.

Review of SANS 560 - GPEN

<<

vijay2

Full Member
Full Member

Posts: 220

Joined: Wed Mar 28, 2007 6:22 am

Post Wed Apr 02, 2008 11:56 am

Review of SANS 560 - GPEN

Yes, as Don mentioned this was 6 days in Ed's world of pure imagination. I have attended other Pen testing courses and have a few Certs, but this was by far the best course I have attended. To be fair I thought I would just lay out a summary of each day.

The focus of this course is to exploit and gain access on a target with using tools and techniques that are native to different OSs by default. This is due to the fact that while doing a pen test, the rules of engagement do not allow installing software, modifying the configuration, modifying accounts or bringing down services on the target.

Day 1 - Planning, Scoping, and Recon

Almost 3/4th of the day was spent on theory and building up methods of pen testing, developing the mindset a pen tester should have and setting up an infrastructure for pen testing. It also walked us through the business aspect of how to handle a RFP for pen testing services and formulate a contract with rules of engagement. We also discussed legal issues in various countries and how to report the results of a pen test, so that they are beneficial to all tiers of the corporate structure. There were numerous little tid bits a pen tester should avoid and most common pit falls. The rest of the day was spent on DNS recon tools (whois, nslookup, dig, BiLe) and finding vulnerabilities using public resources such as search engines and domain registrations. I would say this was most beneficial day for me, because no other course deals with these important parts of pen tests.

Day 2 - Scanning

The focus of Day 2 was scanning the target and recon. Tools like Nmap, Amap, Nessus,  Tcpdump were dicussed in great detail, and, most importantly, advantages and disadvantages of each. We also covered tips on when to use what tool. It also discusses how to fine tune the VA scanners, so that the false positives are reduced. I enjoyed the session on packet crafting with Hping3. Also, there was a great session on manual false positive reduction using some basic tools like Netcat, hping and others, so that the results are more accurate. This is another plus when compared to other courses.

Day 3 - Exploitation

We discussed in detail different categories of exploits (client-side, server-side and privilege escalation), and the difference between simple shell access as compared to full blown terminal access and various techniques to gain each. There are lots of hands on exercises on each. It covers Metaspolit in great detail and advanced meterpreter shell. And finally the very brief preview on the famous "Ed's windows command line kung fu" making windows run commands remotely using psexec, sc and wmic. This was very valuable to me and made me think that if I master this I would need less tools.

The only thing I felt was not covered here was how to modify the publicly available exploit code to suit your needs and OS (using metasploit opcode DB, Hex editor,) etc, though we did it in a certain impromptu exercise.

Day 4 - Password Attacks

This was all about John, Cain, Ophcrack, fgdump and THC Hydra, explaining the inner workings of each in detail. Detailed discussion on account lockouts and techniques to avoid them were also covered. Different types of password representation (LM, NTLM v1, v2, MD5, DES) and where they are stored in different OSs. There was very valuable discussion on the formulation of rainbow tables. Different ways to use Cain, (password cracker, sniffing password hashes, playing VoIP capture). Very detailed hands on exercises on the above tools. The best part off the day which blew me away was gaining access to a machine by passing the hash. With this technique you don’t even need to crack the password to gain access - you can do it by passing the hash representation of a password on Windows systems.

Day 5 - Wireless and Web Apps

These 2 topics were not covered in great detail, but I think there was enough information to learn what are different types of encryptions in Wireless (WEP, WPA, WPA2) and what is the difference between XSS and XSRF or SQL injection and command injection. There was enough information to learn how various wireless attack tools worked. The web apps section had very cool and detailed hands-on exercises to illustrate the various concepts. The must see technique here is gaining netcat functionality without netcat.... a very cool technique.

Day 6 - Capture the Flag

And finally the task/game that brings all the concepts of past 5 days together. All I can say here is that it was a very well engineered game bringing in all the concepts learned throughout the course with emphasis on different techniques on achieving similar goals. Also, paying attention to details was very well illustrated here\. I bring this up here because this was the very valuable lesson our team learned ... which cost us the win !!!!!!!!   

