Group Purchasing
Group Purchasing
AI SKILLSMAJOR UPDATES

SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking

SEC660Offensive Operations, Artificial Intelligence
  • 6 Days (Instructor-Led)
  • 46 Hours (Self-Paced)
Course authored by:
James ShewmakerStephen Sims
James Shewmaker & Stephen Sims
SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
Course authored by:
James ShewmakerStephen Sims
James Shewmaker & Stephen Sims
  • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
  • 46 CPEs

    Apply your credits to renew your certifications

  • In-Person, Virtual or Self-Paced

    Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months

  • Advanced Skill Level

    Course material is geared for cyber security professionals with hands-on experience

  • 30 Hands-On Lab(s)

    Apply what you learn with hands-on exercises and labs

Master advanced pen testing, exploit writing, escaping restricted desktops, post-exploitation, fuzzing, crypto attacks, and Windows/Linux exploitation, using AI to assist with tasks like exploit development.

Course Overview

Learn advanced penetration testing skills and explore sophisticated attack vectors and exploit development. This course spans network infrastructure attacks, cryptographic implementation testing, product security testing, advanced post-exploitation techniques, and custom exploit writing for both Windows and Linux environments, using AI to assist. Hands-on labs provide practical experience with fuzzing, return-oriented programming, exploit mitigation bypasses, and real-world application exploitation.

2026 Course Update Summary

The latest SEC660 update modernizes the advanced penetration testing course. Students now learn how to incorporate AI into exploit research, vulnerability analysis, scripting, and bug discovery while developing advanced offensive skills across network attacks, product security testing, exploit development, and post-exploitation.

For a detailed breakdown of what's new and how these updates can strengthen you or your team, download the flyer.

What You’ll Learn

  • Advanced network attack methodologies
  • Custom exploit development techniques, using AI to assist
  • Exploit mitigation bypass strategies
  • Modern fuzzing implementations
  • Post-exploitation advancement tactics
  • Return-oriented programming mastery
  • Cryptographic weakness assessment

Business Takeaways

  • Network access control evasion
  • Using AI to assist with bug hunting
  • Advanced IPv6 security implications
  • TLS/SSL security and MFA considerations
  • Assessment of cryptographic implementations
  • Routing and switching attack vectors
  • Escaping restricted desktops and post-exploitation

Course Syllabus

Explore the course syllabus below to view the full range of topics covered in SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking.

Section 1Network Attacks for Penetration Testers

Relationships between networked devices present unique attack vectors. In the first section, security professionals explore access manipulation, protocol exploitation, and device compromise across the LAN. Vulnerabilities can be patched, but relationships can be manipulated, making these skills crucial for comprehensive security testing.

Topics covered

  • Network access control evasion
  • Custom protocol manipulation methods
  • Advanced IPv6 security implications
  • TLS/SSL security considerations
  • OSPF routing attack vectors

Labs

  • Captive Portal Bypass
  • Credential Theft
  • IPv4, IPv6, and Route MitM Attacks
  • Transport Tampering
  • MFA Bypass Attacks

Section 2Crypto and Post-Exploitation

In this section, security professionals explore cryptographic exploitation and post-compromise techniques in restricted environments. Topics include cipher operations, implementation flaws, privilege escalation, and lateral movement.

Topics covered

  • Cryptographic implementation testing
  • Identify patterns in standard and custom encryption
  • CBC vulnerability exploitation
  • Hash-length extension attacks
  • Endpoint restriction bypasses

Labs

  • Detecting Cryptography Implementations
  • CBC Bitflipping Attacks
  • Hash Extension Attacks
  • Kiosk Escape
  • Docker Escape

Section 3Product Security Testing and Fuzzing

In section three, security professionals focus on modern product security testing, protocol manipulation, and fuzzing. Topics include custom fuzzing grammars, network protocols, file formats, and code coverage analysis for testing effectiveness.

Topics covered

  • Protocol state manipulation
  • Automated fuzzing optimization
  • Product security testing
  • Code coverage measurement
  • Wireless data leakage testing

Labs

  • Custom packet manipulation
  • Framework-based fuzzing
  • Binary instrumentation techniques
  • Source code analysis methods
  • AFL++ implementation strategies

Section 4Exploiting Linux for Penetration Testers

Linux exploitation is increasingly relevant in the era of AI-assisted vulnerability research. In this section, professionals explore memory management, privilege escalation, SUID exploits, and advanced bypass techniques like ROP and ASLR evasion. You will use a local LLM to assist in bug discovery and exploitation.

