Riyadh April 2019

IMPORTANT - BRING YOUR OWN LAPTOP WITH WINDOWS

To get the most value out of this course, students are required to bring their own laptop so that they can connect directly to the workshop network we will create. It is the students' responsibility to make sure the system is properly configured with all drivers necessary to connect to an Ethernet network.

Some of the course exercises are based on Windows, while others focus on Linux. VMware Player or VMware Workstation is required for the class. If you plan to use a Macintosh, please make sure you bring VMware Fusion, along with a Windows guest virtual machine.

Windows

You are required to bring Windows 10 (Professional or Enterprise), 8, or 8.1 (Professional, Enterprise, or Ultimate), or Windows 7 (Professional, Enterprise, or Ultimate), either a real system or a virtual machine.

The course includes a VMware image file of a guest Linux system that is larger than 20 GB. Therefore, you need at least 20 gigs free in your file system.

IMPORTANT NOTE: You will also be required to disable your anti-virus tools temporarily for some labs, so make sure you have the anti-virus administrator privileges to do so. DO NOT plan on just killing your anti-virus service or processes, because most anti-virus tools still function, even when their associated services and processes have been terminated. For many enterprise-managed clients, disabling your anti-virus tool may require a different password than the Administrator account password. Please bring that administrator password for your anti-virus tool.

Enterprise VPN clients may interfere with the network configuration required to participate in the course. If your system has an enterprise VPN client installed, you may need to uninstall it for the exercises in course.

VMware

You will use VMware to run Windows and Linux operating systems simultaneously when performing exercises in the course. You must have either the free VMware Player 6 or later or the commercial VMware Workstation 10 or later installed on your system prior to coming to class. You can download VMware Player for free here .

Alternatively, if you want a more flexible and configurable tool, you can download a free 30-day trial copy of VMware Workstation Pro here . VMware will send you a time-limited license number for VMware Workstation Pro if you register for the trial on its website. No license number is required for VMware Player.

We will give you a USB full of attack tools to experiment with during the course and to keep for later analysis. We will also provide a Linux image with all of our tools pre-installed that runs within VMware.

Linux

You do not need to bring a Linux system if you plan to use our Linux image in VMware. However, you are required to bring VMware. The course does not support Virtual Box, HyperV, or other non-VMware virtualization products.

Mandatory Laptop Hardware Requirements:

• x64-compatible 2.0 GHz CPU minimum or higher
• 4 GB RAM minimum with 8 GB or higher recommended
• Ethernet adapter (a wired connection is required in class; if your laptop supports only wireless, please make sure to bring a USB Ethernet adapter with you)
• 20 GB available hard-drive space
• Any Patch level is acceptable for Windows 10, 8, 8.1, or Windows 7

During the workshop, you will be connecting to one of the most hostile networks on Earth! Your laptop might be attacked. Do not have any sensitive data stored on the system. SANS is not responsible for your system if someone in the course attacks it in the workshop.

By bringing the right equipment and preparing in advance, you can maximize what you will see and learn, as well as have a lot of fun.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

• Security personnel whose job involves assessing networks and systems to find and remediate vulnerabilities
• Penetration testers
• Ethical hackers
• Defenders who want to better understand offensive methodologies, tools, and techniques
• Auditors who need to build deeper technical skills
• Red Team members
• Blue Team members
• Forensics specialists who want to better understand offensive tactics

Use this sample training request letter, or elements of it, to justify the time and budget required to complete SANS training to your manager. Simply copy and paste text into an email to your manager, then make any necessary adjustments to personalize the information.

SEC560 is the flagship penetration test course offered by the SANS Institute. Attendees are expected to have a working knowledge of TCP/IP, understand the differences between cryptographic routines such as DES, AES, and MD5, and have a basic knowledge of the Windows and Linux command lines before they come to class. While SEC560 is technically in-depth, it is important to note that programming knowledge is NOT required for the course. For more information on the differences between SEC560 and SEC504, see the SEC560 and SEC504 FAQS.

Why Choose This Course?

