- Training
- Training Live Events
- Training Without Travel
- Security Courses
- Security Curricula
- Certified Instructors
- Training Calendars
- SANS vLive!
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- Coins
- SANS Onsite
- SANS SelfStudy
- SANS Summit Series
- SANS Partnership Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- List of Resources
- Top Security Risks
- Top 25 Programming Errors
- 20 Coolest Jobs
- Application Security Procurement Language
- Top 10 Security Trends
- Top 5 Essential Log Reports
- Reading Room
- Webcasts
- AudioCasts
- WhatWorks
- Newsletters
- RSS Feeds
- Calendar Feeds
- Security Thought Leaders
- Security Policy Project
- Security+ Study Guide
- SANS Buyers Guide
- Security Tool Demos
- 2008 Salary Survey
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
The most trusted source for computer security training, certification and research.
select a course
Generic course descriptions, individual event descriptions may vary. Be sure to read the course description for exact training event you're interested in carefully.
>> Upcoming Events for this Course <<
Sort Within Discipline By: Popularity | Title | Course Number
The level of expertise is unprecedented. People like Ed are hard to find!
-Steve O'Brien, City of Bend
Security 561
1 Day Course
(Portal Account Required)
Network Penetration Testing: Maximizing the Effectiveness of Reports, Exploits, and Command Shells
6 CPE CreditsThis one-day session builds on the principles of SANS Security 560 with additional discussion and numerous hands-on exercises designed to help attendees make the most of their penetration tests. The course describes using Metasploit functionality to transform payloads into executable programs that are highly useful in penetration tests. We then look at altering the executables with Metasploit's encode functionality, packing them to evade detection, and then loading them onto USB tokens for autoplay attacks on Windows machines, all done in a detailed hands-on exercise. We also address how to write penetration testing reports that have maximum effectiveness in helping an organization to understand its risks based on the findings of a penetration test, motivating positive changes in the security stance of the target organization. The session concludes with a detailed discussion of the critical post-exploitation phase of a penetration test, leveraging built-in Unix, Linux, and Windows tools such as /dev/tcp, telnet clients, and ftp to launch port scans, create backdoor shells, and move files, all techniques that can be directly applied in real-world penetration tests.
Loved the follow on - it was a perfect capstone to the 560 class
- Scott Keoseyan, Wells Fargo
- Target Audience
- Security personnel whose job involves assessing target networks and systems to find security vulnerabilities. The course is ideally suited for system administrators, technical auditors, professional penetration testers, and consultants who want technical depth and hands-on experience with penetration testing and ethical hacking tools.
- Prerequisite
- This course is open only to attendees who have previously taken SANS Security 560, either directly before this session, or at some earlier time.
Training Events By Course
| SECURITY 561 :: Network Penetration Testing: Maximizing the Effectiveness of Reports, Exploits, and Command Shells | ||
| SANSFIRE 2010 | Baltimore, MD | June 06, 2010 - June 14, 2010 |
| SANS OnDemand | Online Training & Assessments | Anytime |
- © 2000-2010 The SANS™ Institute
- Web Privacy Policy | Web Contact |
- Press Room | Trademark Usage Policy