As cyber attacks increase, so does the demand for information security professionals who possess true network penetration testing and ethical hacking skills. There are several ethical hacking courses that claim to teach these skills, but few actually do. SANS SEC560: Network Penetration Testing and Ethical Hacking truly prepares you to conduct successful penetration testing and ethical hacking projects. The course starts with proper planning, scoping and recon, and then dives deep into scanning, target exploitation, password attacks, and wireless and web apps with detailed hands-on exercises and practical tips for doing the job safely and effectively. You will finish up with an intensive, hands-on Capture the Flag exercise in which you'll conduct a penetration test against a sample target organization, demonstrating the knowledge you mastered in this course.
Equipping Security Organizations with Advanced Penetration Testing and Ethical Hacking Know-How
Security vulnerabilities, such as weak configurations, unpatched systems, and botched architectures, continue to plague organizations. Enterprises need people who can find these flaws in a professional manner to help eradicate them from our infrastructures. Lots of people claim to have penetration testing, ethical hacking, and security assessment skills, but precious few can apply these skills in a methodical regimen of professional testing to help make an organization more secure. This class covers the ingredients for successful network penetration testing to help attendees improve their enterprise's security stance.
We address detailed pre-test planning, including setting up an effective penetration testing infrastructure and establishing ground rules with the target organization to avoid surprises and misunderstanding. Then, we discuss a time-tested methodology for penetration and ethical hacking across the network, evaluating the security of network services and the operating systems behind them.
Attendees will learn how to perform detailed reconnaissance, learning about a target's infrastructure by mining blogs, search engines, and social networking sites. We'll then turn our attention to scanning, experimenting with numerous tools in hands-on exercises. Our exploitation phase will include the use of exploitation frameworks, stand-alone exploits, and other valuable tactics, all with hands-on exercises in our lab environment. The class also discusses how to prepare a final report, tailored to maximize the value of the test from both a management and technical perspective. The final portion of the class includes a comprehensive hands-on exercise, conducting a penetration test against a hypothetical target organization, following all of the steps.
The course also describes the limitations of penetration testing techniques and other practices that can be used to augment penetration testing to find vulnerabilities in architecture, policies, and processes. We also address how penetration testing should be integrated as a piece of a comprehensive enterprise information security program.
Mon May 92th, 2014 | 9:00 AM - 6:30 PM
Successful professional penetration testers and ethical hackers must carefully prepare before their projects, and this detailed session covers that strategies and tactics for doing so effectively. We cover building a penetration testing and ethical hacking infrastructure that includes the appropriate hardware, software, network infrastructure, and test tools arsenal, with specific low-cost recommendations for maximizing your effectiveness on a limited budget. This portion of the course also describes how to plan the specifics of a test, carefully scoping the project and defining the rules of engagement with target environment personnel. We survey the various legal issues associated with the penetration testing and ethical hacking craft in various countries around the world.
After this detailed analysis of preparation, the session changes topics to deal with reconnaissance, the initial phase of most penetration tests and ethical hacking projects. We'll look at maximizing the usefulness of information from public sources, including detailed and advanced DNS interrogations, whois look-ups, and late-breaking search engine vulnerability finding tools. We'll also look at emerging recon suites and how we can best position them in our testing regimens.
CPE/CMU Credits: 7
Tue May 20th, 2014 | 9:00 AM - 5:00 PM
This component of the course focuses on the vital task of scanning a target environment, creating a comprehensive inventory of machines and then evaluating those systems to find potential vulnerabilities. We'll look at some of the most useful scanning tools freely available today, experimenting with them in our hands-on lab. Because vulnerability-scanning tools inevitably give us false positives, we'll conduct an exercise on false-positive reduction, analyzing several methods for getting inside of what our tools are telling us to ensure the veracity of our findings. Our hands-on exercises include the creative use of packet crafting to measure the fine-grained behavior of target machines, all while watching the action from a custom-configured sniffer. We also look at some of the late-breaking features of popular tools, including the latest Nmap Scripting Engine capabilities.
CPE/CMU Credits: 6
Wed May 21th, 2014 | 9:00 AM - 5:00 PM
In this section, we look at the many kinds of exploits that a penetration tester or ethical hacker can use to compromise a target machine. We'll analyze in detail the differences between server-side, client-side, and local privilege escalation exploits, exploring some of the most useful recent exploits in each category. We'll see how these exploits are packaged in frameworks like Metasploit. We'll go over some of the more advanced Metasploit options, including its mighty Meterpreter, discussing some of the best features in this really powerful payload that are hugely helpful for penetration testers and ethical hackers.
