• Classroom
Course Description

To be a top penetration testing professional, you need fantastic hands-on skills for finding, exploiting and resolving vulnerabilities. Top instructors at SANS engineered SEC561: Immersive Hands-on Hacking Techniques from the ground up to help you get good fast. The course teaches in-depth security capabilities through 80%+ hands-on exercises, maximizing keyboard time on in-class labs and making this SANS' most hands-on course ever. With over 30 hours of intense labs, students experience a leap in their capabilities, as they come out equipped with the practical skills needed to handle today's pen test and vulnerability assessment projects in enterprise environments. Throughout the course, an expert instructor coaches students as they work their way through solving increasingly demanding real-world information security scenarios using skills that they will be able to apply the day they get back to their jobs.

Topics addressed in the course include:

  • Applying network scanning and vulnerability assessment tools to effectively map out networks and prioritize discovered vulnerabilities for effective remediation.
  • Manipulating common network protocols to reconfigure internal network traffic patterns, as well as defenses against such attacks.
  • Analyzing Windows and Linux systems for weaknesses using the latest enterprise management capabilities of the operating systems, including the super-powerful Windows Remote Management (WinRM) tools.
  • Applying cutting-edge password analysis tools to identify weak authentication controls leading to unauthorized server access.
  • Scouring through web applications and mobile systems to identify and exploit devastating developer flaws.
  • Evading anti-virus tools and bypassing Windows User Account Control to understand and defend against these advanced techniques.
  • Honing phishing skills to evaluate the effectiveness of employee awareness initiatives and your organization's exposure to one of the most damaging attack vectors widely used today.

People often talk about these concepts, but this course teaches you how to actually do them hands-on and in-depth. SEC561 shows penetration testers, vulnerability assessment personnel, auditors, and operations personnel how to leverage in-depth techniques to get powerful results in every one of their projects. The course is overflowing with practical lessons and innovative tips, all with direct hands-on application. Throughout the course, students interact with brand new and custom-developed scenarios built just for this course on the innovative NetWars challenge infrastructure, which guides them through the numerous hands-on labs providing questions, hints, and lessons learned as they build their skills.

Learning Objectives

  • Use network scanning and vulnerability assessment tools to effectively map out networks and prioritize discovered vulnerabilities for effective remediation.
  • Use password analysis tools to identify weak authentication controls leading to unauthorized server access.
  • Evaluate web applications for common developer flaws leading to significant data loss conditions.
  • Manipulate common network protocols to maliciously reconfigure internal network traffic patterns.
  • Identify weaknesses in modern anti-virus signature and heuristic analysis systems.
  • Inspect the configuration deficiencies and information disclosure threats present on Windows and Linux servers.
  • Bypass authentication systems for common web application implementations.
  • Exploit deficiencies in common cryptographic systems.
  • Bypass monitoring systems by leveraging IPv6 scanning and exploitation tools.
  • Harvest sensitive mobile device data from iOS and Android targets.

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.