Last Day to Save $400 on SANS Security East 2015, New Orleans

Pen Test Berlin 2014

Berlin, Germany | Mon, Jun 16 - Sat, Jun 21, 2014

SEC560: Network Penetration Testing and Ethical Hacking

As a cyber security professional, you have a unique responsibility to find and understand your organization's vulnerabilities and to work diligently to mitigate them before the bad guys pounce. Are you ready? SANS SEC560, our flagship course for penetration testing, fully arms you to address this duty head-on.

THE MUST-HAVE COURSE FOR EVERY WELL-ROUNDED SECURITY PROFESSIONAL

With comprehensive coverage of tools, techniques, and methodologies for network, web app, and wireless testing, SEC560 truly prepares you to conduct high-value penetration testing projects end-to-end, step-by-step. Every organization needs skilled infosec personnel who can find vulnerabilities and mitigate their impacts, and this whole course is specially designed to get you ready for that role. The course starts with proper planning, scoping and recon, and then dives deep into scanning, target exploitation, password attacks, and wireless and web apps with over 30 detailed hands-on labs throughout. The course is chock full of practical, real-world tips from some of the world's best penetration testers to help you do your job masterfully, safely, and efficiently.

LEARN THE BEST WAYS TO TEST YOUR OWN SYSTEMS BEFORE THE BAD GUYS ATTACK

The whole course is designed to get you ready to conduct a full-scale, high-value penetration test, and on the last day of the course, you will do just that. After building your skills in awesome labs over five days, the course culminates with a final full-day, real-world penetration test scenario. You will conduct an end-to-end pen test, applying knowledge, tools, and principles from throughout the course as you discover and exploit vulnerabilities in a realistic sample target organization, demonstrating the knowledge you have mastered in this course.

EQUIPPING SECURITY ORGANIZATIONS WITH COMPREHENSIVE PENETRATION TESTING AND ETHICAL HACKING KNOW-HOW

You will learn how to perform detailed reconnaissance, learning about a target's infrastructure by mining blogs, search engines, social networking sites, and other Internet and intranet infrastructures. You will be equipped to scan target networks using best-of-breed tools from experience in our hands-on labs. We won't just cover run-of-the-mill options and configurations, but instead, we'll also go over less-well-known-but-super-useful capabilities of the best pen test toolsets available today. After scanning, you'll learn dozens of methods for exploiting target systems to gain access and measure real business risk. You will dive deep into post exploitation, password attacks, wireless, and web apps, pivoting through the target environment to model the attacks of real-world bad guys to emphasize the importance of defense in depth. The final portion of the class includes a comprehensive hands-on lab, conducting a full-day penetration test against a target organization.

Course Syllabus
Course Contents InstructorsSchedule
  SEC560.1: Comprehensive Pen Test Planning, Scoping, and Recon James Lyne Mon Jun 16th, 2014
9:00 AM - 6:30 PM
Overview

In this section of the course, you will develop the skills needed to prepare to conduct a best-of-breed, high-value penetration test. We will go in-depth on how to build a penetration testing infrastructure that includes all the hardware, software, network infrastructure, and tools you will need for conducting great penetration tests, with specific low-cost recommendations for your arsenal. We'll then cover formulating a pen test scope and rules of engagement that will set you up for success, with a role-playing exercise where you will build an effective scope and rules of engagement. We also dig deep into the reconnaissance portion of a penetration test, covering the latest tools and techniques, including hands-on document metadata analysis to pull sensitive information about a target environment.

CPE/CMU Credits: 7

Topics
  • The Mindset of the Professional Pen Tester
  • Building a World-Class Pen Test Infrastructure
  • Creating Effective Pen Test Scopes and Rules of Engagement
  • Effective Reporting; Detailed Recon Using the Latest Tools
  • Mining Search Engine Results
  • Document Metadata Extraction and Analysis
 
  SEC560.2: In-Depth Scanning James Lyne Tue Jun 17th, 2014
9:00 AM - 5:00 PM
Overview

We next focus on the vital task of mapping the attack surface by creating a comprehensive inventory of machines, accounts, and potential vulnerabilities. We'll look at some of the most useful scanning tools freely available today and run them in numerous hands-on labs to help hammer home the most effective way to use each tool. We'll also conduct a deep dive into some of the most useful tools available to pen testers today for formulating packets: Scapy and Netcat. We finish the day covering vital techniques for false-positive reduction so you can focus your findings on meaningful results and avoid the sting of a false positive, as well as how to conduct your scans safely and efficiently.

