Courses Available Using the SANS NetWars Training Platform:
SEC561: Hands-on Penetration Testing for the InfoSec Pro
Today, many information security practitioners are expected to leverage cross-disciplinary skills in complex areas. Analysts are no longer able to specialize in just a single skill area, such as vulnerability assessment, network penetration testing, or web app assessment. To face todays threats, organizations need employees that add value to the team across varying focus areas, contributing to both operations and security teams.
Few practitioners have the time to build broad skills across many different security areas. The best way to pick up new skills quickly is to practice them in hands-on, real-world scenarios designed to challenge and guide a participant. The Hands-On Security Practitioner course creates a learning environment where participants can quickly build and reinforce skills in multiple focus areas, including:
- Network security assessment, identifying architecture weaknesses in network deployments
- Host-based security assessment, protecting against privilege escalation attacks
- Web application penetration testing, exploiting common flaws in complex systems
- Advanced system attacks, leveraging pivoting and tunneling techniques to identify exposure areas deep within an organization
FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
The course culminates with a series of capture-the-flag style challenges using the hugely popular SANS NetWars tournament platform. These challenges are designed to reinforce the techniques learned in class and to provide additional opportunities for learning practical, hands-on malware analysis skills. By applying the techniques learned earlier in the course, students solidify their knowledge and can shore up skill areas where they feel they need additional practice.
AUD507: Auditing Networks, Perimeters, and Systems
One of the most significant obstacles facing many auditors today is how exactly to go about auditing the security of an enterprise. What systems really matter? How should the firewall and routers be configured? What settings should be checked on the various systems under scrutiny? Is there a set of processes that can be put into place to allow an auditor to focus on the business processes rather than the security settings? All of these questions and more will be answered by the material covered in this course.
Leveraging the well known NetWars engine, students have the opportunity to connect to a simulated enterprise network environment. Building on the tools and techniques learned throughout the week, each student is challenged to answer a series of questions about the enterprise network, working through various technologies explored during the course.