Home
Calendar
Certifications
Columns
Features
Forum
Resources
Vitals
Latest Additions
April 2013 Free Giveaway Sponsor - eLearnSecurity
Human Intelligence to Navigate the Security Data Deluge
February 2013 Free Giveaway Winner of SANS CyberCon Training
Interview: Bugcrowd Founders on Herding Ninjas for Crowdsourced Bug Bounties
Network Forensics: The Tree in the Forest
March 2013 Free Giveaway Sponsor - Mile2
Book Review: Violent Python
February 2013 Free Giveaway Sponsor - SANS
Holiday 2012 Free Giveaway Winner of Metasploit Pro by Rapid7
Course Review: SANS FOR408 Computer Forensic Investigations – Windows In-Depth
The Security Consulting Sugar High
Tutorial: Fun with SMB on the Command Line
Interview: Ilia Kolochenko, CEO of High-Tech Bridge
October 2012 Free Giveaway Winner of LearningGate Training
The Broken: Assessing Corporate Security in 2012 to Make a Better 2013
EH-Net Login
Welcome Guest.
Username:
Password:
Remember me
Lost Password?
No account yet?
Register
Who's Online
We have 34 guests and 1 member online
Free Business and Tech Magazines and eBooks
You are here:
Home
Ethical Hacking Discussions and Related Certifications
Network Pen Testing
SANS SEC 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking
EH-Net
May 25, 2013, 06:23:17 AM
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
News
: Go back to The Ethical Hacker Network Online Magazine
Home Page
Home
Help
Calendar
Login
Register
EH-Net
>
Ethical Hacking Discussions and Related Certifications
>
Network Pen Testing
(Moderator:
don
) >
SANS SEC 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking
Pages: [
1
]
Go Down
« previous
next »
Print
Author
Topic: SANS SEC 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking (Read 7566 times)
0 Members and 1 Guest are viewing this topic.
Dark_Knight
Sr. Member
Offline
Posts: 292
SANS SEC 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking
«
on:
January 06, 2012, 12:40:21 PM »
Has anybody here taken this course:
https://www.sans.org/security-training/advanced-penetration-testing-exploits-ethical-hacking-1517-mid
I am wondering how it compares to say the OSCE.
Thoughts???
Logged
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
doodleface
Newbie
Offline
Posts: 34
Re: SANS SEC 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking
«
Reply #1 on:
January 06, 2012, 01:40:26 PM »
I have taken this course, though I have not taken the OSCE yet, but I am going to within the next month or so, so I could give you a direct comparison based on experience in the near future. Otherwise, based on what I have been told about the OSCE and my experience with SEC660.
660 you will learn not just how to write advanced exploits, but you will learn some of the theory and technology of memory and processors to better understand why and how exploits work thus enabling you to better build your own no matter what anti exploit technology faces you.
660 also shows a lot of neat tricks for just hacking in general which go well beyond what you learn in any other hacking style courses.
It is in my opinion that 660 coupled with 710 are a great combo since 710 picks up where 660 leaves off in regards to exploit development and goes well beyond what OSCE covers(based on what I have heard about OSCE).
Now OSCE forces you to actually build exploits, but not necessarily understand how or why they work, and you are prompted to learn some of that on your own since it is self paced.
I think those who take 660 are a more well rounded advanced pen tester, and those who take just the OSCE are very good at writing exploits for many situations but not all.
Keeping in mind my opinion may change after I take the OSCE.
I hope this helps!
Logged
CISSP, OSCP, C|EH, E|CSA, C|HFI, GXPN, GWAPT, GCIH, GISP, GSEC, MCITP:EA, CCNA, FCT, FCNSP, JNCIA, JNCIA-FWV, MCSE Security, A+, Net+, Server+, Security+
BillV
Hero Member
Offline
Posts: 1892
Re: SANS SEC 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking
«
Reply #2 on:
January 06, 2012, 05:23:36 PM »
That's an interesting perspective on it. I look forward to hearing your feedback once you've taken the OSCE as well.
I'm hoping to do the 660 course this year as my GPEN will be expiring.
Logged
Dark_Knight
Sr. Member
Offline
Posts: 292
Re: SANS SEC 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking
«
Reply #3 on:
January 06, 2012, 05:26:16 PM »
Quote from: doodleface on January 06, 2012, 01:40:26 PM
I have taken this course, though I have not taken the OSCE yet, but I am going to within the next month or so, so I could give you a direct comparison based on experience in the near future. Otherwise, based on what I have been told about the OSCE and my experience with SEC660.
660 you will learn not just how to write advanced exploits, but you will learn some of the theory and technology of memory and processors to better understand why and how exploits work thus enabling you to better build your own no matter what anti exploit technology faces you.
660 also shows a lot of neat tricks for just hacking in general which go well beyond what you learn in any other hacking style courses.
