SEC401: Cyber Security Training at SANS Paris Republique September 2025
Provided by SANS
What You Will Learn
Master the Essentials of Cybersecurity
Organizations are under constant threat, and it is critical to be prepared for eventual compromise. Now, more than ever, timely detection and response are essential. The longer an adversary remains in your environment, the greater the damage becomes. Perhaps the most vital question in information security today is: "How quickly can we detect, respond to, and remediate an adversary?"
Information security is about focusing your defenses on the areas that matter most, particularly as they relate to the unique needs of your organization. In SEC401, you will learn the foundational language and inner workings of computer and information security, and how to apply them effectively to your specific challenges. You'll acquire the critical knowledge needed to secure systems and organizations with confidence.
SEC401 teaches you the most effective steps to prevent attacks and detect adversaries, equipping you with actionable techniques you can immediately apply in your workplace. Through practical tips and insights, you'll be better prepared to win the ongoing battle against a broad range of cyber adversaries who seek to infiltrate your environment.
New and Enhanced Labs Overview
Unlock the critical skills needed to defend systems and networks with the latest additions to SEC401, now featuring 20 state-of-the-art labs. These labs have been carefully designed to offer hands-on experience, providing practical skills essential for addressing today's complex cybersecurity challenges.
New Lab Highlights:
"SEC401 covered a very wide range of security technologies, processes, and tools that will really open your eyes. I liked how the course shows that not everything is magic, and packets of data can be interpreted even without fancy tools. The labs were great for demonstrating the concepts, with flawless instruction and seamless packet capture." - Fei Ma, DESEI
Business Takeaways
Hands-On Cybersecurity Training
The lab-based hands-on portion of the course allows students to apply and master course concepts. The labs follow the adventures of the security team at Alpha Incorporated, a fictitious organization that has suffered from a series of compromises. With the labs based upon four real-world scenarios that many organizations face in today's modern world, students walk away with a keen understanding of the real-world challenges they will face throughout their career. Mastering the course concepts by way of hands-on exercise facilitates the spirit of fulfilling the SANS promise: what is learned in the course is immediately applicable at work.
Depending on your current role or future plans, one of these courses is a great next step in your cybersecurity journey:
Master the Essentials of Cybersecurity
Organizations are under constant threat, and it is critical to be prepared for eventual compromise. Now, more than ever, timely detection and response are essential. The longer an adversary remains in your environment, the greater the damage becomes. Perhaps the most vital question in information security today is: "How quickly can we detect, respond to, and remediate an adversary?"
Information security is about focusing your defenses on the areas that matter most, particularly as they relate to the unique needs of your organization. In SEC401, you will learn the foundational language and inner workings of computer and information security, and how to apply them effectively to your specific challenges. You'll acquire the critical knowledge needed to secure systems and organizations with confidence.
SEC401 teaches you the most effective steps to prevent attacks and detect adversaries, equipping you with actionable techniques you can immediately apply in your workplace. Through practical tips and insights, you'll be better prepared to win the ongoing battle against a broad range of cyber adversaries who seek to infiltrate your environment.
New and Enhanced Labs Overview
Unlock the critical skills needed to defend systems and networks with the latest additions to SEC401, now featuring 20 state-of-the-art labs. These labs have been carefully designed to offer hands-on experience, providing practical skills essential for addressing today's complex cybersecurity challenges.
New Lab Highlights:
- Network Analysis: Dive deep into network traffic with labs on tcpdump and Wireshark and explore network flow information that is vital for detection and response, such as AWS VPC Flow Logs.
- Advanced Threat Detection: Develop skills in SIEM Log Analysis and employ tools like Snort3 and Zeek for robust Intrusion Detection and Network Security Monitoring.
- System Security: Sharpen your skills in Linux Logging and Auditing, Windows Process Exploration, and Windows Filesystem Permissions, ensuring comprehensive system oversight.
- Audit and Compliance: Master Password Auditing, Binary File Analysis, and Data Loss Prevention to safeguard sensitive data against emerging threats.
