homepage
Menu
Open menu

SEC670: Red Teaming Tools - Developing Windows Implants, Shellcode, Command and Control™

Register Now Course Preview
  • In Person (6 days)
  • Online
46 CPEs

SEC670 prepares you to create custom-compiled programs specifically for Windows and introduces students to techniques that real nation-state malware authors are currently using. You will learn the essential building blocks for developing custom offensive tools through required programming, APIs used, and mitigations for techniques covering privilege escalation, persistence, and collection.

Course Authors:
Jonathan Reiter
Jonathan Reiter
Certified Instructor
What You Will LearnSyllabusPrerequisitesLaptop RequirementsAuthor StatementTraining & Pricing

What You Will Learn

Learning how to develop custom-compiled tools for Windows is a skillset that is not being taught by universities or other academic organizations and, as a result, the cybersecurity industry has a severe skills deficit that is limiting the overall capability of red team operations. Defense contractors and industries looking to hire Windows tools developers are facing a severe shortage of talent and are unable to further hone their defenses.

SEC670: Red Team Operations - Developing Custom Tools for Windows is the first course of its kind, giving students hands-on lab experience creating custom-compiled programs specifically for Windows using the C/C++ programming languages. Students will learn the internal workings of existing offensive tools that offer capabilities such as privilege escalation, persistence, and collection by creating their own tools using Windows APIs. Windows defenses have become more robust, and cloud-connected AV solutions are making it more challenging to operate under the radar. In response, this course introduces students to techniques that real nation-state malware authors are currently implementing in their implants.

The course starts with an introduction to developing Windows Computer Network Operations (CNO) tools. We'll explore current offensive and defensive tools like Moneta and PE-Sieve that are designed to detect malicious actions. Students will then quickly ramp up to create their first compiled program. Students will move through the course learning how to obtain target information, what operational actions (such as injection and privilege escalation) can be carried out using this information, and how to take advantage and maintain system access through persistence. They'll also learn how to take shellcode, encrypted or otherwise, and execute it in a process using the C programming language and leveraging compiler tricks. Finally, they'll learn how to evade AV solutions by bypassing their function-hooking engine, patching key functions like AmsiScanBuffer and code caves. Additionally, students will make their own custom loader, a feature that will get implemented into their final implant. For the finishing touches, students will leverage HTTP libraries to learn how to beacon out to a custom Python C2 server for proper command and control.

SEC670 culminates with an immersive Capture-the-Flag event that will challenge students like no other event ever has. Students must leverage the tools and capabilities they have built during the week to solve complex challenges like getting information from a remote process memory. By the end of the course, students will have built a lightweight Windows implant that can enumerate the Windows Registry, files, folders, network connections, users, and processes; bypass UAC and AV products; escalate privileges; persist across reboots; inject into other processes; and hide from users and other tools.

Business Takeaways

  • New calling conventions and data types specific to Windows
  • How Windows processes, threads, and services work internally
  • How to abuse Windows APIs to inject shellcode into other processes without detection
  • How to create a hidden, persistent service
  • How to hide from user-mode tools like Task Manager
  • How to create and execute shellcode without detection
  • How to bypass user-land hooks and implement your own
  • How to control your implant from your C2

Skills Learned

  • Create custom compiled Windows implants
  • Collect target information
  • Hide processes from user mode tools
  • Hook and unhook functions for AV bypasses
  • Generate and execute custom shellcode
  • Escalate privileges from medium integrity levels to high (NT AUTHORITY\SYSTEM)
  • Persist across reboots
  • Beacon out to configured C2 infrastructure

Syllabus (46 CPEs)

Download PDF
  • Overview

    The course begins by introducing students to Windows Internals, starting with a high-level overview, and gradually diving deeper into some of the core mechanisms that make the Operating System tick. We'll discuss key differences between offensive and defensive tools as well as the need for them. Equipped with a solid understanding of Windows programming, students can choose to create offensive or defensive tools for Windows. However, the course will only focus on creating offensive cyber capabilities using the C/C++ programming languages. Key differences between Linux and Windows are important and help to ease the transition from Linux to Windows. The C programming language has core data types, but Windows introduces its own data types, which are presented in this course section. We'll also introduce students to calling conventions and how Windows brought its own into the programming arena. At the end of the section, we will present the Windows Application Programming Interface (API) more formally by having students use key Windows APIs in a lab to bring it all together.

    Exercises
    • Detecting Process Injection with PE-Sieve
    • Exploring the Windows Boot Sequence with Process Monitor
    • Building a Hello World DLL
    • Identifying Calling Conventions
    • Understanding and Using SALv2
    • Exploring the Windows API to Create Objects
    Topics
    • Developing Offensive Tools
    • Developing Defensive Tools
    • Setting up Your Development Environment
    • Similarities and Difference with *Nix Dev
    • Windows Data Types
    • Call Me Maybe
    • SAL Annotations
    • Windows API
  • Overview

    This course section introduces students to the art of on-target reconnaissance. One of the first actions red team operators might take after gaining initial access is to conduct in-depth enumeration, or recon, against the target. This step is often overlooked, since it can take a while to perform, and it is not as glamorous as using a 0-day to exploit something. However, it is vital to know what type of environment you are in and what you can do next. Students will learn how to programmatically survey the lay of the land using a detailed approach, then prepare a final product to obtain information about the operating system version build, patches, and processes, installed applications, the filesystem, users and groups, the network, services, tasks, the registry, and more.

    Exercises
    • Obtaining Operating System Information
    • Exploring Various Methods to Enumerate Running Processes
    • Implementing Directory Enumeration Methods
    Topics
    • Gathering Operating System Information
    • Service Packs/Hotfixes/Patches
    • Process Enumeration
    • Installed Software
    • Directory Walks
    • User Information
    • Services and Tasks
    • Network Information
    • Registry Information
  • Overview

    This course section focuses on actions that can be taken after initial access. Red team operators typically leverage process injection to execute desired actions. This section will teach students how to programmatically implement those capabilities, starting with a deep dive into the format of the Portable Executable (PE) header. Students will learn how to parse important sections of the PE header, which is a valuable skill that will allow them to create their own version of Windows APIs such as GetProcAddress. After mastering the PE format, we will look at the internals of Threads, their structure, and how they are created. The section will also explore how Asynchronous Procedure Calls can be queued to a Thread to aid in process injection. We'll cover several process injection methods, including the classic DLL injection where we force a Thread to load our malicious DLL in a target process. Another action is to escalate privileges to enable an operator to be more effective on target, so students will programmatically create privilege escalation modules for their implant and test them out on their target system.

    Exercises
    • Parsing the PE Header
    • Classic DLL Injection
    • Process Injection via Asynchronous Procedure Calls
    • Hijacking Thread Execution
    • Stealing Tokens
    • Creating Services
    Topics
    • Understanding the PE Format
    • Creating Custom Equivalents to Win32 APIs
    • Exploring Thread Internals
    • Exploring Process Injection Methods
    • Programmatically Interacting with Remote Processes
    • Creating Custom Tools for Privilege Escalation
  • Overview

    This course section focuses exclusively on various methods to achieve persistence by surviving reboots. Gaining initial access is a great place to start, but steps must be taken to maintain that access in the event something unforeseen happens like a loss of power, unscheduled reboots, the initial access process dying, etc. Typically, operators will use persistence methods baked into existing tools or frameworks, but those tools had to have been developed at some point. During bootcamp challenges in this course section, students will programmatically implement persistence tools and then test the compiled products against their Windows 10 Test VM to see if access is maintained after a reboot.

    Exercises
    • Using Services for Persistence
    • Using Port Monitors for Persistence
    • Using Image File Execution Options for Persistence
    Topics
    • In-memory Execution
    • Dropping to Disk
    • Binary Patching
    • Registry Keys
    • Services Revisited for Persistence
    • Port Monitors
    • Image File Execution Options
  • Overview

    This course section will cover more advanced techniques that developers must master to be successful. One great feature for implants is the ability to execute position-independent shellcode. The shellcode can come from existing tools like msfvenom, donut, or shellter, or it can be hand-crafted using the C programming language. Students will explore in detail how to execute shellcode locally in their own process as well as remotely across process address space boundaries. Since shellcode can be caught quickly unless it is obfuscated or encrypted, students will learn how to decrypt shellcode right before execution. Another implant capability is evading AV products. Evasion can be done via several methods, but this course section will focus on unhooking functions, restoring system calls, and implementing our own hooks. Executing shellcode and lowering AV detection rates are great, but they can be useless if there is no method of collecting information from the target machine. Students will explore how implants can send back information to an operator for offline analysis and accept tasking for what to do next.

