- Training
- Training Live Events
- Training Without Travel
- Security Courses
- Security Curricula
- Certified Instructors
- Training Calendars
- SANS vLive! / SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- Coins
- SANS Onsite
- SANS SelfStudy
- SANS Summit Series
- SANS Partnership Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- List of Resources
- Top 20 List
- Top 25 Programming Errors
- 20 Coolest Jobs
- Application Security Procurement Language
- Top 10 Security Trends
- Top 5 Essential Log Reports
- Reading Room
- Webcasts
- AudioCasts
- WhatWorks
- Newsletters
- RSS Feeds
- Calendar Feeds
- Security Thought Leaders
- Security Policy Project
- Security+ Study Guide
- SANS Buyers Guide
- Security Tool Demos
- 2008 Salary Survey
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
The most trusted source for computer security training, certification and research.
select a course
Phoenix, AZ - March 23 - 30, 2009
- Event Location & Info
- Faculty
- Vendor Expo
- General Info
- Vendor Events
- Special Events
- SANS @Night
- Brochure (PDF)
The SANS class stands out above the rest because of the subject matter experts who teach the classes and labs.
-Shirlee Eitel-Birgham, State of Nevada
Security 561
1 Day Course
Network Penetration Testing: Maximizing the Effectiveness of Reports, Exploits, and Command Shells
Sunday, March 29, 2009 : 9am - 5pmBryce Galbraith, SANS Certified Instructor
6 CPE Credits
This one-day session builds on the principles of SANS Security 560 with additional discussion and numerous hands-on exercises designed to help attendees make the most of their penetration tests. The course describes using Metasploit functionality to transform payloads into executable programs that are highly useful in penetration tests. We then look at altering the executables with Metasploit's encode functionality, packing them to evade detection, and then loading them onto USB tokens for autoplay attacks on Windows machines, all done in a detailed hands-on exercise. We also address how to write penetration testing reports that have maximum effectiveness in helping an organization to understand its risks based on the findings of a penetration test, motivating positive changes in the security stance of the target organization. The session concludes with a detailed discussion of the critical post-exploitation phase of a penetration test, leveraging built-in Unix, Linux, and Windows tools such as /dev/tcp, telnet clients, and ftp to launch port scans, create backdoor shells, and move files, all techniques that can be directly applied in real-world penetration tests.
Loved the follow on - it was a perfect capstone to the 560 class
- Scott Keoseyan, Wells Fargo
- Target Audience
- Security personnel whose job involves assessing target networks and systems to find security vulnerabilities. The course is ideally suited for system administrators, technical auditors, professional penetration testers, and consultants who want technical depth and hands-on experience with penetration testing and ethical hacking tools.
- Prerequisite
- This course is open only to attendees who have previously taken SANS Security 560, either directly before this session, or at some earlier time.
- © 2000-2009 The SANS™ Institute
- Web Privacy Policy | Web Contact |
- Press Room | Trademark Usage Policy