Topics covered

  • Stack memory management
  • AI-assisted bug discovery
  • 32-bit and 64-bit exploitation
  • Defeating exploit mitigations
  • Return-oriented programming

Labs

  • Linux buffer overflow exploitation
  • Return-to-libc implementation
  • Stack canary analysis
  • ASLR bypass techniques
  • 64-bit binary exploitation

Section 5Exploiting Windows for Penetration Testers

Windows systems remain prevalent in enterprise environments, necessitating a deep understanding of Windows-specific security features. In this section, practitioners examine process structures, exception handling, and API interactions. Content covers stack-based attacks, DEP bypass, and ROP chains, with special attention given to client-side exploitation.

Topics covered

  • Windows OS protection analysis
  • Stack exploitation fundamentals
  • ROP chain construction
  • Client-side attack vectors
  • Shellcode development

Labs

  • Windows 11 vulnerability analysis
  • SafeSEH bypass implementation
  • ROP chain development
  • DEP mitigation techniques
  • Commercial application testing

Section 6Capture The Flag!

Students face escalating difficulties across Linux and Windows systems, shellcode challenges, crypto challenges, and much more. The scoring system provides immediate feedback on successful exploitation, with point values reflecting real-world complexity and impact.

Topics covered

  • Multi-vector attack planning
  • Escalation path identification
  • Network attack implementation
  • System compromise techniques
  • Post-exploitation methods

Labs

  • Local privilege escalation
  • Remote system exploitation
  • Network infrastructure attacks
  • Protocol manipulation scenarios
  • Cryptographic attacks

Things You Need To Know

Relevant Job Roles

Vulnerability Researcher & Exploit Developer

Offensive Operations

In this role, you will work to find 0-days (unknown vulnerabilities) in a wide range of applications and devices used by organizations and consumers. Find vulnerabilities before the adversaries!

Explore learning path

Vulnerability Assessment

SCyWF: Protection And Defense

This role tests IT systems and networks and assesses their threats and vulnerabilities. Find the SANS courses that map to the Vulnerability Assessment SCyWF Work Role.

Explore learning path

Vulnerability Assessment (VUAS)

Skills Framework for the Information Age

Identification and classification of vulnerabilities across systems, applications, and networks. Findings are used to guide patching, mitigation, and security control enhancements.

Explore learning path

Vulnerability Analysis (OPM 541)

NICE: Protection and Defense

Responsible for assessing systems and networks to identify deviations from acceptable configurations, enclave policy, or local policy. Measure effectiveness of defense-in-depth architecture against known vulnerabilities.

Explore learning path

Application Pen Tester

Offensive Operations

Application penetration testers probe the security integrity of a company’s applications and defenses by evaluating the attack surface of all in-scope vulnerable web-based services, clientside applications, servers-side processes, and more. Mimicking a malicious attacker, app pen testers work to bypass security barriers in order to gain access to sensitive information or enter a company’s internal systems through techniques such as pivoting or lateral movement.

Explore learning path

Cyber Operations Planner (DCWF 332)

DoD 8140: Cyber Effects

Coordinates cyber operations plans, working with analysts and operators to support targeting and synchronization of actions in cyberspace.

Explore learning path

Penetration Tester

European Cybersecurity Skills Framework

Assess the effectiveness of security controls, reveals and utilise cybersecurity vulnerabilities, assessing their criticality if exploited by threat actors.

Explore learning path

Penetration Testing (PENT)

Skills Framework for the Information Age

Performance of authorised tests to identify vulnerabilities in networks, applications, and systems. Findings support remediation planning and risk reduction across the enterprise.

Explore learning path

Course Schedule and Pricing

Have Questions?Contact Us
Showing 10 of 11

Benefits of Learning with SANS

Bryan Simon: Teacher Standing Next to Smartboard and Explaining Concept

Get feedback from the world’s best cybersecurity experts and instructors

OnDemand Mobile App

Choose how you want to learn - online, on demand, or at our live in-person training events

Close Up of Woman Holding a Pen and Documents

Get access to our range of industry-leading courses and resources