SANS – SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking Free Download.
SANS – SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking Free Description
SEC660 is designed as a logical progression point for students who have completed SEC560: Network Penetration Testing and Ethical Hacking , or for those with existing penetration testing experience. This course provides you with in-depth knowledge of the most prominent and powerful attack vectors and furnishes an environment to perform these attacks in numerous hands-on scenarios. The course goes far beyond simple scanning for low-hanging fruit and teaches you how to model the abilities of an advanced attacker to find significant flaws in a target environment and demonstrate the business risk associated with these flaws
You Will Learn:
- How to perform penetration testing safely against network devices such as routers, switches, and NAC implementations.
- How to test cryptographic implementations.
- How to leverage an unprivileged foothold for post exploitation and escalation.
- How to fuzz network and stand-alone applications.
- How to write exploits against applications running on Linux and Windows systems.
- How to bypass exploit mitigations such as ASLR, DEP, and stack canaries.
You Will Be Able To
- Perform fuzz testing to enhance your company’s SDL process.
- Exploit network devices and assess network application protocols.
- Escape from restricted environments on Linux and Windows.
- Test cryptographic implementations.
- Model the techniques used by attackers to perform 0-day vulnerability discovery and exploit development.
- Develop more accurate quantitative and qualitative risk assessments through validation.
- Demonstrate the needs and effects of leveraging modern exploit mitigation controls.
- Reverse-engineer vulnerable code to write custom exploits.
- Exploit routing protocol implementations such as OSPF.
- Bypass different types of NAC implementations.
- Exploit patch updates.
- Perform man-in-the-middle attacks to remove SSL.
- Perform IPv6 attacks.
- Exploit poor cryptographic implementations using CBC bit flipping attacks and hash length extension attacks.
- Hijack network booting environments.
- Exploit virtualization implementations.
- Write Python scripts to automate testing.
- Write fuzzers to trigger bugs in software.
- Reverse-engineer applications to locate code paths and identify potential exploitable bugs.
- Debug Linux applications.
- Debug Windows applications.
- Write exploits against buffer overflow vulnerabilities.
- Bypass exploit mitigations such as ASLR, DEP, stack canaries, SafeSEH, etc.
- Use ROP to bypass or disable security controls.