Get an iPad Air w/ Smart KB, or Google Pixel 4A Smartphone, or Take $350 Off with ANY qualifying 5-6 Day Course through April 21.
For special codes to use during registration, view offer details.
Associated Certification: GIAC Penetration Tester (GPEN)
As a cybersecurity professional, you have a unique responsibility to find and understand your organization's vulnerabilities and to work diligently to mitigate them before the bad guys pounce. Are you ready? SEC560, the flagship SANS course for penetration testing, fully equips you to address this duty head-on.
SEC560 IS THE MUST-HAVE COURSE FOR EVERY WELL-ROUNDED SECURITY PROFESSIONAL
With comprehensive coverage of tools, techniques, and methodologies for network penetration testing, SEC560 truly prepares you to conduct high-value penetration testing step by step and end to end. Every organization needs skilled information security personnel who can find vulnerabilities and mitigate their effects, and this entire course is specially designed to get you ready for that role. The course starts with proper planning, scoping, and reconnaissance, then dives deep into scanning, target exploitation, password attacks, Windows Domain attacks, and Azure AD (Active Directory), with over 30 detailed hands-on labs throughout. The course is chock full of practical, real-world tips from some of the world's best penetration testers to help you do your job safely, efficiently, and skillfully.
LEARN THE BEST WAYS TO TEST YOUR OWN SYSTEMS BEFORE THE BAD GUYS ATTACK
You'll learn how to perform detailed reconnaissance, studying a target's infrastructure by mining publicly available information, search engines, social networking sites, and other internet and intranet infrastructures. Our hands-on labs will equip you to scan target networks using best-of-breed tools. We won't just cover run-of-the-mill options and configurations, we'll also go over the lesser-known but super-useful capabilities of the best pen test toolsets available today. After scanning, you'll learn dozens of methods for exploiting target systems to gain access and measure real business risk. You'll dive deep into post-exploitation, password attacks, and the Windows domain, pivoting through the target environment to model the attacks of real-world adversaries to emphasize the importance of defense in depth.
EQUIPPING SECURITY ORGANIZATIONS WITH COMPREHENSIVE PENETRATION TESTING AND ETHICAL HACKING KNOW-HOW
SEC560 is designed to get you ready to conduct a full-scale, high-value penetration test, and at the end of the course you'll do just that. After building your skills in comprehensive and challenging labs, the course culminates with a final real-world penetration test scenario. You'll conduct an end-to-end pen test, applying knowledge, tools, and principles from throughout the course as you discover and exploit vulnerabilities in a realistic sample target organization, demonstrating the skills you've gained in this course.
Why Choose This Course?
SEC560 differs from other penetration testing and ethical hacking courses in several important ways:
You Will Be Able To
What You Will Receive
In this course section, you'll develop the skills needed to conduct a best-of-breed, high-value penetration test. We'll go in-depth on how to build a penetration testing infrastructure that includes all the hardware, software, network infrastructure, and tools you will need to conduct great penetration tests, with specific low-cost recommendations for your arsenal. We'll then cover formulating a pen test scope and rules of engagement that will set you up for success, including a role-play exercise. We'll also dig deep into the reconnaissance portion of a penetration test, covering the latest tools and techniques, including hands-on lab exercises to learn about a target environment, as well as a lab using Spiderfoot to automate the discovery of information about the target organization, network, infrastructure, and users.
CPE/CMU Credits: 6
This course section focuses on the vital task of mapping the target environment's attack surface by creating a comprehensive inventory of machines, accounts, and potential vulnerabilities. We look at some of the most useful scanning tools freely available today and run them in numerous hands-on labs to help hammer home the most effective way to use each tool. We finish the module covering vital techniques for false-positive reduction so that you can focus your findings on meaningful results and avoid the sting of a false positive. And we examine the best ways to conduct your scans safely and efficiently. The section wraps up with password guessing attacks, which is a common way for penetration testers and malicious attackers to gain initial access as well as pivot through the network.
CPE/CMU Credits: 6
In this course section we look at the many kinds of exploits that penetration testers use to compromise target machines, including client-side exploits, service-side exploits, and local privilege escalation. We'll see how these exploits are packaged in frameworks like Metasploit and its mighty Meterpreter. You'll learn in-depth how to leverage Metasploit and the Meterpreter to compromise target environments. You'll also examine application control bypasses to circumvent the target organization's security measures, as well as methods to pivot through target environments - all with a focus on determining the true business risk of the target organization.
CPE/CMU Credits: 6
Once you've successfully exploited a target environment, penetration testing gets extra exciting as you perform post-exploitation, gathering information from compromised machines and pivoting to other systems in your scope. This course section zooms in on pillaging target environments and building formidable hands-on command line skills. We'll then turn our attention to password cracking attacks, as well as numerous options for plundering password hashes from target machines, including the great Mimikatz Kiwi tool. We'll cover password cracking techniques and strategies using both John the Ripper and Hashcat. In addition, we'll look at pivoting techniques using SSH and the routing features in Metasploit. We'll cover Windows command line skills in-depth, including PowerShell's awesome abilities for post-exploitation. The course section wraps up with a discussion on effective reporting and communication with the business.