- Cryptography and Recovery: Get hands-on with Hashing and Cryptographic Validation, Encryption and Decryption, and Mobile Device Backup Recovery to secure and recover data.
- Windows and Linux Security: Apply Windows System Security Policies, manage Linux Permissions, and explore Linux Containers for enhanced security posture.
- Automation and Discovery: Utilize PowerShell for Speed and Scale and conduct Network Discovery to efficiently manage security tasks.
- Exploitation and Protection: Learn to identify and exploit vulnerabilities in Web App Exploitation, and apply security best practices.
"SEC401 covered a very wide range of security technologies, processes, and tools that will really open your eyes. I liked how the course shows that not everything is magic, and packets of data can be interpreted even without fancy tools. The labs were great for demonstrating the concepts, with flawless instruction and seamless packet capture." - Fei Ma, DESEI
Business Takeaways
- How to address high-priority security concerns
- Leverage security strengths and differences among the top cloud providers
- Build a network visibility map to help validate attack surface
- Reduce an organization's attack surface through hardening and configuration management
- How to create a security program that is built on a foundation of Detection, Response, and Prevention
- Practical tips and tricks that focus on addressing high-priority security concerns within one's organization and doing the right things that lead to effective security solutions
- How adversaries adapt their tactics, techniques, and procedures and how to adapt your defense accordingly
- What ransomware is and how to better defend against it
- How to leverage a defensible network architecture (VLANs, NAC, 802.1x, Zero Trust) based on indicators of compromise
- Identity and Access Management (IAM) methodology and related aspects of strong authentication (MFA)
- How to leverage the security strengths and differences among various cloud providers (including multi-cloud)
- Realistic and practical applications of a capable vulnerability management program
- How to sniff network communication protocols to determine the content of network communication (including access credentials) using tools such as tcpdump and Wireshark
- How to use Windows, Linux, and macOS command line tools to analyze a system looking for high-risk indicators of compromise, as well as the concepts of basic scripting for the automation of continuous monitoring
- How to build a network visibility map that can be used to validate attack surfaces and determine the best methodology to effectively reduce risk through hardening and configuration management
- Why some organizations win and why some lose when it comes to cybersecurity
Hands-On Cybersecurity Training
The lab-based hands-on portion of the course allows students to apply and master course concepts. The labs follow the adventures of the security team at Alpha Incorporated, a fictitious organization that has suffered from a series of compromises. With the labs based upon four real-world scenarios that many organizations face in today's modern world, students walk away with a keen understanding of the real-world challenges they will face throughout their career. Mastering the course concepts by way of hands-on exercise facilitates the spirit of fulfilling the SANS promise: what is learned in the course is immediately applicable at work.
- Section 1: Tcpdump; Wireshark; AWS VPC Flow Logs
- Section 2: Password Auditing; Data Loss Prevention; Mobile Device Backup Recovery
- Section 3: Network Discovery; Binary File Analysis and Characterization; Web App Exploitation; SIEM Log Analysis
- Section 4: Hashing and Cryptographic Validation; Encryption and Decryption; Intrusion Detection and Network Security Monitoring with Snort3 and Zeek
- Section 5: Windows Process Exploration; Windows Filesystem Permissions; Applying Windows System Security Policies; Using PowerShell for Speed and Scale
- Section 6: Linux Permissions; Linux Containers; Linux Logging and Auditing
- Course books, lab workbook (more than 500 pages of hands-on exercises), virtual machines with tools pre-installed
- TCP/IP reference guides
- MP3 audio files of the complete course lecture
Depending on your current role or future plans, one of these courses is a great next step in your cybersecurity journey:
- Security Operations Center (SOC) Analyst
- SEC450: Blue Team Fundamentals: Security Operations and Analysis
- SEC511: Cybersecurity Engineering: Advanced Threat Detection and Monitoring
- Incident Handler:
- SEC504: Hacker Tools, Techniques, and Incident Handling
- Cloud Security Architect:
- SEC510: Cloud Security Controls and Migration
- SEC540: Cloud Security and DevSecOps Automation