The most trusted source for computer security training, certification and research.

select a course
Tysons Corner, VA - March 12 - 18, 2007
Global Information Assurance Certification

SANS always provides the best training and trainers with a vast amount of knowledge.
-Mike Brennan, SSIC

SECURITY 504

Hacker Techniques, Exploits & Incident Handling

Monday, March 12, 2007 - Saturday, March 17, 2007
Ed Skoudis, SANS Faculty Fellow
6 CPE Credits per day

This course prepares you for the GCIH certification ( http://www.giac.org/certifications/security/gcih.php ) which meets the requirement of the DoD 8570 IAT Level III.

If your organization has an Internet connection or one or two disgruntled employees (and whose doesn't!), your computer systems will get attacked. From the five, ten, or even one hundred daily probes against your Internet infrastructure to the malicious insider slowly creeping through your most vital information assets, attackers are targeting your systems with increasing viciousness and stealth.

By helping you understand attackers' tactics and strategies in detail, giving you hands-on experience in finding vulnerabilities and discovering intrusions, and equipping you with a comprehensive incident handling plan, the in-depth information in this course helps you turn the tables on computer attackers. This course addresses the latest cutting-edge insidious attack vectors and the "oldie-but-goodie" attacks that are still so prevalent, and everything in between. Instead of merely teaching a few hack attack tricks, this course includes a time-tested, step-by-step process for responding to computer incidents; a detailed description of how attackers undermine systems so you can prepare, detect, and respond to them; and a hands-on workshop for discovering holes before the bad guys do. Additionally, the course explores the legal issues associated with responding to computer attacks, including employee monitoring, working with law enforcement, and handling evidence.

This challenging course is particularly well suited to individuals who lead or are a part of an incident handling team. Furthermore, general security practitioners, system administrators, and security architects will benefit by understanding how to design, build, and operate their systems to prevent, detect, and respond to attacks.

It is imperative that you get written permission from the proper authority in your organization before using these tools and techniques on your company's system and also that you advise your network and computer operations teams of your testing.

  • Who Should Attend
    • Incident handlers
    • Leaders of incident handling teams
    • System administrators who are on the front lines defending their systems and responding to attacks
    • Other security personnel who are first responders when systems come under attack
  • A Sampling of Topics
    • The step-by-step approach used by many computer attackers
    • The latest computer attack vectors and how you can stop them
    • Proactive and reactive defenses for each stage of a computer attack
    • Hands-on workshop addressing scanning for, exploiting, and defending systems
    • Strategies and tools for detecting each type of attack
    • Attacks and defenses for Windows, Unix, switches, routers and other systems
    • Application-level vulnerabilities, attacks, and defenses
    • Developing an incident handling process and preparing a team for battle
    • Legal issues in incident handling
    • Recovering from computer attacks and restoring systems for business

504 was a great course to better enhance my understanding of attack methods and how to better defend my systems
-Dustin Odsa, Indiana University

Author Statement

My favorite part of teaching the Hacker Techniques, Exploits, and Incident Handling track is watching students when they finally get it. It's usually a two-stage process. First, students begin to realize how truly malicious some of these attacks are. Some students have a very visceral reaction, occasionally shouting out Oh, shoot! when they see what the bad guys are really up to. But if I stopped the process at that point, I'd be doing a disservice. The second stage is even more fun. Later in the class, students gradually realize that, even though the attacks are really nasty, they can prevent, detect, and respond to them. Using the knowledge they gain in this track, they know they'll be ready when a bad guy launches an attack against their systems. And being ready to thwart the bad guys is what its all about.
- Ed Skoudis