SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsApply your credits to renew your certifications
Train from anywhere. Attend a live instructor-led course remotely or train on your time over 4 months.
Apply what you learn with hands-on exercises and labs
Develop advanced exploit development skills to discover vulnerabilities, analyze patches, and write complex exploits while working with modern security controls.
SEC760 was a great course that I can highly recommend. It's truly the "summit" of the pen test curriculum. The instructor did a wonderful job of explaining the complex material to us n00bs and was able to describe things tangibly and in an easy-to-understand way!
This intensive course equips security professionals with advanced exploit development skills needed in today's complex threat landscape. Focusing on modern Windows and Linux systems, participants learn sophisticated techniques for vulnerability discovery, patch analysis, and exploit development. The curriculum covers essential areas including advanced fuzzing methodologies, kernel debugging, and exploitation techniques that work against current security controls. Through hands-on exercises and real-world scenarios, security professionals gain practical experience in reverse engineering applications, Chrome V8 exploitation, binary and patch diffing, and developing exploits for challenging targets like the Windows kernel and modern Linux heap.
Alexandre Becholey has been a driving force in offensive cybersecurity since 2013, applying his expertise in exploit development, reverse engineering, and iOS penetration testing across diverse industries.
Read more about Alexandre BecholeyStephen Sims, an esteemed vulnerability researcher and exploit developer, has significantly advanced cybersecurity by authoring SANS's most advanced courses and co-authoring the "Gray Hat Hacking" series.
Read more about Stephen SimsExplore the course syllabus below to view the full range of topics covered in SEC760: Advanced Exploit Development for Penetration Testers.
This section begins working with IDA Pro to look the latest features and techniques. We look at IDA scripting to aid in your reverse engineering workflow and how to leverage AI to assist. Additionally, we cover debugging with IDA, how to create FLIRT signatures, and optimizing your build environment.
Focusing on sophisticated Linux exploitation techniques, this section builds upon fundamental vulnerability knowledge to address modern attack methodologies. Participants learn to navigate and exploit heap structures and develop advanced exploitation strategies. Chrome V8 vulnerabilities are inherently complex.
Building on basic concepts, this section explores sophisticated fuzzing methodologies for vulnerability discovery. Participants learn to implement coverage-guided fuzzing, develop custom harnesses, and utilize advanced tools like WinAFL for closed-source application testing.
Participants learn to analyze vendor patches for vulnerability identification and exploitation. The section covers binary diffing techniques and patch analysis methodologies. You will reverse notable Microsoft patches from the past as well as patches from 2025. Microsoft often changes the way in which patches are packaged up.
This section teaches Windows 11 kernel debugging and exploitation techniques. Participants learn to navigate kernel complexities, analyze Ring 0 vulnerabilities, and develop working exploits while dealing with modern protection mechanisms.
In this role, you will work to find 0-days (unknown vulnerabilities) in a wide range of applications and devices used by organizations and consumers. Find vulnerabilities before the adversaries!
Explore learning pathAssess the effectiveness of security controls, reveals and utilise cybersecurity vulnerabilities, assessing their criticality if exploited by threat actors.
Explore learning pathIn this role you will be challenged to look at problems and situations from the perspective of an adversary. The focus is on making the Blue Team better by testing and measuring the organization’s detection and response policies, procedures, and technologies. This role includes performing adversary emulation, a type of Red Team exercise where the Red Team emulates how an adversary operates, following the same tactics, techniques, and procedures (TTPs), with a specific objective similar to those of realistic threats or adversaries. It can also include creating custom implants and C2 frameworks to evade detection.
Explore learning pathI've taken many other advanced exploit dev classes and none of them break it down and step through the exploits like this class.
SEC760 is the challenge I was looking for. It will be overwhelming, but well worth it.
The hands-on labs in SEC760 were some of the most intense and educational I've ever experienced. Highly recommend for serious pen testers.
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources