SEC504: Hacker Tools, Techniques, and Incident Handling

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsApply your credits to renew your certifications
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
Apply what you learn with hands-on exercises and labs
Learn advanced penetration testing skills to develop custom exploits, perform network attacks, analyze cryptographic implementations, and master advanced exploitation techniques.
The quality of the labs and coursework in SEC660 showcases the value SANS training has over other providers. It was an excellent, challenging, and rewarding course.
Learn advanced penetration testing skills and explore sophisticated attack vectors and exploit development. This course spans network infrastructure attacks, cryptographic implementation testing, advanced post-exploitation techniques, and custom exploit writing for both Windows and Linux environments. Hands-on labs provide practical experience with fuzzing, return-oriented programming, exploit mitigation bypasses, and real-world application exploitation.
James Shewmaker, founder of Bluenotch Corporation, has over two decades of technical experience in IT, primarily developing appliances for automation and security for broadcast radio, internet, and satellite devices.
Read more about James ShewmakerStephen Sims, an esteemed vulnerability researcher and exploit developer, has significantly advanced cybersecurity by authoring SANS's most advanced courses and co-authoring the "Gray Hat Hacking" series.
Read more about Stephen SimsExplore the course syllabus below to view the full range of topics covered in SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking.
Network infrastructure in cloud environments presents unique attack vectors. In the first section, security professionals explore access manipulation, protocol exploitation, and device compromise across IPv4 and IPv6. Modern cloud setups integrate legacy components, making these skills crucial for comprehensive security testing.
In this section, security professionals explore cryptographic exploitation and post-compromise techniques in cloud environments. Topics include cipher operations, implementation flaws, privilege escalation, and lateral movement. PowerShell plays a key role in both attack and defense, especially in hybrid clouds.
In section three, security professionals analyze cloud-native products, focusing on supply chain security, protocol manipulation, and fuzzing. Topics include custom fuzzing grammars, network protocols, file formats, and code coverage analysis for testing effectiveness.
Linux exploitation is crucial in cloud security. In this section, professionals explore memory management, privilege escalation, SUID exploits, and advanced bypass techniques like ROP and ASLR evasion.
Windows systems remain prevalent in hybrid cloud environments, necessitating deep understanding of Windows-specific security features. In this section, practitioners examine process structures, exception handling, and API interactions. Content covers stack-based attacks, DEP bypass, and ROP chains, with special attention given to client-side exploitation.
A comprehensive challenge environment integrates cloud and traditional infrastructure components. Students face escalating difficulties across Linux and Windows systems, network infrastructure, and cloud services. The scoring system provides immediate feedback on successful exploitation, with point values reflecting real-world complexity and impact.
Collaborates to identify access and collection gaps using cyber resources and techniques to penetrate target networks and support mission operations.
Explore learning pathCoordinates cyber operations plans, working with analysts and operators to support targeting and synchronization of actions in cyberspace.
Explore learning pathAdd a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.
When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.
Absolutely amazing stuff. I couldn't ask for more in SEC660. The wealth of knowledge is just mind-blowing. The extra materials presented in the course will definitely keep me going for the next couple of months.
SEC660 has been nothing less than excellent. Both the instructor and assistant are subject-matter experts who have extensive knowledge covering all aspects of the topics covered and then some.
No frills and goes right to the point. The first day alone is what other classes spend a full week on.
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources