Security West 2021 - Live Online

Important! Bring your own system configured according to these instructions!

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, we strongly urge you to arrive with a system meeting all the requirements specified for the course.

It is critical that you back up your system before class. It is also strongly advised that you do not bring a system storing any sensitive data.

System Hardware Requirements

CPU

• 64-bit Intel i5/i7 2.0+ GHz processor
• Your system's processor must be a 64-bit Intel i5 or i7 2.0 GHz processor or higher. Your CPU and OS must support a 64-bit guest virtual machine.
• VMware provides a free tool for Windows that will detect whether or not your host supports 64-bit guest virtual machines.
• Windows users can use this article to learn more about their CPU and OS capabilities.
• Apple users can use this support page to learn more information about Mac 64-bit capability.

BIOS

• Enabled "Intel-VT"
• Intel's VT (VT-x) hardware virtualization technology should be enabled in your system's BIOS or UEFI settings. You must be able to access your system's BIOS throughout the class. If your BIOS is password-protected, you must have the password.

USB

• USB 3.0 Type-A port
• At least one available USB 3.0 Type-A port is required for copying large data files from the USB 3.0 thumb drives we provide in class. The USB port must not be locked in hardware or software. Some newer laptops may have only the smaller Type-C ports. In this case, you will need to bring a USB Type-C to Type-A adapter.

RAM

• 8 GB RAM (4 GB minimum) is required for the best experience. To verify on Windows 10, press Windows key to open Settings, then click "System," then "About." Your RAM information will be toward the bottom of the page. To verify on a Mac, click the Apple logo at the top left-hand corner of your display and then click "About this Mac."

Hard Drive Free Space

• 60 GB FREE of FREE space on the hard drive is critical to host the virtual machines and additional files we distribute. SSD drives are also highly recommended, as they allow virtual machines to run much faster than mechanical hard drives.

Operating System

• Latest version of Windows 10, macOS 10.15.x or later, or Linux that also can install and run VMware virtualization products described below. It is necessary to fully update your host operating system prior to the class to ensure you have the right drivers and patches installed to utilize the latest USB 3.0 devices. Those who use a Linux host must also be able to access exFAT partitions using the appropriate kernel or FUSE modules.
• Note: Apple systems using the M1 processor cannot perform the necessary virtualization at this time and cannot be used for this course.

Additional Hardware Requirements

The requirements below are in addition to the baseline requirements provided above. Prior to the start of class, you must install virtualization software and meet additional hardware and software requirements as described below. If you do not carefully read and follow these instructions, you will leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course.

• Network, Wireless Connection
• A wireless 802.11 B, G, N, or AC network adapter is required. This can be the internal wireless adapter in your system or an external USB wireless adapter. A wireless adapter allows you to connect to the network without any cables. If you can surf the Internet on your system without plugging in a network cable, you have wireless.

Additional Software Requirements

• Download and install either VMware Workstation Pro 15.5.x, VMware Player 15.5.x or Fusion 11.5.x or higher versions before class. If you do not own a licensed copy of VMware Workstation or Fusion, you can download a free 30-day trial copy from VMware. VMware will send you a time-limited serial number if you register for the trial at their website.
• Other virtualization software, such as VirtualBox and Hyper-V, are not appropriate because of compatibility and troubleshooting problems you might encounter during class.
• VMware Workstation Pro and VMware Player on Windows 10 is not compatible with Windows 10 Credential Guard and Device Guard technologies. Please disable these capabilities for the duration of the class, if they're enabled on your system, by following instructions in this document.

System Configuration Settings

• Local Admin - Have an account with local admin privileges.
• Some of the tools used in the course will require local admin access. This is absolutely required. If your company will not permit this access for the duration of the course, then you should make arrangements to bring a different system.
• Disable VPN - The ability to disable your enterprise VPN client temporarily for some exercises.
• Enterprise VPN clients may interfere with the network configuration required to participate in the class. To avoid any frustration in class, uninstall or disable your enterprise VPN client for the duration of the class. If you keep it installed, make sure that you have the access to disable or uninstall it at class.
• Disable AV - The ability to disable your anti-virus tools temporarily for some exercises.
• You will be required to disable your anti-virus tools temporarily for some exercises, so make sure you have the anti-virus administrator permissions to do so. DO NOT plan on just killing your anti-virus service or processes, because most anti-virus tools still function even when their associated services and processes have been terminated. For many enterprise-managed clients, disabling your anti-virus tool may require a different password than the Administrator account password. Please bring that administrator password for your anti-virus tool.

Your course media will now be delivered via download. The media files for class can be large, some in the 40 - 50 GB range. You need to allow plenty of time for the download to complete. Internet connections and speed vary greatly and are dependent on many different factors. Therefore, it is not possible to give an estimate of the length of time it will take to download your materials. Please start your course media downloads as you get the link. You will need your course media immediately on the first day of class. Waiting until the night before the class starts to begin your download has a high probability of failure.

SANS has begun providing printed materials in PDF form. Additionally, certain classes are using an electronic workbook in addition to the PDFs. The number of classes using eWorkbooks will grow quickly. In this new environment, we have found that a second monitor and/or a tablet device can be useful by keeping the class materials visible while the instructor is presenting or while you are working on lab exercises.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

Both attack-focused and defense-focused security practitioners will benefit greatly from SEC588 by gaining a deep understanding of vulnerabilities, insecure configurations, and the associated business risk to their organizations. This course benefits penetration testers, vulnerability analysts, risk assessment officers, DevOps engineers, site reliability engineers, and those working in many other areas.

Courses that can lead up to this course include:

SANS SEC488: Cloud Security Essentials

SANS SEC542: Web Application Penetration Testing and Ethical Hacking

SANS SEC540: Cloud Security and DevOps Automation

SANS SEC560: Network Penetration Testing and Ethical Hacking

This course has many labs, so it is critical that students come prepared with the following base level of knowledge:

1. Familiarity with Linux bash - Not expert level, but a base understanding.
2. Basic familiarity with Azure and AWS CLI tools - Watching a simple introductory video will suffice.
3. Base understanding of networking and TCP/IP.
4. Rudimentary understanding of the Metasploit CLI console.
5. Understanding how pivots work.

Students who have taken SEC560 will have the knowledge needed on some of the topics above, but they may want to also look at the following:

• Azure CLI: https://docs.microsoft.com/en-us/cli/azure/get-started-with-azure-cli
• AWS CLI: https://aws.amazon.com/cli/
• AWS CLI examples: https://docs.aws.amazon.com/cli/latest/userguide/welcome-examples.html

Students coming from SEC540 or a different cloud course will want to look over the following materials:

• SANS Cheatsheets: https://www.sans.org/blog/the-ultimate-list-of-sans-cheat-sheets/
• SANS Metasploit Cheatsheet: https://www.sans.org/blog/sans-pen-test-cheat-sheet-metasploit/

• Access to the in-class Virtual Training Lab for over 30 in-depth labs
• Access to recorded course audio to help hammer home important penetration testing lessons

• Conduct cloud-based penetration tests
• Assess cloud environments and bring value back to the business by locating vulnerabilities
• Understand first-hand how cloud environments are constructed and how to scale factors into the gathering of evidence
• Assess security risks in Amazon and Microsoft Azure environments, the two largest cloud platforms in the market today
• Immediately apply what you have learned to your work