SEC568: Cyber Security Training at SANS Cyber Defense Initiative® 2024
Provided by SANS
What You Will Learn
Think Red, Act Blue
Gain foundational knowledge and practical methodologies for product security testing and risk analysis with SEC568: Product Security Penetration Testing. By utilizing offensive tactics with a defensive mindset, students will learn how to analyze the risk of introducing desktop, mobile, proprietary protocols, and hardware devices into your environment. You will use a wide variety of technical skills to gain a deep understanding of how a target operates.
Each section of the class will be accompanied by flow diagrams that provide each student a roadmap they can use to navigate complex topics with documented processes and clearly defined goals. Through more than 20 hands-on lab exercises and a fully guided capstone exercise, you'll get practical experience that increases in technical depth as you progress through the course.
You Will Be Able To
Think Red, Act Blue
Gain foundational knowledge and practical methodologies for product security testing and risk analysis with SEC568: Product Security Penetration Testing. By utilizing offensive tactics with a defensive mindset, students will learn how to analyze the risk of introducing desktop, mobile, proprietary protocols, and hardware devices into your environment. You will use a wide variety of technical skills to gain a deep understanding of how a target operates.
Each section of the class will be accompanied by flow diagrams that provide each student a roadmap they can use to navigate complex topics with documented processes and clearly defined goals. Through more than 20 hands-on lab exercises and a fully guided capstone exercise, you'll get practical experience that increases in technical depth as you progress through the course.
You Will Be Able To
- Apply the entire product security testing process to commercial applications
- Mitigate the impact of third-party applications and risk of supply chain attacks
- Perform static firmware analysis to see what is running on a device
- Dissect proprietary protocols
- Collect, prepare, and analyze data with Python, Pandas DataFrame, and Jupyter Notebooks
- Construct attack trees and use risk scoring methodology to determine risk of each discovered threat
- Windows OS basics
- Linux OS basics
- Android OS basics
- How to conduct efficient internet searching
- Networking fundamental concepts
- How to decrypt networking traffic
- How to build custom Scapy networking layers
- How to collect, prepare, and analyze data with Python, Pandas DataFrame, and Jupyter Notebooks
- When to continue or stop a product security assessment
- A variety of threat modeling concepts
- Different methods for determining risk
- Basics of network fuzzing
- How to analyze decompiled code
- A Corellium license
- 3 virtual machines
- Process flow charts
- An electronic workbook with step-by-step instructions for 20+ fully functional labs that do not expire and can be repeated any time after the course
Enquire
Start date | Location / delivery | |
---|---|---|
13 Dec 2024 | Washington | Book now |