SANS Instructors: Author Statements

SANS Instructors:
Ed Skoudis"Successful penetration testers don't just throw a bunch of hacks against an organization and regurgitate the output of their tools. Instead, they need to understand how these tools work in-depth, and conduct their test in a careful, professional manner. This course explains the inner workings of numerous tools and their use in effective network penetration testing and ethical hacking projects." - Ed Skoudis

SEC504: Hacker Techniques, Exploits & Incident Handling

Ed Skoudis"My favorite part of teaching Hacker Techniques, Exploits, and Incident Handling is watching students when they finally get it. It's usually a two-stage process. First, students begin to realize how truly malicious some of these attacks are. Some students have a very visceral reaction, occasionally shouting out Oh, shoot! when they see what the bad guys are really up to. But if I stopped the process at that point, I'd be doing a disservice. The second stage is even more fun. Later in the class, students gradually realize that, even though the attacks are really nasty, they can prevent, detect, and respond to them. Using the knowledge they gain in this track, they know they'll be ready when a bad guy launches an attack against their systems. And being ready to thwart the bad guys is what its all about." - Ed Skoudis

SEC542: Web App Penetration Testing and Ethical Hacking

Seth MisenarEric Conrad"Students routinely show up to SEC542 having been demoralized by their organization's web application vulnerability scanner. Sitting on the business end of these scanners, students regularly attest to 1,000+ pages of output littered with false positives. One of the most rewarding aspects of teaching SEC542 is seeing and hearing those very same students' enthusiasm for applying the skills they have learned through the week to the applications they are responsible for securing. They intrinsically knew the push-button approach to penetration testing was failing them, but lacked the knowledge and skill to ably and efficiently perform any other style of assessment. We are happy to say that SEC542 remedies this problem. Students walk away from class with a deep knowledge of key web application flaws and how to discover and exploit them, as well as how to present these findings in an impactful way." - Seth Misenar and Eric Conrad

SEC560: Network Penetration Testing and Ethical Hacking

Ed Skoudis"Successful penetration testers don't just throw a bunch of hacks against an organization and regurgitate the output of their tools. Instead, they need to understand how these tools work in-depth, and conduct their test in a careful, professional manner. This course explains the inner workings of numerous tools and their use in effective network penetration testing and ethical hacking projects. When teaching the class, I particularly enjoy the numerous hands-on exercises culminated with a final pen-testing extravaganza lab." - Ed Skoudis

SEC561: Intense Hands-on Pen Testing Skill Development

Joshua Wright"In creating this course, we focused on getting as much practical, hands-on skill building into the classroom as possible. Each day begins with a short briefing on the technical topics students will work on throughout the day. Then, students build their skills analyzing real-world target systems in the classroom. When students walk out of the class, they'll have mastered over 100 new techniques for finding, exploiting, and then fixing security flaws. Just as aircraft pilots needs more "stick" time learning how to fly, this course provides penetration testers and other security professionals real-world hands-on experience they need to excel in their work." - Joshua Wright

SEC562: CyberCity Hands-on Kinetic Cyber Range Exercise

Tim MedinJoshua WrightEd Skoudis"The world faces a critical shortage of individuals with the skills needed to defend the computer systems and network infrastructures that control our physical world. We built this course to help fill that gap, teaching cyber warriors how to analyze, control, and defend countless control systems, protocols, and other kinetic infrastructures they will increasingly face in the future. The course is chock full of practical skills that security professionals can use in their own practice. The coolest part of the course is the fact that students can actually see the impact on the city of their hands-on lab work through real-time streaming video to the classroom. For example, when you restore the power grid, you will actually see the lights in the city turn back on (and a newspaper article get published in real-time about the end of the blackout). Nearly every mission in the course provides visual impacts, which inspire and excite students and instructors alike." - Ed Skoudis, Josh Wright, & Tim Medin

SEC573: Python for Penetration Testers

Mark Baggett"Today basic scripting skills are essential to professionals in all aspects of information security. Understanding how to develop your own applications means you can automate tasks and do more, with fewer resources, in less time. As penetration testers, knowing how to use canned information security tools is a basic skill that you must have. Knowing how to build your own tools when the tools someone else wrote fail is what seperates the great penetration testers from the good. This course is designed for security professionals who have some basic scripting skills and want to learn how to apply them to the field of penetration testing. The course will cover the essential skills that are needed to develop applications that interact with networks, websites, databases, and file systems so you can take your career to the next level. We will cover these essential skills as we build practical applications that you can immediately put into use in your penetration tests." - Mark Baggett

