SEC560: Network Penetration Testing and Ethical Hacking

Cert: GPEN GIAC Penetration Tester
SEC560 prepares you to conduct successful penetration testing and ethical hacking projects. You will learn how to perform detailed reconnaissance, exploit target systems to gain access and measure real business risk, and scan target networks using best-of-breed tools in hands-on labs and exercises. You won't just learn run-of-the-mill options and configurations, you'll also learn the lesser-known but super-useful capabilities of the best pen test toolsets available today. The course concludes with an intensive, hands-on Capture-the-Flag exercise in which you will conduct a penetration test against a sample target organization and demonstrate the knowledge you have mastered.

What You Will Learn
As a cybersecurity professional, you have a unique responsibility to find and understand your organization's vulnerabilities and to work diligently to mitigate them before the bad guys pounce. Are you ready? SEC560, the flagship SANS course for penetration testing, fully equips you to address this duty head-on.

SEC560 IS THE MUST-HAVE COURSE FOR EVERY WELL-ROUNDED SECURITY PROFESSIONAL

With comprehensive coverage of tools, techniques, and methodologies for network penetration testing, SEC560 truly prepares you to conduct high-value penetration testing step by step and end to end. Every organization needs skilled information security personnel who can find vulnerabilities and mitigate their effects, and this entire course is specially designed to get you ready for that role. The course starts with proper planning, scoping, and reconnaissance, then dives deep into scanning, target exploitation, password attacks, Windows Domain attacks, and Azure AD (Active Directory), with over 30 detailed hands-on labs throughout. The course is chock full of practical, real-world tips from some of the world's best penetration testers to help you do your job safely, efficiently, and skillfully.

LEARN THE BEST WAYS TO TEST YOUR OWN SYSTEMS BEFORE THE BAD GUYS ATTACK

You'll learn how to perform detailed reconnaissance, studying a target's infrastructure by mining publicly available information, search engines, social networking sites, and other internet and intranet infrastructures. Our hands-on labs will equip you to scan target networks using best-of-breed tools. We won't just cover run-of-the-mill options and configurations, we'll also go over the lesser-known but super-useful capabilities of the best pen test toolsets available today. After scanning, you'll learn dozens of methods for exploiting target systems to gain access and measure real business risk. You'll dive deep into post-exploitation, password attacks, and the Windows domain, pivoting through the target environment to model the attacks of real-world adversaries to emphasize the importance of defense in depth.

EQUIPPING SECURITY ORGANIZATIONS WITH COMPREHENSIVE PENETRATION TESTING AND ETHICAL HACKING KNOW-HOW

SEC560 is designed to get you ready to conduct a full-scale, high-value penetration test, and at the end of the course you'll do just that. After building your skills in comprehensive and challenging labs, the course culminates with a final real-world penetration test scenario. You'll conduct an end-to-end pen test, applying knowledge, tools, and principles from throughout the course as you discover and exploit vulnerabilities in a realistic sample target organization, demonstrating the skills you've gained in this course.

Why Choose This Course?

SEC560 differs from other penetration testing and ethical hacking courses in several important ways:

• It offers in-depth technical excellence along with industry-leading methodologies to conduct high-value penetration tests.
• We drill deep into the arsenal of tools with numerous hands-on exercises that show subtle, less-well-known, and undocumented features that are useful for professional penetration testers and ethical hackers.
• We discuss how the tools interrelate with each other in an overall testing process. Rather than just throwing up a bunch of tools and playing with them, we analyze how to leverage information from one tool to get the biggest bang out of the next tool.
• We focus on the workflow of professional penetration testers and ethical hackers, proceeding step by step and discussing the most effective means for carrying out projects.
• The sessions address common pitfalls that arise in penetration tests and ethical hacking projects, providing real-world strategies and tactics to avoid these problems and to maximize the quality of test results.
• We cover several time-saving tactics based on years of in-the-trenches experience of real penetration testers and ethical hackers - tasks that might take hours or days unless you know the little secrets we cover that enable you to surmount a problem in minutes.
• The course stresses the mindset of successful penetration testers and ethical hackers, which involves balancing the often-contravening forces of thinking outside the box, methodically trouble-shooting, carefully weighing risks, following a time-tested process, painstakingly documenting results, and creating a high-quality final report that gets management and technical buy-in.
• We analyze how penetration testing and ethical hacking should fit into a comprehensive enterprise information security program.