    Exercises
    • Executing Shellcode in Local and Remote Processes
    • Hiding Processes from Users
    • Dealing with Function Hooks
    • Patching Functions to Execute Malicious Payloads
    Topics
    • Shellcode Generation and Execution
    • Hiding Processes
    • Doppelgänging
    • Unhooking Hooks
    • Code Caves
    • AV Product Bypasses
    • Calling Home
    • Writing Shellcode in C
  • Overview

    This Capture the Flag event involves solving an array of hands-on challenges that mimic real-world events. Students play the role of senior developers as part of a nation-state team to create cyber capabilities to leverage against their targets. The challenges will require students to apply everything that they learned during the week. However, that foundation of skills will be just the starting point. Since not every target will be the same, students will have to take their initial access to a target and then expand on that access using only tools that have been custom developed for that specific target.

    Topics
    • Target Survey and Recon
    • AV Bypass
    • Privilege Escalation
    • Persistence
    • Hooking
    • Code Injection

Prerequisites

It is strongly recommended that students have experience with developing programs in C/C++ for either Linux or Windows platforms. Additionally, students should have C/C++ experience programming loops, conditional statements, and switch statements, creating functions and function pointers, and using pointers, linked lists, and type casting.

If you do not have experience with C/C++ just yet, do not worry, there is a series of free workshops that will introduce you to the C programming language, for Windows:

In addition, students should have a basic understanding of how Windows works internally. A basic understanding of process address space, virtual memory, physical memory, the registry, etc. would be a great place to start. The book titled Windows Via C/C++ is a solid resource to understand Windows and getting to learn programming at the same time.

Courses that lead into SEC670:

SEC670 gives alumni of these courses a more in-depth look at how the tools used in them operate. It also shows students how to make their own tools and add missing features that other compiled tools might not have.  As an example, in SEC660, there is a brief mention of tampering with Windows AMSI and AMSI bypasses.  SEC670 will take you behind the scenes where students will create their own, fully customized AMSI bypass.

Laptop Requirements

Important! Bring your own system configured according to these instructions!

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will not be able to fully participate in hands-on exercises in your course. Therefore, please arrive with a system meeting all of the specified requirements.

Back up your system before class. Better yet, use a system without any sensitive/critical data. SANS is not responsible for your system or data.

MANDATORY SEC670 SYSTEM HARDWARE REQUIREMENTS
  • CPU: 64-bit Intel i5/i7 (8th generation or newer), or AMD equivalent. A x64 bit, 2.0+ GHz or newer processor is mandatory for this class.
  • CRITICAL: Apple Silicon devices cannot perform the necessary virtualization and therefore cannot in any way be used for this course.
  • BIOS settings must be set to enable virtualization technology, such as "Intel-VTx" or "AMD-V" extensions. Be absolutely certain you can access your BIOS if it is password protected, in case changes are necessary.
  • 16GB of RAM or more is required.
  • 100GB of free storage space or more is required.
  • At least one available USB 3.0 Type-A port. A Type-C to Type-A adapter may be necessary for newer laptops. Some endpoint protection software prevents the use of USB devices, so test your system with a USB drive before class.
  • Wireless networking (802.11 standard) is required. There is no wired Internet access in the classroom.
MANDATORY SEC670 HOST CONFIGURATION AND SOFTWARE REQUIREMENTS
  • Your host operating system must be the latest version of Windows 10, Windows 11, or macOS 10.15.x or newer.
  • Fully update your host operating system prior to the class to ensure you have the right drivers and patches installed.
  • Linux hosts are not supported in the classroom due to their numerous variations. If you choose to use Linux as your host, you are solely responsible for configuring it to work with the course materials and/or VMs.
  • Local Administrator Access is required. (Yes, this is absolutely required. Don't let your IT team tell you otherwise.) If your company will not permit this access for the duration of the course, then you should make arrangements to bring a different laptop.
  • You should ensure that antivirus or endpoint protection software is disabled, fully removed, or that you have the administrative privileges to do so. Many of our courses require full administrative access to the operating system and these products can prevent you from accomplishing the labs.
  • Any filtering of egress traffic may prevent accomplishing the labs in your course. Firewalls should be disabled, or you must have the administrative privileges to disable it.
  • Download and install VMware Workstation Pro 16.2.X+ or VMware Player 16.2.X+ (for Windows 10 hosts), VMware Workstation Pro 17.0.0+ or VMware Player 17.0.0+ (for Windows 11 hosts), or VMWare Fusion Pro 12.2+ or VMware Fusion Player 11.5+ (for macOS hosts) prior to class beginning. If you do not own a licensed copy of VMware Workstation Pro or VMware Fusion Pro, you can download a free 30-day trial copy from VMware. VMware will send you a time-limited serial number if you register for the trial at their website. Also note that VMware Workstation Player offers fewer features than VMware Workstation Pro. For those with Windows host systems, Workstation Pro is recommended for a more seamless student experience.
  • On Windows hosts, VMware products might not coexist with the Hyper-V hypervisor. For the best experience, ensure VMware can boot a virtual machine. This may require disabling Hyper-V. Instructions for disabling Hyper-V, Device Guard, and Credential Guard are contained in the setup documentation that accompanies your course materials.
  • Download and install 7-Zip (for Windows Hosts) or Keka (for macOS hosts). These tools are also included in your downloaded course materials.

