HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 54 guests and 1 member online
 
Free Business and Tech Magazines and eBooks

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow SANS SEC 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking
EH-Net
May 24, 2013, 09:59:55 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: SANS SEC 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking  (Read 7552 times)
0 Members and 1 Guest are viewing this topic.
Dark_Knight
Sr. Member
****
Offline Offline

Posts: 292


View Profile WWW
« on: January 06, 2012, 12:40:21 PM »
Has anybody here taken this course: https://www.sans.org/security-training/advanced-penetration-testing-exploits-ethical-hacking-1517-mid

I am wondering how it compares to say the OSCE.

Thoughts???
Logged
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
doodleface
Newbie
*
Offline Offline

Posts: 34



View Profile WWW
« Reply #1 on: January 06, 2012, 01:40:26 PM »
I have taken this course, though I have not taken the OSCE yet, but I am going to within the next month or so, so I could give you a direct comparison based on experience in the near future. Otherwise, based on what I have been told about the OSCE and my experience with SEC660.

660 you will learn not just how to write advanced exploits, but you will learn some of the theory and technology of memory and processors to better understand why and how exploits work thus enabling you to better build your own no matter what anti exploit technology faces you.

660 also shows a lot of neat tricks for just hacking in general which go well beyond what you learn in any other hacking style courses.

It is in my opinion that 660 coupled with 710 are a great combo since 710 picks up where 660 leaves off in regards to exploit development and goes well beyond what OSCE covers(based on what I have heard about OSCE).

Now OSCE forces you to actually build exploits, but not necessarily understand how or why they work, and you are prompted to learn some of that on your own since it is self paced.

I think those who take 660 are a more well rounded advanced pen tester, and those who take just the OSCE are very good at writing exploits for many situations but not all.

Keeping in mind my opinion may change after I take the OSCE.

I hope this helps!
Logged
CISSP, OSCP, C|EH, E|CSA, C|HFI, GXPN, GWAPT, GCIH, GISP, GSEC, MCITP:EA, CCNA, FCT, FCNSP, JNCIA, JNCIA-FWV, MCSE Security, A+, Net+, Server+, Security+
BillV
Hero Member
*****
Offline Offline

Posts: 1892


View Profile WWW
« Reply #2 on: January 06, 2012, 05:23:36 PM »
That's an interesting perspective on it. I look forward to hearing your feedback once you've taken the OSCE as well.

I'm hoping to do the 660 course this year as my GPEN will be expiring.
Logged
Dark_Knight
Sr. Member
****
Offline Offline

Posts: 292


View Profile WWW
« Reply #3 on: January 06, 2012, 05:26:16 PM »
Quote from: doodleface on January 06, 2012, 01:40:26 PM
I have taken this course, though I have not taken the OSCE yet, but I am going to within the next month or so, so I could give you a direct comparison based on experience in the near future. Otherwise, based on what I have been told about the OSCE and my experience with SEC660.

660 you will learn not just how to write advanced exploits, but you will learn some of the theory and technology of memory and processors to better understand why and how exploits work thus enabling you to better build your own no matter what anti exploit technology faces you.

660 also shows a lot of neat tricks for just hacking in general which go well beyond what you learn in any other hacking style courses.

It is in my opinion that 660 coupled with 710 are a great combo since 710 picks up where 660 leaves off in regards to exploit development and goes well beyond what OSCE covers(based on what I have heard about OSCE).

Now OSCE forces you to actually build exploits, but not necessarily understand how or why they work, and you are prompted to learn some of that on your own since it is self paced.

I think those who take 660 are a more well rounded advanced pen tester, and those who take just the OSCE are very good at writing exploits for many situations but not all.

Keeping in mind my opinion may change after I take the OSCE.

