Every organization requires skilled information security personnel who can identify vulnerabilities in its systems and work assiduously to address them before bad actors strike. Sec560 gives you everything necessary for this mission.
This course covers every stage of penetration testing – from planning, scoping and reconnaissance through scanning, target exploitation, password attacks and wireless or web app manipulation. Your skills will be developed through extensive hands-on labs throughout.
Real-World Scanning
3D scanning transforms dreams into hyper-real realities – whether that means creating stunning special effects for movies or ultra-realistic avatars for games and VR. Scanning existing physical models often is easier than sculpting digital ones in modeling software.
Each organization requires skilled information security personnel who can recognize vulnerabilities and eliminate them before hackers strike. SANS penetration testing course Sec560 equips students to do just this, providing in-depth technical expertise and industry-leading methodologies for conducting high-value penetration tests. From proper planning and scoping through scanning, target exploitation, password attacks and web app manipulation; students leave this course fully prepared to engage in real world pen tests from start to finish.
This class qualifies for GIAC Penetration Testing Certified (GPEN) credit. Please see the GIAC website for details and to receive certification you must successfully complete this class and achieve a passing grade on all assessments.
Exploitation
Exploitation refers to any act of taking advantage of someone or something for personal gain, either directly or indirectly. People exploit others in various ways; one common way is paying an unfair wage in order to reap a profit. Karl Marx famously stated that workers in capitalist societies were exploited when forced to sell their labor at less than their full value when selling products made through their labor.
Social media provides another avenue for digital exploitation, lure people into criminal activity or unknown online games without their knowledge. Exploitation may also constitute child abuse when an adult encourages children or young people to participate in illegal activities they otherwise would not. One form of this exploitation occurs through “county lines,” where drugs are transported from large cities to rural areas via courier service – this practice is known as sexual exploitation of minors.
Password Attacks
Threat actors conducting password attacks attempt to fraudulently gain entry to password-protected accounts using software that expedites cracking and guessing techniques, such as brute force, dictionary attacks, or password spraying.
Brute force attacks use programs to randomly try every combination of characters until they find one that works, for instance if “qwerty” doesn’t work it will continue trying others like “abcdefghijklmnopqrstuvwxyz.”
Dictionary attacks use a predefined list of words to crack a password or access an account, often created from leaked passwords from previous data breaches.
Credential stuffing attacks involve exploiting leaked or stolen credentials to use in multiple resources without setting off account lockout limits, quickly gaining entry to an account before moving laterally within their network. Man-in-the-middle attacks allow attackers to capture usernames and passwords as the victim enters them into forms or input fields on websites, giving them access to accounts or resources they otherwise would not.
Web App Manipulation
An attacker could take advantage of web application parameters exchanged between browser and server to manipulate prices in carts, tokens in sessions, and values stored as cookies – this practice is known as web parameter tampering.
Hackers use web apps’ emails & messaging features to spoof user credentials, hijack users, or use phishing/ransomware scripts – this practice is commonly known as “spoofing.”
Organizations require information security staff who can find and address vulnerabilities quickly. SEC560 is the only course designed to fully prepare students for conducting high-value penetration tests from start to finish, including proper planning & scoping, scanning, exploiting & logging of high-value penetration tests. Furthermore, password attacks & web app manipulation training is provided as well. Finally, an introduction to GPEN Certification via its Security Skills Roadmap is also given so you can find your way towards earning this credential.