Your course media will now be delivered via download. The media files for class can be large, some in the 40 - 50 GB range. You need to allow plenty of time for the download to complete. Internet connections and speed vary greatly and are dependent on many different factors. Therefore, it is not possible to give an estimate of the length of time it will take to download your materials. Please start your course media downloads as you get the link. You will need your course media immediately on the first day of class. Waiting until the night before the class starts to begin your download has a high probability of failure.

SANS has begun providing printed materials in PDF form. Additionally, certain classes are using an electronic workbook in addition to the PDFs. The number of classes using eWorkbooks will grow quickly. In this new environment, we have found that a second monitor and/or a tablet device can be useful by keeping the class materials visible while the instructor is presenting or while you are working on lab exercises.

If you have additional questions about the laptop specifications, please contact support.

Author Statement

"Penetration testers, red team operators (RTO), exploit developers, and those in the Intel Community (IC) have all used amazing tools and frameworks to get their jobs done. These amazing tools have one thing in common: they were developed by an effective team or by one dedicated individual. The developers are the enablers of operations, and without them we would not be where we are today. Creating offensive tools is a broad task and can have many areas of focus. One particularly important area is building implants or agents that are dropped on a victim computer to establish that shell with an operator. This course will focus on building implants for Windows targets using the C/C++ programming languages. The course is heavy on labs and hands-on development, giving you ample time to fully grasp how Windows does things differently than other operating systems. By the end of the week, you should have a fully functioning Windows implant that you can continue to tweak well beyond the course."

- Jonathan Reiter

Ways to Learn

  • OnDemand

Cybersecurity learning – at YOUR pace! OnDemand provides unlimited access to your training wherever, whenever. All labs, exercises, and live support from SANS subject matter experts included.

Register Now
  • Live Online

The full SANS experience live at home! Get the ultimate in virtual, interactive SANS courses with leading SANS instructors via live stream. Following class, plan to kick back and enjoy a keynote from the couch.

View Available Dates & Time Zones
  • In Person (6 days)

Did someone say ALL-ACCESS? On-site immersion via in-classroom course sessions led by world-class SANS instructors fill your day, while bonus receptions and workshops fill your evenings.

View Available Dates & Locations

Who Should Attend SEC670?

  • Red Team Operators
  • Exploit Developers
  • Penetration Testers
  • Linux CNO Developers
  • Windows Developers
  • AV/EDR Developers

NICE Framework Work Roles:

  • Adversary Emulation Specialist / Red Teamer (OPM 541)

