SEC536: Adversarial AI - Penetration Testing AI Systems


Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact Us
Apply your credits to renew your certifications
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
Course material is geared for cyber security professionals with hands-on experience
Apply what you learn with hands-on exercises and labs
Master advanced pen testing, exploit writing, escaping restricted desktops, post-exploitation, fuzzing, crypto attacks, and Windows/Linux exploitation, using AI to assist with tasks like exploit development.
The quality of the labs and coursework in SEC660 showcases the value SANS training has over other providers. It was an excellent, challenging, and rewarding course.
Learn advanced penetration testing skills and explore sophisticated attack vectors and exploit development. This course spans network infrastructure attacks, cryptographic implementation testing, product security testing, advanced post-exploitation techniques, and custom exploit writing for both Windows and Linux environments, using AI to assist. Hands-on labs provide practical experience with fuzzing, return-oriented programming, exploit mitigation bypasses, and real-world application exploitation.
2026 Course Update Summary
The latest SEC660 update modernizes the advanced penetration testing course. Students now learn how to incorporate AI into exploit research, vulnerability analysis, scripting, and bug discovery while developing advanced offensive skills across network attacks, product security testing, exploit development, and post-exploitation.
For a detailed breakdown of what's new and how these updates can strengthen you or your team, download the flyer.


Learn offensive operations, exploit development, and penetration testing from SANS Principal Instructor James Shewmaker, founder of Bluenotch Corporation and contributor to SEC660, NetWars, and advanced cyber range training environments.
Read more about James Shewmaker

Stephen Sims, an esteemed vulnerability researcher and exploit developer, has significantly advanced cybersecurity by authoring SANS's most advanced courses and co-authoring the "Gray Hat Hacking" series.
Read more about Stephen SimsExplore the course syllabus below to view the full range of topics covered in SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking.
Relationships between networked devices present unique attack vectors. In the first section, security professionals explore access manipulation, protocol exploitation, and device compromise across the LAN. Vulnerabilities can be patched, but relationships can be manipulated, making these skills crucial for comprehensive security testing.
In this section, security professionals explore cryptographic exploitation and post-compromise techniques in restricted environments. Topics include cipher operations, implementation flaws, privilege escalation, and lateral movement.
In section three, security professionals focus on modern product security testing, protocol manipulation, and fuzzing. Topics include custom fuzzing grammars, network protocols, file formats, and code coverage analysis for testing effectiveness.
Linux exploitation is increasingly relevant in the era of AI-assisted vulnerability research. In this section, professionals explore memory management, privilege escalation, SUID exploits, and advanced bypass techniques like ROP and ASLR evasion. You will use a local LLM to assist in bug discovery and exploitation.
Windows systems remain prevalent in enterprise environments, necessitating a deep understanding of Windows-specific security features. In this section, practitioners examine process structures, exception handling, and API interactions. Content covers stack-based attacks, DEP bypass, and ROP chains, with special attention given to client-side exploitation.
Students face escalating difficulties across Linux and Windows systems, shellcode challenges, crypto challenges, and much more. The scoring system provides immediate feedback on successful exploitation, with point values reflecting real-world complexity and impact.
In this role, you will work to find 0-days (unknown vulnerabilities) in a wide range of applications and devices used by organizations and consumers. Find vulnerabilities before the adversaries!
Explore learning pathThis role tests IT systems and networks and assesses their threats and vulnerabilities. Find the SANS courses that map to the Vulnerability Assessment SCyWF Work Role.
Explore learning pathIdentification and classification of vulnerabilities across systems, applications, and networks. Findings are used to guide patching, mitigation, and security control enhancements.
Explore learning pathResponsible for assessing systems and networks to identify deviations from acceptable configurations, enclave policy, or local policy. Measure effectiveness of defense-in-depth architecture against known vulnerabilities.
Explore learning pathApplication penetration testers probe the security integrity of a company’s applications and defenses by evaluating the attack surface of all in-scope vulnerable web-based services, clientside applications, servers-side processes, and more. Mimicking a malicious attacker, app pen testers work to bypass security barriers in order to gain access to sensitive information or enter a company’s internal systems through techniques such as pivoting or lateral movement.
Explore learning pathCoordinates cyber operations plans, working with analysts and operators to support targeting and synchronization of actions in cyberspace.
Explore learning pathAssess the effectiveness of security controls, reveals and utilise cybersecurity vulnerabilities, assessing their criticality if exploited by threat actors.
Explore learning pathPerformance of authorised tests to identify vulnerabilities in networks, applications, and systems. Findings support remediation planning and risk reduction across the enterprise.
Explore learning pathEnroll your team as a group or arrange a private session for your organization. We’ll help you choose the format that fits your goals.
Absolutely amazing stuff. I couldn't ask for more in SEC660. The wealth of knowledge is just mind-blowing. The extra materials presented in the course will definitely keep me going for the next couple of months.
SEC660 has been nothing less than excellent. Both the instructor and assistant are subject-matter experts who have extensive knowledge covering all aspects of the topics covered and then some.
No frills and goes right to the point. The first day alone is what other classes spend a full week on.

Get feedback from the world’s best cybersecurity experts and instructors

Choose how you want to learn - online, on demand, or at our live in-person training events

Get access to our range of industry-leading courses and resources