CPE/CMU Credits: 6
In this course section, we'll zoom in on typical Active Directory lateral movement strategies. You'll get an in-depth understanding of how Kerberos works and what the possible attack vectors are. We'll look at typical local privilege escalation techniques and User Account Control bypasses. We'll also map the internal domain structure using BloodHound to identify feasible attack paths. We'll use Mimikatz to perform domain dominance attacks, where domain replication is used to fully compromise the domain. With full privileges over the on-premise domain, we'll then turn our attention to the cloud and have a look at Azure principles and attack strategies. The integration of Azure AD with the on-premise domain provides interesting attack options, which will be linked to the domain dominance attacks we saw earlier during the course section.
CPE/CMU Credits: 6
This lively session represents the culmination of the network penetration testing and ethical hacking course. You'll apply all of the skills mastered in the course in a comprehensive, hands-on workshop during which you'll conduct an actual penetration test of a sample target environment. We'll provide the scope and rules of engagement, and you'll work to achieve your goal to determine whether the target organization's Personally Identifiable Information is at risk. As a final step in preparing you for conducting penetration tests, you'll make recommendations about remediating the risks you identify.
CPE/CMU Credits: 6
Important! Bring your own system configured according to these instructions!
A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, we strongly urge you to arrive with a system meeting all the requirements specified for the course.
It is critical that you back-up your system before class. it is also strongly advised that you do not bring a system storing any sensitive data.
IMPORTANT - BRING YOUR OWN LAPTOP WITH WINDOWS
To get the most value out of this course, students are required to bring their own laptop so that they can connect directly to the workshop network we will create. It is the students' responsibility to make sure the system is properly configured with all drivers necessary to connect to an Ethernet network.
Some of the course exercises are based on Windows, while others focus on Linux. VMware Player VMware Workstation is required for the class. If you plan to use a Mac, please make sure you bring VMware Fusion. Note: Apple systems using the M1 processor cannot perform the necessary virtualization at this time and cannot be used for this course.
Disc Space Requirements
The course includes two VMware image files: a Windows 10 VM, and Slingshot Linux. You will need at least 60GB free on your system for these virtual machintes (VMs).
VMWare
You will use VMware to run Windows 10 and Slingshot Linux VMs simultaneously when performing exercises in the course. The VMs come with all the tools you will need to complete the lab exercises.
We will give you a USB full of attack tools to experiment with during the course and to keep for later analysis. We will also provide a Linux image with all of our tools pre-installed that runs within VMware.
Windows and Native Linux Users: You must have either the free VMware Workstation Player 16 or later or the commercial VMware Workstation 16 or later installed on your system prior to coming to class. You can download VMware Player for free here.
Mac users: You will need VMware Fusion 12 (or later) or the free VMware Fusion Player 12 or later installed on your Mac prior to class. You can download the free VMware Fusion Player here.
Virtualbox and other virtualization products: While this may work in the course, it is not officially supported. If you choose to use this software you will be responsible for configuring the virtual machines to work on the target range. Also, installation of both VMware and Virtualbox can sometimes cause network issues. We recommend only installing one virtualization technology.
Mandatory Laptop Hardware Requirements
During the workshop, you will be connecting to one of the most hostile networks on Earth! Your laptop might be attacked. Do not have any sensitive data stored on the system. SANS is not responsible for your system if someone in the course attacks it in the workshop.
By bringing the right equipment and preparing in advance, you can maximize what you will see and learn, as well as have a lot of fun.
If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.
If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.
"There are tools and mindsets taught in SEC560 that will shape an IT professional's approach to security. It's an essential class." - Mario Velazquez, American Access Casualty
SEC560 is the flagship penetration test course offered by the SANS Institute. Attendees are expected to have a working knowledge of TCP/IP and a basic knowledge of the Windows and Linux command lines before they come to class. While SEC560 is technically in-depth, it is important to note that programming knowledge is NOT required for the course.
Course Lead-Ins and Follow-Ups
Courses that lead in to SEC560:
Courses that are good follow-ups to SEC560:
"All security professionals need to understand modern attack tactics and principles. As a defender, incident responder, or forensic analyst, it is important to understand the latest attacks and the mind of the attacker. In this course, penetration testers, red teamers, and other offensive security professional will learn tools and techniques to increase the impact and effectiveness of their work. As the lead author for this course, I'm proud to bring my years of security experience (both offensive and defensive) as well as network/system administration experience to the course. We aim to provide a valuable, high-impact penetration testing course designed to teach experienced pen testers new tips, help prepare new penetration testers, and provide background to anyone dealing with penetration testers, red teams, or even malicious attackers. I personally enjoy teaching this course and sharing my experience and real-life examples with you." - Tim Medin
"A thorough understanding of security assessment/penetration testing techniques is a key asset for any cybersecurity professional. In order to become a better defender, you must understand offense. This course provides fundamental skills for people who want to establish themselves as penetration testers. I am very proud to have developed and maintained SEC560 as SANS' flagship penetration testing course throughout my 10+ years of pen testing experience. The course provides a balanced mix between lectures and hands-on activities to ensure that students go home equipped to immediately put their skills to use. I particularly enjoy modeling the lecture and labs towards real-life scenarios that I myself have encountered! I look forward sharing my stories with you!" - Erik Van Buggenhout
"Tim is an excellent SANS instructor. He's knowledgable, and he kept the course funny and interesting." - Thomas Rogers, Chevron