GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)

Overview

SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking is designed as a logical progression point for those who have completed SANS SEC560: Network Penetration Testing and Ethical Hacking, or for those with existing penetration testing experience. Students with the prerequisite knowledge to take this course will walk through dozens of real-world attacks used by the most seasoned penetration testers. The methodology of a given attack is discussed, followed by exercises in a hands-on lab to consolidate advanced concepts and facilitate the immediate application of techniques in the workplace.

Each day of the course includes a two-hour evening boot camp to drive home additional mastery of the techniques discussed. A sample of topics covered includes weaponising Python for penetration testers, attacks against network access control (NAC) and virtual local area network (VLAN) manipulation, network device exploitation, breaking out of Linux and Windows restricted environments, IPv6, Linux privilege escalation and exploit-writing, testing cryptographic implementations, fuzzing, defeating modern OS controls such as address space layout randomisation (ASLR) and data execution prevention (DEP), return-oriented programming (ROP), Windows exploit-writing, and much more!

Learning Outcome

At the end of the course, participants will learn how to:

• Perform penetration testing safely against network devices such as routers, switches, and NAC implementations
• Test cryptographic implementations
• Leverage an unprivileged foothold for post exploitation and escalation
• Fuzz network and stand-alone applications
• Write exploits against applications running on Linux and Windows systems
• Bypass exploit mitigations such as ASLR, DEP, and stack canaries

Who should Attend?

• Network and Systems Penetration Testers: SEC660 provides penetration testers with the training they need to perform advanced testing against known or unknown applications, services, and network systems. This course also gives students the expertise to perform complex attacks and develop their own exploits for existing and new frameworks.
• Incident Handlers: SEC660 gives incident handlers the knowledge they need to understand advanced threats, as handlers are often tasked with determining the threat level associated with an attack. The ability to understand advanced attack techniques and analyse exploit code can help a handler identify, detect, and respond to an incident.
• Application Developers: SEC660 teaches developers the ramifications of poor coding. Often, a developer or code reviewer is required to clearly demonstrate the threat and impact of a coding error. This course provides developers with the knowledge to create proof-of-concept exploit code and document their findings.
• IDS Engineers: SEC660 teaches IDS professionals how to analyse exploit code and identify weaknesses. This knowledge can be used to write better IDS signatures and understand the impact of an alert.

Eligibility Criteria

This is a fast-paced, advanced course that requires a strong desire to learn advanced penetration testing and custom exploitation techniques. The following SANS courses are recommended either prior to or as a companion to taking this course:

• SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling
• SEC560: Network Penetration Testing and Ethical HackingExperience with programming in any language is highly recommended.

At a minimum, students are advised to read up on basic programming concepts. Python is the primary language used during class exercises, while programs written in C and C++ code are the primary languages being reversed and exploited. The basics of programming will not be covered in this course, although there is an introductory module on Python.

You should also be well versed with the fundamentals of penetration testing prior to taking this course. Familiarity with Linux and Windows is mandatory. A solid understanding of TCP/IP and networking concepts is required.