.

SANS SEC 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking

<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Fri Jan 06, 2012 1:40 pm

SANS SEC 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking

Has anybody here taken this course: https://www.sans.org/security-training/ ... g-1517-mid

I am wondering how it compares to say the OSCE.

Thoughts???
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

doodleface

User avatar

Newbie
Newbie

Posts: 34

Joined: Mon Jan 12, 2009 6:26 pm

Post Fri Jan 06, 2012 2:40 pm

Re: SANS SEC 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking

I have taken this course, though I have not taken the OSCE yet, but I am going to within the next month or so, so I could give you a direct comparison based on experience in the near future. Otherwise, based on what I have been told about the OSCE and my experience with SEC660.

660 you will learn not just how to write advanced exploits, but you will learn some of the theory and technology of memory and processors to better understand why and how exploits work thus enabling you to better build your own no matter what anti exploit technology faces you.

660 also shows a lot of neat tricks for just hacking in general which go well beyond what you learn in any other hacking style courses.

It is in my opinion that 660 coupled with 710 are a great combo since 710 picks up where 660 leaves off in regards to exploit development and goes well beyond what OSCE covers(based on what I have heard about OSCE).

Now OSCE forces you to actually build exploits, but not necessarily understand how or why they work, and you are prompted to learn some of that on your own since it is self paced.

I think those who take 660 are a more well rounded advanced pen tester, and those who take just the OSCE are very good at writing exploits for many situations but not all.

Keeping in mind my opinion may change after I take the OSCE.

I hope this helps!
CISSP, OSCP, C|EH, E|CSA, C|HFI, GXPN, GWAPT, GCIH, GISP, GSEC, MCITP:EA, CCNA, FCT, FCNSP, JNCIA, JNCIA-FWV, MCSE Security, A+, Net+, Server+, Security+
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Fri Jan 06, 2012 6:23 pm

Re: SANS SEC 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking

That's an interesting perspective on it. I look forward to hearing your feedback once you've taken the OSCE as well.

I'm hoping to do the 660 course this year as my GPEN will be expiring.
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Fri Jan 06, 2012 6:26 pm

Re: SANS SEC 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking

doodleface wrote:I have taken this course, though I have not taken the OSCE yet, but I am going to within the next month or so, so I could give you a direct comparison based on experience in the near future. Otherwise, based on what I have been told about the OSCE and my experience with SEC660.

660 you will learn not just how to write advanced exploits, but you will learn some of the theory and technology of memory and processors to better understand why and how exploits work thus enabling you to better build your own no matter what anti exploit technology faces you.

660 also shows a lot of neat tricks for just hacking in general which go well beyond what you learn in any other hacking style courses.

It is in my opinion that 660 coupled with 710 are a great combo since 710 picks up where 660 leaves off in regards to exploit development and goes well beyond what OSCE covers(based on what I have heard about OSCE).

Now OSCE forces you to actually build exploits, but not necessarily understand how or why they work, and you are prompted to learn some of that on your own since it is self paced.

I think those who take 660 are a more well rounded advanced pen tester, and those who take just the OSCE are very good at writing exploits for many situations but not all.

Keeping in mind my opinion may change after I take the OSCE.

I hope this helps!

Much appreciated.
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Mon Jan 09, 2012 1:49 pm

Re: SANS SEC 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking

I can't wait to hear about it too, and eventually you should do OffSec AWE too and see how that compares hehe I bet it's like nothing you've ever imagined  ;D
I'm an InterN0T'er
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Mon Jan 09, 2012 2:00 pm

Re: SANS SEC 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking

MaXe wrote:I can't wait to hear about it too, and eventually you should do OffSec AWE too and see how that compares hehe I bet it's like nothing you've ever imagined  ;D


I recently did the fc4.me challenge and it felt like a course all by itself :) I cannot begin to imagine what AWE will be about.
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Mon Jan 09, 2012 4:28 pm

Re: SANS SEC 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking

Haha Dark_Knight I know the feeling, and even that, is just "touching the door", CTP is opening the door, and AWE is stepping through the door and into the unknown  :) I haven't done AWE, but I've heard from plenty of people it's insane, but really nice  ;D
I'm an InterN0T'er
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Mon Jan 09, 2012 4:53 pm

Re: SANS SEC 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking

MaXe wrote:Haha Dark_Knight I know the feeling, and even that, is just "touching the door", CTP is opening the door, and AWE is stepping through the door and into the unknown  :) I haven't done AWE, but I've heard from plenty of people it's insane, but really nice  ;D

I can only imagine. I have heard that the classes normally start out "full enough" and as time goes by the number usually gets smaller. At one point I heard one guy just got up and left after a couple hours :)
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

doodleface

User avatar

Newbie
Newbie

Posts: 34

Joined: Mon Jan 12, 2009 6:26 pm

Post Mon Jan 09, 2012 7:02 pm

Re: SANS SEC 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking

When I get the opportunity to take the AWE class, I will be glad to compare and contrast the differences between AWE, CTP, 660 and 710. Though based on what I have been told about the class and looking at the curriculum for AWE, it is much like the SEC710 course which is entirely advanced exploit development. When I tool the 710 course I learned how to defeat hardware and software DEP in windows and in Linux. I learned how to defeat ASLR in Windows and Linux. I learned to use these methodologies in stack and heap based overflows as well as format string attacks. I also learned how to do Return Oriented Programming which is one of the most advanced ways to get around anti-exploit technology.

Based on my experience with SEC710 and what I have been told about AWE, they are pretty close except you don't learn about advanced Linux exploit development and I haven't heard they teach ROP, but I may be wrong.

That is all I got on that topic. I will be sure to share my experience when I get the chance to take AWE.
CISSP, OSCP, C|EH, E|CSA, C|HFI, GXPN, GWAPT, GCIH, GISP, GSEC, MCITP:EA, CCNA, FCT, FCNSP, JNCIA, JNCIA-FWV, MCSE Security, A+, Net+, Server+, Security+
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Tue Jan 10, 2012 6:46 pm

Re: SANS SEC 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking

Do you guys actually develop exploits for your jobs? I'm curious to know how you apply this knowledge beyond a hobbyist level.

Exploit development is something I could never get into. Once I understood the basics, I realized that I'd probably never be in a scenario where I'd use that knowledge professionally, and I couldn't justify sinking any real time into it.
The day you stop learning is the day you start becoming obsolete.
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Tue Jan 10, 2012 6:50 pm

Re: SANS SEC 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking

If you're really good dynamik, you can sell exploits to ZDI  ;D www.zerodayinitiative.com/
I'm an InterN0T'er

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software