Advanced Information Security Essentials Course

What You Will Learn

Have you ever wanted to...

...execute malware (Ransomware) for the sheer thrill of watching it pop up a scary-looking interface demanding you send Bitcoin to decrypt your data before it is deleted? Or even better, delve into the secrets of how Ransomware does what it does and what it needs to function, then find the data needed to defeat it by deceiving it into believing you have met its demands?

...administer actual network devices and learn about the mysterious world of network engineers and the device configuration settings available to them to maintain a secure network? Or even better, launch real-time attacks against network devices by compromising authentication, redundancy, routing protocols, and encrypted credentials, then hardening devices against these same attacks and validating that they fail?

...explore penetration testing by learning about the tools and techniques to scope tests, conduct reconnaissance of target environments, exploit systems, gather credentials, move laterally, and report your findings? Or even better, discover and compromise systems, enumerate accounts, steal credentials, and discover, identify, attack, compromise, and pivot to other systems on the target network using exploitation tools and frameworks exactly as your adversary would do?

...understand how your adversary discovers the vulnerabilities in enterprise and web applications to breach yet another enterprise? Or better yet, detect these vulnerabilities with sniffers, scanners, and proxies, giving you the opportunity to remediate the weaknesses in your systems before the attack begins?

...monitor your network proactively, analyzing log data in real-time, looking for indicators of compromise to identify a new attack? Or better yet, directly consume threat intelligence, identifying signatures of nascent attacks in packets captured from your network and creating and testing new rules for your Network Intrusion Detection System?

If you want to learn the dynamic skills listed above to defend your enterprise, SEC501: Advanced Security Essentials - Enterprise Defender is the course for you. Effective cybersecurity is more important than ever as attacks become stealthier, have a greater financial impact, and cause broad reputational damage. This course provides a solid foundation of core policies and practices to enable individuals and security teams to defend their enterprise.

It has been said of security that "prevention is ideal, but detection is a must." However, detection without response has little value. Network security needs to be constantly improved to prevent as many attacks as possible and to swiftly detect and appropriately respond to any breach that does occur. This PREVENT - DETECT - RESPONSE strategy must be in place both externally and internally. As data become more portable and networks continue to be porous, there needs to be an increased focus on data protection. Critical information must be secured regardless of where it resides or what paths it travels.

The primary way to PREVENT attacks begins with assuring that your network devices are optimally configured to thwart your adversary. This is done by auditing against established security benchmarks, hardening devices to reduce their attack surface, and validating their increased resilience against attack. Prevention continues with securing hostname resolution (an obvious adversary target for establishing a Machine-in-the-Middle position) and goes even further with securing and defending cloud infrastructure (both public and private) against compromise.

Enterprises need to be able to DETECT attacks in a timely fashion. This is accomplished by understanding the traffic that is flowing on your networks, monitoring for indications of compromise, and employing active defense techniques to provide early warning of an attack. Of course, despite an enterprise's best efforts to prevent network attacks and protect its critical data, some attacks will still be successful. Performing penetration testing and vulnerability analysis against your enterprise to identify problems and issues before a compromise occurs is an excellent way to reduce overall organizational risk.

Once an attack is identified, you must quickly and effectively RESPOND, activating your incident response team to collect the forensic artifacts needed to identify the tools, tactics, and procedures being used by your adversaries. With this information you can contain their activities, ensure that you have scoped out all systems where they have had an impact, and eventually eradicate them from the network. This can be followed by recovery and remediation to PREVENT their return. Lessons learned through understanding how the network was compromised can then be fed back into more preventive and detective measures, completing the security lifecycle.

It costs enterprises worldwide billions of dollars annually to respond to malware, and particularly Ransomware, attacks. So it is increasingly necessary to understand how such software behaves. Ransomware spreads very quickly and is not stealthy; as soon as your data become inaccessible and your systems unstable, it is clear something is amiss. Beyond detection and response, when prevention has failed, understanding the nature of malware, its functional requirements, and how it achieves its goals is critical to being able to rapidly reduce the damage it can cause and the costs of eradicating it.

