Training
Featured Course View All Courses
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
NEW - AI Security Training
Can't find what you are looking for?

Let us help.

Contact us
Free Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

Customer Case Studies

Discover how organizations and individual cyber practitioners use SANS training and GIAC certifications

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Group Purchasing
Group Purchasing

Blueprint: Building a Better Pen Tester

Download File
Blueprint: Building a Better Pen Tester (PDF, 2.28MB)Published: 01 Aug, 2025
Created by:
Greg Bailey
Greg Bailey for SEC560: Enterprise Penetration Testing

High-value penetration testing involves modeling the techniques used by real-world computer attackers to find vulnerabilities, and under controlled circumstances, to exploit those flaws in a professional, safe manner according to a carefully designed scope and rules of engagement.

This process helps to determine business risk and potential impact of attacks, all with the goal of helping the organization improve its security stance.

Here are recommendations for each phase of penetration testing to help you provide higher business value in your work.

This poster has been created as a reference for the SEC560: Enterprise Penetration Testing course.

Meet Your Author

Greg Bailey
Greg Bailey

Greg Bailey

Principal Instructor

Greg Bailey, SANS Principal Instructor and Huntress SOC leader, teaches penetration testing and red teaming through real-world labs shaped by years of incident response and security operations leadership.

Read more about Greg Bailey

Related Resources

LLM Usage Cheat Sheet

Poster & Cheat SheetsOffensive Operations, Artificial Intelligence
  • 4 Jun 2026

Debugging Filesystem Minifilters with WinDbg

Poster & Cheat SheetsOffensive Operations
  • 26 May 2026

Using AI for Source Code Vulnerability Analysis

Poster & Cheat SheetsOffensive Operations, Artificial Intelligence
  • 14 May 2026

TCP/IP and tcpdump

Poster & Cheat SheetsOffensive Operations
  • 30 Apr 2026

An Introduction to C for Windows

Poster & Cheat SheetsOffensive Operations
  • 3 Apr 2026

Comprehensive Kernel Debugging for Windows Developers

Poster & Cheat SheetsOffensive Operations
  • 6 Aug 2025

Related Courses

  • Slide 1 of 20

    SEC588: Cloud Penetration Testing

    Intermediate
    SEC588Offensive Operations
    SEC588: Cloud Penetration Testing
    • GIAC Cloud Penetration Tester (GCPN)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 24 Hands-On Labs

    View course detailsRegister
  • Slide 2 of 20

    SEC536: Adversarial AI - Penetration Testing AI Systems

    BETA
    AI-FOCUSED
    Intermediate
    SEC536Offensive Operations, Artificial Intelligence
    SEC536: Adversarial AI - Penetration Testing AI Systems
    • 2 Days (Instructor-Led)
    • 12 CPEs / 12 Hours
    • Labs: 10 Hands-On Labs

    View course detailsRegister
  • Slide 3 of 20

    SEC543: AI-Assisted Source Code Analysis and Exploitation for Penetration Testers

    NEW
    AI-FOCUSED
    Intermediate
    SEC543Offensive Operations, Artificial Intelligence
    SEC543: AI-Assisted Source Code Analysis and Exploitation for Penetration Testers
    • 2 Days (Instructor-Led)
    • 12 CPEs / 12 Hours (Self-Paced)
    • Labs: 10 Hands-On Labs

    View course detailsRegister
  • Slide 4 of 20

    SEC565: Red Team Operations and Adversary Emulation

    UPDATED
    AI SKILLS
    Intermediate
    SEC565Offensive Operations, Artificial Intelligence
    SEC565: Red Team Operations and Adversary Emulation
    • GIAC Red Team Professional (GRTP)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 28 Hands-On Labs

    View course detailsRegister
  • Slide 5 of 20

    SEC560: Enterprise Penetration Testing

    UPDATED
    Intermediate
    SEC560Offensive Operations
    SEC560: Enterprise Penetration Testing
    • GIAC Penetration Tester (GPEN)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 30 Hands-On Labs

    View course detailsRegister
  • Slide 6 of 20

    SEC556: IoT Penetration Testing

    UPDATED
    AI SKILLS
    Intermediate
    SEC556Offensive Operations, Artificial Intelligence
    SEC556: IoT Penetration Testing
    • 3 Days (Instructor-Led)
    • 18 CPEs / 18 Hours (Self-Paced)
    • Labs: 13 Hands-On Labs

    View course detailsRegister
  • Slide 7 of 20

    SEC699: Advanced Purple Teaming - Adversary Emulation & Detection Engineering

    Advanced
    SEC699Offensive Operations
    SEC699: Advanced Purple Teaming - Adversary Emulation & Detection Engineering
    • 5 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 29 Hands-On Labs

