Penetration testing is a multi-staged process by which an authorized consultant tests information systems and software for security vulnerabilities, and in turn demonstrates how they can be exploited. Penetration testing has become more and more challenging as vendors, developers and administrators become more aware of the threats and vulnerabilities to their information systems and software. As such, penetration testers have to stay abreast of the cutting-edge techniques used to compromise even the most modern information systems and associated mitigations. In this light, SANS Institute has developed their most technically intense course, SANS SEC 760 Advanced Exploit Development for Penetration Testers.
SANS SEC 760 Advanced Exploit Development for Penetration Testers is a six-day course that teaches the advanced techniques that are needed to compromise modern information systems. The course description states that, “Few security professionals have the skillset to discover let alone even understand at a fundamental level why the vulnerability exists and how to write an exploit to compromise it.” Therefore, topics such as threat modeling, IDA Pro, Heap Overflows, Return Oriented Shellcode, and Binary Diffing are just a few of the topics that are covered extensively. This article provides a day-to-day review of the live, in-person course which also happens to be taught by the courseware developer himself, Stephen Sims.
Win a SANS Live Online Training Course = up to $4845!
In a continuing effort to provide top quality training in a format that helps those with strapped travel budgets, SANS has developed a series of live online training platforms. SANS online students attend popular courses that are taught online by SANS’ top instructors. In short, SANS CyberCon, vLive and Simulcast are perfect options for professionals who wish to keep their skills current but cannot travel due to personal or professional commitments! One top EH-Net contributor will win their choice of the following online courses (exam not included) being offered at SANS CyberCon Fall 2013:
- SEC401: Security Essentials Bootcamp Style
- SEC504: Hacker Techniques, Exploits & Incident Handling
- SEC575: Mobile Device Security and Ethical Hacking
- FOR408: Computer Forensic Investigations – Windows In-Depth
- LEG523: Law of Data Security and Investigations
- Two NEW Audit courses running back-to-back – AUD444: Auditing Security and Controls of Active Directory and Windows, AUD445: Auditing Security and Controls of Oracle Databases
Can’t make the specific dates of SANS CyberCon Fall 2013? No problem. SANS has kindly offered up additional choices for your online training pleasure. So the winner this month gets to pick any of the courses listed above for CyberCon or any of the courses listed after the break for SANS vLive or SANS Simulcast. Of course the only way to win is to contribute mightily to the EH-Net Community. Become a member, participate, and this or a future prize could be yours. Ask around… people really do win on EH-Net. And if not this month, then you still can come out ahead by using Coupon Code EHN_05 for 5% Off any SANS course in any format. Hey… everybody wins!!
Python has rapidly become a popular language for security professionals. It’s human readable with an easy syntax, has a comprehensive standard library and easily importable external libraries, is multi-platform, and is suitable for both larger programs and smaller scripts alike. Python is easy to learn for novice programmers yet robust enough for seasoned developers. What makes it such an effective tool for security professionals is the support of extensive libraries specifically designed for penetration testing. For that reason, it makes perfect sense for the SANS Institute to add SEC573 Python for Penetration Testers to their vast list of InfoSec courses.
“SANS SEC573 Python for Penetration Testers” is a five-day class that teaches the basics of the Python language then builds on that knowledge to show how to utilize its specialized libraries to perform network capture and analysis, SQL injection, Metasploit integration, password guessing and much more. You also learn how to use Python to create an encoded backdoor to evade IDS and antivirus controls. This article presents an extensive day-by-day review of the in-person course taught by Mark Baggett, the author of SANS Python for Penetration Testers course and the pyWars gaming environment.
Win Seat at SANS CyberCon 2013 = up to $4845!
In a continuing effort to provide top quality training in a format that helps those with strapped travel budgets, SANS has developed CyberCon, a live online training event. SANS CyberCon students attend popular courses that are taught online by SANS’ top instructors. Students also have the opportunity to attend daily bonus sessions that discuss current topics in information security. In short, SANS CyberCon is perfect for professionals who wish to keep their skills current but cannot travel due to personal or professional commitments! One top EH-Net contributor will win their choice of the following courses at SANS CyberCon, beginning April 22 (or BOTH 3-day Audit courses):
- SEC401: Security Essentials Bootcamp Style ($4,645)
- SEC504: Hacker Techniques, Exploits & Incident Handling ($4,845)
- SEC575: Mobile Device Security and Ethical Hacking ($4,845)
- FOR408: Computer Forensic Investigations – Windows In-Depth ($4,845)
- MGT414: SANS +S Training Program for the CISSP Certification Exam ($3,995)
SANS is also offer two NEW Audit courses at CyberCon, running back-to-back.
- AUD444: Auditing Security and Controls of Active Directory and Windows ($2400)
- AUD445: Auditing Security and Controls of Oracle Databases ($2400)
So as we do every month here on EH-Net, those who contribute the most to the community… be it helping a newbie, spreading the word of EH-Net, writing articles or posting in the forums… win kewl stuff! Not a member of EH-Net yet? What are you waiting for?
PS – If you don’t win, you still get a prize of 5% Off w/ Coupon Code: EHN_05
Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie… quality is more important than quantity.