November 20, 2014 at 8:19 pm #8757
I’m writing up a quick review of the course i’ve just completed, SEC560 Network Penetration Testing and Ethical Hacking. This course aligns to the GIAC GPEN certification
This course is pretty well reviewed so I won’t take to much of your time. I’d ask you to check out a few links, do some searches. One good review is here: viewtopic.php?f=64&t=2177&p=9126&hilit=sec560#p9126. It is an old thread but much of the basics are the same, the daily format/schedule is the same, but the tools and techniques in many cases have been updated.
Now given my work schedule and a lack of desire to spend additional funds on travel (I paid out of pocket), I took the course via Simulcast a format that allows the student to watch the SANS training from home over the internet. On simulcast, i’ll say it is well done, they’ve obviously well prepared for the format and it integrates well into the course. You can ask questions in the simulcast software (A Citrix Go To Training /GTM setup) and they will ask the instructor in near real time so you can actually participate in class, there are moderators online to assist and answer questions. The issue I had with this was that there was rarely confirmation that a question would be asked or when. So i’d ask a question in chat and no one would respond, a minute or two later the moderator would (I suspect) signal the instructor and ask the question. So while I understand not interrupting the class to ask questions, I wish they would acknowledge the question was received and would be asked.
As far my reasons for taking the course, while I have a few hacking certifications the CEH and CPT, I did not feel comfortable with the skillset. I felt like there were large gaps in my knowledge. At my company we may be developing a PT capability so I want to pick up that capability if I can. I want a wide skillset to provide to any employer.
I feel that the SEC560 course provided me some benefit. While it didn’t cover much that was new in terms of the overall process, I was able to understand a little better how a PT works for his client and I got plenty of hands on using techniques and tools that are relevant. Do I still have a lot to learn? Yes, absolutely. My advice for the course is this, get your books out as early as possible and endeavor to go through them before class. At the very least, read up on the content for the next day the night before. Make sure you are not… distracted, either by work or needing sleep, ect. I was working for the first two days so I had to rack out about halfway through, though I had the benefit of having read what we were doing, and I was able to wake up and do the labs I missed.
Course access includes VPN Lab access and the opportunity to participate in Netwars, a CTF, and in our case CyberCity, a new offering from SANS. Also, before I forget, we were able to test a new capability that SANS is deploying that you will all love after having to lug all of your books around. 😉
So NetWars. NetWars is a unique offering by SANS and let me tell you its very fun to get into the lab and start finding answers, especially if they come easily. If they don’t it can be frustrating. Same for cybercity I expect and of course in the Ctf. Make sure you have attack plan when you begin the CTF, my team finished well, but I didn’t feel like I had the biggest impact on that though I had a few ideas that were on the right track.
So all in all, SEC560 is a useful course that I feel will be a benefit to me, my company and my career. I don’t have a date yet for the GPEN exam, I expect to take some time to go through the books, and through the labs until these attacks and the process becomes second nature to me. Thanks for reading.
November 20, 2014 at 9:10 pm #54027m0wgliParticipant
Thanks for sharing your thoughts.
I got to play Netwars a few years back, and it was a great experience. I’d love to have a go at CyberCity from an offensive perspective, last years SANS Holiday Challenge was based on CyberCity. If you’re interested it’s still available for download, although it’s focused on analysing the attacks rather than causing them.
Anyhow, Good Luck with the GPEN exam when you take it!
November 21, 2014 at 2:43 am #54028d3adlyv3n0mParticipant
I agree, SEC560 is a great course. I went to the one in Vegas last month taught by Ed Skoudis. I also funded it out of my own pockets (which are feeling a tad empty at the moment), but it was worth every penny. Ed is amazing. Despite the timezone difference (I’m from NJ) and arriving on a late night flight the night before with my Wife, his teaching style allowed me to fight through the exhaustion and hinge on every word. Of course several cups of coffee helped as well. I too am preparing for the GPEN and also haven’t yet scheduled it. During the course they passed out cheatsheets for tools like netcat, tcpdump, etc. Ed mentioned that part of the reason they provide them is because you’re allowed to bring them with you when you sit for the test.
I also agree that NetWars was cool. Nothing like sitting in a room full of hackers with alcohol and snacks. 🙂
Good luck with your test attempt.
November 21, 2014 at 10:27 am #54029
d3adlyv3n0m welcome to EthicalHacker.net, look forward to seeing your contributions.
November 23, 2014 at 12:21 am #54030impelseParticipant
Thanks for the review, I would love to take one of this training, and like you guys said, probably I will be paying from my own pocket.
November 29, 2014 at 10:14 am #54031
Took my first practice test today, got an 80% with a 1 page “index” and a having only been through the material once. I expect with a full read through of the material, some lab time (I haven’t had much time yet to get back in) I will score much higher. (I hope)
My personal opinion, I was dismayed at the significant coverage of WebApp I don’t have experience in this area, and It will be one area I have to focus on deeply. Outside of that, I marked 2 questions for official review for having 2 answers, a few questions that did not seem to be covered in the book or had scant coverage. My big issues occurred at the end of the exam around q 100+. Not because of exam tiredness so I think they just threw in more curveball and analysis questions at that point. Big helpers are confidence in your answers, if you are confident in your answers, click it and move on, don’t bother looking up answers you know. Another thing is using elimination. For the practice at least, there was clear room for eliminating answers. some questions can be easily answered that way, but watch for those that use that against you. I think i’ll schedule for a week, week and a half out.
You must be logged in to reply to this topic.