You Will Learn

Core components of building a defensible network infrastructure and properly securing your routers, switches, and other network infrastructure
Formal methods to perform vulnerability assessment and penetration testing to find weaknesses on your enterprise network
Methods to detect advanced attacks against your network and indicators of compromise on deployed systems, including the forensically sound collection of artifacts and what you can learn from them
How to respond to an incident using the six-step process of incident response: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned
Approaches to analyzing malware, ranging from fully automated techniques to the manual analysis of static properties, interactive behavior, and code reversing

You Will Be Able To

Identify network security threats against infrastructure and build defensible networks that minimize the impact of attacks
Utilize tools to analyze a network to prevent attacks and detect the adversary
Decode and analyze packets using various tools to identify anomalies and improve network defenses
Understand how the adversary compromises systems and how to respond to attacks using the six-step incident handling process
Perform penetration testing against an enterprise to determine vulnerabilities and points of compromise
Use various tools to identify and remediate malware across your enterprise

SEC501 Features 25 Lab Exercises That Will Show You How To

Build a defensible network architecture by auditing router configurations, launching successful attacks against them, hardening devices to withstand those same attacks, and using active defense tools to detect an attack and generate an alert
Perform detailed analysis of traffic using various sniffers and protocol analyzers, and automate attack detection by creating and testing new rules for detection systems
Identify and track attacks and anomalies in network packets
Use various tools to assess systems and web applications for known vulnerabilities, and exploit those vulnerabilities using penetration testing frameworks and toolsets
Analyze Windows systems during an incident to identify signs of a compromise
Find, identify, analyze, and clean up malware such as Ransomware using a variety of techniques, including monitoring the malware as it executes and manually reversing its code to discover its secrets

Syllabus (38 CPEs)

