SANS GXPN Advanced Penetration Testing, Exploits and Ethical Hacking Self-Paced CourseSecurity 660: Advanced Penetration Testing, Exploits, and Ethical Hacking. Covers the complete GIAC Ethical Hacking (GXPN) curriculum. *Special discount for GoCertify users.
Available Training Formats:
(current price & free demo via our partner's website)
Product Details:This is a self-study computer ethical hacking training course. Students in the self-study program receive the same content you would receive in the classroom environment.
SANS SEC660: Advanced Penetration Testing, Exploits, and Ethical Hacking engages attendees with in-depth knowledge of the most prominent and powerful attack vectors and an environment to perform these attacks in numerous hands-on scenarios. This course goes far beyond simple scanning for low-hanging fruit, and shows penetration testers how to model the abilities of an advanced attacker to find significant flaws in a target environment and demonstrate the business risk associated with these flaws.
SANS SEC660 Advanced Penetration Testing, Exploits, and Ethical Hacking starts off by introducing advanced penetration concepts, which will become the focus throughout the course. The course quickly dives deep into modern operating system controls, which stump many attackers and penetration testers. There are often ways around controls such as address space layout randomization (ASLR), data execution prevention (DEP), canaries, and many others. These controls are introduced on day one and defeated at various points throughout the course. The remainder of the day is spent using the Python programming language for penetration testing. Scripting skills are essential to automate and speed up scanning, perform fuzzing, as well as launch exploits. Evening labs each day are used to allow for additional time practicing the techniques learned.
Day two jumps into accessing, manipulating, and exploiting the network. Attacks are performed against NAC, VLANs, DHCP, 802.1X, CDP, VOIP, ARP, SNMP, and others. Day three takes a look at very successful attacks against Windows domain environments. Topics include breaking out of RDP sessions, performing MitM attacks against Kerberos and RDP, downgrading authentication protocols, harvesting passwords in unusual locations, and many others. Days four and five are spent exploiting programs on the Linux and Windows operating systems. You will learn to identify privileged programs, redirect code execution in debuggers, reverse-engineer programs to locate vulnerable code, obtain code execution for administrative shell access, and defeat modern operating system controls such as ASLR and DEP. Client-side attacks are also covered and you will understand how to perform vulnerability discovery and exploit development. The final course day is dedicated to numerous penetration testing challenges requiring you to solve complex problems and capture flags.
Detailed instructor bios, course blueprint, and demo materials are available through the course sign-up page. Self-study course materials include:
- SANS printed course books and CD (CD not applicable to certain courses)
- Two GIAC Practice Tests for each exam required for certification (GIAC Certification students only)
- Four-month online access to MP3 files of the course taught by the world's best instructors
- The SANS "OnDemand" advanced delivery option adds online access to visual training content in addition to the audio training, as well as integrated courseware and an online mentor.