

14. Web App & Server Hacking - 10%

The key things to study here are BeEF and my web app hacking series. Although the web app hacking series is far from complete (as are all my series), you will only need to understand the basics for this exam that are covered in these articles.

  • Hack Like a Pro: How to Hack Web Browsers with BeEF
  • Hack Like a Pro: How to Hack Web Apps (Series)

Getting Ready to Become a Certified Hacker!

More advanced subject areas such as mobile hacking, Metasploit hacking, exploit development, and scripting will not be on the CWA exam, but will appear on the more advanced CWE and CWP, where the certification will require the completion of a hacking lab to show proficiency with tools and concepts.

Remember that this exam will only cover concepts and tools covered here on Null Byte, so no need to buy outside books and classes. If it is not on Null Byte, it will not be covered on the exam. Also, please remember that if you can't find an article, type the keywords in the search box up top. In addition, take a look at my article, "How to Use Null Byte to Study to Become a Professional Hacker," for some guidance on what to read and study.

You can expect the exam to be ready in either December or January, and that means plenty of time to study so that you can be among the first to be certified as a White Hat Hacker Associate!

Just updated your iPhone? You'll find new features for TV, Messages, News, and Shortcuts, as well as important bug fixes and security patches. Find out what's new and changed on your iPhone with the iOS 17.6 update.

How to Study for the White Hat Hacker Associate Certification (CWA) (2024)

References

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Van Hayes

Last Updated:

Views: 5771

Rating: 4.6 / 5 (66 voted)

Reviews: 81% of readers found this page helpful

Author information

Name: Van Hayes

Birthday: 1994-06-07

Address: 2004 Kling Rapid, New Destiny, MT 64658-2367

Phone: +512425013758

Job: National Farming Director

Hobby: Reading, Polo, Genealogy, amateur radio, Scouting, Stand-up comedy, Cryptography

Introduction: My name is Van Hayes, I am a thankful, friendly, smiling, calm, powerful, fine, enthusiastic person who loves writing and wants to share my knowledge and understanding with you.