SEC401: Cyber Security Training at SANS Paris Republique September 2025

Provided by

What You Will Learn
Master the Essentials of Cybersecurity

Organizations are under constant threat, and it is critical to be prepared for eventual compromise. Now, more than ever, timely detection and response are essential. The longer an adversary remains in your environment, the greater the damage becomes. Perhaps the most vital question in information security today is: "How quickly can we detect, respond to, and remediate an adversary?"

Information security is about focusing your defenses on the areas that matter most, particularly as they relate to the unique needs of your organization. In SEC401, you will learn the foundational language and inner workings of computer and information security, and how to apply them effectively to your specific challenges. You'll acquire the critical knowledge needed to secure systems and organizations with confidence.

SEC401 teaches you the most effective steps to prevent attacks and detect adversaries, equipping you with actionable techniques you can immediately apply in your workplace. Through practical tips and insights, you'll be better prepared to win the ongoing battle against a broad range of cyber adversaries who seek to infiltrate your environment.
New and Enhanced Labs Overview

Unlock the critical skills needed to defend systems and networks with the latest additions to SEC401, now featuring 20 state-of-the-art labs. These labs have been carefully designed to offer hands-on experience, providing practical skills essential for addressing today's complex cybersecurity challenges.
New Lab Highlights:
  • Network Analysis: Dive deep into network traffic with labs on tcpdump and Wireshark and explore network flow information that is vital for detection and response, such as AWS VPC Flow Logs.
  • Advanced Threat Detection: Develop skills in SIEM Log Analysis and employ tools like Snort3 and Zeek for robust Intrusion Detection and Network Security Monitoring.
  • System Security: Sharpen your skills in Linux Logging and Auditing, Windows Process Exploration, and Windows Filesystem Permissions, ensuring comprehensive system oversight.
  • Audit and Compliance: Master Password Auditing, Binary File Analysis, and Data Loss Prevention to safeguard sensitive data against emerging threats.
  • Cryptography and Recovery: Get hands-on with Hashing and Cryptographic Validation, Encryption and Decryption, and Mobile Device Backup Recovery to secure and recover data.
  • Windows and Linux Security: Apply Windows System Security Policies, manage Linux Permissions, and explore Linux Containers for enhanced security posture.
  • Automation and Discovery: Utilize PowerShell for Speed and Scale and conduct Network Discovery to efficiently manage security tasks.
  • Exploitation and Protection: Learn to identify and exploit vulnerabilities in Web App Exploitation, and apply security best practices.
Each lab is crafted to build proficiency in using real-world tools and techniques, preparing you to effectively respond to a variety of security incidents. Whether you are new to cybersecurity or seeking to update your skills, these labs offer a practical, immersive learning experience in the critical aspects of security fundamentals.

"SEC401 covered a very wide range of security technologies, processes, and tools that will really open your eyes. I liked how the course shows that not everything is magic, and packets of data can be interpreted even without fancy tools. The labs were great for demonstrating the concepts, with flawless instruction and seamless packet capture." - Fei Ma, DESEI
Business Takeaways
  • How to address high-priority security concerns
  • Leverage security strengths and differences among the top cloud providers
  • Build a network visibility map to help validate attack surface
  • Reduce an organization's attack surface through hardening and configuration management
Skills Learned
  • How to create a security program that is built on a foundation of Detection, Response, and Prevention
  • Practical tips and tricks that focus on addressing high-priority security concerns within one's organization and doing the right things that lead to effective security solutions
  • How adversaries adapt their tactics, techniques, and procedures and how to adapt your defense accordingly
  • What ransomware is and how to better defend against it
  • How to leverage a defensible network architecture (VLANs, NAC, 802.1x, Zero Trust) based on indicators of compromise
  • Identity and Access Management (IAM) methodology and related aspects of strong authentication (MFA)
  • How to leverage the security strengths and differences among various cloud providers (including multi-cloud)
  • Realistic and practical applications of a capable vulnerability management program
  • How to sniff network communication protocols to determine the content of network communication (including access credentials) using tools such as tcpdump and Wireshark
  • How to use Windows, Linux, and macOS command line tools to analyze a system looking for high-risk indicators of compromise, as well as the concepts of basic scripting for the automation of continuous monitoring
  • How to build a network visibility map that can be used to validate attack surfaces and determine the best methodology to effectively reduce risk through hardening and configuration management
  • Why some organizations win and why some lose when it comes to cybersecurity
With the rise in advanced persistent threats, it is inevitable that organizations will be targeted. Defending against attacks is an ongoing challenge with next generation threats regularly emerging. In order to be successful in defending an environment, organizations need to understand what really works in cybersecurity. What has worked - and will always work - is taking a risk-based approach to cyber defense.
Hands-On Cybersecurity Training

The lab-based hands-on portion of the course allows students to apply and master course concepts. The labs follow the adventures of the security team at Alpha Incorporated, a fictitious organization that has suffered from a series of compromises. With the labs based upon four real-world scenarios that many organizations face in today's modern world, students walk away with a keen understanding of the real-world challenges they will face throughout their career. Mastering the course concepts by way of hands-on exercise facilitates the spirit of fulfilling the SANS promise: what is learned in the course is immediately applicable at work.
  • Section 1: Tcpdump; Wireshark; AWS VPC Flow Logs
  • Section 2: Password Auditing; Data Loss Prevention; Mobile Device Backup Recovery
  • Section 3: Network Discovery; Binary File Analysis and Characterization; Web App Exploitation; SIEM Log Analysis
  • Section 4: Hashing and Cryptographic Validation; Encryption and Decryption; Intrusion Detection and Network Security Monitoring with Snort3 and Zeek
  • Section 5: Windows Process Exploration; Windows Filesystem Permissions; Applying Windows System Security Policies; Using PowerShell for Speed and Scale
  • Section 6: Linux Permissions; Linux Containers; Linux Logging and Auditing
What You Will Receive
  • Course books, lab workbook (more than 500 pages of hands-on exercises), virtual machines with tools pre-installed
  • TCP/IP reference guides
  • MP3 audio files of the complete course lecture
What Comes Next?

Depending on your current role or future plans, one of these courses is a great next step in your cybersecurity journey:
  • Security Operations Center (SOC) Analyst
    • SEC450: Blue Team Fundamentals: Security Operations and Analysis
    • SEC511: Cybersecurity Engineering: Advanced Threat Detection and Monitoring
  • Incident Handler:
    • SEC504: Hacker Tools, Techniques, and Incident Handling
  • Cloud Security Architect:
    • SEC510: Cloud Security Controls and Migration
    • SEC540: Cloud Security and DevSecOps Automation

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...