I hope this helps!
Much appreciated.
Logged
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
MaXe
Hero Member
*****
Offline Offline

Posts: 669


I've just upgraded myself to a cyborg muahahaa!!1


View Profile WWW
« Reply #4 on: January 09, 2012, 12:49:29 PM »
I can't wait to hear about it too, and eventually you should do OffSec AWE too and see how that compares hehe I bet it's like nothing you've ever imagined  Grin
Logged
I'm an InterN0T'er
Dark_Knight
Sr. Member
****
Offline Offline

Posts: 292


View Profile WWW
« Reply #5 on: January 09, 2012, 01:00:58 PM »
Quote from: MaXe on January 09, 2012, 12:49:29 PM
I can't wait to hear about it too, and eventually you should do OffSec AWE too and see how that compares hehe I bet it's like nothing you've ever imagined  Grin

I recently did the fc4.me challenge and it felt like a course all by itself Smiley I cannot begin to imagine what AWE will be about.
Logged
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
MaXe
Hero Member
*****
Offline Offline

Posts: 669


I've just upgraded myself to a cyborg muahahaa!!1


View Profile WWW
« Reply #6 on: January 09, 2012, 03:28:44 PM »
Haha Dark_Knight I know the feeling, and even that, is just "touching the door", CTP is opening the door, and AWE is stepping through the door and into the unknown  Smiley I haven't done AWE, but I've heard from plenty of people it's insane, but really nice  Grin
Logged
I'm an InterN0T'er
Dark_Knight
Sr. Member
****
Offline Offline

Posts: 292


View Profile WWW
« Reply #7 on: January 09, 2012, 03:53:23 PM »
Quote from: MaXe on January 09, 2012, 03:28:44 PM
Haha Dark_Knight I know the feeling, and even that, is just "touching the door", CTP is opening the door, and AWE is stepping through the door and into the unknown  Smiley I haven't done AWE, but I've heard from plenty of people it's insane, but really nice  Grin
I can only imagine. I have heard that the classes normally start out "full enough" and as time goes by the number usually gets smaller. At one point I heard one guy just got up and left after a couple hours Smiley
Logged
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
doodleface
Newbie
*
Offline Offline

Posts: 34



View Profile WWW
« Reply #8 on: January 09, 2012, 06:02:16 PM »
When I get the opportunity to take the AWE class, I will be glad to compare and contrast the differences between AWE, CTP, 660 and 710. Though based on what I have been told about the class and looking at the curriculum for AWE, it is much like the SEC710 course which is entirely advanced exploit development. When I tool the 710 course I learned how to defeat hardware and software DEP in windows and in Linux. I learned how to defeat ASLR in Windows and Linux. I learned to use these methodologies in stack and heap based overflows as well as format string attacks. I also learned how to do Return Oriented Programming which is one of the most advanced ways to get around anti-exploit technology.

Based on my experience with SEC710 and what I have been told about AWE, they are pretty close except you don't learn about advanced Linux exploit development and I haven't heard they teach ROP, but I may be wrong.

That is all I got on that topic. I will be sure to share my experience when I get the chance to take AWE.
Logged
CISSP, OSCP, C|EH, E|CSA, C|HFI, GXPN, GWAPT, GCIH, GISP, GSEC, MCITP:EA, CCNA, FCT, FCNSP, JNCIA, JNCIA-FWV, MCSE Security, A+, Net+, Server+, Security+
ajohnson
Recruiters
Hero Member
*
Offline Offline

Posts: 1060


aka dynamik


View Profile WWW
« Reply #9 on: January 10, 2012, 05:46:45 PM »
Do you guys actually develop exploits for your jobs? I'm curious to know how you apply this knowledge beyond a hobbyist level.

Exploit development is something I could never get into. Once I understood the basics, I realized that I'd probably never be in a scenario where I'd use that knowledge professionally, and I couldn't justify sinking any real time into it.
Logged
WIP: GCFA | www.infosiege.net | @infosiege

The day you stop learning is the day you start becoming obsolete.
MaXe
Hero Member
*****
Offline Offline

Posts: 669


I've just upgraded myself to a cyborg muahahaa!!1


View Profile WWW
« Reply #10 on: January 10, 2012, 05:50:17 PM »
If you're really good dynamik, you can sell exploits to ZDI  Grin www.zerodayinitiative.com/
Logged
I'm an InterN0T'er
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.104 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.