It is in my opinion that 660 coupled with 710 are a great combo since 710 picks up where 660 leaves off in regards to exploit development and goes well beyond what OSCE covers(based on what I have heard about OSCE).
Now OSCE forces you to actually build exploits, but not necessarily understand how or why they work, and you are prompted to learn some of that on your own since it is self paced.
I think those who take 660 are a more well rounded advanced pen tester, and those who take just the OSCE are very good at writing exploits for many situations but not all.
Keeping in mind my opinion may change after I take the OSCE.
I hope this helps!
Much appreciated.
Logged
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
MaXe
Hero Member
Offline
Posts: 669
I've just upgraded myself to a cyborg muahahaa!!1
Re: SANS SEC 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking
«
Reply #4 on:
January 09, 2012, 12:49:29 PM »
I can't wait to hear about it too, and eventually you should do OffSec AWE too and see how that compares hehe I bet it's like nothing you've ever imagined
Logged
I'm an InterN0T'er
Dark_Knight
Sr. Member
Offline
Posts: 292
Re: SANS SEC 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking
«
Reply #5 on:
January 09, 2012, 01:00:58 PM »
Quote from: MaXe on January 09, 2012, 12:49:29 PM
I can't wait to hear about it too, and eventually you should do OffSec AWE too and see how that compares hehe I bet it's like nothing you've ever imagined
I recently did the fc4.me challenge and it felt like a course all by itself
I cannot begin to imagine what AWE will be about.
Logged
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
MaXe
Hero Member
Offline
Posts: 669
I've just upgraded myself to a cyborg muahahaa!!1
Re: SANS SEC 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking
«
Reply #6 on:
January 09, 2012, 03:28:44 PM »
Haha Dark_Knight I know the feeling, and even that, is just "touching the door", CTP is opening the door, and AWE is stepping through the door and into the unknown
I haven't done AWE, but I've heard from plenty of people it's insane, but really nice
Logged
I'm an InterN0T'er
Dark_Knight
Sr. Member
Offline
Posts: 292
Re: SANS SEC 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking
«
Reply #7 on:
January 09, 2012, 03:53:23 PM »
Quote from: MaXe on January 09, 2012, 03:28:44 PM
Haha Dark_Knight I know the feeling, and even that, is just "touching the door", CTP is opening the door, and AWE is stepping through the door and into the unknown
I haven't done AWE, but I've heard from plenty of people it's insane, but really nice
I can only imagine. I have heard that the classes normally start out "full enough" and as time goes by the number usually gets smaller. At one point I heard one guy just got up and left after a couple hours
Logged
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
doodleface
Newbie
Offline
Posts: 34
Re: SANS SEC 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking
«
Reply #8 on:
January 09, 2012, 06:02:16 PM »
When I get the opportunity to take the AWE class, I will be glad to compare and contrast the differences between AWE, CTP, 660 and 710. Though based on what I have been told about the class and looking at the curriculum for AWE, it is much like the SEC710 course which is entirely advanced exploit development. When I tool the 710 course I learned how to defeat hardware and software DEP in windows and in Linux. I learned how to defeat ASLR in Windows and Linux. I learned to use these methodologies in stack and heap based overflows as well as format string attacks. I also learned how to do Return Oriented Programming which is one of the most advanced ways to get around anti-exploit technology.
Based on my experience with SEC710 and what I have been told about AWE, they are pretty close except you don't learn about advanced Linux exploit development and I haven't heard they teach ROP, but I may be wrong.
That is all I got on that topic. I will be sure to share my experience when I get the chance to take AWE.
Logged
CISSP, OSCP, C|EH, E|CSA, C|HFI, GXPN, GWAPT, GCIH, GISP, GSEC, MCITP:EA, CCNA, FCT, FCNSP, JNCIA, JNCIA-FWV, MCSE Security, A+, Net+, Server+, Security+
ajohnson
Recruiters
Hero Member
Offline
Posts: 1060
aka dynamik
Re: SANS SEC 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking
«
Reply #9 on:
January 10, 2012, 05:46:45 PM »
Do you guys actually develop exploits for your jobs? I'm curious to know how you apply this knowledge beyond a hobbyist level.
Exploit development is something I could never get into. Once I understood the basics, I realized that I'd probably never be in a scenario where I'd use that knowledge professionally, and I couldn't justify sinking any real time into it.
Logged
WIP: GCFA |
www.infosiege.net
| @infosiege
The day you stop learning is the day you start becoming obsolete.