    View course detailsRegister
  • Slide 8 of 20

    SEC665: Advanced Red Team Operations

    NEW
    Advanced
    SEC665Offensive Operations
    SEC670: Red Teaming Tools - Developing Windows Implants, Shellcode, Command and Control
    • 5 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 18 Hands-On Labs

    View course detailsRegister
  • Slide 9 of 20

    SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking

    Advanced
    SEC660Offensive Operations
    SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
    • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
    • 6 Days (Instructor-Led)
    • 46 CPEs / 46 Hours (Self-Paced)
    • Labs: 30 Hands-On Labs

    View course detailsRegister
  • Slide 10 of 20

    SEC504: Hacker Tools, Techniques, and Incident Handling

    MAJOR UPDATES
    AI SKILLS
    Essentials
    SEC504Offensive Operations, Artificial Intelligence
    SEC504: Hacker Tools, Techniques, and Incident Handling
    • GIAC Certified Incident Handler Certification (GCIH)
    • 6 Days (Instructor-Led)
    • 38 CPEs / 38 Hours (Self-Paced)
    • Labs: 44 Hands-On Labs

    View course detailsRegister
  • Slide 11 of 20

    SEC580: Metasploit for Enterprise Penetration Testing

    Intermediate
    SEC580Offensive Operations
    SEC580: Metasploit for Enterprise Penetration Testing
    • 12 CPEs / 12 Hours (Self-Paced)
    • Labs: 10 Hands-On Labs

    View course detailsRegister
  • Slide 12 of 20

    SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses

    Intermediate
    SEC599Offensive Operations
    SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses
    • GIAC Defending Advanced Threats (GDAT)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 25 Hands-On Labs

    View course detailsRegister
  • Slide 13 of 20

    SEC617: Wireless Penetration Testing and Ethical Hacking

    Advanced
    SEC617Offensive Operations
    SEC617: Wireless Penetration Testing and Ethical Hacking
    • GIAC Assessing and Auditing Wireless Networks (GAWN)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 20 Hands-On Labs

    View course detailsRegister
  • Slide 14 of 20

    SEC760: Advanced Exploit Development for Penetration Testers

    Advanced
    SEC760Offensive Operations
    SEC760: Advanced Exploit Development for Penetration Testers
    • 5 Days (Instructor-Led)
    • 40 CPEs / 40 Hours (Self-Paced)
    • Labs: 20 Hands-On Labs

    View course detailsRegister
  • Slide 15 of 20

    SEC542: Web App Penetration Testing and Ethical Hacking

    MAJOR UPDATES
    Intermediate
    SEC542Offensive Operations
    SEC542: Web App Penetration Testing and Ethical Hacking
    • GIAC Web Application Penetration Tester (GWAPT)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 35 Hands-On Labs

    View course detailsRegister
  • Slide 16 of 20

    SEC504J: Hacker Tools, Techniques, and Incident Handling (Japanese)

    Essentials
    SEC504JOffensive Operations
    SEC504: Hacker Tools, Techniques, and Incident Handling
    • GIAC Certified Incident Handler Certification (GCIH)
    • 6 Days (Instructor-Led)
    • 38 CPEs / 38 Hours
    • Labs: 30 Hands-On Labs

    View course detailsRegister
  • Slide 17 of 20

    SEC575: iOS and Android Application Security Analysis and Penetration Testing

    Intermediate
    SEC575Offensive Operations
    SEC575: iOS and Android Application Security Analysis and Penetration Testing
    • GIAC Mobile Device Security Analyst (GMOB)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 20 Hands-On Labs

    View course detailsRegister
  • Slide 18 of 20

    SEC598: AI and Security Automation for Red, Blue, and Purple Teams

    AI-FOCUSED
    Intermediate
    SEC598Offensive Operations, Artificial Intelligence
    SEC598: AI and Security Automation for Red, Blue, and Purple Teams
    • GIAC AI Security Automation Engineer (GASAE)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 25 Hands-On Labs

    View course detailsRegister
  • Slide 19 of 20

    SEC535: Offensive AI - Attack Tools and Techniques

    NEW
    AI-FOCUSED
    Intermediate
    SEC535Offensive Operations, Artificial Intelligence
    SEC535: Offensive AI - Attack Tools and Techniques
    • GIAC Offensive AI Analyst (GOAA)
    • 3 Days (Instructor-Led)
    • 18 CPEs / 18 Hours (Self-Paced)
    • Labs: 14 Hands-On Labs

    View course detailsRegister
  • Slide 20 of 20

    SEC670: Red Teaming Tools - Developing Windows Implants, Shellcode, Command and Control

    Advanced
    SEC670Offensive Operations
    SEC670: Red Teaming Tools - Developing Windows Implants, Shellcode, Command and Control
    • 6 Days (Instructor-Led)
    • 46 CPEs / 46 Hours (Self-Paced)
    • Labs: 27 Hands-On Labs

    View course detailsRegister