Overview
Section 1 will focus on security in the design and configuration of various enterprise infrastructures. From a security perspective, proper design and configuration protects both the components being configured and the rest of the enterprise that depends on that gear to defend other components from attacks. In other words, a good house needs a good foundation!
We will discuss published security benchmarks, vendor guidance to secure various products, and regulatory requirements and how they impact defending infrastructure against specific attacks. To illustrate these points, we will look in detail at securing and defending a router infrastructure against a number of device- and network-based attacks. Securing private and public cud infrastructure against common attacks will also be discussed.
Exercises
- Initial Router Configuration and Audit
- Securing AAA
- Securing Redundancy Protocols
- Log Infrastructure in Defense
- Defending Routing Protocols
- Final Router Hardening Steps/Audit
Topics
- Security Standards and Audit
- Authentication, Authorization, and Accounting
- Defending Network Infrastructure
- Intrusion Prevention Systems and Firewalls
- Name Resolution Attacks and Defense
- Securing Private and Public Cloud Infrastructure
Overview
Security is all about understanding, mitigating, and controlling the risk to an enterprise's critical assets. An enterprise must understand the changing threat landscape and have the capacity to compare it against its own vulnerabilities that could be exploited to compromise the environment. This second course section will present the variety of tests that can be run against an enterprise and show how to perform effective penetration tests to better understand the security posture for network services, operating systems, and applications. In addition, we will talk about social engineering and reconnaissance activities to better emulate increasingly prevalent threats to users.
Finding basic vulnerabilities is easy but not necessarily effective if these are not the vulnerabilities attackers exploit to break into a system. Advanced penetration testing involves understanding the variety of systems and applications on a network and how they can be compromised by an attacker. Students will learn about scoping and planning their test projects, performing external and internal network penetration testing and web application testing, and pivoting through the environment like real-world attackers.
Penetration testing is critical to identify an enterprise's exposure points, but students will also learn how to prioritize and fix these vulnerabilities to increase the enterprise's overall security.
Exercises
- Network Scanning Fundamentals
- Scanning with Nessus
- Exploitation and Metasploit Basics
- Metasploit and Pivoting
- Basic Web App Scans and Attacks
Topics
- Penetration Testing Scoping and Rules of Engagement
- Online Reconnaissance
- Social Engineering
- Network Mapping and Scanning Techniques
- Enterprise Vulnerability Scanning
- Network Exploitation Tools and Techniques
- Post-Exploitation and Pivoting
- Web Application Exploitation Tools and Techniques
- Reporting and Debriefing
Overview
"Prevention is ideal, but detection is a must" is a critical motto for network security professionals. However, because of the changing landscape of attacks, detecting them is an ongoing challenge. Today's attacks are stealthier and more difficult to find than ever before. Only by understanding the core principles of traffic analysis can you become a skilled analyst capable of differentiating between normal and attack traffic. New attacks are surfacing all the time, so security professionals must be able to write intrusion detection rules that detect the latest attacks before they compromise a network environment.
Traffic analysis and intrusion detection used to be treated as a separate discipline within many enterprises. Today, prevention, detection, and response must be closely knit, so that once an attack is detected, defensive measures can be adapted and proactive forensics implemented so the enterprise can continue to operate. This course section will start with a brief introduction to network security monitoring, followed by a refresher on network protocols with an emphasis on fields to look for as security professionals. We will use tools such as tcpdump and Wireshark to analyze packet traces and look for indicators of attacks. We will use a variety of detection and analysis tools, craft packets with Scapy to test detection, and touch on network forensics and the Security Onion monitoring distribution. Students will also explore Snort as a Network Intrusion Detection System and examine rule signatures in-depth.
Exercises
- Analyzing PCAPs with tcpdump
- Attack Analysis with Wireshark
- Snort Basics
- Detecting Malicious Activity with Security Onion
- Security Analytics with SOF-ELK
Topics
- Network Security Monitoring
- Advanced Packet Analysis
- Network Intrusion Detection/Prevention
- Writing Signatures for Detection
- Network Forensics and More
- Event Management Introduction
- Continuous Monitoring
- Logging and Event Collection and Analysis
- SIEM and Analytics
Overview
"Bad guy elimination" is the core mission for Digital Forensics and Incident Response (DFIR) professionals. Incidents happen, and enterprises rely on these professional responders to find, scope, contain, and eradicate evil from their networks. Investigators employ DFIR practices to determine what happened. DFIR teams conduct investigations to find evidence of compromise, remediate the environment, and provide data to generate local threat intelligence for operations teams in order to continuously improve detection. While traditionally seen as a finite process, incident response is now viewed as ongoing, with DFIR professionals searching for evidence of an attacker that has existed in the environment without detection by applying new threat intelligence to existing evidence. This is the crux of the concept known as "threat hunting."
This section begins with a discussion of Active Defense approaches in some detail. Next, we will present the core concepts of both Digital Forensics and Incident Response. We will explore some of the hundreds of artifacts that can give forensic investigators specific insight about what occurred during an incident. Student will learn how incident response currently operates, after years of evolving, in order to address the dynamic procedures used by attackers to conduct their operations. We will also look at how to integrate DFIR practices into a continuous security operations program.
The section will cover the general guidelines for a cyclical, six-step incident response process. Each step will be examined in detail, including practical examples of how to apply it. Finally, students will learn about the artifacts that can best be used to determine the extent of suspicious activity within a given environment and how to migrate techniques to a large data set for enterprise-level analysis.
Exercises
- Active Defense: Honeyports
- Data Recovery with FTK Imager and Photorec
- Discovering Artifacts
- Ransomware Timeline Analysis
- Ransomware Network Analysis
Topics
- Active Defense
- DFIR Core Concepts: Digital Forensics
- DFIR Core Concepts: Incident Response
- Modern DFIR
- Widening the Net: Scaling and Scoping
Overview
Malicious software is responsible for many incidents in almost every type of enterprise. Types of malware vary widely, from Ransomware and Rootkits to Crypto Currency Miners and Worms. We will define each of the most popular types of malware and walk through multiple examples. The four primary phases of malware analysis will be covered: Fully Automated Analysis, Static Properties Analysis, Interactive Behavior Analysis, and Manual Code Reversing. You will complete various in-depth labs requiring you to fully dissect a live Ransomware specimen from static analysis through code analysis. You will get hands-on experience with tricking the malware through behavioral analysis techniques, and in decrypting files encrypted by Ransomware by extracting the keys through reverse engineering. All steps are well defined and tested to ensure that the process to achieve these goals is actionable and digestible.
Exercises
- Static Properties Analysis of Ransomware
- Interactive Behavior Analysis of RansomwarePart I
- Interactive Behavior Analysis of RansomwarePart II
- Manual Code Reversing of Ransomware
Topics
- Introduction to Malware Analysis
- Malware Analysis Stages: Fully Automated and Static Properties Analysis
- Malware Analysis Stages: Interactive Behavior Analysis
- Malware Analysis Stages: Manual Code Reversing
Overview
The concluding section of the course will serve as a real-world challenge for students by requiring them to work in teams, use the skills they have learned throughout the course, think outside the box, and solve a range of problems from simple to complex. A web server scoring system and Capture-the-Flag engine will be provided to score students as they submit flags to score points. More difficult challenges will be worth more points. In this defensive exercise, challenges include packet analysis, routing protocols, scanning, malware analysis, and other challenges related to the course material.

GIAC Certified Enterprise Defender

The GIAC Certified Enterprise Defender (GCED) certification builds on the security skills measured by the GIAC Security Essentials certification. It assesses more advanced, technical skills that are needed to defend the enterprise environment and protect an organization as a whole. GCED certification holders have validated knowledge and abilities in the areas of defensive network infrastructure, packet analysis, penetration testing, incident handling and malware removal.

