SEC504: Hacker Tools, Techniques, and Incident Handling

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsApply your credits to renew your certifications
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
Apply what you learn with hands-on exercises and labs
Gain essential cybersecurity skills to quickly detect, respond to, and remediate threats. Learn how to protect critical information and technology assets, whether on-premises or in the cloud.
Overall, my learning experience was vital, and I see practical steps and methods that I can use when I start back work. This course changed my perspective on Cyber Security and I’m thankful for the opportunity to be around leaders in the industry.
Information security is about focusing your defenses on the areas that matter most, particularly as they relate to the unique needs of your organization. In SEC401: Security Essentials - Network, Endpoint, and Cloud, you'll learn foundational knowledge in information security, focusing on network, endpoint, and cloud defenses tailored to organizational needs. The course covers detecting and responding to threats to secure systems effectively and minimize impact.
The SEC401 course teaches you the most effective steps to prevent attacks and detect adversaries, equipping you with actionable techniques you can immediately apply in your workplace. Through practical tips and insights, you'll be better prepared to win the ongoing battle against a broad range of cyber adversaries who seek to infiltrate your environment.
Bryan Simon, a SANS Senior Instructor and author of SEC401, has been involved in cybersecurity since 1991. He’s the president of Xploit Security Inc., and has taught cybersecurity students from organizations like the FBI, NATO, and UN.
Read more about Bryan SimonExplore the course syllabus below to view the full range of topics covered in SEC401: Security Essentials - Network, Endpoint, and Cloud.
This section covers the need for a defensible network architecture, emphasizing timely threat detection, sensitive data protection, and understanding protocol vulnerabilities. It also explores cloud security, AI, and adversarial tactics, equipping students with foundational knowledge in network, cloud, AI, and wireless security.
This section addresses large-scale threats and defense-in-depth strategies, focusing on IAM, authentication, and password security as key components of cloud security. It covers frameworks like CIS, NIST, and MITRE ATT&CK® for network and data protection, and explores mobile device security, including BYOD and MDM.
This section covers identifying vulnerabilities and establishing a vulnerability assessment program, with a focus on modern attack methods and web application security. It also addresses detecting post-compromise actions through effective logging, followed by guidance on incident response planning.
This section explores cryptography as a key security tool, covering essential concepts to protect organizational assets. It then examines prevention and detection technologies, like firewalls, intrusion prevention, and detection systems, focusing on their application at both network and endpoint levels.
This section covers the essentials of Windows security, addressing modern complexities like Active Directory, PKI, BitLocker, and endpoint security. It provides tools for streamlining and automating security tasks across both on-premises and Azure environments, equipping you with a strong foundation in Windows security, automation, and auditing.
This section provides practical guidance on securing Linux systems, catering to both beginners and advanced administrators. It covers Linux security fundamentals, including containerization for cloud computing, and concludes with a review of macOS security, clarifying its capabilities and limitations within a UNIX-based environment.
Delivers technical support to users, helping them resolve issues with client hardware/software according to organizational service processes.
Explore learning pathOversees full lifecycle of information systems from design through evaluation, ensuring alignment with functional and operational goals.
Explore learning pathPlans and executes system tests, analyzing results to verify compliance with technical and operational requirements and expectations.
Explore learning pathDevelops business and IT process architectures, creating baseline and target architectures to meet mission or enterprise goals.
Explore learning pathLeads IT project management to deliver services or products, ensuring milestones, budgets, and mission alignment are successfully achieved.
Explore learning pathTranslates functional needs into technical solutions by consulting with customers and developing system architectures and requirements.
Explore learning pathAdd a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.
When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.
SEC401 gives you a fantastic knowledge base to build on, and I would say it's essential for anyone working in cybersecurity.
Excellent material for security professionals wanting a deeper level of knowledge on how to implement security policies, procedures, and defensive mechanisms in an organization.
SEC401 has been an excellent experience all around. It is content-heavy and rich, and regardless of your technical ability and experience, you will leave with a far better understanding of many aspects of cybersecurity.
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources