It is mandatory that students have previous exploit-writing experience using techniques such as those covered in SANS SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking. This includes experience with stack-based buffer overflows on both Linux and Windows, as well as experience defeating modern exploit mitigation controls such as Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), canaries, and SafeSEH. Experience with or an understanding of fuzzing tools such as the Sulley Fuzzing Framework and Peach is required. Programming experience is important, preferably with C/C++. At a minimum, scripting experience in a language such as Python, Perl, Ruby, or LUA is mandatory. Programming fundamentals such as functions, pointers, calling conventions, structures, classes, etc. will be assumed knowledge. Experience with reverse-engineering vulnerable code is also required, as is the ability to read x86 disassembly from within a debugger or disassembler. Experience with both Linux and Windows navigation is required, as well as TCP/IP experience. If you do not meet these requirements you may not be able to keep up with the pace of the course.
Courses that lead in to SEC760:
Courses that are prerequisites for SEC760:
SEC760 is a very challenging course covering topics such as remote debugging with IDA, writing IDA Python and IDC scripts, SDL and threat modeling, Linux heap overflows, patch diffing, use-after-free attacks, Windows Kernel debugging and exploitation, and much more. Please see the course syllabus for a detailed listing, and be sure to take a look at the recommended prerequisites and laptop requirements. You are expected to already know how to write exploits for Windows and Linux applications, bypass exploit mitigation controls such as DEP and ASLR, utilize return-oriented shellcode (ROP), etc.
SANS gets a lot of questions about this course. Am I ready for SEC760? Should I take SEC660 first? I have taken SEC660 but am I definitely ready for SEC760? I have taken SEC560, so can I jump right to SEC760 if I only want the exploit development material? I have not taken any SANS pen testing courses, so which one should I start with? I have taken a course through Offensive Security or Corelan, is the material the same?
There is no "one size fits all" reply to these types of questions, as everyone has a different level of experience. SANS's recommendation is to thoroughly read through the course syllabus and prerequisite statements for any course you are considering. The course author, Stephen Sims, is available to answer any questions you may have about the subject matter in order to help you make an informed decision. You can reach Stephen Sims at stephen@deadlisting.com
SANS has prepared written a 10 question exam that will help you determine if you are better suited for SEC660 or SEC760. Remember that this is purely from an exploit development perspective. SEC660 includes two days of material on introduction to exploit development and bypassing exploit mitigation controls. Much of the other material in SEC660 is on a wide range of advanced penetration testing topics such as network device exploitation (routers, switches, network access control), pentesting cryptographic implementations, fuzzing, Python, network booting attacks, escaping Linux and Windows restricted environments, etc. Many students of SEC760 have taken training from Offensive Security, Exodus Intelligence, Corelan, and others. Though there will certainly be overlap in some sections, there are many unique sections without overlap.