SEC760: Advanced Exploit Development for Penetration Testers

Stephen Sims"As a perpetual student of information security, I am excited to offer this course on advanced Exploit Writing for Penetration Testers. Exploit development is a hot topic as of late and will continue to grow moving forward. With all of the modern exploit mitigation controls offered by operating systems such as Windows 7 and 8, the number of experts with the skills to produce working exploits is highly limited. More and more companies are hiring to fill experts with the ability to aid in a Secure-SDLC process, perform threat modeling, determine if vulnerabilities are exploitable, and perform security research. This course was written to help you get into these highly sought after positions and to teach you cutting edge tricks to thoroughly evaluate a target, providing you with the skills to improve your exploit development. Contact me at stephen@deadlisting.com if you have any questions about the course!"- Stephen Sims

SEC580: Metasploit Kung Fu for Enterprise Pen Testing

John StrandEd Skoudis"Metasploit is the most popular free exploitation tool available today. It is in widespread use by penetration testers, vulnerability assessment personnel, and auditors. However, most of its users rely on only about 10 percent of its functionality, not realizing the immensely useful, but often poorly understood, features that Metasploit offers. This course will enable students to master the 10 percent they currently rely on (applying it in a more comprehensive and safe manner), while unlocking the other 90 percent of features they can then apply to make their tests more effective. By attending the course, they will learn how to make a free tool achieve the power of many much more costly commercial tools." - Ed Skoudis & John Strand

SEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses

Joshua Wright

"It's been amazing to watch the progression of wireless technology over the past several years. WiFi has grown in maturity and offers strong authentication and encryption options to protect networks, and many organizations have migrated to this technology. At the same time, attackers are becoming more sophisticated, and we've seen significant system breaches netting millions of payment cards that start with a wireless exploit. This pattern has me very concerned, as many organizations, even after deploying WPA2 and related technology, remain vulnerable to a number of attacks that expose their systems and internal networks.

"With the tremendous success of WiFi, other wireless protocols have also emerged to satisfy the needs of longer-distance wireless systems (WiMAX), lightweight embedded device connectivity (ZigBee and IEEE 802.15.4), and specialty interference-resilient connectivity (Bluetooth and DECT). Today, it's not enough to be a WiFi expert; you also need to be able to evaluate the threat of other standards-based and proprietary wireless technologies as well.

"In putting this class together, I wanted to help organizations recognize the multi-faceted wireless threat landscape and evaluate their exposure through ethical hacking techniques. Moreover, I wanted my students to learn critical security analysis skills so that, while we focus on evaluating wireless systems, the vulnerabilities and attacks we leverage to exploit these systems can be applied to future technologies as well. In this manner, the skills you build in this class remain valuable for today's wireless technology, tomorrow's technology advancements, and for other complex systems you have to evaluate in the future as well." - Joshua Wright

SEC642: Advanced Web App Penetration Testing and Ethical Hacking

Justin Searle "Students who have taken SEC542 have learned the benefits of applying hands-on in-depth web application penetration testing techniques to take their assessments far beyond the limited push-button approach of purely automated scanners, but how do we take that to the next level? How can we dig deeper to find those vulnerabilities still hiding in our apps? In SEC642, I love seeing students get excited about taking SQLi, RFI/LFI, XSRF/XSS exploits to the next level, exploring the ins and outs of various web frameworks, testing for crypto flaws in cookies and parameter values that look like random characters to novice testers, working with alternate web interfaces like services and client side binaries, and probing the effectiveness of their WAFs. In SEC642 we get to step away from the basics and dig into advanced topics that can be leveraged in our assessments, exploring parts of our apps that are often overlooked or not considered testable by less experienced penetration testers." - Justin Searle

SEC660: Advanced Penetration Testing, Exploits, and Ethical Hacking

Stephen Sims "As a perpetual student of information security, I am excited to offer this course on advanced penetration testing. Often, when conducting an in-depth penetration test, we are faced with situations that require unique or complex solutions to successfully pull off an attack, mimicking the activities of increasingly sophisticated real-world attackers. Without the skills to do so, you may miss a major vulnerability or not properly assess its business impact. Target system personnel are relying on you to tell them whether or not an environment is secured. Attackers are almost always one step ahead and are relying on our nature to become complacent with controls we work so hard to deploy. This course was written to keep you from making mistakes others have made, teach you cutting edge tricks to thoroughly evaluate a target, and provide you with the skills to jump into exploit development. Contact me at stephen@deadlisting.com if you have any questions about the course!" - Stephen Sims