CPE/CMU Credits: 6

Topics
  • Tips for Awesome Scanning
  • Tcpdump for the Pen Tester
  • Nmap In-Depth; the Nmap Scripting Engine
  • Version Scanning with Nmap and Amap
  • Vulnerability Scanning with Nessus and Retina
  • False Positive Reduction
  • Packet manipulation with Scapy
  • Enumerating Users
  • Netcat for the Pen Tester
  • Monitoring Services During a Scan
 
  SEC560.3: Exploitation and Post Exploitation James Lyne Wed Jun 18th, 2014
9:00 AM - 5:00 PM
Overview

In this section, we look at the many kinds of exploits that penetration testers use to compromise target machines, including client-side exploits, service-side exploits, and local privilege escalation. We'll see how these exploits are packaged in frameworks like Metasploit and its mighty Meterpreter. You'll learn in-depth how to leverage Metasploit and the Meterpreter to compromise target environments, search them for information to advance the penetration test, and pivot to other systems, all with a focus on determining the true business risk of the target organization. We'll also look at post-exploitation analysis of machines and pivoting to find new targets, finishing the section with a lively discussion of how to leverage the Windows shell to dominate target environments.

CPE/CMU Credits: 6

Topics
  • Comprehensive Metasploit Coverage with Exploits/Stagers/Stages
  • In-Depth Meterpreter Hands-On Labs
  • Implementing Port Forwarding Relays for Merciless Pivots
  • Bypassing the Shell vs. Terminal Dilemma
  • Installing VNC/RDP/SSH with Only Shell Access
  • Windows Command Line Kung Fu for Penetration Testers
 
  SEC560.4: Password Attacks & Merciless Pivoting James Lyne Thu Jun 19th, 2014
9:00 AM - 5:00 PM
Overview

This component of the course turns our attention to password attacks, analyzing password guessing, password cracking, and pass-the-hash techniques in depth. We will go over numerous tips based on real-world experience to help penetration testers and ethical hackers maximize the effectiveness of their password attacks. You will patch and custom-compile John the Ripper to optimize its performance in cracking passwords. You will look at the amazingly full-featured Cain tool, running it to crack sniffed Windows authentication messages. You will also perform multiple types of pivots to move laterally through our target lab environment, and pluck hashes and cleartext passwords from memory using the Mimikatz tool. We will see how Rainbow Tables really work to make password cracking much more efficient, all hands-on. And, we will finish the day with an exciting discussion of powerful "pass-the-hash" attacks, leveraging Metasploit, the Meterpreter, and SAMBA client software.

CPE/CMU Credits: 6

Topics
  • Password attack tips
  • Account lockout and strategies for avoiding it
  • Automated Password Guessing with THC-Hydra
  • retrieving and manipulating hashes from Windows, Linux, and other systems
  • Massive pivoting through target environments
  • Extracting hashes and passwords from memory with Mimikatz
  • Password cracking with John the Ripper & Cain
  • Using Rainbow Tables to maximum effectiveness
  • Pass-the-hash attacks with Metasploit and more
 
  SEC560.5: Wireless and Web Apps Penetration Testing James Lyne Fri Jun 20th, 2014
9:00 AM - 5:00 PM
Overview

This in-depth section of the course is focused on helping you become a well-rounded penetration tester. Augmenting your network penetration testing abilities, we turn our attention to methods for finding and exploiting wireless weaknesses, including identifying misconfigured access points, cracking weak wireless protocols, and the exploiting wireless clients. We then turn our attention to web application pen testing, with detailed hands-on exercises that involve finding and exploiting cross-site scripting (XSS), cross-site request forgery (XSRF), command injection, and SQL injection flaws in applications such as online banking, blog sites, and more.

CPE/CMU Credits: 6

Topics
  • Wireless Attacks
  • Discovering Access
  • Attacking Wireless Crypto Flaws
  • Client-Side Wireless Attacks
  • Finding and Exploiting Cross-Site Scripting
  • Cross-Site Request Forgery
  • SQL Injection
  • Leveraging SQL Injection to Perform Command Injection
  • Maximizing Effectiveness of Command Injection Testing

 
  SEC560.6: Penetration Testing Workshop and Capture the Flag Event James Lyne Sat Jun 21st, 2014
9:00 AM - 5:00 PM
Overview

This lively session represents the culmination of the network penetration testing and ethical hacking course, where you'll apply all of the skills mastered in the course so far in a full-day, hands-on workshop. In this final workshop, you'll conduct an actual penetration test of a sample target environment. We'll provide the scope and rules of engagement, and you'll work with a team to achieve your goal of finding out whether the target organization's Personally Identifiable Information (PII) is at risk. And, as a final step in preparing you for conducting penetration tests, you'll make recommendations about remediating the risks you identify.

