Description
Size: 21.6 GB
Who Should Attend SEC660?
- Network and Systems Penetration Testers: SEC660 provides penetration testers with the training they need to perform advanced testing against known or unknown applications, services, and network systems. And the course gives students the expertise to perform complex attacks and develop their own exploits for existing and new frameworks.
- Incident Handlers: SEC660 gives incident handlers the knowledge they need to understand advanced threats, as handlers are often tasked with determining the threat level associated with an attack. The ability to understand advanced attack techniques and analyze exploit code can help a handler identify, detect, and respond to an incident.
- Application Developers: SEC660 teaches developers the ramifications of poor coding. Often, a developer or code reviewer is required to clearly demonstrate the threat and impact of a coding error. This course provides developers with the knowledge to create proof-of-concept exploit code and document their findings.
- IDS Engineers: SEC660 teaches IDS professionals how to analyze exploit code and identify weaknesses. This knowledge can be used to write better IDS signatures and understand the impact of an alert.
You Will Be Able To
- Perform fuzz testing to enhance your company’s SDL process.
- Exploit network devices and assess network application protocols.
- Escape from restricted environments on Linux and Windows.
- Test cryptographic implementations.
- Model the techniques used by attackers to perform 0-day vulnerability discovery and exploit development.
- Develop more accurate quantitative and qualitative risk assessments through validation.
- Demonstrate the needs and effects of leveraging modern exploit mitigation controls.
- Reverse-engineer vulnerable code to write custom exploits.
Hands-On Training
- Exploit routing protocol implementations such as OSPF.
- Bypass different types of NAC implementations.
- Exploit patch updates.
- Perform man-in-the-middle attacks to remove SSL.
- Perform IPv6 attacks.
- Exploit poor cryptographic implementations using CBC bit flipping attacks and hash length extension attacks.
- Hijack network booting environments.
- Exploit virtualization implementations.
- Write Python scripts to automate testing.
- Write fuzzers to trigger bugs in software.
- Reverse-engineer applications to locate code paths and identify potential exploitable bugs.
- Debug Linux applications.
- Debug Windows applications.
- Write exploits against buffer overflow vulnerabilities.
- Bypass exploit mitigations such as ASLR, DEP, stack canaries, SafeSEH, etc.
- Use ROP to bypass or disable security controls.
