SEC501: OnDemand

Provided by

Enquire about this course

What You Will Learn

The experience of continuous adversary activity, of increasing magnitude, leading to frequent attacks, and the inevitable compromise which too often results in data loss and leakage. Enterprises must have cross-trained professionals fully prepared to contribute meaningfully to CERT/CSIRT activities when required. Experienced technologists who are exploring cyber career pathways and looking for hands-on practical experience with cutting-edge tools of the trade will find what they need in SEC501: Advanced Security Essentials-Enterprise Defender. It is the only SANS course that provides training across cybersecurity sub-disciplines in the tools and techniques used daily to defend the enterprise. Full-day course topics cover defending network architecture, penetration testing, security operations, DFIR/CERT/CSIRT, and malware analysis. Twenty five labs, conducted in-class, provide hands-on experience with real-world tools (e.g., Cisco routers, Covenant, Metasploit, Nessus, Nmap, Procmon, Snort, SOF-ELK, TShark, Wireshark, etc.) in each of these areas, demonstrating:
  • active defense
  • attacks against network devices (and defenses)
  • digital artifact collection
  • forensic data recovery
  • interactive behavioral analysis of malware
  • intrusion detection and Snort signature creation
  • log aggregation and correlation
  • manual code reversing
  • network forensics
  • network scanning and enumeration
  • packet and protocol analysis
  • password cracking
  • super timeline analysis
  • system exploitation and post-expolitation pivoting
  • vulnerability assessment
  • web application scanning and attacks
and more.
In SEC501: Advanced Security Essentials-Enterprise Defender you will
  • Delve into the secrets of how Ransomware operates and what it needs to function, then find the data needed to defeat it by deceiving it into believing you have met its demands.
  • Launch real-time attacks against network devices by compromising authentication, redundancy, routing protocols, and encrypted credentials, then hardening devices against these same attacks and validating that they fail.
  • Discover and compromise systems, enumerate accounts, steal credentials, and discover, identify, attack, compromise, and pivot to other systems on the target network using exploitation tools and frameworks exactly as your adversary would do.
  • Detect vulnerabilities with sniffers, scanners, and proxies, giving you the opportunity to remediate the weaknesses in your systems before the attack begins.
  • Directly consume threat intelligence, identifying signatures of nascent attacks in packets captured from your network and creating and testing new rules for your Network Intrusion Detection System.
Business Takeaways

This course will help your organization:
  • Reskill and upskill technologists to substantially contribute to enterprise cybersecurity
  • Improve the effectiveness, efficiency, and success of cybersecurity initiatives
  • Build defensible networks that minimize the impact of attacks
  • Identify exposure points to ultimately prioritize and fix the vulnerabilities, increasing the organization's overall security
  • Detect the adversary, on premise and in the cloud, via monitoring and analysis of network activity, and correlation of activity across systems
  • Understand attack methods against systems, network devices, web applications
You Will Learn
  • Core components to build a defensible network infrastructure and properly secure your routers, switches, and other network infrastructure
  • Formal methods to perform vulnerability assessment and penetration testing to find weaknesses on your enterprise network
  • Analysis methods to detect advanced attacks against your network and indicators of compromise on deployed systems, including the forensically sound collection of artifacts and what you can learn from them
  • How to respond to an incident using a six-step process of incident response: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned
  • Approaches to analyzing malware, ranging from fully automated techniques to the manual analysis of static properties, interactive behavior, and code reversing
You Will Be Able To
  • Identify network security threats against infrastructure and build defensible networks that minimize the impact of attacks via analysis of network device configurations and simulated attacks
  • Decode and analyze packets using various tools to identify anomalies and improve network defenses
  • Understand how the adversary compromises systems and how to respond to attacks using a six-step incident handling process
  • Perform penetration testing against an enterprise to determine vulnerabilities and points of compromise
  • Understand and utilize active defense techniques
  • Collect forensic artifacts detailing prior system activity, carve out deleted data from storage devices, analyze super timelines, and conduct network forensic analysis
  • Use various tools to identify and analyze malware across your enterprise
What You Will Receive
  • MP3 audio files of the complete course lecture
  • Course media with the course virtual machines
SEC501 Features 25 Labs That Will Show You How To
  • Build a defensible network architecture by auditing router configurations, launching successful attacks against them, hardening devices to withstand those same attacks, and using active defense tools to detect an attack and generate an alert
  • Perform detailed analysis of traffic using various sniffers and protocol analyzers, and automate attack detection by creating and testing new rules for detection systems
  • Identify and track attacks and anomalies in network packets using multiple technologies
  • Use SIEM for visualization and correlation of multi-system activity to identify and verify a data breach
  • Use various tools such as vulnerability scanning and network discovery to assess systems and web applications for known vulnerabilities, and exploit those vulnerabilities using penetration testing frameworks and toolsets
  • Collect digital artifacts and recover deleted data using digital forensic techniques, and analyze a supertimeline created from these artifacts to determine the vector of initial compromise
  • Apply network forensic analysis to contain a Ransomware outbreak, differentiating between systems only downloading the malware, and those which executed the malware
  • Find, identify, analyze, and clean up malware such as Ransomware using a variety of techniques, including monitoring the malware as it executes and manually reversing its code to discover its secrets
Here's What Students Say about SEC501

"This is the best technical training course I have ever taken. SEC501 exposed me to many valuable concepts and tools but also gave me a solid introduction to those tools so that I can continue to study and improve on my own." - Curt Smith, Hildago Medical Services

"SEC501 offers a great explanation of Net Defense best practices that often get overlooked." - Kirk G., U.S. Navy

"For an intensive and in-depth course, I found SEC501 to be extremely educational yet fun and entertaining." - Hisham Al-Muhareb, Saudi Aramco


Start date Location / delivery
No fixed date Virtual Book now

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...