We'll also look at some of the common pitfalls that we face when running exploits, as well as methods for mitigating, dodging, or even eliminating those issues. Finally, we'll zoom in on Windows. With its 80+% market share and regular discovery of vulnerabilities and release of exploits, the culmination of exploitation is often a command shell on a Windows box. We'll see how to maximize the effectiveness of that access, activating RDP, VNC, and installing SSH, all from a command prompt. Almost every topic covered in this session includes hands-on exercises to give attendees practical experience in using these techniques. Topics include:
CPE/CMU Credits: 6
Thu May 22th, 2014 | 9:00 AM - 5:00 PM
This component of the course turns our attention to password attacks, analyzing password guessing, password cracking, and pass-the-hash techniques in depth. Because passwords remain the dominant authentication scheme of most enterprises, professional penetration testers and ethical hackers need to understand how to find password weaknesses in a target environment. We'll go over numerous tips based on real-world experience to help penetration testers and ethical hackers maximize the effectiveness of their password attacks. We'll cover one of the best automated password-guessing tools available today, THC Hydra, and run it against target machines to guess Windows SMB and Linux SSH passwords. We'll then zoom in on the password representation formats for most major operating systems, discussing various cracking tools in-depth.
We'll do exercises in which we.ll patch the John the Ripper password cracker so that it can support NT hashes, and then compare its performance when compiled for different kinds of processor types. We'll look at the amazingly full-featured Cain tool, running it to crack sniffed Windows authentication messages. We'll see how Rainbow tables work to make password cracking much more efficient, and run a hands-on exercise using the technique. And, we'll finish the day with a lively discussion of a really powerful attack vector that doesn't require password cracking, but instead uses captured encrypted credentials to access Windows machines directly, in a so-called "pass-the-hash" attack, using customized Samba code for a hands-on exercise illustrating the technique. Specific topics include:
CPE/CMU Credits: 6
Fri May 23th, 2014 | 9:00 AM - 5:00 PM
With the increasing use of wireless networking technologies, professional penetration testers and ethical hackers are often called upon to evaluate these infrastructures for flaws. This section of the course describes methodologies for finding common wireless weaknesses, including misconfigured access points, application of weak security protocols, and the improper configuration of stronger security technologies.
The second half of this session focuses on web application penetration testing, looking for the numerous flaws that impact commercial and homegrown web apps. Attendees will work hands-on with tools that can find Cross-Site Scripting (XSS) and Cross-Site Request Forgery (XSRF) flaws, experimenting with each in a hands-on exercise. We'll look at command injection and directory traversal flaws, experimenting with them in hands-on exercises. Finally, the session deals with the sometimes devastating SQL injection flaws and session cloning issues that have resulted in significant website compromises.
CPE/CMU Credits: 6
Sat May 24th, 2014 | 9:00 AM - 5:00 PM
This lively session represents the culmination of the network penetration testing and ethical hacking course, where attendees will apply the skills that they've mastered throughout all the other sessions in a hands-on workshop. The rest of the course covers the overall process for successful testing, with a series of hands-on exercises individually illustrating each point. But here, in this final workshop, all of the exercises converge into an overall network penetration-testing workout. Operating as part of a team, attendees will conduct a penetration test of a target environment in the classroom, following all of the steps of a professional penetration tester and ethical hacker. You'll have to scan for flaws, use exploits, unravel technical challenges, and dodge firewalls, all the while analyzing and documenting your results in a comprehensive manner. Teams will compete with each other to be the first to win the Capture the Flag game that is the centerpiece of this workshop.
CPE/CMU Credits: 6
"Ed Skoudis is the best teacher I've ever had. He is 100% competent and professional."
-Petra Klein, FRA
IMPORTANT - BRING YOUR OWN LAPTOP WITH WINDOWS
To get the most value out of the course, students are required to bring their own laptop so that they can connect directly to the workshop network that we will create. It is the students' responsibility to make sure that the system is properly configured with all drivers necessary to connect to an Ethernet network.
Some of the course exercises are based on Windows, while others focus on Linux. VMware Player or VMware Workstation is required for the class. If you plan to use a Macintosh, please make sure you bring VMware Fusion, along with a Windows guest virtual machine.
You are required to bring Windows 7 (Professional, Enterprise, or Ultimate), Windows Vista (Business, Enterprise, or Ultimate), Windows XP Pro, or Windows 2003 or 2008 Server, either a real system or a virtual machine. Windows 8 Pro is an acceptable option. Windows 7 Home, Windows Vista Home, Windows XP Home, and Windows 2000 (all versions) will NOT work for the class as they do not include all of the built-in capabilities we need for comprehensive analysis of the system.
The course includes a VMware image file of a guest Linux system that is larger than 2 GB. Therefore, you need a file system with the ability to read and write files that are larger than 2 GB, such as NTFS on a Windows machine.
IMPORTANT NOTE:You will also be required to disable your anti-virus tools temporarily for some exercises, so make sure you have the anti-virus administrator permissions to do so. DO NOT plan on just killing your anti-virus service or processes because most anti-virus tools still function even when their associated services and processes have been terminated. For many enterprise-managed clients, disabling your anti-virus tool may require a different password than the Administrator account password. Please bring that administrator password for your anti-virus tool.
