What Is The Primary Focus Of Each Course?
While both classes cover common attack techniques in use today, they each have a very different goal.
SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling is primarily focused on learning the attack techniques through the perspective of an Incident Handler supporting the theme that "offense must inform defense".
SEC560: Network Penetration Testing and Ethical Hacking covers many of the same attacks with the primary goal of teaching students how to execute those attacks to perform high quality network penetration tests.
How Are They Different?
How Are They Similar?
Is There Overlap?
I've Already Taken SEC504. Should I Take SEC560 as a Follow-on?
I've Taken Neither SEC504 nor SEC560. Where Should I Start?
Where Can I Get More Information About Each Course?
How Are They Different?
What you'll learn | SEC504 | SEC560 |
|---|---|---|
| Incident Handling Process | Covered | Not Covered |
| Incident Reporting | Covered | Not Covered |
| Defensive Spotlights | Covered* | Not Covered |
| Forensic Imaging | Covered | Not Covered |
| Handling Evidence | Covered | Not Covered |
| Memory, Network, & Malware Analysis | Covered* | Not Covered |
| Wireless Attacks | Covered* | Not Covered |
| Web Application Attacks | Covered* | Not Covered |
| Physical Attacks | Covered | Not Covered |
| Pen Test Focused | Not Covered | Covered |
| Pen Test Process & Planning | Not Covered | Covered* |
| Pen Test Reporting | Not Covered | Covered |
| Building Pen Testing Infrastructure | Not Covered | Covered |
| Organizational Recon | Not Covered | Covered* |
| Infrastructure Recon | Not Covered | Covered* |
| User/Employee Recon | Not Covered | Covered* |
| Privilege Escalation | Not Covered | Covered* |
| Attacking Azure | Not Covered | Covered* |
* includes hands-on lab
How Are They Similar?
What you'll learn | SEC504 | SEC560 |
|---|---|---|
| MITRE ATT&ACK | Covered | Partially Covered |
| Recon & Enumeration | Partially Covered* | Covered* |
| Kerberoasting | Partially Covered | Covered* |
| Attacking Active Directory | Partially Covered | Covered* |
| Active Directory Persistence | Not Covered | Covered* |
Is There Overlap?
What you'll learn | SEC504 | SEC560 |
| Intro to Hacking | Covered | Covered |
| Netcat | Covered* | Covered* |
| Password Guessing | Covered* | Covered* |
| Password Cracking | Covered* | Covered* |
I've Already Taken SEC504. Should I Take SEC560 as a Follow-on?
SEC560 was designed as a perfect follow-on for people who have already taken SEC504 and are looking to get into more depth with tools used in professional penetration testing and ethical hacking. SEC560 is not recycled SEC504 material; it is an entirely different class with an entirely different set of slides and exercises.
I've Taken Neither SEC504 nor SEC560. Where Should I Start?
If you are more interested in incident handling, 504 is the course for you. If you need to develop your penetration testing skills, start with 560. Neither course is a pre-requisite for the other.
Where Can I Get More Information About Each Course?
Click here to learn more about SANS SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling
Click here to learn more about SANS SEC560: Network Penetration Testing and Ethical Hacking