ALL in ALL I will say that - this is another "MASTERPIECE from Ed Skoudis", a very well designed course focusing on pen testing using the tools and techniques native to OSs and commands that are commonly available on the target systems. Tools used in this course are all available on the Internet and most other courses will teach you the command line to perform certain tasks. This course teaches you to how to use them better and other options to get the same or better results without using them. I think even a experienced Pen Tester would learn a few tricks from this course.

My KUDO's to ED and SANS for offering it. Also, KUDO's should go to all the invisible contributors and every section should have dedicated slides on stories of Matt Carpenter and Mike Poor  :)) ..

Finally a word of caution .. this is not a course for newbies and requires advance knowledge  of various OSs and TCP/IP. If I were you, to get most out of this course,follow GSEC , GCIH and GPEN and for completeness OSCP. Those are my thoughts ....... 

Also, It was great meeting "the DON" ...... i hope I will see you again and we can talk over beers !!

Thanks
GPEN GCFA GCIH CISSP CISA GSEC OSCP C|EH Security+
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Wed Apr 02, 2008 4:32 pm

Re: Review of SANS 560 - GPEN

Thank you for the write-up and comments. Very much appreciated! This sounds like it was a great course and you had a lot of fun with it... I'll certainly be looking into it in the future.
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Thu Apr 03, 2008 5:14 am

Re: Review of SANS 560 - GPEN

vijay2,

Thank you for the right up, sounds like it was a great course. I was hoping that the course wasn't going to be that good, guess I've got another course/cert to add to my to-do list ;)
<<

LSOChris

Post Thu Apr 03, 2008 4:21 pm

Re: Review of SANS 560 - GPEN

hey good write up!
<<

bbauer

Newbie
Newbie

Posts: 1

Joined: Tue Apr 01, 2008 7:05 am

Post Fri Apr 04, 2008 9:05 am

Re: Review of SANS 560 - GPEN

I also attended the course at Tyson's.

To add to Vijay2's comments -

  Ed Skoudis has put together an excellent class for pen-testers, both from technical "wannabees" to people who have been around the block doing it. (You do have to be intensely technical, though, or you will get lost after about the middle of Day 1 - this is NOT an entry level class, as at least one person discovered). Ed covers everything from the initial statement of work to the writing of the report, giving tips and experiential comments on many "arcane" aspects of pen-testing. He covers not only the use of the tools and the concepts needed to actually do the work, but also customer relations and presentation - areas in which a lot of talented engineers can use help.

  It was a pleasure to take the class... and meeting Don was a plus. :)

-Bill
<<

vijay2

Full Member
Full Member

Posts: 220

Joined: Wed Mar 28, 2007 6:22 am

Post Fri Apr 04, 2008 9:54 am

Re: Review of SANS 560 - GPEN

Hey Bill,

Welcome to the EH Net, nice to see you here :)

Vj2
GPEN GCFA GCIH CISSP CISA GSEC OSCP C|EH Security+
<<

shawal

Jr. Member
Jr. Member

Posts: 88

Joined: Mon Mar 10, 2008 1:24 pm

Post Fri Apr 04, 2008 2:29 pm

Re: Review of SANS 560 - GPEN

Thanks Vijay2,

even though you were brief, you emphasized on the course being more hands-on. this is the same way described by Ed himself. its nice to know that this course is up to date even though from its description it overlaps other training as you did mention GCIH, OSCP.  your reference to bile, had me stumble upon http://www.vulnerabilityassessment.co.uk and the rest of thier tools, and thier framework, nice work indeed. as for the attacking windows with the hashes, this is already in Chris Gates blog. how would you say the amount of hands-on as compared to the theory? e.g 60% theory-40% hands on!

do you still have access to the practicals/lab if you need to?
RHCE, GIAC GCIH.
<<

Dummy

Newbie
Newbie

Posts: 1

Joined: Thu Apr 03, 2008 3:24 pm

Post Fri Apr 04, 2008 5:17 pm

Re: Review of SANS 560 - GPEN

Hi,

i'm currently looking for a pentest training and after reading this thread, I got quite attracted by SANS GPEN.

