the most trusted source for computer security training, certification and research
select a course
Global Information Assurance Certification

Wow! It's an incident handler's Christmas morning, tools, tools, tools. Very Applicable!
-Todd Davis, Symantec

SECURITY 504

Hacker Techniques, Exploits & Incident Handling

6 CPE Credits per day

NOTE: Includes access to the Virtual Training Lab


This course prepares you for the GCIH certification ( http://www.giac.org/certifications/security/gcih.php ) which meets the requirement of the DoD 8570 IAT Level III.

If your organization has an Internet connection or one or two disgruntled employees (and whose doesn't!), your computer systems will get attacked. From the five, ten, or even one hundred daily probes against your Internet infrastructure to the malicious insider slowly creeping through your most vital information assets, attackers are targeting your systems with increasing viciousness and stealth.

By helping you understand attackers' tactics and strategies in detail, giving you hands-on experience in finding vulnerabilities and discovering intrusions, and equipping you with a comprehensive incident handling plan, the in-depth information in this course helps you turn the tables on computer attackers. This course addresses the latest cutting-edge insidious attack vectors and the "oldie-but-goodie" attacks that are still so prevalent, and everything in between. Instead of merely teaching a few hack attack tricks, this course includes a time-tested, step-by-step process for responding to computer incidents; a detailed description of how attackers undermine systems so you can prepare, detect, and respond to them; and a hands-on workshop for discovering holes before the bad guys do. Additionally, the course explores the legal issues associated with responding to computer attacks, including employee monitoring, working with law enforcement, and handling evidence.

This challenging course is particularly well suited to individuals who lead or are a part of an incident handling team. Furthermore, general security practitioners, system administrators, and security architects will benefit by understanding how to design, build, and operate their systems to prevent, detect, and respond to attacks.

It is imperative that you get written permission from the proper authority in your organization before using these tools and techniques on your company's system and also that you advise your network and computer operations teams of your testing.

  • Who Should Attend
    • Incident handlers
    • Leaders of incident handling teams
    • System administrators who are on the front lines defending their systems and responding to attacks
    • Other security personnel who are first responders when systems come under attack
  • A Sampling of Topics
    • The step-by-step approach used by many computer attackers
    • The latest computer attack vectors and how you can stop them
    • Proactive and reactive defenses for each stage of a computer attack
    • Hands-on workshop addressing scanning for, exploiting, and defending systems
    • Strategies and tools for detecting each type of attack
    • Attacks and defenses for Windows, Unix, switches, routers and other systems
    • Application-level vulnerabilities, attacks, and defenses
    • Developing an incident handling process and preparing a team for battle
    • Legal issues in incident handling
    • Recovering from computer attacks and restoring systems for business

504 was a great course to better enhance my understanding of attack methods and how to better defend my systems
-Dustin Odsa, Indiana University

Author Statement

My favorite part of teaching the Hacker Techniques, Exploits, and Incident Handling track is watching students when they finally get it. It's usually a two-stage process. First, students begin to realize how truly malicious some of these attacks are. Some students have a very visceral reaction, occasionally shouting out Oh, shoot! when they see what the bad guys are really up to. But if I stopped the process at that point, I'd be doing a disservice. The second stage is even more fun. Later in the class, students gradually realize that, even though the attacks are really nasty, they can prevent, detect, and respond to them. Using the knowledge they gain in this track, they know they'll be ready when a bad guy launches an attack against their systems. And being ready to thwart the bad guys is what its all about.
- Ed Skoudis

SECURITY 504 :: Hacker Techniques, Exploits and Incident Handling
SANS Network Security 2009 San Diego, CA September 14, 2009 - September 22, 2009
SANS Chicago North Shore 2009 Skokie, IL October 26, 2009 - November 02, 2009
Mentor Session - Security 504 Monroeville, PA July 07, 2009 - September 08, 2009
SANS Boston 2009 Boston, MA August 02, 2009 - August 09, 2009
SANS Virginia Beach 2009 Virginia Beach, VA August 28, 2009 - September 04, 2009
SANS Northern California 2009 San Francisco, CA November 09, 2009 - November 14, 2009
Mentor Session - Security 504 Lima, Peru August 08, 2009 - October 10, 2009
Community SANS Albuquerque 2009 Albuquerque, NM September 21, 2009 - September 26, 2009
Mentor Session - Security 504 Boise, ID September 22, 2009 - November 24, 2009
SANS@Home - Security 504 - Skoudis/Strand Webcast Classroom Training, VA November 03, 2009 - December 10, 2009
SANS Singapore 2009 Singapore, Singapore July 06, 2009 - July 11, 2009
Mentor Session - Security 504 Anchorage, AK July 07, 2009 - September 08, 2009
Mentor Session - Security 504 Sacramento, CA September 30, 2009 - October 07, 2009
SANS London 2009 London, United Kingdom November 28, 2009 - December 07, 2009
SANS SOS London 2009 London, United Kingdom July 13, 2009 - July 18, 2009
Mentor Session - Security 504 Greensboro, NC October 01, 2009 - December 03, 2009
Mentor Session - Security 504 Sacramento, CA August 05, 2009 - October 07, 2009
Community SANS Minneapolis 2009 Minneapolis, MN August 24, 2009 - August 29, 2009
SANS Atlanta 2009 Atlanta, GA August 17, 2009 - August 28, 2009
Community SANS Ottawa Fall 2009 Ottawa, ON October 05, 2009 - October 10, 2009
Community SANS Salt Lake City Winter 2009 Salt Lake City, UT November 30, 2009 - December 05, 2009
Mentor Session - Security 504 Augusta, GA August 20, 2009 - October 29, 2009
Community SANS Dublin 2009 Dublin, Ireland September 07, 2009 - September 15, 2009
Mentor Session - SEC504 Gatineau, QC September 15, 2009 - November 17, 2009
Community SANS Rome 2009 Rome, Italy September 14, 2009 - September 30, 2009
Mentor Session - SEC504 Victoria, BC July 27, 2009 - September 28, 2009
Mentor Session - SEC504 Ottawa, ON November 05, 2009 - January 21, 2010
Mentor Session - SEC504 Phoenix, AZ August 06, 2009 - October 08, 2009
Community SANS Annapolis 2009 Annapolis, MD September 14, 2009 - September 19, 2009
Ed Skoudis' Community SANS New York 2009 New York City, NY November 02, 2009 - November 07, 2009
Mentor Session - 504 Columbia, SC September 15, 2009 - November 17, 2009
SANS Tokyo 2009 Autumn Tokyo, Japan October 19, 2009 - October 24, 2009
Mentor Session - 504 Clinton Township, MI September 17, 2009 - November 19, 2009
Mentor Session - Security 504 Honolulu, HI August 17, 2009 - October 19, 2009
Mentor Session - Security 504 Puebla, Mexico September 04, 2009 - November 05, 2009
SANS OnDemand Online Training & Assessments Anytime
SANS SelfStudy Books and .MP3s Only Anytime