The most trusted source for computer security training, certification and research.

select a course
Global Information Assurance Certification

Excellent conference I have a ton of stuff to bring back to my company and clients.
-John S. Macy, Network Design Associates

SECURITY 504

Hacker Techniques, Exploits & Incident Handling

6 CPE Credits per day

NOTE: Includes access to the Virtual Training Lab


This course prepares you for the GCIH certification ( http://www.giac.org/certifications/security/gcih.php ) which meets the requirement of the DoD 8570 IAT Level III.

If your organization has an Internet connection or one or two disgruntled employees (and whose doesn't!), your computer systems will get attacked. From the five, ten, or even one hundred daily probes against your Internet infrastructure to the malicious insider slowly creeping through your most vital information assets, attackers are targeting your systems with increasing viciousness and stealth.

By helping you understand attackers' tactics and strategies in detail, giving you hands-on experience in finding vulnerabilities and discovering intrusions, and equipping you with a comprehensive incident handling plan, the in-depth information in this course helps you turn the tables on computer attackers. This course addresses the latest cutting-edge insidious attack vectors and the "oldie-but-goodie" attacks that are still so prevalent, and everything in between. Instead of merely teaching a few hack attack tricks, this course includes a time-tested, step-by-step process for responding to computer incidents; a detailed description of how attackers undermine systems so you can prepare, detect, and respond to them; and a hands-on workshop for discovering holes before the bad guys do. Additionally, the course explores the legal issues associated with responding to computer attacks, including employee monitoring, working with law enforcement, and handling evidence.

This challenging course is particularly well suited to individuals who lead or are a part of an incident handling team. Furthermore, general security practitioners, system administrators, and security architects will benefit by understanding how to design, build, and operate their systems to prevent, detect, and respond to attacks.

It is imperative that you get written permission from the proper authority in your organization before using these tools and techniques on your company's system and also that you advise your network and computer operations teams of your testing.

  • Who Should Attend
    • Incident handlers
    • Leaders of incident handling teams
    • System administrators who are on the front lines defending their systems and responding to attacks
    • Other security personnel who are first responders when systems come under attack
  • A Sampling of Topics
    • The step-by-step approach used by many computer attackers
    • The latest computer attack vectors and how you can stop them
    • Proactive and reactive defenses for each stage of a computer attack
    • Hands-on workshop addressing scanning for, exploiting, and defending systems
    • Strategies and tools for detecting each type of attack
    • Attacks and defenses for Windows, Unix, switches, routers and other systems
    • Application-level vulnerabilities, attacks, and defenses
    • Developing an incident handling process and preparing a team for battle
    • Legal issues in incident handling
    • Recovering from computer attacks and restoring systems for business

504 was a great course to better enhance my understanding of attack methods and how to better defend my systems
-Dustin Odsa, Indiana University

Author Statement

My favorite part of teaching the Hacker Techniques, Exploits, and Incident Handling track is watching students when they finally get it. It's usually a two-stage process. First, students begin to realize how truly malicious some of these attacks are. Some students have a very visceral reaction, occasionally shouting out Oh, shoot! when they see what the bad guys are really up to. But if I stopped the process at that point, I'd be doing a disservice. The second stage is even more fun. Later in the class, students gradually realize that, even though the attacks are really nasty, they can prevent, detect, and respond to them. Using the knowledge they gain in this track, they know they'll be ready when a bad guy launches an attack against their systems. And being ready to thwart the bad guys is what its all about.
- Ed Skoudis

Training Events By Course

SECURITY 504 :: Hacker Techniques, Exploits and Incident Handling
SANS 2010 Orlando, FL March 06, 2010 - March 15, 2010
SANS CDI East 2009 Washington, DC December 11, 2009 - December 18, 2009
SANS Security East 2010 New Orleans, LA January 10, 2010 - January 18, 2010
SANS Security West 2010 San Diego, CA May 07, 2010 - May 15, 2010
Mentor Session - Security 504 Sacramento, CA December 07, 2009 - December 16, 2009
SANS London 2009 London, United Kingdom November 28, 2009 - December 06, 2009
Community SANS Ottawa 2010 Ottawa, ON March 22, 2010 - March 27, 2010
Community SANS Salt Lake City Winter 2009 Salt Lake City, UT November 30, 2009 - December 05, 2009
Community SANS Rome 2010 Rome, Italy February 01, 2010 - February 17, 2010
Community SANS Mexico 2010 Mexico City, Mexico March 22, 2010 - March 27, 2010
Mentor Session - Security 504 Honolulu, HI January 19, 2010 - March 23, 2010
Mentor Session - SEC504 Houston, TX January 14, 2010 - March 18, 2010
SANS Northern Virginia Bootcamp 2010 Reston, VA April 06, 2010 - April 13, 2010
Mentor Session - Security 504 Greenwood Village, CO January 08, 2010 - March 12, 2010
Mentor Session - SEC504 Portland, OR December 08, 2009 - February 23, 2010
Mentor Session - 504 Slidell, LA January 27, 2010 - April 07, 2010
Community SANS Colorado Springs 2010 Colorado Springs, CO March 08, 2010 - March 13, 2010
Community SANS Madison 2010 Madison, WI April 26, 2010 - May 01, 2010
Community SANS Honolulu 2010 Honolulu, HI May 03, 2010 - May 08, 2010
Mentor Session - SEC504 Greentree, PA January 05, 2010 - March 09, 2010
Pensacola 2010 Pensacola, FL January 25, 2010 - January 30, 2010
SANS vLive! - SEC 504 - Ed Skoudis and John Strand Webcast Classroom Training, VA May 04, 2010 - June 10, 2010
SANS Dublin 2010 Dublin, Ireland March 15, 2010 - March 20, 2010
SANS India 2010 Bangalore, India February 22, 2010 - February 27, 2010
SANS OnDemand Online Training & Assessments Anytime
SANS SelfStudy Books and .MP3s Only Anytime