Thanks for your summary!

Did you guys also sit for the GIAC test?
I do not really get it, how the training is combined with the test.
If i would subscribe for the test, would it be right after the training (same day / same location)?

@Bill: What do you mean by "intensely technical"?
Do you think having basic knowledge about e.g. TCP vs. UDP, HUBs vs. Switches, SQL injection, XSS is sufficient or are you talking about detailed knowledge about routing protocols and suchlike?

Regarding the hints to the windows attack using hashes, CoreSecurity has apparently also a nice toolset:
Pass-The-Hash Toolkit

Dummy
<<

vijay2

Full Member
Full Member

Posts: 220

Joined: Wed Mar 28, 2007 6:22 am

Post Mon Apr 07, 2008 6:19 am

Re: Review of SANS 560 - GPEN

shawal,

No we do not have access to labs anymore. I would say the course was 50 -50 on theory and Labs. Hope this helps.

Dummy,

The GIAC GPEN is not available as yet, this was the first run of the course and the certification test well be only available after the orlando conference.

Thanks

Zoher
GPEN GCFA GCIH CISSP CISA GSEC OSCP C|EH Security+
<<

shawal

Jr. Member
Jr. Member

Posts: 88

Joined: Mon Mar 10, 2008 1:24 pm

Post Mon Apr 07, 2008 11:12 am

Re: Review of SANS 560 - GPEN

vijay2,

thanks, how do you feel regarding the labs coverage? was it enough the ones you had during the course, do you feel that you need to ask more questions, and there could be more possible scenarios to cover, or not enough practicals were given?
RHCE, GIAC GCIH.
<<

vijay2

Full Member
Full Member

Posts: 220

Joined: Wed Mar 28, 2007 6:22 am

Post Mon Apr 07, 2008 11:26 am

Re: Review of SANS 560 - GPEN

Well as I said earlier this SANS course is more hands on than any other course, as far as the time, I think there was enough time to complete labs and you had help from instructor and the facilitators if you need it. Some labs were just getting to know the command line and others were little challenges. After the course off course you have to build up on all the concepts and tailor it to your environment.
GPEN GCFA GCIH CISSP CISA GSEC OSCP C|EH Security+
<<

shawal

Jr. Member
Jr. Member

Posts: 88

Joined: Mon Mar 10, 2008 1:24 pm

Post Tue Apr 08, 2008 2:28 pm

Re: Review of SANS 560 - GPEN

Vijay2,
Thankyou once again for the informative feedback. will have to allocate a budget and time for that course sometime in the future before the information becomes outdated  :-\
RHCE, GIAC GCIH.
<<

vijay2

Full Member
Full Member

Posts: 220

Joined: Wed Mar 28, 2007 6:22 am

Post Thu Sep 11, 2008 10:22 am

Re: Review of SANS 560 - GPEN

Finally I passed the GPEN exam last week. All I can say is .. between CEH and GPEN, those who have CEH and going for GPEN, there is no comparison it is a tough exam.

VJ
GPEN GCFA GCIH CISSP CISA GSEC OSCP C|EH Security+
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Thu Sep 11, 2008 11:37 am

Re: Review of SANS 560 - GPEN

Nice job. Congrats, VJ!

I'm hoping to take that exam sometime in the next couple weeks. I'm about 75% through the course (doing OnDemand version).

Thanks for the heads up and congrats again :)

BillV
<<

Bane

Post Thu Sep 11, 2008 11:57 am

Re: Review of SANS 560 - GPEN

Excellent summary. I have been planning to take this course with the assumption that since it was developed by Ed that it would be good. It is nice to have confirmation of that. 

Thanks for posting!
Next

Return to GPEN - GIAC Certified Penetration Tester

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software