SEC504: Hacker Tools, Techniques, and Incident Handling

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsApply your credits to renew your certifications
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
Apply what you learn with hands-on exercises and labs
Master enterprise-scale penetration testing; learn to identify, exploit, and assess real business risks across on-prem, Azure, and Entra ID environments through hands-on labs and an intensive CTF.
Thank you for an amazing week of training in SEC560! My favorite parts were lateral movement, password cracking, and web exploits!
This comprehensive enterprise penetration testing course goes beyond individual systems to teach real-world methodologies for assessing organization-wide risk across on-premises infrastructure, Azure cloud, and Entra ID. Learn proven techniques to identify and exploit vulnerabilities at scale, demonstrating concrete business impact. This course is perfect for red teamers, blue teamers, auditors, and incident responders seeking to understand both offensive and defensive perspectives in enterprise security testing.
Jon Gorenflo has strengthened cybersecurity through leadership in pen testing, incident response, and security engineering. His dedication to mentoring and knowledge-sharing has empowered professionals and enhanced defenses industry-wide.
Read more about Jon GorenfloJeff McJunkin, Rogue Valley InfoSec founder, has led Fortune 100 pen tests and shaped Core NetWars. His key role in SANS Holiday Hack Challenge and hands-on security innovations continue to elevate the industry, advancing defenses worldwide.
Read more about Jeff McJunkinExplore the course syllabus below to view the full range of topics covered in SEC560: Enterprise Penetration Testing.
This first course section covers building a penetration testing infrastructure, defining scope, and performing reconnaissance. Through hands-on labs, you'll map attack surfaces, identify vulnerabilities, and refine scanning techniques for accurate and efficient assessments.
This section covers password guessing, exploitation, and post-exploitation, focusing on Metasploit and Meterpreter. You'll explore gaining access, escalating privileges, and pivoting. The "Assumed Breach" methodology and the use of C2 frameworks like Sliver and Empire are discussed, as well as situational awareness on Windows and Linux systems.
Here we dive into the world of privilege escalation, where gaining elevated access on compromised hosts unlocks new opportunities for deeper exploitation. Learn how to use tools like Mimikatz for password dumping, cracking, and maintaining persistence. Map attack paths with BloodHound to target high-value assets, and utilize Responder for relaying attacks.
Explore lateral movement techniques used by attackers and pen testers to navigate networks. Learn manual methods and automate with Impacket to exploit network protocols. Perform pass-the-hash attacks, bypass application controls, and pivot through networks using C2 frameworks. Finish with strategies for effectively reporting and communicating findings.
Delve into Active Directory lateral movement, focusing on Kerberos attacks like Kerberoasting, Golden Tickets, and Silver Tickets. Learn how to extract domain hashes from a compromised Domain Controller and escalate privileges using AD Certificate Services (AD CS). Explore cloud-based attacks, focusing on Azure and Entra ID integration with on-prem domains.
The final hands-on exercise applies penetration testing skills in a simulated environment. Testers work within the defined scope and rules of engagement to assess security risks. The goal is to identify vulnerabilities, exploit them, and provide recommendations to mitigate the risks discovered, using real-world penetration testing practices.
Assesses systems and networks to ensure compliance with policies and identify vulnerabilities in support of secure and resilient operations.
Explore learning pathCollaborates to identify access and collection gaps using cyber resources and techniques to penetrate target networks and support mission operations.
Explore learning pathCoordinates cyber operations plans, working with analysts and operators to support targeting and synchronization of actions in cyberspace.
Explore learning pathPerforms advanced analysis of collection and open-source data to track target activity, profile cyber behavior, and support cyberspace operations.
Explore learning pathAdd a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.
When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.
I think if you genuinely want to learn how exploitation techniques work and how to properly think like a hacker, it would be silly not to attend SEC560.
SEC560 introduces the whole process of penetration testing from the start of engagement to the end.
Thank you for an amazing week of training in SEC560! My favorite parts were lateral movement, password cracking, and web exploits!
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources