SEC560: OnDemand

What You Will Learn

As a cybersecurity professional, you have a unique responsibility to identify and understand your organization's vulnerabilities and work diligently to mitigate them before the bad actors pounce. Are you ready? SEC560, the flagship SANS course for penetration testing, fully equips you to take this task head-on.

In SEC560, you will learn how to plan, prepare, and execute a penetration test in a modern enterprise. Using the latest penetration testing tools, you will undertake extensive hands-on lab exercises to learn the methodology of experienced attackers and practice your skills. You will then be able to take what you have learned in this course back to your office and apply it immediately.

This course is designed to strengthen penetration testers and further add to their skillset. The course is also designed to train system administrators, defenders, and others in security to understand the mindset and methodology of a modern attacker. Every organization needs skilled information security personnel who can find vulnerabilities and mitigate their effects, and this entire course is specially designed to get you ready for that role. Both the offensive teams and defenders have the same goal: keep the real bad guys out.

In SEC560, you will learn to:

• Properly plan and prepare for an enterprise penetration test
• Perform detailed reconnaissance to aid in social engineering, phishing, and making well-informed attack decisions
• Scan target networks using best-of-breed tools to identify systems and targets that other tools and techniques may have missed
• Perform safe and effective password guessing to gain initial access to the target environment, or to move deeper into the network
• Exploit target systems in multiple ways to gain access and measure real business risk
• Execute extensive post-exploitation to move further into the network
• Use Privilege Escalation techniques to elevate access on Windows or Linux systems, or even the Microsoft Windows Domain
• Perform internal reconnaissance and situational awareness tasks to identify additional targets and attack paths
• Execute lateral movement and pivoting to further extend access to the organization and identify risks missed by surface scans
• Crack passwords using modern tools and techniques to extend or escalate access
• Use multiple Command and Control (C2, C&C) frameworks to manage and pillage compromised hosts
• Attack the Microsoft Windows domain used by most organizations
• Execute multiple Kerberos attacks, including Kerberoasting, Golden Ticket, and Silver Ticket attacks
• Conduct Azure reconnaissance
• Azure AD password spraying attacks
• Execute commands in Azure using compromised credentials
• Develop and deliver high-quality reports

SEC560 is designed to get you ready to conduct a full-scale, high-value penetration test, and at the end of the course you will do just that. After building your skills in comprehensive and challenging labs, the course culminates with a final real-world penetration test scenario. You will conduct an end-to-end pen test, applying knowledge, tools, and principles from throughout the course as you discover and exploit vulnerabilities in a realistic sample target organization.

BUSINESS TAKEAWAYS:

SEC560 differs from other penetration testing and ethical hacking courses in several important ways -

• It offers in-depth technical excellence along with industry-leading methodologies to conduct high-value penetration tests.
• We drill deep into the arsenal of tools with numerous hands-on exercises that show subtle, less-well-known, and undocumented features that are useful for professional penetration testers and ethical hackers.
• We discuss how the tools interrelate with each other in an overall testing process. Rather than just throwing up a bunch of tools and playing with them, we analyze how to leverage information from one tool to get the biggest bang out of the next tool.
• We focus on the workflow of professional penetration testers and ethical hackers, proceeding step by step and discussing the most effective means for carrying out projects.
• The course sections address common pitfalls that arise in penetration tests and ethical hacking projects, providing real-world strategies and tactics to avoid these problems and maximize the quality of test results.
• We cover several time-saving tactics based on years of in-the-trenches experience of real penetration testers and ethical hackers. There are tasks that might take hours or days unless you know the little secrets we cover that enable you to surmount a problem in minutes.
• The course stresses the mindset of successful penetration testers and ethical hackers, which involves balancing the often-contravening forces of thinking outside the box, methodically trouble-shooting, carefully weighing risks, following a time-tested process, painstakingly documenting results, and creating a high-quality final report that gets management and technical buy-in.
• We analyze how penetration testing and ethical hacking should fit into a comprehensive enterprise information security program.
• We focus on pen testing modern organizations, many of which are using Azure AD for identity management.

What You Will Receive

• Access to the in-class Virtual Training Lab with more than 30 in-depth labs
• SANS Slingshot Linux Penetration Testing Environment and Windows 10 Virtual Machines loaded with numerous tools used for all labs
• Access to the recorded course audio to help hammer home important network penetration testing lessons
• Cheat sheets with details on professional use of Metasploit, Netcat, and more
• Worksheets to streamline the formulation of scoping and rules of engagement for professional penetration tests