GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
What You Will Learn
SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking is designed as a logical progression point for those who have completed SANS SEC560: Network Penetration Testing and Ethical Hacking, or for those with existing penetration testing experience. Students with the prerequisite knowledge to take this course will walk through dozens of real-world attacks used by the most seasoned penetration testers. The methodology of a given attack is discussed, followed by exercises in a hands-on lab to consolidate advanced concepts and facilitate the immediate application of techniques in the workplace. Each day of the course includes a two-hour evening boot camp to drive home additional mastery of the techniques discussed. A sample of topics covered includes weaponizing Python for penetration testers, attacks against network access control (NAC) and virtual local area network (VLAN) manipulation, network device exploitation, breaking out of Linux and Windows restricted environments, IPv6, Linux privilege escalation and exploit-writing, testing cryptographic implementations, fuzzing, defeating modern OS controls such as address space layout randomization (ASLR) and data execution prevention (DEP), return-oriented programming (ROP), Windows exploit-writing, and much more!
Attackers are becoming more clever and their attacks more complex. To keep up with the latest attack methods, you need a strong desire to learn, the support of others, and the opportunity to practice and build experience. This course provides attendees with in-depth knowledge of the most prominent and powerful attack vectors and furnishes an environment to perform these attacks in numerous hands-on scenarios. The course goes far beyond simple scanning for low-hanging fruit and shows penetration testers how to model the abilities of an advanced attacker to find significant flaws in a target environment and demonstrate the business risk associated with these flaws.
SEC660 starts off by introducing advanced penetration concepts and providing an overview to prepare students for what lies ahead. The focus of day one is on network attacks, especially the areas often left untouched by testers. Topics include accessing, manipulating, and exploiting the network. Attacks are performed against NAC, VLANs, OSPF, 802.1X, CDP, IPv6, SSL, ARP, and others. Day two starts with a technical module on performing penetration testing against various cryptographic implementations, then turns to network booting attacks, escaping Linux restricted environments such as chroot, and escaping Windows restricted desktop environments. Day three jumps into an introduction of Python for penetration testing, Scapy for packet crafting, product security testing, network and application fuzzing, and code coverage techniques. Days four and five are spent exploiting programs on the Linux and Windows operating systems. You will learn to identify privileged programs, redirect the execution of code, reverse-engineer programs to locate vulnerable code, obtain code execution for administrative shell access, and defeat modern operating system controls such as ASLR, canaries, and DEP using ROP and other techniques. Local and remote exploits as well as client-side exploitation techniques are covered. The final course day is devoted to numerous penetration testing challenges that require students to solve complex problems and capture flags.
Among the biggest benefits of SEC660 is the expert-level hands-on guidance provided through the labs and the additional time allotted each evening to reinforce daytime material and master the exercises.
You Will Learn:
- How to perform penetration testing safely against network devices such as routers, switches, and NAC implementations.
- How to test cryptographic implementations.
- How to leverage an unprivileged foothold for post exploitation and escalation.
- How to fuzz network and stand-alone applications.
- How to write exploits against applications running on Linux and Windows systems.
- How to bypass exploit mitigations such as ASLR, DEP, and stack canaries.
You Will Be Able To
- Perform fuzz testing to enhance your company’s SDL process.
- Exploit network devices and assess network application protocols.
- Escape from restricted environments on Linux and Windows.
- Test cryptographic implementations.
- Model the techniques used by attackers to perform 0-day vulnerability discovery and exploit development.
- Develop more accurate quantitative and qualitative risk assessments through validation.
- Demonstrate the needs and effects of leveraging modern exploit mitigation controls.
- Reverse-engineer vulnerable code to write custom exploits.
- Exploit routing protocol implementations such as OSPF.
- Bypass different types of NAC implementations.
- Exploit patch updates.
- Perform man-in-the-middle attacks to remove SSL.
- Perform IPv6 attacks.
- Exploit poor cryptographic implementations using CBC bit flipping attacks and hash length extension attacks.
- Hijack network booting environments.
- Exploit virtualization implementations.
- Write Python scripts to automate testing.
- Write fuzzers to trigger bugs in software.
- Reverse-engineer applications to locate code paths and identify potential exploitable bugs.
- Debug Linux applications.
- Debug Windows applications.
