Learn advanced penetration testing, ethical hacking, and exploit writing through rigorous course content and instructor-guided, hands-on, technical labs.
What You Will Learn
SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking is designed as a logical progression point for those who have completed SANS SEC560: Network Penetration Testing and Ethical Hacking, or for those with existing penetration testing experience. Students with the prerequisite knowledge to take this course will walk through dozens of real-world attacks used by the most seasoned penetration testers. The methodology of a given attack is discussed, followed by exercises in a hands-on lab to consolidate advanced concepts and facilitate the immediate application of techniques in the workplace. Each day of the course includes a two-hour evening boot camp to drive home additional mastery of the techniques discussed. A sample of topics covered includes weaponizing Python for penetration testers, attacks against network access control (NAC) and virtual local area network (VLAN) manipulation, network device exploitation, breaking out of Linux and Windows restricted environments, IPv6, Linux privilege escalation and exploit-writing, testing cryptographic implementations, fuzzing, defeating modern OS controls such as address space layout randomization (ASLR) and data execution prevention (DEP), return-oriented programming (ROP), Windows exploit-writing, and much more!
Attackers are becoming more clever and their attacks more complex. To keep up with the latest attack methods, you need a strong desire to learn, the support of others, and the opportunity to practice and build experience. This course provides attendees with in-depth knowledge of the most prominent and powerful attack vectors and furnishes an environment to perform these attacks in numerous hands-on scenarios. The course goes far beyond simple scanning for low-hanging fruit and shows penetration testers how to model the abilities of an advanced attacker to find significant flaws in a target environment and demonstrate the business risk associated with these flaws.
SEC660 starts off by introducing advanced penetration concepts and providing an overview to prepare students for what lies ahead. The focus of day one is on network attacks, an area often left untouched by testers. Topics include accessing, manipulating, and exploiting the network. Attacks are performed against NAC, VLANs, OSPF, 802.1X, CDP, IPv6, VOIP, SSL, ARP, SNMP, and others. Day two starts with a technical module on performing penetration testing against various cryptographic implementations, then turns to network booting attacks, escaping Linux restricted environments such as chroot, and escaping Windows restricted desktop environments. Day three jumps into an introduction of Python for penetration testing, Scapy for packet crafting, product security testing, network and application fuzzing, and code coverage techniques. Days four and five are spent exploiting programs on the Linux and Windows operating systems. You will learn to identify privileged programs, redirect the execution of code, reverse-engineer programs to locate vulnerable code, obtain code execution for administrative shell access, and defeat modern operating system controls such as ASLR, canaries, and DEP using ROP and other techniques. Local and remote exploits as well as client-side exploitation techniques are covered. The final course day is devoted to numerous penetration testing challenges that require students to solve complex problems and capture flags.
Among the biggest benefits of SEC660 is the expert-level hands-on guidance provided through the labs and the additional time allotted each evening to reinforce daytime material and master the exercises.
You Will Learn:
Attackers are becoming more clever and their attacks more complex. To keep up with the latest attack methods, you need a strong desire to learn, the support of others, and the opportunity to practice and build experience. This course provides attendees with in-depth knowledge of the most prominent and powerful attack vectors and furnishes an environment to perform these attacks in numerous hands-on scenarios. The course goes far beyond simple scanning for low-hanging fruit and shows penetration testers how to model the abilities of an advanced attacker to find significant flaws in a target environment and demonstrate the business risk associated with these flaws.
SEC660 starts off by introducing advanced penetration concepts and providing an overview to prepare students for what lies ahead. The focus of day one is on network attacks, an area often left untouched by testers. Topics include accessing, manipulating, and exploiting the network. Attacks are performed against NAC, VLANs, OSPF, 802.1X, CDP, IPv6, VOIP, SSL, ARP, SNMP, and others. Day two starts with a technical module on performing penetration testing against various cryptographic implementations, then turns to network booting attacks, escaping Linux restricted environments such as chroot, and escaping Windows restricted desktop environments. Day three jumps into an introduction of Python for penetration testing, Scapy for packet crafting, product security testing, network and application fuzzing, and code coverage techniques. Days four and five are spent exploiting programs on the Linux and Windows operating systems. You will learn to identify privileged programs, redirect the execution of code, reverse-engineer programs to locate vulnerable code, obtain code execution for administrative shell access, and defeat modern operating system controls such as ASLR, canaries, and DEP using ROP and other techniques. Local and remote exploits as well as client-side exploitation techniques are covered. The final course day is devoted to numerous penetration testing challenges that require students to solve complex problems and capture flags.
Among the biggest benefits of SEC660 is the expert-level hands-on guidance provided through the labs and the additional time allotted each evening to reinforce daytime material and master the exercises.
You Will Learn:
- How to perform penetration testing safely against network devices such as routers, switches, and NAC implementations.
- How to test cryptographic implementations.
- How to leverage an unprivileged foothold for post exploitation and escalation.
- How to fuzz network and stand-alone applications.
- How to write exploits against applications running on Linux and Windows systems.
- How to bypass exploit mitigations such as ASLR, DEP, and stack canaries.
You Will Be Able To
- Perform fuzz testing to enhance your company's SDL process.
- Exploit network devices and assess network application protocols.
- Escape from restricted environments on Linux and Windows.
- Test cryptographic implementations.
- Model the techniques used by attackers to perform 0-day vulnerability discovery and exploit development.
- Develop more accurate quantitative and qualitative risk assessments through validation.
- Demonstrate the needs and effects of leveraging modern exploit mitigation controls.
- Reverse-engineer vulnerable code to write custom exploits.
Hands-On Training
- Exploit routing protocol implementations such as OSPF.
- Bypass different types of NAC implementations.
- Exploit patch updates.
- Perform man-in-the-middle attacks to remove SSL.
- Perform IPv6 attacks.
- Exploit poor cryptographic implementations using CBC bit flipping attacks and hash length extension attacks.
- Hijack network booting environments.
- Exploit virtualization implementations.
- Write Python scripts to automate testing.
- Write fuzzers to trigger bugs in software.
- Reverse-engineer applications to locate code paths and identify potential exploitable bugs.
- Debug Linux applications.
- Debug Windows applications.
- Write exploits against buffer overflow vulnerabilities.
- Bypass exploit mitigations such as ASLR, DEP, stack canaries, SafeSEH, etc.
- Use ROP to bypass or disable security controls.
This is a fast-paced, advanced course that requires a strong desire to learn advanced penetration testing and custom exploitation techniques. The following SANS courses are recommended either prior to or as a companion to taking this course:
- SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling
- SEC560: Network Penetration Testing and Ethical Hacking
Experience with programming in any language is highly recommended. At a minimum, students are advised to read up on basic programming concepts. Python is the primary language used during class exercises, while programs written in C and C++ code are the primary languages being reversed and exploited. The basics of programming will not be covered in this course, although there is an introductory module on Python.
You should also be well versed with the fundamentals of penetration testing prior to taking this course. Familiarity with Linux and Windows is mandatory. A solid understanding of TCP/IP and networking concepts is required. Please contact the author at [email protected] if you have any questions or concerns about the prerequisites.
You should also be well versed with the fundamentals of penetration testing prior to taking this course. Familiarity with Linux and Windows is mandatory. A solid understanding of TCP/IP and networking concepts is required. Please contact the author at [email protected] if you have any questions or concerns about the prerequisites.