Incident handling and computer crime investigation
Computer and network hacker exploits
Hacker tools (Nmap, Nessus, Metasploit and Netcat)

Prerequisites

While not required, it is recommended that students take SANS' SEC401: Security Essentials: Network, Endpoint, and Cloud course or have the skills taught in that class. This includes a detailed understanding of networks, protocols, and operating systems.

Laptop Requirements

Important! Bring your own laptop configured according to these instructions!

A properly configured laptop is required to participate in SEC501: Advanced Security Essentials-Enterprise Defender. Students must be able to obtain elevated privileges ("Administrator" or "root"). Antivirus software is not recommended and may need to be disabled or uninstalled. If you have a production system already installed with data on it that you do not want to lose, it is recommended that you replace it with a clean hard drive.

For simplicity, the following checklists are provided. You must be able to confirm every item on these checklists. If there is any item that you are uncertain about, please show these checklists to your local technology support staff or reach out to SANS Support (laptop_prep@sans.org) before the start of the course.

My laptop meets these ten criteria:

It has an Intel/AMD processor (a macOS M* will not run the VMs)
It has at least 16 GB of RAM (more is better, less is insufficient to run all of the lab exercises)
It has a 64-bit processor (a 32-bit processor will neither run the VMs nor meet RAM requirements)
It has at least 125 GB of free storage available (more is better; the VMs are a 20 GB download and grow four to five times as large after importing and making snapshotsyou must be able to have all of this installed simultaneously)
It is running a 64-bit operating system (OS) (32-bit will neither run the VMs nor meet RAM requirements)
It is running, when booted (i.e., as a host OS), one of the following:

Windows 10 version 20H1 or later (earlier versions may work, but Hyper-V must be disabled)
macOS 10.15 (Catalina) or later
Linux (this is highly discouraged unless you are fully competent to perform your own troubleshooting and provide your own support)

It is pre-installed with one of the following:

VMware Workstation Pro v15.5.5 or later [Windows/Linux] (VMware Player is insufficient; you must be able to create and restore VM snapshots, which Player does not support)
VMware Fusion 11.5 or later [macOS]
Links for obtaining free trial copies of VMware are below; alternate hypervisors are not supported!

It is properly licensed to run VMware through the end of the course (a trial copy is fine, but it must not expire prematurely)
It can access the Internet via Wi-Fi (WLAN) (you cannot fully complete all Lab Exercises, nor easily participate in the Capstone Capture-the-Flags challenge without Internet access)
Optional: It is pre-installed with Microsoft Excel (this may be helpful with one of the Lab Exercises
- While not required if Wi-Fi (WLAN) Internet access is available, a trial version of Microsoft Excel can b obtained from https://www.microsoft.com/en-us/microsoft-365/try.

I have all of the credentials necessary to perform these five tasks:

Power-on my system
Boot my host OS (i.e., you must have all necessary UEFI/BIOS and drive encryption passwords)
Login with an account with (access to) elevated privileges (i.e. "Administrator" or "root")
Download files from the Internet
Launch VMware Workstation Pro [Windows/Linux] or VMware Fusion [macOS]

These three items are re-stated to emphasize their importance:

VMware Workstation or Fusion are mandatory. You must have the ability to take VM snapshots, and you cannot do this with VMware Player.

You will use the VMware hypervisor to simultaneously run multiple VMs when performing hands-on exercises, therefore you must have VMware installed on your system. If you do not own VMware, you can download a free 30-day trial copy from the VMware website:

https://www.vmware.com/products/workstation-pro/workstation-pro-evaluation.html [Windows/Linux]
https://www.vmware.com/products/fusion/fusion-evaluation.html [macOS]

If taking advantage of the trial offer, please make sure that the license will not expire before you complete the course
No other hypervisors are supported (e.g., VirtualBox, Hyper-V, etc.)

Students opting to bring Linux as their host OS are expected to manage any/all support issues that might arise.
Apple systems using the M1 processor cannot be used for this course.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

COURSE MEDIA AND BOOKS

Your course media and printed materials (PDFs) will need to be downloaded. The media files for this course are 20 GB in size, so you need to allow plenty of time for the download to complete. Internet connections and speed vary greatly and are dependent on many different factors. Therefore, it is not possible to give an estimate of the length of time it will take to download your materials. Please start your course media downloads as soon as you get the link. You will need to install your VMs from course media before the first day of class. Waiting until the night before the class starts to begin your download has a high probability of failure.