- Write exploits against buffer overflow vulnerabilities.
- Bypass exploit mitigations such as ASLR, DEP, stack canaries, SafeSEH, etc.
- Use ROP to bypass or disable security controls.
What You Will Receive
- Access to the in-class Virtual Training Lab for over 30 in-depth labs.
- A course USB with many tools used for all in-house labs.
- Virtual machines full of penetration testing tools and specimens specially calibrated and tested to work with all our labs and optimized for use in your own penetration tests.
- Access to recorded course audio to help hammer home important network penetration testing lessons.
GIAC Exploit Researcher and Advanced Penetration Tester
The GIAC Exploit Researcher and Advanced Penetration Tester certification validates a practitioner’s ability to find and mitigate significant security flaws in systems and networks. GXPN certification holders have the skills to conduct advanced penetration tests and model the behavior of attackers to improve system security, and the knowledge to demonstrate the business risk associated with these behaviors.
- Network Attacks, Crypto, Network Booting, and Restricted Environments
- Python, Scapy, and Fuzzing
- Exploiting Windows and Linux for Penetration Testers
This is a fast-paced, advanced course that requires a strong desire to learn advanced penetration testing and custom exploitation techniques. The following SANS courses are recommended either prior to or as a companion to taking this course:
- SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling
- SEC560: Network Penetration Testing and Ethical Hacking
Experience with programming in any language is highly recommended. At a minimum, students are advised to read up on basic programming concepts. Python is the primary language used during class exercises, while programs written in C and C++ code are the primary languages being reversed and exploited. The basics of programming will not be covered in this course, although there is an introductory module on Python.
You should also be well versed with the fundamentals of penetration testing prior to taking this course. Familiarity with Linux and Windows is mandatory. A solid understanding of TCP/IP and networking concepts is required. Please contact the author at email@example.com if you have any questions or concerns about the prerequisites.
Important! Bring your own system configured according to these instructions!
A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, we strongly urge you to arrive with a system meeting all the requirements specified for the course.
It is critical that you back-up your system before class. it is also strongly advised that you do not bring a system storing any sensitive data.
- 64-bit Intel i5/i7 2.0+ GHz processor
- Enabled “Intel-VT”
- USB 3.0 Type-A Port
- 16 GB RAM (8 GB min)
- 60 GB Free Hard Drive Space
- Latest version of Windows 10, macOS 10.15.x or later, or Linux that also can install and run VMware virtualization products described below. Note: Apple systems using the M1 processor cannot perform the necessary virtualization at this time and cannot be used for this course.
- A wired network connection
- VMware Workstation Pro 15.5.X+, VMware Player 15.5.X+ or Fusion 11.5+
- Have an account with local admin privileges
- Ability to disable your enterprise VPN client temporarily for some exercises
- Ability to disable your anti-virus tools temporarily for some exercises
Your course media will now be delivered via download. The media files for class can be large, some in the 40 – 50 GB range. You need to allow plenty of time for the download to complete. Internet connections and speed vary greatly and are dependent on many different factors. Therefore, it is not possible to give an estimate of the length of time it will take to download your materials. Please start your course media downloads as you get the link. You will need your course media immediately on the first day of class. Waiting until the night before the class starts to begin your download has a high probability of failure.
SANS has begun providing printed materials in PDF form. Additionally, certain classes are using an electronic workbook in addition to the PDFs. The number of classes using eWorkbooks will grow quickly. In this new environment, we have found that a second monitor and/or a tablet device can be useful by keeping the class materials visible while the instructor is presenting or while you are working on lab exercises.
When conducting an in-depth penetration test, we are often faced with situations that require unique or complex solutions to successfully pull off an attack, mimicking the activities of increasingly sophisticated real-world attackers. Without the skills to identify and implement those solutions, you may miss a major vulnerability or not properly assess its business impact. Target system personnel are relying on you to tell them whether an environment is secured. Attackers are almost always one step ahead and are relying on our nature to become complacent, even with regard to the very controls we worked so hard to deploy. This course was written to keep you from making mistakes others have made, teach you cutting-edge tricks to thoroughly evaluate a target, and provide you with the skills to jump into exploit development. Contact me at firstname.lastname@example.org if you have any questions about the course!
– Stephen Sims (Lead Author)