You Will Be Able To

• Develop tailored scoping and rules of engagement for penetration testing projects to ensure the work is focused, well defined, and conducted in a safe manner
• Conduct detailed reconnaissance using document metadata, search engines, and other publicly available information sources to build a technical and organizational understanding of the target environment
• Utilize the Nmap scanning tool to conduct comprehensive network sweeps, port scans, Operating System fingerprinting, and version scanning to develop a map of target environments
• Choose and properly execute Nmap Scripting Engine scripts to extract detailed information from target systems
• Analyze the output of scanning tools to manually verify findings and perform false positive reduction using Netcat and the Scapy packet crafting tools
• Utilize the Windows and Linux command lines to plunder target systems for vital information that can further overall penetration test progress, establish pivots for deeper compromise, and help determine business risks
• Configure the Metasploit exploitation tool to scan, exploit, and then pivot through a target environment in-depth
• Perform Kerberos attacks including Kerberoasting, Golden Ticket, and Silver Ticket attacks
• Use Mimikatz to perform domain domination attacks, such as golden ticket abuse, DCSync, and others
• Go from an unauthenticated network position to authenticated domain access and mapping an attack path throughout the domain
• Attack Azure AD and use your domain domination to target the on-premise integration.

What You Will Receive

• Access to the in-class Virtual Training Lab with more than 30 in-depth labs
• SANS Slingshot Linux Penetration Testing Environment and Windows 10 Virtual Machines loaded with numerous tools used for all labs
• Access to the recorded course audio to help hammer home important network penetration testing lessons
• Cheat sheets with details on professional use of Metasploit, Netcat, and more
• Worksheets to streamline the formulation of scoping and rules of engagement for professional penetration tests

Syllabus (36 CPEs)
SEC560.1: Comprehensive Pen Test Planning, Scoping, and Recon

SEC560.2: In-Depth Scanning

SEC560.3: Exploitation

SEC560.4: Password Attacks and Merciless Pivoting

SEC560.5: Domain Domination and Azure Annihilation

SEC560.6: Penetration Test and Capture-the-Flag Workshop

GIAC Penetration Tester
The GIAC Penetration Tester certification validates a practitioner’s ability to properly conduct a penetration test, using best practice techniques and methodologies. GPEN certification holders have the knowledge and skills to conduct exploits and engage in detailed reconnaissance, as well as utilize a process-oriented approach to penetration testing projects.

• Comprehensive Pen Test Planning, Scoping, and Recon
• In-Depth Scanning and Exploitation, Post-Exploitation, and Pivoting
• In-Depth Password Attacks and Web App Pen Testing

Prerequisites
SEC560 is the flagship penetration test course offered by the SANS Institute. Attendees are expected to have a working knowledge of TCP/IP and a basic knowledge of the Windows and Linux command lines before they come to class. While SEC560 is technically in-depth, it is important to note that programming knowledge is NOT required for the course.

Author Statement
"All security professionals need to understand modern attack tactics and principles. As a defender, incident responder, or forensic analyst, it is important to understand the latest attacks and the mind of the attacker. In this course, penetration testers, red teamers, and other offensive security professional will learn tools and techniques to increase the impact and effectiveness of their work. As the lead author for this course, I'm proud to bring my years of security experience (both offensive and defensive) as well as network/system administration experience to the course. We aim to provide a valuable, high-impact penetration testing course designed to teach experienced pen testers new tips, help prepare new penetration testers, and provide background to anyone dealing with penetration testers, red teams, or even malicious attackers. I personally enjoy teaching this course and sharing my experience and real-life examples with you." - Tim Medin

"A thorough understanding of security assessment/penetration testing techniques is a key asset for any cybersecurity professional. In order to become a better defender, you must understand offense. This course provides fundamental skills for people who want to establish themselves as penetration testers. I am very proud to have developed and maintained SEC560 as SANS' flagship penetration testing course throughout my 10+ years of pen testing experience. The course provides a balanced mix between lectures and hands-on activities to ensure that students go home equipped to immediately put their skills to use. I particularly enjoy modeling the lecture and labs towards real-life scenarios that I myself have encountered! I look forward sharing my stories with you!" - Erik Van Buggenhout

"Tim is an excellent SANS instructor. He's knowledgable, and he kept the course funny and interesting." - Thomas Rogers, Chevron

Ways to Learn
 OnDemand
Study and prepare for GIAC Certification with four months of online access to SANS OnDemand courses. Includes labs and exercises, and SME support.

 Live Online
Live, interactive sessions with SANS instructors over the course of one or more weeks, at times convenient to students worldwide.

 In Person (6 days)
Training events and topical summits feature presentations and courses in classrooms around the world.

Who Should Attend SEC560?

• Security personnel whose job involves assessing networks and systems to find and remediate vulnerabilities
• Penetration testers
• Ethical hackers
• Defenders who want to better understand offensive methodologies, tools, and techniques
• Auditors who need to build deeper technical skills
• Red Team members
• Blue Team members

Forensics specialists who want to better understand offensive tactics
Incident responders who want to understand the mind of an attacker
"There are tools and mindsets taught in SEC560 that will shape an IT professional's approach to security. It's an essential class." - Mario Velazquez, American Access Casualty