SANS now provides printed materials in PDF form. In addition, this course uses an Electronic Workbook, designed to be viewed from within any of the provided VMs, containing step-by-step instructions for all lab exercises. In this new environment, we have found that a second monitor and/or a tablet device can be useful for keeping the class materials visible while the instructor is presenting or while you are working on lab exercises.

Author Statement

"My introduction to cybersecurity began in the early 1990s as a neuroscience Ph.D. student on the day after our lab was attacked, when I discovered that our UNIX workstations had known vulnerabilities for which patches had to be downloaded and installed. Entirely self-taught, I learned to patch and rebuild kernels, compile, deploy, configure and use tools like Tripwire, SATAN, and TCP Wrappers. Later, as a full-time enterprise administrator, I learned about switches, routers, and firewalls; RSA SecurID, IPSec VPN, and proxy gateways; hardening Windows endpoints; automating the auditing of Active Directory and the dynamic population of security groups; administering Nexpose; and wrangling IPTables. My own multifaceted technology background makes me particularly enthusiastic about being the lead author for SEC501, as the course reflects my own experience as a jack of all trades and provides the perfect opportunity to share that excitement with you! In addition, a group of rock star authors built and maintain this syllabus and content, including Stephen Sims, Dave Shackleford, Phil Hagen, Matt Bromiley, and Rob Vandenbrink."

- Ross Bergman

Ways to Learn

OnDemand

Study and prepare for GIAC Certification with four months of online access. Includes labs and exercises, and support.

Live Online

Live, interactive sessions with SANS instructors over the course of one or more weeks, at times convenient to students worldwide.

In Person (6 days)

Training events and topical summits feature presentations and courses in classrooms around the world.

Who Should Attend SEC501?

Jack-of-all-trades, multiple-hat-wearing security professionals who work in enterprises where they are responsible for not just one or two aspects of security, but for all of them, and who want to enhance their knowledge and expertise across a variety of areas
Narrowly focused security professionals who want to explore multiple additional areas of cybersecurity
Incident responders
Penetration testers
Security Operations Center engineers and analysts
Network security professionals
Anyone who seeks technical in-depth knowledge about implementing comprehensive security solutions
Alice. Alice should attend. And Bob. Dont leave out Bob. But not Eve. Eve envisions enterprises ending!

See prerequisites

Need to justify a training request to your manager?

Use this justification letter template to share the key details of this training and certification opportunity with your boss.

Download the Letter

Reviews

A must for cyber security professionals!

Gary Oakley

BMPC

This is the best technical training course I have ever taken. SEC501 exposed me to many valuable concepts and tools but also gave me a solid introduction to those tools so that I can continue to study and improve on my own.

Curt Smith

Hildago Medical Services

SEC501 offers a great explanation of Net Defense best practices that often get overlooked.

Kirk G.

US Military

Timezone

Africa/Abidjan

Africa/Accra

Africa/Addis Ababa

Africa/Algiers

Africa/Asmara

Africa/Asmera

Africa/Bamako

Africa/Bangui

Africa/Banjul

Africa/Bissau

Africa/Blantyre

Africa/Brazzaville

Africa/Bujumbura

Africa/Cairo

Africa/Casablanca

Africa/Ceuta

Africa/Conakry

Africa/Dakar

Africa/Dar es Salaam

Africa/Djibouti

Africa/Douala

Africa/El Aaiun

Africa/Freetown

Africa/Gaborone

Africa/Harare

Africa/Johannesburg

Africa/Juba

Africa/Kampala

Africa/Khartoum

Africa/Kigali

Africa/Kinshasa

Africa/Lagos

Africa/Libreville

Africa/Lome

Africa/Luanda

Africa/Lubumbashi

Africa/Lusaka

Africa/Malabo

Africa/Maputo

Africa/Maseru

Africa/Mbabane

Africa/Mogadishu

Africa/Monrovia

Africa/Nairobi

Africa/Ndjamena

Africa/Niamey

Africa/Nouakchott

Africa/Ouagadougou

Africa/Porto-Novo

Africa/Sao Tome

Africa/Timbuktu

Africa/Tripoli

Africa/Tunis

Africa/Windhoek

America/Adak

America/Anchorage

America/Anguilla

America/Antigua

America/Araguaina

America/Argentina/Buenos Aires

America/Argentina/Catamarca

America/Argentina/ComodRivadavia

America/Argentina/Cordoba

America/Argentina/Jujuy

America/Argentina/La Rioja

America/Argentina/Mendoza

America/Argentina/Rio Gallegos

America/Argentina/Salta

America/Argentina/San Juan

America/Argentina/San Luis

America/Argentina/Tucuman

America/Argentina/Ushuaia

America/Aruba

America/Asuncion

America/Atikokan

America/Atka

America/Bahia

America/Bahia Banderas

America/Barbados

America/Belem

America/Belize

America/Blanc-Sablon

America/Boa Vista

America/Bogota

America/Boise

America/Buenos Aires

America/Cambridge Bay

America/Campo Grande

America/Cancun

America/Caracas

America/Catamarca

America/Cayenne

America/Cayman

America/Chicago

America/Chihuahua

America/Coral Harbour

America/Cordoba

America/Costa Rica

America/Creston

America/Cuiaba

America/Curacao

America/Danmarkshavn

America/Dawson

America/Dawson Creek

America/Denver

America/Detroit

America/Dominica

America/Edmonton

America/Eirunepe

America/El Salvador

America/Ensenada

America/Fort Nelson

America/Fort Wayne

America/Fortaleza

America/Glace Bay

America/Godthab

America/Goose Bay

America/Grand Turk

America/Grenada

America/Guadeloupe

America/Guatemala

America/Guayaquil

America/Guyana

America/Halifax

America/Havana

America/Hermosillo

America/Indiana/Indianapolis

America/Indiana/Knox

America/Indiana/Marengo

America/Indiana/Petersburg

America/Indiana/Tell City

America/Indiana/Vevay

America/Indiana/Vincennes

America/Indiana/Winamac

America/Indianapolis

America/Inuvik

America/Iqaluit

America/Jamaica

America/Jujuy

America/Juneau

America/Kentucky/Louisville

America/Kentucky/Monticello

America/Knox IN

America/Kralendijk

America/La Paz

America/Lima

America/Los Angeles

America/Louisville

America/Lower Princes

America/Maceio

America/Managua

America/Manaus

America/Marigot

America/Martinique

America/Matamoros

America/Mazatlan

America/Mendoza

America/Menominee

America/Merida

America/Metlakatla

America/Mexico City

America/Miquelon

America/Moncton

America/Monterrey

America/Montevideo

America/Montreal

America/Montserrat

America/Nassau

America/New York

America/Nipigon

America/Nome

America/Noronha

America/North Dakota/Beulah

America/North Dakota/Center

America/North Dakota/New Salem

America/Nuuk

America/Ojinaga

America/Panama

America/Pangnirtung

America/Paramaribo

America/Phoenix

America/Port-au-Prince

America/Port of Spain

America/Porto Acre

America/Porto Velho

America/Puerto Rico

America/Punta Arenas

America/Rainy River

America/Rankin Inlet

America/Recife

America/Regina

America/Resolute

America/Rio Branco

America/Rosario

America/Santa Isabel

America/Santarem

America/Santiago

America/Santo Domingo

America/Sao Paulo

America/Scoresbysund

America/Shiprock

America/Sitka

America/St Barthelemy

America/St Johns

America/St Kitts

America/St Lucia

America/St Thomas

America/St Vincent

America/Swift Current

America/Tegucigalpa

America/Thule

America/Thunder Bay

America/Tijuana

America/Toronto

America/Tortola

America/Vancouver

America/Virgin

America/Whitehorse

America/Winnipeg

America/Yakutat

America/Yellowknife

Antarctica/Casey

Antarctica/Davis

Antarctica/DumontDUrville

Antarctica/Macquarie

Antarctica/Mawson

Antarctica/McMurdo

Antarctica/Palmer

Antarctica/Rothera

Antarctica/South Pole

Antarctica/Syowa

Antarctica/Troll

Antarctica/Vostok

Arctic/Longyearbyen

Asia/Aden

Asia/Almaty

Asia/Amman

Asia/Anadyr

Asia/Aqtau

Asia/Aqtobe

Asia/Ashgabat

Asia/Ashkhabad

Asia/Atyrau

Asia/Baghdad

Asia/Bahrain

Asia/Baku

Asia/Bangkok

Asia/Barnaul

Asia/Beirut

Asia/Bishkek

Asia/Brunei

Asia/Calcutta

Asia/Chita

Asia/Choibalsan

Asia/Chongqing

Asia/Chungking

Asia/Colombo

Asia/Dacca

Asia/Damascus

Asia/Dhaka

Asia/Dili

Asia/Dubai

Asia/Dushanbe

Asia/Famagusta

Asia/Gaza

Asia/Harbin

Asia/Hebron

Asia/Ho Chi Minh

Asia/Hong Kong

Asia/Hovd

Asia/Irkutsk

Asia/Istanbul

Asia/Jakarta

Asia/Jayapura

Asia/Jerusalem

Asia/Kabul

Asia/Kamchatka

Asia/Karachi

Asia/Kashgar

Asia/Kathmandu

Asia/Katmandu

Asia/Khandyga

Asia/Kolkata

Asia/Krasnoyarsk

Asia/Kuala Lumpur

Asia/Kuching

Asia/Kuwait

Asia/Macao

Asia/Macau

Asia/Magadan

Asia/Makassar

Asia/Manila

Asia/Muscat

Asia/Nicosia

Asia/Novokuznetsk

Asia/Novosibirsk

Asia/Omsk

Asia/Oral

Asia/Phnom Penh

Asia/Pontianak

Asia/Pyongyang

Asia/Qatar

Asia/Qostanay

Asia/Qyzylorda

Asia/Rangoon

Asia/Riyadh

Asia/Saigon

Asia/Sakhalin

Asia/Samarkand

Asia/Seoul

Asia/Shanghai

Asia/Singapore

Asia/Srednekolymsk

Asia/Taipei

Asia/Tashkent

Asia/Tbilisi

Asia/Tehran

Asia/Tel Aviv

Asia/Thimbu

Asia/Thimphu

Asia/Tokyo

Asia/Tomsk

Asia/Ujung Pandang

Asia/Ulaanbaatar

Asia/Ulan Bator

Asia/Urumqi

Asia/Ust-Nera

Asia/Vientiane

Asia/Vladivostok

Asia/Yakutsk

Asia/Yangon

Asia/Yekaterinburg

Asia/Yerevan

Atlantic/Azores

Atlantic/Bermuda

Atlantic/Canary

Atlantic/Cape Verde

Atlantic/Faeroe

Atlantic/Faroe

Atlantic/Jan Mayen

Atlantic/Madeira

Atlantic/Reykjavik

Atlantic/South Georgia

Atlantic/St Helena

Atlantic/Stanley

Australia/ACT

Australia/Adelaide

Australia/Brisbane

Australia/Broken Hill

Australia/Canberra

Australia/Currie

Australia/Darwin

Australia/Eucla

Australia/Hobart

Australia/LHI

Australia/Lindeman

Australia/Lord Howe

Australia/Melbourne

Australia/NSW

Australia/North

Australia/Perth

Australia/Queensland

Australia/South

Australia/Sydney

Australia/Tasmania

Australia/Victoria

Australia/West

Australia/Yancowinna

Brazil/Acre

Brazil/DeNoronha

Brazil/East

Brazil/West

CET

CST6CDT

Canada/Atlantic

Canada/Central

Canada/Eastern

Canada/Mountain

Canada/Newfoundland

Canada/Pacific

Canada/Saskatchewan

Canada/Yukon

Chile/Continental

Chile/EasterIsland

Cuba

EET

EST

EST5EDT

Egypt

Eire

Etc/GMT

Etc/GMT+0

Etc/GMT+1

Etc/GMT+10

Etc/GMT+11

Etc/GMT+12

Etc/GMT+2

Etc/GMT+3

Etc/GMT+4

Etc/GMT+5

Etc/GMT+6

Etc/GMT+7

Etc/GMT+8

Etc/GMT+9

Etc/GMT-0

Etc/GMT-1

Etc/GMT-10

Etc/GMT-11

Etc/GMT-12

Etc/GMT-13

Etc/GMT-14

Etc/GMT-2

Etc/GMT-3

Etc/GMT-4

Etc/GMT-5

Etc/GMT-6

Etc/GMT-7

Etc/GMT-8

Etc/GMT-9

Etc/GMT0

Etc/Greenwich

Etc/UCT

Etc/UTC

Etc/Universal

Etc/Zulu

Europe/Amsterdam

Europe/Andorra

Europe/Astrakhan

Europe/Athens

Europe/Belfast

Europe/Belgrade

Europe/Berlin

Europe/Bratislava

Europe/Brussels

Europe/Bucharest

Europe/Budapest

Europe/Busingen

Europe/Chisinau

Europe/Copenhagen

Europe/Dublin

Europe/Gibraltar

Europe/Guernsey

Europe/Helsinki

Europe/Isle of Man

Europe/Istanbul

Europe/Jersey

Europe/Kaliningrad

Europe/Kiev

Europe/Kirov

Europe/Lisbon

Europe/Ljubljana

Europe/London

Europe/Luxembourg

Europe/Madrid

Europe/Malta

Europe/Mariehamn

Europe/Minsk

Europe/Monaco

Europe/Moscow

Europe/Nicosia

Europe/Oslo

Europe/Paris

Europe/Podgorica

Europe/Prague

Europe/Riga

Europe/Rome

Europe/Samara

Europe/San Marino

Europe/Sarajevo

Europe/Saratov

Europe/Simferopol

Europe/Skopje

Europe/Sofia

Europe/Stockholm

Europe/Tallinn

Europe/Tirane

Europe/Tiraspol

Europe/Ulyanovsk

Europe/Uzhgorod

Europe/Vaduz

Europe/Vatican

Europe/Vienna

Europe/Vilnius

Europe/Volgograd

Europe/Warsaw

Europe/Zagreb

Europe/Zaporozhye

Europe/Zurich

GB-Eire

GMT

GMT+0

GMT-0

GMT0

Greenwich

HST

Hongkong

Iceland

Indian/Antananarivo

Indian/Chagos

Indian/Christmas

Indian/Cocos

Indian/Comoro

Indian/Kerguelen

Indian/Mahe

Indian/Maldives

Indian/Mauritius

Indian/Mayotte

Indian/Reunion

Iran

Israel

Jamaica

Japan

Kwajalein

Libya

MET

MST

MST7MDT

Mexico/BajaNorte

Mexico/BajaSur

Mexico/General

NZ-CHAT

Navajo

PRC

PST8PDT

Pacific/Apia

Pacific/Auckland

Pacific/Bougainville

Pacific/Chatham

Pacific/Chuuk

Pacific/Easter

Pacific/Efate

Pacific/Enderbury

Pacific/Fakaofo

Pacific/Fiji

Pacific/Funafuti

Pacific/Galapagos

Pacific/Gambier

Pacific/Guadalcanal

Pacific/Guam

Pacific/Honolulu

Pacific/Johnston

Pacific/Kiritimati

Pacific/Kosrae

Pacific/Kwajalein

Pacific/Majuro

Pacific/Marquesas

Pacific/Midway

Pacific/Nauru

Pacific/Niue

Pacific/Norfolk

Pacific/Noumea

Pacific/Pago Pago

Pacific/Palau

Pacific/Pitcairn

Pacific/Pohnpei

Pacific/Ponape

Pacific/Port Moresby

Pacific/Rarotonga

Pacific/Saipan

Pacific/Samoa

Pacific/Tahiti

Pacific/Tarawa

Pacific/Tongatapu

Pacific/Truk

Pacific/Wake

Pacific/Wallis

Pacific/Yap

Poland

Portugal

ROC

ROK

Singapore

Turkey

UCT

US/Alaska

US/Aleutian

US/Arizona

US/Central

US/East-Indiana

US/Eastern

US/Hawaii

US/Indiana-Starke

US/Michigan

US/Mountain

US/Pacific

US/Samoa

UTC

Universal

W-SU

WET

Zulu

Filters:

Register for SEC501

In Person

Training events and topical summits feature presentations and courses in classrooms around the world.

Learn more

Live Online

Live, interactive sessions with SANS instructors over the course of one or more weeks, at times convenient to students worldwide.

Learn more

OnDemand

Study and prepare for GIAC Certification with four months of online access. Includes labs and exercises, and support.

Learn more

SEC501: Advanced Security Essentials-Enterprise Defender

GIAC Certified Enterprise Defender (GCED)

Course Authors:

Ross Bergman

Stephen Sims

Dave Shackleford

What You Will Learn

Syllabus (38 CPEs)

Overview

Exercises

Topics

Overview

Exercises

Topics

Overview

Exercises

Topics

Overview

Exercises

Topics

Overview

Exercises

Topics

Overview

GIAC Certified Enterprise Defender

Prerequisites

Laptop Requirements

Author Statement

Ways to Learn

Who Should Attend SEC501?

Need to justify a training request to your manager?

Reviews

Filters:

Register for SEC501

Loading...

SEC501: Advanced Security Essentials-Enterprise Defender

GIAC Certified Enterprise Defender (GCED)

Course Authors:

Ross Bergman

Stephen Sims

Dave Shackleford

What You Will Learn

Syllabus (38 CPEs)

Overview

Exercises

Topics

Overview

Exercises

Topics

Overview

Exercises

Topics

Overview

Exercises

Topics

Overview

Exercises

Topics

Overview

GIAC Certified Enterprise Defender

Prerequisites

Laptop Requirements

Author Statement

Ways to Learn

Who Should Attend SEC501?

Need to justify a training request to your manager?

Related Programs

Reviews

Filters:

Register for SEC501

Loading...