The most trusted source for computer security training, certification and research.

select a course
Global Information Assurance Certification

The level of expertise is unprecedented. People like Ed are hard to find!
-Steve O'Brien, City of Bend

SECURITY 504

Hacker Techniques, Exploits & Incident Handling

6 CPE Credits per day

NOTE: Includes access to the Virtual Training Lab


This course prepares you for the GCIH certification ( http://www.giac.org/certifications/security/gcih.php ) which meets the requirement of the DoD 8570 IAT Level III.

If your organization has an Internet connection or one or two disgruntled employees (and whose doesn't!), your computer systems will get attacked. From the five, ten, or even one hundred daily probes against your Internet infrastructure to the malicious insider slowly creeping through your most vital information assets, attackers are targeting your systems with increasing viciousness and stealth.

By helping you understand attackers' tactics and strategies in detail, giving you hands-on experience in finding vulnerabilities and discovering intrusions, and equipping you with a comprehensive incident handling plan, the in-depth information in this course helps you turn the tables on computer attackers. This course addresses the latest cutting-edge insidious attack vectors and the "oldie-but-goodie" attacks that are still so prevalent, and everything in between. Instead of merely teaching a few hack attack tricks, this course includes a time-tested, step-by-step process for responding to computer incidents; a detailed description of how attackers undermine systems so you can prepare, detect, and respond to them; and a hands-on workshop for discovering holes before the bad guys do. Additionally, the course explores the legal issues associated with responding to computer attacks, including employee monitoring, working with law enforcement, and handling evidence.

This challenging course is particularly well suited to individuals who lead or are a part of an incident handling team. Furthermore, general security practitioners, system administrators, and security architects will benefit by understanding how to design, build, and operate their systems to prevent, detect, and respond to attacks.

It is imperative that you get written permission from the proper authority in your organization before using these tools and techniques on your company's system and also that you advise your network and computer operations teams of your testing.

  • Who Should Attend
    • Incident handlers
    • Leaders of incident handling teams
    • System administrators who are on the front lines defending their systems and responding to attacks
    • Other security personnel who are first responders when systems come under attack
  • A Sampling of Topics
    • The step-by-step approach used by many computer attackers
    • The latest computer attack vectors and how you can stop them
    • Proactive and reactive defenses for each stage of a computer attack
    • Hands-on workshop addressing scanning for, exploiting, and defending systems
    • Strategies and tools for detecting each type of attack
    • Attacks and defenses for Windows, Unix, switches, routers and other systems
    • Application-level vulnerabilities, attacks, and defenses
    • Developing an incident handling process and preparing a team for battle
    • Legal issues in incident handling
    • Recovering from computer attacks and restoring systems for business

504 was a great course to better enhance my understanding of attack methods and how to better defend my systems
-Dustin Odsa, Indiana University

Author Statement

My favorite part of teaching the Hacker Techniques, Exploits, and Incident Handling track is watching students when they finally get it. It's usually a two-stage process. First, students begin to realize how truly malicious some of these attacks are. Some students have a very visceral reaction, occasionally shouting out Oh, shoot! when they see what the bad guys are really up to. But if I stopped the process at that point, I'd be doing a disservice. The second stage is even more fun. Later in the class, students gradually realize that, even though the attacks are really nasty, they can prevent, detect, and respond to them. Using the knowledge they gain in this track, they know they'll be ready when a bad guy launches an attack against their systems. And being ready to thwart the bad guys is what its all about.
- Ed Skoudis

Training Events By Course

SECURITY 504 :: Hacker Techniques, Exploits and Incident Handling
Mentor Session - SEC504 Las Vegas, NV February 22, 2010 - April 26, 2010
SANS India 2010 Bangalore, India February 22, 2010 - February 27, 2010
Mentor Session - SEC504 Knoxville, TN March 03, 2010 - May 05, 2010
SANS 2010 Orlando, FL March 06, 2010 - March 15, 2010
Mentor Session - SEC504 Houston, TX March 11, 2010 - May 13, 2010
EU SEC504 Bagsvaerd Bagsvaerd, Denmark March 11, 2010 - May 27, 2010
Community SANS Rome 2010 Rome, Italy March 15, 2010 - March 31, 2010
SANS Dublin 2010 Dublin, Ireland March 15, 2010 - March 20, 2010
Mentor Session - SEC504 Bowling Green, KY March 18, 2010 - May 20, 2010
Community SANS Colorado Springs 2010 Colorado Springs, CO March 22, 2010 - March 27, 2010
Community SANS Ottawa 2010 Ottawa, ON March 22, 2010 - March 27, 2010
EU Mentor Session - SEC504 Madrid, Spain March 24, 2010 - June 02, 2010
SANS UAE 2010 Dubai, United Arab Emirates March 27, 2010 - May 06, 2010
Mentor Session - SEC 504 Sacramento, CA April 05, 2010 - April 14, 2010
SANS Northern Virginia Bootcamp 2010 Reston, VA April 06, 2010 - April 13, 2010
Mentor Session - SEC 504 Troy, MI April 08, 2010 - June 10, 2010
Mentor Session - Security 504 Greenwood Village, CO April 09, 2010 - June 10, 2010
Mentor Session - 504 Singapore, Singapore April 15, 2010 - June 17, 2010
Community SANS San Antonio 2010 San Antonio, TX April 19, 2010 - April 24, 2010
Community SANS Madison 2010 Madison, WI April 26, 2010 - May 01, 2010
Community SANS Albany 2010 Albany, NY April 26, 2010 - May 01, 2010
Community SANS Honolulu 2010 Honolulu, HI May 03, 2010 - May 08, 2010
SANS vLive! - SEC 504 - Ed Skoudis and John Strand Webcast Classroom Training, VA May 04, 2010 - June 17, 2010
SANS Security West 2010 San Diego, CA May 07, 2010 - May 15, 2010
Community SANS Saskatchewan 2010 Regina, SK May 10, 2010 - May 15, 2010
SANSFIRE 2010 Baltimore, MD June 06, 2010 - June 14, 2010
SANS Secure Europe - Amsterdam 2010 Amsterdam, Netherlands June 21, 2010 - July 03, 2010
Community SANS Raleigh 2010 Raleigh Durham, NC June 21, 2010 - June 26, 2010
SANS IMPACT: Malaysia 2010 Kuala Lumpur, Malaysia June 28, 2010 - July 10, 2010
Mentor Session - SEC504 Victoria, BC September 21, 2010 - November 23, 2010
SANS 504 Norway 2010 Oslo, Norway September 27, 2010 - October 02, 2010
SANS Secure Singapore 2010 Singapore, Singapore October 04, 2010 - October 11, 2010
SANS Tokyo 2010 Autumn Tokyo, Japan October 18, 2010 - October 23, 2010
SANS Sydney 2010 Sydney, Australia November 15, 2010 - November 20, 2010
SANS London 2010 London, United Kingdom November 29, 2010 - December 04, 2010
SANS OnDemand Online Training & Assessments Anytime
SANS SelfStudy Books and .MP3s Only Anytime