Enterprise VPN clients may interfere with the network configuration required to participate in the class. If your system has an enterprise VPN client installed, you may need to uninstall it for the exercises in class.
You will use VMware to run Windows and Linux operating systems simultaneously when performing exercises in class. You must have either the free VMware Player 3 or later or the commercial VMware Workstation 6 or later installed on your system prior to coming to class. You can download VMware Player for free here.
Alternatively, if you want a more flexible and configurable tool, you can download a free 30-day trial copy of VMware Workstation here. VMware will send you a time- limited license number for VMware Workstation if you register for the trial at their Web site. No license number is required for VMware Player.
We will give you a DVD full of attack tools to experiment with during the class and take home for later analysis. We will also provide a Linux image with all of our tools pre-installed that runs within VMware Player or VMware Workstation.
You do not need to bring a Linux system if you plan to use our Linux image in VMware. However, you are required to bring VMware Workstation or VMware Player. The class does not support VirtualPC or other non-VMware virtualization products.
Mandatory Laptop Hardware Requirements
During the workshop, you will be connecting to one of the most hostile networks on planet Earth! Your laptop might be attacked. Do not have any sensitive data stored on the system. SANS is not responsible for your system if someone in the class attacks it in the workshop.
By bringing the right equipment and preparing in advance, you can maximize what you'll see and learn as well as have a lot of fun.
If you have additional questions about the laptop specifications, please contact email@example.com.
|Provides an entry-level knowledge of penetration testing||--||X|
|Relies mainly on pen testing tools and not skill development||--||X|
|Analyzes how penetration testing and ethical hacking fit into acomprehensive information security program||X||--|
|Focuses on skill development and provides in-depth, technical skillsfor experienced pen testers||X||--|
|Provides in-depth understanding of the most powerful and useful pen testing tools and how they interrelate||X||--|
|Addresses real-world strategies and tactics to avoid common pen test pitfalls and maximize efficiency of testing||X||--|
|Discusses how to define appropriate rules of engagement and build a pen test project scope||X||--|
|Focuses on penetration test workflow and step-by-step methods for conducting projects||X||--|
|Demonstrates time-saving pen test tactics and secrets from industry experts||X||--|
|Emphasizes the mindset of successful penetration testing and ethical hacking, including troubleshooting, weighing risks, following a proven process, documentation, and final reports based on business risk||X||--|
|Covers techniques for maximizing the value of a pen test through thorough reporting and business focus||X||--|
|Ensures experienced instructors with real-world pen testing experience||X||--|
|Culminates in a hands-on penetration test of an example target organization modeling real-world security flaws||X||--|
This SANS course differs from other penetration testing and ethical hacking courses in several important ways:
"Sec 560 is getting better and better, you understand more as the day goes on. Most of these tools I will able to use in my organization." - Rayen Rai, Godo
"560 helped to take the stew of ideas and techniques in my head and organize them in a 'professionally' usable way." - Richard Tafoya, Redflex Traffic Systems
"I had a great time. Sec 560 has tons of useful material and techniques. As with all SANS training I leave knowing that I can apply this as soon as I'm back at work." - Benjamin Bagby, XE.Com
"This type of training is fantastic, all new penetration testers and personnel who interact with testers or set up assessments should take this Sec 560." - Christopher Duffy, Knowledge Consulting Group
"This will help me determine how safe my work environment is. Sec 560 is very fun, I don't feel burnt out at the end of the day." - David Neilson, Western Family Foods
"I think if you genuinely want to learn how exploitation techniques work and how to properly think like a hacker, it would be silly not to attend." - Mark Hamilton, McAfee
Successful penetration testers don't just throw a bunch of hacks against an organization and regurgitate the output of their tools. Instead, they need to understand how these tools work indepth, and conduct their test in a careful, professional manner. This course explains the inner workings of numerous tools and their use in effective network penetration testing and ethical hacking projects. When teaching the class, I particularly enjoy the numerous hands-on exercises culminating with a final pen-testing extravaganza lab.
- Ed Skoudis
INQUIRIES ON SANS TRAINING: training(at)accrete(dot)com(dot)my
No 95-2 Jalan Nautika B U20/B,
TSB Commercial Center,
40160 Sungai Buloh,
Phone: +603 6143 4526
Fax: +603 2178 4884
Information Security and Digital Forensics department in Accrete Technologies Sdn. Bhd. (Accrete) offers three pillar of services that is training, consulting services and solutions. SANS Institute (USA) in-Depth Security Training is offered by Accrete which is also HRDF Claimable for the first time. Accrete’s security solutions line up include ICS SCADA Security, Web Online Financial Transaction and eCommerce security, Retail Intelligence analysis, Comprehensive Vulnerabilities Intelligence and Patch Management, Data Leak Prevention solution and few others. (more....)