This SANS course differs from other penetration testing and ethical hacking courses in several important ways:

• It offers in-depth technical excellence along with industry-leading methodologies to conduct high-value penetration tests.
• We get deep into the arsenal of tools with numerous hands-on exercises that show subtle, less-well-known, and undocumented features that are useful for professional penetration testers and ethical hackers.
• It discusses how the tools interrelate with each other in an overall testing process. Rather than just throwing up a bunch of tools and playing with them, we analyze how to leverage information from one tool to get the most bang out of the next tool.
• We focus on the workflow of professional penetration testers and ethical hackers, proceeding step by step and discussing the most effective means for carrying out projects.
• The sessions address common pitfalls that arise in penetration tests and ethical hacking projects, providing real-world strategies and tactics for avoiding these problems to maximize the quality of test results.
• We cover several time-saving tactics based on years of in-the-trenches experience of real penetration testers and ethical hackers -- tasks that might take hours or days unless you know the little secrets we will cover that will enable you to surmount a problem in minutes.
• The course stresses the mindset of successful penetration testers and ethical hackers, which involves balancing the often contravening forces of thinking outside the box, methodically trouble-shooting, carefully weighing risks, following a time-tested process, painstakingly documenting results, and creating a high-quality final report that gets management and technical buy-in.
• We analyze how penetration testing and ethical hacking should fit into a comprehensive enterprise information security program.

Other Courses People Have Taken

Courses that lead in to SEC560:

• SEC504
• SEC542

Courses that are good follow-ups to SEC560:

• SEC660
• SEC575
• SEC542
• SEC573

• Access to the in-class Virtual Training Lab for over 30 in-depth labs
• A course USB with the SANS Slingshot Linux Penetration Testing Environment loaded with numerous tools used for all labs
• Access to recorded course audio to help hammer home important network penetration testing lessons
• Cheat sheets with details on professional use of Metasploit, Netcat, and more
• Worksheets to streamline the formulation of scope and rules of engagement for professional penetration tests

• Develop tailored scoping and rules of engagement for penetration testing projects to ensure the work is focused, well defined, and conducted in a safe manner
• Conduct detailed reconnaissance using document metadata, search engines, and other publicly available information sources to build a technical and organizational understanding of the target environment
• Utilize the Nmap scanning tool to conduct comprehensive network sweeps, port scans, Operating System fingerprinting, and version scanning to develop a map of target environments
• Choose and properly execute Nmap Scripting Engine scripts to extract detailed information from target systems
• Configure and launch the Nessus vulnerability scanner so that it discovers vulnerabilities through both authenticated and unauthenticated scans in a safe manner, and customize the output from such tools to represent the business risk to the organization
• Analyze the output of scanning tools to manually verify findings and perform false positive reduction using Netcat and the Scapy packet crafting tools
• Utilize the Windows and Linux command lines to plunder target systems for vital information that can further overall penetration test progress, establish pivots for deeper compromise, and help determine business risks
• Configure the Metasploit exploitation tool to scan, exploit, and then pivot through a target environment in-depth
• Conduct comprehensive password attacks against an environment, including automated password guessing (while avoiding account lockout), traditional password cracking, rainbow table password cracking, and pass-the-hash attacks
• Launch web application vulnerability scanners such as ZAP and then manually exploit Cross-Site Request Forgery, Cross-Site Scripting, Command Injection, and SQL injection attacks to determine the business risks faced by an organization

Student Testimonials:

• "I think if you genuinely want to learn how exploitation techniques work and how to properly think like a hacker, it would be silly not to attend SEC560." - Mark Hamilton, McAfee
• "SEC560 introduces the whole process of penetration testing from the start of engagement to the end." - Barry Tsang, Deloitte
• "I had heard of many of these tools in SEC560, but never had that level of hands-on before." - George Kaminski, Palo Alto Networks
• "I am a blue team member, and SEC560 shows me what I can do to improve." - Jeff Hicks, Vanguard
• "Thank you for an amazing week of training in SEC560! My favorite parts were lateral movement, password cracking, and web exploits!" - Robert Adams, Microsoft
• "As an incident responder, SEC560 provides me with more insight into how an attacker would approach penetrating an organization's network." - Ellis Drew, Target
• "As a software engineer, SEC560 will help me better understand things from a security perspective, which will result in more secure code." - Rick Muroski, Lockheed Martin
• "SEC560 provides practical, how-to material that I can use daily in my penetration testing activities--not only technically, but also from a business perspective." - Steve Nolan, General Dynamics

Student Reviews:

• Learning to Hack: My Experience with SANS SEC560, Network Penetration Testing and Ethical Hacking - by: Miguel Hummel
• My Takeaways from SANS Penetration Test Training - by: Adam Austin
• Takeaways from SANS SEC560- Ethical Hacking and Pen Testing - by: Shane Peden