SEC460: Cyber Security Training at SANS Virginia Beach 2023 New

Provided by

Enquire about this course

What You Will Learn

Computer exploitation is on the rise. As advanced adversaries become more numerous, more capable, and much more destructive, organizations must become more effective at mitigating their information security risks at the enterprise scale. SEC460 is the premier course on building technical vulnerability assessment skills and techniques, while highlighting time-tested practical approaches to ensure true value across the enterprise. The course covers threat management, introduces the core components of comprehensive vulnerability assessment, and provides the hands-on instruction necessary to produce a vigorous defensive strategy right from the start. The course focuses on equipping information security personnel from mid-sized to large organizations who are charged with effectively and efficiently securing 10,000 or more systems.

SEC460 begins with an introduction to information security vulnerability assessment fundamentals, followed by in-depth coverage of the Vulnerability Assessment Framework. It then moves into the structural components of a dynamic and iterative information security program. Through detailed practical analysis of threat intelligence, modeling, and automation, students will learn the skills necessary to not only use the tools of the trade, but also to implement a transformational security vulnerability assessment program.

You will learn how to use real industry-standard security tools for vulnerability assessment, management, and mitigation. It is the only course that teaches a holistic vulnerability assessment methodology while focusing on the unique challenges faced in a large enterprise. You will learn on a full-scale enterprise range chock full of target machines representative of an enterprise environment, leveraging production-ready tools and a proven testing methodology.

SEC460 takes you beyond the checklist, giving you a tour of the attackers' perspective that is crucial to discovering where they will strike. Operators are more than the scanner they employ. SEC460 emphasizes this personnel-centric approach by examining the shortfalls of many vulnerability assessment programs in order to provide you with the tactics and techniques required to secure enterprise networks and cloud infrastructure against even the most advanced intrusions.

We wrap up the first five sections of instruction with a discussion of triage, remediation, and reporting before putting your skills to the test in the final course section on an enterprise-grade cyber range with numerous target systems for you to analyze and explore. The cyber range is a large environment of servers, end-users, and networking gear that represents many of the systems and topologies used by enterprises. By adopting an end-to-end approach to vulnerability assessment, you can be confident that your skills will provide much-needed value to securing your organization.

Hands-On Labs

SEC460: Enterprise and Cloud Threat and Vulnerability Assessment features numerous hands-on lab exercises, each one designed to reinforce the concepts covered in the course. During the hands-on segments of the course, you will use industry-grade tools on a meticulously crafted cyber range. The range is a large environment with many of the same systems you will encounter in a typical enterprise. Lab exercises throughout the course allow students to practice hand-on techniques and overcome issues commonly encountered in real-world enterprise vulnerability assessments.

Lab topics include:
  • Enterprise Engagement Planning and Logistics
  • Open-Source Intelligence Gathering
  • Active and Passive Reconnaissance
  • DNS Zone Speculation and Dictionary-Enabled Discovery
  • The Windows Domain: Exchange, SharePoint, and Active Directory
  • Network Vulnerability Scanning with Nexpose (InsightVM)
  • Web Application Scanning with Acunetix, Nikto, Nmap Scripting Engine, WPScan, and OWASP ZAP
  • Enterprise PowerShell: Windows Remoting, WMI, Third-Party Information Security Cmdlets, and More
  • Triage, Reporting, Remediation, and More
You Will Receive With This Course
  • A Windows Virtual Machine customized for the security tester
  • All policy and configuration files that can be used to implement a comprehensive vulnerability assessment strategy
  • Numerous custom PowerShell scripts to perform automated vulnerability testing or provide a shell for your own unique needs
  • A proven Vulnerability Assessment Framework to guide your operations and assure sustained and iterative value from your services
Courses that are good follow-ups to SEC460
  • SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling
  • SEC560: Network Penetration Testing and Ethical Hacking
  • SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses


Start date Location / delivery
21 Aug 2023 Virginia Beach Book now

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...