SEC560: SANS London November 2024

Provided by

Enquire about this course

What You Will Learn

SEC560: Enterprise Penetration Testing, the flagship SANS course for penetration testing, equips you to assess and mitigate business risks across complex, modern enterprises. You will learn to plan, execute, and apply penetration tests using the latest tools and techniques through hands-on labs. Ideal for penetration testers, system administrators, and defenders, SEC560 strengthens your skills and understanding of the attacker mindset, enabling you to enhance organizational security immediately.
You Will Be Able To:
  • Properly plan and prepare for an enterprise penetration test
  • Perform detailed reconnaissance to aid in social engineering, phishing, targeting the right data, and demonstrating appropriate goals
  • Scan in-scope environments using best-of-breed tools to identify systems and targets that other tools and techniques may have missed -- you can't secure what you don't know about
  • Perform safe and effective password guessing to gain initial access to the target environment or move deeper into the network
  • Exploit target systems in multiple ways to gain access and measure real business risk
  • Understand the environment via efficient methods of gaining situation awareness to identify additional targets and attack paths
  • Thoroughly pillage exploited systems to gather information and move further into the network towards your goals
  • Use privilege escalation techniques to elevate access on Windows or Linux systems, or Active Directory itself
  • Execute lateral movement and pivoting to further extend access to the organization and identify risks missed by surface scans
  • Crack passwords using modern tools and techniques to extend or escalate access
  • Use Command and Control (C2, C&C) frameworks to manage and pillage compromised hosts remotely
  • Attack the Active Directory domains and forests used by most organizations
  • Execute multiple Kerberos attacks, including Kerberoasting, Golden Ticket, and Silver Ticket attacks
  • Conduct Azure reconnaissance remotely, both with and without credentials
  • Execute Entra ID password spray attacks
  • Execute commands in Azure using compromised credentials
  • Develop and deliver high-quality reports that clearly communicate the accurate business risk stemming from the discovered flaws and misconfigurations
SEC560 is designed to get you ready to conduct a full-scale, high-value penetration test, and at the end of the course you will do just that. After building your skills in comprehensive and challenging labs, the course culminates with a final real-world penetration test scenario. You will conduct an end-to-end penetration test, applying knowledge, tools, and principles from throughout the course as you discover and exploit vulnerabilities in a realistic target organization.

What You Will Receive
  • Access to the in-class Virtual Training Lab with more than 30 in-depth labs
  • SANS Slingshot Linux Penetration Testing Environment and Windows 10 Virtual Machines loaded with numerous tools used for all labs
  • Access to the recorded course audio to help hammer home important network penetration testing lessons
  • Cheat sheets with details on professional use of Metasploit, Netcat, and more
  • Worksheets to streamline the formulation of scoping and rules of engagement for professional penetration tests

Enquire

Start date Location / delivery
04 Nov 2024 London Book now

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...