CPE/CMU Credits: 6

Topics
  • Applying Penetration Testing and Ethical Hacking Practices End-to-end
  • Scanning
  • Exploitation
  • Post-Exploitation
  • Pivoting; Analyzing Results
 
Additional Information
 
  Testimonial

"Ed Skoudis is the best teacher I've ever had. He is 100% competent and professional."

-Petra Klein, FRA

 
  Laptop Required

IMPORTANT - BRING YOUR OWN LAPTOP WITH WINDOWS

To get the most value out of the course, students are required to bring their own laptop so that they can connect directly to the workshop network that we will create. It is the students' responsibility to make sure that the system is properly configured with all drivers necessary to connect to an Ethernet network.

Some of the course exercises are based on Windows, while others focus on Linux. VMware Player or VMware Workstation is required for the class. If you plan to use a Macintosh, please make sure you bring VMware Fusion, along with a Windows guest virtual machine.

Windows

You are required to bring Windows 7 (Professional, Enterprise, or Ultimate), Windows Vista (Business, Enterprise, or Ultimate), Windows XP Pro, or Windows 2003 or 2008 Server, either a real system or a virtual machine. Windows 8 Pro is an acceptable option. Windows 7 Home, Windows Vista Home, Windows XP Home, and Windows 2000 (all versions) will NOT work for the class as they do not include all of the built-in capabilities we need for comprehensive analysis of the system.

The course includes a VMware image file of a guest Linux system that is larger than 2 GB. Therefore, you need a file system with the ability to read and write files that are larger than 2 GB, such as NTFS on a Windows machine.

IMPORTANT NOTE:You will also be required to disable your anti-virus tools temporarily for some exercises, so make sure you have the anti-virus administrator permissions to do so. DO NOT plan on just killing your anti-virus service or processes because most anti-virus tools still function even when their associated services and processes have been terminated. For many enterprise-managed clients, disabling your anti-virus tool may require a different password than the Administrator account password. Please bring that administrator password for your anti-virus tool.

Enterprise VPN clients may interfere with the network configuration required to participate in the class. If your system has an enterprise VPN client installed, you may need to uninstall it for the exercises in class.

VMware

You will use VMware to run Windows and Linux operating systems simultaneously when performing exercises in class. You must have either the free VMware Player 3 or later or the commercial VMware Workstation 6 or later installed on your system prior to coming to class. You can download VMware Player for free here.

Alternatively, if you want a more flexible and configurable tool, you can download a free 30-day trial copy of VMware Workstation here. VMware will send you a time- limited license number for VMware Workstation if you register for the trial at their Web site. No license number is required for VMware Player.

We will give you a DVD full of attack tools to experiment with during the class and take home for later analysis. We will also provide a Linux image with all of our tools pre-installed that runs within VMware Player or VMware Workstation.

Linux

You do not need to bring a Linux system if you plan to use our Linux image in VMware. However, you are required to bring VMware Workstation or VMware Player. The class does not support VirtualPC or other non-VMware virtualization products.

Mandatory Laptop Hardware Requirements

  • x86- or x64-compatible 1.5 GHz CPU Minimum or higher
  • DVD Drive (not a CD drive)
  • 2 GigaByte RAM minimum with 4 GB or higher recommended
  • Ethernet adapter (A wired connection is required in class. If your laptop supports only wireless, please make sure to bring an Ethernet adapter with you.)
  • 5 GigaByte available hard drive space
  • Any Service Pack level is acceptable for Windows 8, Windows 7, Windows Vista, or Windows XP Pro

During the workshop, you will be connecting to one of the most hostile networks on planet Earth! Your laptop might be attacked. Do not have any sensitive data stored on the system. SANS is not responsible for your system if someone in the class attacks it in the workshop.

By bringing the right equipment and preparing in advance, you can maximize what you'll see and learn as well as have a lot of fun.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

 
  Prerequisites

SANS Security 560 is one of the most technically rigorous courses offered by the SANS Institute. Attendees are expected to have a working knowledge of TCP/IP, cryptographic routines such as DES, AES, and MD5, and the Windows and Linux command lines before they step into class. Although SANS Security 401: Security Essentials and then next SANS Security 504: Hacker Techniques, Exploits, and Incident Handling are not pre-requisites for 560, these courses cover the groundwork that all 560 attendees are expected to know. While 560 is technically in-depth, it is important to note that programming knowledge is NOT required for the course. For more information on the differences between SEC560 and SEC504 see the SEC560 and SEC504 FAQS.

