SEC504™: SANS Amsterdam October 2025
Provided by SANS
What You Will Learn
In today's evolving threat landscape, breaches are inevitable. What's crucial is how fast and effectively you can detect and respond to these attacks. Staying out of breach headlines hinges on your ability to complete comprehensive incident response actions to neutralize threats.
SEC504™ training prepares you to apply dynamic and effective incident response strategies. You'll identify indicators of compromise (IoCs) and respond to breaches affecting Windows, Linux, and cloud platforms-skills you can immediately apply to protect your organization from real-world threats.
A big focus in SEC504™ training is applying what you learn: 50% of the course is hands-on where you will attack, defend, and assess the damage done by threat actors. You'll reproduce real-world breaches on complex network environments, applications, and host platforms, then assess the damage caused by threat actors. In SEC504™ training you have unlimited access to our immersive labs, allowing you to repeat exercises as often as needed. Each lab includes in-depth walkthrough videos designed to support your learning.
To truly defend your organization, you need to think like an attacker. In SEC504™ training's immersive labs, you'll use the same tools and techniques adversaries rely on, learning to recognize the artifacts they leave behind. By adopting their mindset and studying their tactics, techniques, and procedures (TTPs), you'll gain valuable insights to develop your Cyber Threat Intelligence (CTI) and strengthen your defenses. You will develop actionable skills that will immediately enhance your organization's security posture, making your investment in training pay off from day one.
Business Takeaways
At the completion of SEC504™ training you will be able to:
In today's evolving threat landscape, breaches are inevitable. What's crucial is how fast and effectively you can detect and respond to these attacks. Staying out of breach headlines hinges on your ability to complete comprehensive incident response actions to neutralize threats.
SEC504™ training prepares you to apply dynamic and effective incident response strategies. You'll identify indicators of compromise (IoCs) and respond to breaches affecting Windows, Linux, and cloud platforms-skills you can immediately apply to protect your organization from real-world threats.
A big focus in SEC504™ training is applying what you learn: 50% of the course is hands-on where you will attack, defend, and assess the damage done by threat actors. You'll reproduce real-world breaches on complex network environments, applications, and host platforms, then assess the damage caused by threat actors. In SEC504™ training you have unlimited access to our immersive labs, allowing you to repeat exercises as often as needed. Each lab includes in-depth walkthrough videos designed to support your learning.
To truly defend your organization, you need to think like an attacker. In SEC504™ training's immersive labs, you'll use the same tools and techniques adversaries rely on, learning to recognize the artifacts they leave behind. By adopting their mindset and studying their tactics, techniques, and procedures (TTPs), you'll gain valuable insights to develop your Cyber Threat Intelligence (CTI) and strengthen your defenses. You will develop actionable skills that will immediately enhance your organization's security posture, making your investment in training pay off from day one.
Business Takeaways
- Apply a dynamic approach to incident response
- Identify threats using host, network, and log analysis
- Best practices for effective cloud incident response
- Leverage PowerShell for data collection and cyber threat analysis
- Cyber investigation processes using live analysis, network insight, memory forensics, and malware reverse engineering
- How to accelerate your incident response using generative AI systems
- Defense spotlight strategies to protect critical assets
- How attackers leverage cloud systems against organizations
- Attacker techniques to evade endpoint detection tools including EDR and XDR platforms
- Attacker steps for internal discovery and lateral movement after an initial compromise
- How attackers exploit publicly accessible systems including Microsoft 365
At the completion of SEC504™ training you will be able to:
- Effectively respond to an incident in your organization in order to limit damage
- Evaluate the evidence in a breach in order to identify the extent of the compromise
- Identify shadow cloud systems and other threats that can expose your organization
- Use attack tools against cloud and on-premises systems to assess your exposure
- Apply effective defenses that significantly improve security and stop attacks
- Test security defense tools to evaluate their effectiveness
- Develop threat intelligence by assessing attacker tools and techniques
- Unlimited access to all hands-on lab exercises that never expires
- Printed and electronic course books and a hands-on workbook
- MP3 audio files of the entire course
- Detailed video walkthroughs for all lab exercises
- Visual association maps to break down complex material
- A digital index for quick reference to all material
- Bonus content and hands-on exercises to develop your skills beyond the course
- Essential cheat sheets for tools and complex analysis tasks
Enquire
Start date | Location / delivery | |
---|---|---|
27 Oct 2025 | Amsterdam | Book now |