MaXe
Hero Member
Offline
Posts: 669
I've just upgraded myself to a cyborg muahahaa!!1
Re: SANS SEC 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking
«
Reply #10 on:
January 10, 2012, 05:50:17 PM »
If you're really good dynamik, you can sell exploits to ZDI
www.zerodayinitiative.com/
Logged
I'm an InterN0T'er
Pages: [
1
]
Go Up
Print
« previous
next »
Jump to:
Please select a destination:
-----------------------------
EH-Net
-----------------------------
=> Calendar Of Events
===> ChicagoCon 2007
===> ChicagoCon 2008s
===> ChicagoCon 2008f
===> ChicagoCon 2009s
=> Ethical Hacktivism
=> News Items and General Discussion About EH-Net
===> Greetings
=> Special Events
-----------------------------
Ethical Hacking Discussions and Related Certifications
-----------------------------
=> General Certification
===> Networking
===> OS
===> Security
=> Compliance, Regulations & Standards
=> Control Systems
=> Cyber Warfare
=> Forensics
===> CCE / MCCE - (Master) Certified Computer Examiner
===> CHFI - Computer Hacking Forensic Investigator
===> EnCE - EnCase® Certified Examiner
===> GCFA - GIAC Certified Forensics Analyst
=> Hardware
=> Incident Response
===> CSIH - Computer Security Incident Handler
===> GCIH - GIAC Certified Incident Handler
=> Malware
===> Advisories
=> Mobile
=> Network Pen Testing
===> CEH - Certified Ethical Hacker
===> CPTC - Certified Penetration Testing Consultant
===> CPTE - Certified Penetration Testing Engineer
===> CSTA - Certified Security Testing Associate
===> eCPPT - eLearnSecurity Certified Professional Penetration Tester
===> ECSA - EC-Council Certified Security Analyst
===> GPEN - GIAC Certified Penetration Tester
===> OSCP - Offensive Security Certified Professional
=> Physical Security
=> Programming
=> Social Engineering
=> Web Applications
=> Wireless
===> CWNP Certs
===> GAWN - GIAC Assessing Wireless Networks
===> OSWP - Offensive Security Wireless Professional
=> Other
-----------------------------
Columns
-----------------------------
=> Editor-In-Chief
=> Andress
=> Gates
=> Haddix
=> Hadnagy
=> Heffner
=> Hoffman
=> Linn
=> RichM
=> Murray
=> J. Peltier
=> Weidman
=> Wilson
-----------------------------
Features
-----------------------------
=> /root
=> Book Reviews
=> Opinions
=> Skillz
===> Examples
===> May 06 - Star Hacks, Episode V: The Empire Hacks Back
===> July 06 - Hack Bill!
===> Sept 06 - Netcat in the Hat
===> Nov 06 - Hitch-Hackers Guide to the Galaxy
===> Dec 06 - A Christmas (Hacking) Story
===> Feb 07 - Charlottes Web Site
===> April 07 - Microsoft Office Space
===> June 07 - Serenity Hack
===> Oct 07 - Worst. Ethical. Hacker. Challenge. Ever.
===> Dec 07 - Frosty the Snow Crash
===> March 2008 - It Happened One Friday
===> Oct 2008 - Scooby Doo and the Crypto Caper
===> Dec 08 - Santa Claus Is Hacking to Town
===> Feb 2009 - Brady Bunch Boondoggle
===> July 2009 - Prison Break
===> October 2009 - SSHliders
===> December 2009 - Miracle on Thirty-Hack Street
===> December 2010 - The Nightmare Before Charlie Browns Christmas
-----------------------------
Resources
-----------------------------
=> Career Central
===> Looking For Work
===> Looking To Hire
=> Links to cool sites.
=> Mass Media
=> News from the Outside World
=> Tools
=> Tutorials
===> Tutorial Requests
Loading...
Exclusive Deal
SANSFIRE 2013
June 15 - 22
5% Off
w/ Code
:
EHN_5
SANS Deals 4 EH-Netters
5% OFF
Any
SANS Course
in Any Format!
Coupon Code:
EHN_5
Including
SANS Rocky Mountain 2013
&
SANS Boston 2013
Polls
Compared to this year, 2013 will be:
Great!
Better.
About the same.
Little worse.
FUBAR!
Recent Forum Topics
News Items and General Discussion About EH-Net
: Change is Coming to EH-Net!!
(30) by
don
Tools
: Symbolic Exploit Assistant project is looking for collaborators
(0) by
galapag0
Greetings
: Hi from the UK
(5) by
prats84
GCIH - GIAC Certified Incident Handler
: Passed my GCIH
(9) by
prats84
Network Pen Testing
: Want a challenge? Want a GXPN practice exam?
(0) by
ajohnson
GCIH - GIAC Certified Incident Handler
: GCIH Free Practice test attempt
(1) by
prats84
EH-Net News Feeds
Latest Additions
Privacy Notice
for TDCC & All Properties
© 2013 The Ethical Hacker Network
Joomla!
is Free Software released under the GNU/GPL License.
News Items and General Discussion About EH-Net : Change is Coming to EH-Net!!