 
  Why Take This Course?

Why Choose Our Course?

This SANS course differs from other penetration testing and ethical hacking courses in several important ways:

  • We get deep into the tools arsenal with numerous hands-on exercises that show subtle, less-well-known, and undocumented features that are incredibly useful for professional penetration testers and ethical hackers.
  • The course discusses how the tools interrelate with each other in an overall testing process. Rather than just throwing up a bunch of tools and playing with them, we analyze how to leverage information from one tool to get the most bang out of the next tool.
  • We focus on the workflow of professional penetration testers and ethical hackers, proceeding step-by-step discussing the most effective means for conducting projects.
  • The sessions address common pitfalls that arise in penetration tests and ethical hacking projects, providing real-world strategies and tactics for avoiding these problems to maximize the quality of test results.
  • We cover several timesaving tactics based on years of in-the-trenches experience from real penetration testers and ethical hackers, actions that might take hours or days unless you know the little secrets we'll cover that will let you surmount a problem in minutes.
  • The course stresses the mind-set of successful penetration testers and ethical hackers, which involves balancing the often contravening forces of creative "outside-the-box" thinking, methodical trouble-shooting, carefully weighing risks, following a time-tested process, painstakingly documenting results, and creating a high quality final report that achieves management and technical buy-in.
  • We also analyze how penetration testing and ethical hacking should fit into a comprehensive enterprise information security program.

 
  What You Will Receive

Includes access to the Virtual Training Lab

 
  You Will Be Able To
  • Develop tailored scoping and rules of engagement for penetration testing projects to ensure the work is focused, well defined, and conducted in a safe manner
  • Conduct detailed reconnaissance using document metadata, search engines, and other publicly available information sources to build a technical and organizational understanding of the target environment
  • Utilize a scanning tool such as Nmap to conduct comprehensive network sweeps, port scans, OS finger- printing, and version scanning to develop a map of target environments
  • Choose and properly execute Nmap Scripting Engine scripts to extract detailed information from target systems
  • Configure and launch a vulnerability scanner such as Nessus so that it discovers vulnerabilities through both authenticated and unauthenticated scans in a safe manner, and customize the output from such tools to represent the business risk to the organization
  • Analyze the output of scanning tools to manually verify findings and perform false positive reduction using connection-making tools such as Netcat and packet crafting tools such as Scapy
  • Utilize the Windows and Linux command likes to plunder target systems for vital information that can further the overall penetration test progress, establish pivots for deeper compromise, and help determine business risks
  • Configure an exploitation tool such as Metasploit to scan, exploit, and then pivot through a target envi- ronment
  • Conduct comprehensive password attacks against an environment, including automated password guess- ing (while avoiding account lockout), traditional pass- word cracking, rainbow table password cracking, and pass-the-hash attacks
  • Utilize wireless attack tools for Wifi networks to discover access points and clients (actively and pas- sively), crack WEP/WPA/WPA2 keys, and exploit client machines included within a project's scope
  • Launch web application vulnerability scanners such as ZAP and then manually exploit Cross-Site Request Forgery, Cross-Site Scripting, Command Injection, and - ness risk faced by an organization

 
  Press & Reviews

"Sec 560 is getting better and better, you understand more as the day goes on. Most of these tools I will able to use in my organization." - Rayen Rai, Godo

"560 helped to take the stew of ideas and techniques in my head and organize them in a 'professionally' usable way." - Richard Tafoya, Redflex Traffic Systems

"I had a great time. Sec 560 has tons of useful material and techniques. As with all SANS training I leave knowing that I can apply this as soon as I'm back at work." - Benjamin Bagby, XE.Com

"This type of training is fantastic, all new penetration testers and personnel who interact with testers or set up assessments should take this Sec 560." - Christopher Duffy, Knowledge Consulting Group

"This will help me determine how safe my work environment is. Sec 560 is very fun, I don't feel burnt out at the end of the day." - David Neilson, Western Family Foods

"I think if you genuinely want to learn how exploitation techniques work and how to properly think like a hacker, it would be silly not to attend." - Mark Hamilton, McAfee

 

Author Statement

Successful penetration testers don't just throw a bunch of hacks against an organization and regurgitate the output of their tools. Instead, they need to understand how these tools work indepth, and conduct their test in a careful, professional manner. This course explains the inner workings of numerous tools and their use in effective network penetration testing and ethical hacking projects. When teaching the class, I particularly enjoy the numerous hands-on exercises culminating with a final pen-testing extravaganza lab.

- Ed Skoudis