See prerequisites
Africa/Abidjan
Africa/Accra
Africa/Addis Ababa
Africa/Algiers
Africa/Asmara
Africa/Asmera
Africa/Bamako
Africa/Bangui
Africa/Banjul
Africa/Bissau
Africa/Blantyre
Africa/Brazzaville
Africa/Bujumbura
Africa/Cairo
Africa/Casablanca
Africa/Ceuta
Africa/Conakry
Africa/Dakar
Africa/Dar es Salaam
Africa/Djibouti
Africa/Douala
Africa/El Aaiun
Africa/Freetown
Africa/Gaborone
Africa/Harare
Africa/Johannesburg
Africa/Juba
Africa/Kampala
Africa/Khartoum
Africa/Kigali
Africa/Kinshasa
Africa/Lagos
Africa/Libreville
Africa/Lome
Africa/Luanda
Africa/Lubumbashi
Africa/Lusaka
Africa/Malabo
Africa/Maputo
Africa/Maseru
Africa/Mbabane
Africa/Mogadishu
Africa/Monrovia
Africa/Nairobi
Africa/Ndjamena
Africa/Niamey
Africa/Nouakchott
Africa/Ouagadougou
Africa/Porto-Novo
Africa/Sao Tome
Africa/Timbuktu
Africa/Tripoli
Africa/Tunis
Africa/Windhoek
America/Adak
America/Anchorage
America/Anguilla
America/Antigua
America/Araguaina
America/Argentina/Buenos Aires
America/Argentina/Catamarca
America/Argentina/ComodRivadavia
America/Argentina/Cordoba
America/Argentina/Jujuy
America/Argentina/La Rioja
America/Argentina/Mendoza
America/Argentina/Rio Gallegos
America/Argentina/Salta
America/Argentina/San Juan
America/Argentina/San Luis
America/Argentina/Tucuman
America/Argentina/Ushuaia
America/Aruba
America/Asuncion
America/Atikokan
America/Atka
America/Bahia
America/Bahia Banderas
America/Barbados
America/Belem
America/Belize
America/Blanc-Sablon
America/Boa Vista
America/Bogota
America/Boise
America/Buenos Aires
America/Cambridge Bay
America/Campo Grande
America/Cancun
America/Caracas
America/Catamarca
America/Cayenne
America/Cayman
America/Chicago
America/Chihuahua
America/Ciudad Juarez
America/Coral Harbour
America/Cordoba
America/Costa Rica
America/Creston
America/Cuiaba
America/Curacao
America/Danmarkshavn
America/Dawson
America/Dawson Creek
America/Denver
America/Detroit
America/Dominica
America/Edmonton
America/Eirunepe
America/El Salvador
America/Ensenada
America/Fort Nelson
America/Fort Wayne
America/Fortaleza
America/Glace Bay
America/Godthab
America/Goose Bay
America/Grand Turk
America/Grenada
America/Guadeloupe
America/Guatemala
America/Guayaquil
America/Guyana
America/Halifax
America/Havana
America/Hermosillo
America/Indiana/Indianapolis
America/Indiana/Knox
America/Indiana/Marengo
America/Indiana/Petersburg
America/Indiana/Tell City
America/Indiana/Vevay
America/Indiana/Vincennes
America/Indiana/Winamac
America/Indianapolis
America/Inuvik
America/Iqaluit
America/Jamaica
America/Jujuy
America/Juneau
America/Kentucky/Louisville
America/Kentucky/Monticello
America/Knox IN
America/Kralendijk
America/La Paz
America/Lima
America/Los Angeles
America/Louisville
America/Lower Princes
America/Maceio
America/Managua
America/Manaus
America/Marigot
America/Martinique
America/Matamoros
America/Mazatlan
America/Mendoza
America/Menominee
America/Merida
America/Metlakatla
America/Mexico City
America/Miquelon
America/Moncton
America/Monterrey
America/Montevideo
America/Montreal
America/Montserrat
America/Nassau
America/New York
America/Nipigon
America/Nome
America/Noronha
America/North Dakota/Beulah
America/North Dakota/Center
America/North Dakota/New Salem
America/Nuuk
America/Ojinaga
America/Panama
America/Pangnirtung
America/Paramaribo
America/Phoenix
America/Port-au-Prince
America/Port of Spain
America/Porto Acre
America/Porto Velho
America/Puerto Rico
America/Punta Arenas
America/Rainy River
America/Rankin Inlet
America/Recife
America/Regina
America/Resolute
America/Rio Branco
America/Rosario
America/Santa Isabel
America/Santarem
America/Santiago
America/Santo Domingo
America/Sao Paulo
America/Scoresbysund
America/Shiprock
America/Sitka
America/St Barthelemy
America/St Johns
America/St Kitts
America/St Lucia
America/St Thomas
America/St Vincent
America/Swift Current
America/Tegucigalpa
America/Thule
America/Thunder Bay
America/Tijuana
America/Toronto
America/Tortola
America/Vancouver
America/Virgin
America/Whitehorse
America/Winnipeg
America/Yakutat
America/Yellowknife
Antarctica/Casey
Antarctica/Davis
Antarctica/DumontDUrville
Antarctica/Macquarie
Antarctica/Mawson
Antarctica/McMurdo
Antarctica/Palmer
Antarctica/Rothera
Antarctica/South Pole
Antarctica/Syowa
Antarctica/Troll
Antarctica/Vostok
Arctic/Longyearbyen
Asia/Aden
Asia/Almaty
Asia/Amman
Asia/Anadyr
Asia/Aqtau
Asia/Aqtobe
Asia/Ashgabat
Asia/Ashkhabad
Asia/Atyrau
Asia/Baghdad
Asia/Bahrain
Asia/Baku
Asia/Bangkok
Asia/Barnaul
Asia/Beirut
Asia/Bishkek
Asia/Brunei
Asia/Calcutta
Asia/Chita
Asia/Choibalsan
Asia/Chongqing
Asia/Chungking
Asia/Colombo
Asia/Dacca
Asia/Damascus
Asia/Dhaka
Asia/Dili
Asia/Dubai
Asia/Dushanbe
Asia/Famagusta
Asia/Gaza
Asia/Harbin
Asia/Hebron
Asia/Ho Chi Minh
Asia/Hong Kong
Asia/Hovd
Asia/Irkutsk
Asia/Istanbul
Asia/Jakarta
Asia/Jayapura
Asia/Jerusalem
Asia/Kabul
Asia/Kamchatka
Asia/Karachi
Asia/Kashgar
Asia/Kathmandu
Asia/Katmandu
Asia/Khandyga
Asia/Kolkata
Asia/Krasnoyarsk
Asia/Kuala Lumpur
Asia/Kuching
Asia/Kuwait
Asia/Macao
Asia/Macau
Asia/Magadan
Asia/Makassar
Asia/Manila
Asia/Muscat
Asia/Nicosia
Asia/Novokuznetsk
Asia/Novosibirsk
Asia/Omsk
Asia/Oral
Asia/Phnom Penh
Asia/Pontianak
Asia/Pyongyang
Asia/Qatar
Asia/Qostanay
Asia/Qyzylorda
Asia/Rangoon
Asia/Riyadh
Asia/Saigon
Asia/Sakhalin
Asia/Samarkand
Asia/Seoul
Asia/Shanghai
Asia/Singapore
Asia/Srednekolymsk
Asia/Taipei
Asia/Tashkent
Asia/Tbilisi
Asia/Tehran
Asia/Tel Aviv
Asia/Thimbu
Asia/Thimphu
Asia/Tokyo
Asia/Tomsk
Asia/Ujung Pandang
Asia/Ulaanbaatar
Asia/Ulan Bator
Asia/Urumqi
Asia/Ust-Nera
Asia/Vientiane
Asia/Vladivostok
Asia/Yakutsk
Asia/Yangon
Asia/Yekaterinburg
Asia/Yerevan
Atlantic/Azores
Atlantic/Bermuda
Atlantic/Canary
Atlantic/Cape Verde
Atlantic/Faeroe
Atlantic/Faroe
Atlantic/Jan Mayen
Atlantic/Madeira
Atlantic/Reykjavik
Atlantic/South Georgia
Atlantic/St Helena
Atlantic/Stanley
Australia/ACT
Australia/Adelaide
Australia/Brisbane
Australia/Broken Hill
Australia/Canberra
Australia/Currie
Australia/Darwin
Australia/Eucla
Australia/Hobart
Australia/LHI
Australia/Lindeman
Australia/Lord Howe
Australia/Melbourne
Australia/NSW
Australia/North
Australia/Perth
Australia/Queensland
Australia/South
Australia/Sydney
Australia/Tasmania
Australia/Victoria
Australia/West
Australia/Yancowinna
Brazil/Acre
Brazil/DeNoronha
Brazil/East
Brazil/West
CET
CST6CDT
Canada/Atlantic
Canada/Central
Canada/Eastern
Canada/Mountain
Canada/Newfoundland
Canada/Pacific
Canada/Saskatchewan
Canada/Yukon
Chile/Continental
Chile/EasterIsland
Cuba
EET
EST
EST5EDT
Egypt
Eire
Etc/GMT
Etc/GMT+0
Etc/GMT+1
Etc/GMT+10
Etc/GMT+11
Etc/GMT+12
Etc/GMT+2
Etc/GMT+3
Etc/GMT+4
Etc/GMT+5
Etc/GMT+6
Etc/GMT+7
Etc/GMT+8
Etc/GMT+9
Etc/GMT-0
Etc/GMT-1
Etc/GMT-10
Etc/GMT-11
Etc/GMT-12
Etc/GMT-13
Etc/GMT-14
Etc/GMT-2
Etc/GMT-3
Etc/GMT-4
Etc/GMT-5
Etc/GMT-6
Etc/GMT-7
Etc/GMT-8
Etc/GMT-9
Etc/GMT0
Etc/Greenwich
Etc/UCT
Etc/UTC
Etc/Universal
Etc/Zulu
Europe/Amsterdam
Europe/Andorra
Europe/Astrakhan
Europe/Athens
Europe/Belfast
Europe/Belgrade
Europe/Berlin
Europe/Bratislava
Europe/Brussels
Europe/Bucharest
Europe/Budapest
Europe/Busingen
Europe/Chisinau
Europe/Copenhagen
Europe/Dublin
Europe/Gibraltar
Europe/Guernsey
Europe/Helsinki
Europe/Isle of Man
Europe/Istanbul
Europe/Jersey
Europe/Kaliningrad
Europe/Kiev
Europe/Kirov
Europe/Kyiv
Europe/Lisbon
Europe/Ljubljana
Europe/London
Europe/Luxembourg
Europe/Madrid
Europe/Malta
Europe/Mariehamn
Europe/Minsk
Europe/Monaco
Europe/Moscow
Europe/Nicosia
Europe/Oslo
Europe/Paris
Europe/Podgorica
Europe/Prague
Europe/Riga
Europe/Rome
Europe/Samara
Europe/San Marino
Europe/Sarajevo
Europe/Saratov
Europe/Simferopol
Europe/Skopje
Europe/Sofia
Europe/Stockholm
Europe/Tallinn
Europe/Tirane
Europe/Tiraspol
Europe/Ulyanovsk
Europe/Uzhgorod
Europe/Vaduz
Europe/Vatican
Europe/Vienna
Europe/Vilnius
Europe/Volgograd
Europe/Warsaw
Europe/Zagreb
Europe/Zaporozhye
Europe/Zurich
GB
GB-Eire
GMT
GMT+0
GMT-0
GMT0
Greenwich
HST
Hongkong
Iceland
Indian/Antananarivo
Indian/Chagos
Indian/Christmas
Indian/Cocos
Indian/Comoro
Indian/Kerguelen
Indian/Mahe
Indian/Maldives
Indian/Mauritius
Indian/Mayotte
Indian/Reunion
Iran
Israel
Jamaica
Japan
Kwajalein
Libya
MET
MST
MST7MDT
Mexico/BajaNorte
Mexico/BajaSur
Mexico/General
NZ
NZ-CHAT
Navajo
PRC
PST8PDT
Pacific/Apia
Pacific/Auckland
Pacific/Bougainville
Pacific/Chatham
Pacific/Chuuk
Pacific/Easter
Pacific/Efate
Pacific/Enderbury
Pacific/Fakaofo
Pacific/Fiji
Pacific/Funafuti
Pacific/Galapagos
Pacific/Gambier
Pacific/Guadalcanal
Pacific/Guam
Pacific/Honolulu
Pacific/Johnston
Pacific/Kanton
Pacific/Kiritimati
Pacific/Kosrae
Pacific/Kwajalein
Pacific/Majuro
Pacific/Marquesas
Pacific/Midway
Pacific/Nauru
Pacific/Niue
Pacific/Norfolk
Pacific/Noumea
Pacific/Pago Pago
Pacific/Palau
Pacific/Pitcairn
Pacific/Pohnpei
Pacific/Ponape
Pacific/Port Moresby
Pacific/Rarotonga
Pacific/Saipan
Pacific/Samoa
Pacific/Tahiti
Pacific/Tarawa
Pacific/Tongatapu
Pacific/Truk
Pacific/Wake
Pacific/Wallis
Pacific/Yap
Poland
Portugal
ROC
ROK
Singapore
Turkey
UCT
US/Alaska
US/Aleutian
US/Arizona
US/Central
US/East-Indiana
US/Eastern
US/Hawaii
US/Indiana-Starke
US/Michigan
US/Mountain
US/Pacific
US/Samoa
UTC
Universal
W-SU
WET
Zulu
Filters:
Training Formats
        Location
        Dates

        Register for SEC670

        Learn about Group Pricing

        Prices below exclude applicable taxes and shipping costs. If applicable, these will be shown on the last page of checkout.

        Loading...