Brochure Sans
Transcript of Brochure Sans
-
8/8/2019 Brochure Sans
1/40
f COUS xCpSwww.sans.org/OnDemand
The most extensive online library
for cutting-edge information
security courses in the world
Top 5 Reasons to TakeSANS OnDemand
Try any of over 30 courses anytime, anywhere
Taught by SANS Top Gun instructorsincluding Dr. Eric Cole, Rob Lee,Ed Skoudis, and Dr. Johannes Ullrich
Includes video, labs, andhands-on exercises
Integrated assessments forGIAC Prep
No travel or time away fromthe oce
o & m
25%discounton any course
egister by pril 30, 2010
and use the discunt cde:
OD_CC
2010
COUS CAALOG
-
8/8/2019 Brochure Sans
2/40
Stephen Northcutt
Dear Colleague,
I would like to invite you to take a cutting-edge SANS security
course in our newest version of SANS OnDemand online training and
assessment system. This is the most comprehensive online training
system available anywhere in the world, and with it, SANS delivers
the same unparalleled content you would receive in our classroomenvironment. Choose a course from our online library, which includes
SANS courses taught by our top instructors.
SANS OnDemand is one of our most affordable training options and ideal for getting the
most exibility out of your training budget. Whether youre new to information security or
have years of experience, youll nd SANS OnDemand delivering relevant and pragmatic
training that is guaranteed to increase your effectiveness on the job!
A great article on Computeruser.com addressed six must-ask questions to get the most outof your IT training. Find out what SANS OnDemand has to offer you and your organization
by considering our answers to these essential questions.
1.Whoareyourinstructors?
A select group of IT professionals who are the technology leaders shaping the future of information
security. We have recorded the voices and stories of some of SANS top-rated instructors like Dr. Eric Cole,
Rob Lee, Ed Skoudis, and Dr. Johannes Ullrich.
2.Howmuchhands-onpracticeisprovided?Hands-on exercises are provided throughout the courses to demonstrate the use of specic tools or skills. Our
users are able to do the hands-on exercises right in their home or oce using their own computer systems.
3.Wheredoesthecoursewarecomerom?
Our courseware is created by our leading instructors and is updated on a regular basis as technology
evolves. OnDemand is also proven to be one of the most eective ways to prepare for GIAC Certication.
4.Doyoutrainorcertifcationorcompetency?
We do both with OnDemand. Every learning objective has an outcome statement that describes what
knowledge or skill is encompassed in that learning objective. Assessment tests and hands-on exercises
are given throughout the training to determine competency. At the end of the course, the student may
attempt the GIAC certication.
5.Howbigareyourclasses?
There is a class size of one all classes are completely Internet-based, and we are also available by e-mail
or telephone if a student has any questions. Our program allows you to learn at your own pace and at times
convenient to you instead of attending a class based on a set schedule.
6.HowcanIcontrolcostswhilemaintainingconvenience?Through our online program, we come to you over the Internet whenever and wherever you want to access
training. Because many of the learning objectives are fairly short, even ten to fteen minutes can be
enough to make progress on your coursework.
SANS OnDemand is the perfect solution if you have training requirements for just one
person or a group of any size. Contact us at (301) 654-7267 or [email protected] and
ask about the OnDemand Flex Pass. Many organizations have found it to be the perfect
solution for meeting their varied training needs.
Best regards,
Stephen Northcutt
President
SANS Technology Institute, a postgraduate computer security college
-
8/8/2019 Brochure Sans
3/40
able o Contents
To register or get more information, visit www.sans.org/OnDemand e-mail: [email protected] Phone: 301-654-7267 1
SANS Cyber Guardian Program 2
DoD Directive 8570 3
GIAC Global Information Assurance Certication 3
SANS Training and Your Career Roadmap 4-5SEC301: Intro to Information Security 6
SEC401: SANS Security Essentials Bootcamp Style 7
SEC501: Advanced Security Essentials Enterprise Defender 8
SEC502: Perimeter Protection In-Depth 9
SEC503: Intrusion Detection In-Depth 10
SEC504: Hacker Techniques, Exploits, and Incident Handling 11
SEC505: Securing Windows 12
SEC506: Securing Linux/Unix 13
SEC509: Securing Oracle 14
SEC542: Web App Penetration Testing and Ethical Hacking 15
SEC560: Network Penetration Testing and Ethical Hacking 16
SEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses 17
SEC709:Developing Exploits for Penetration Testers and Security Researchers 18
FOR408: Computer Forensic Essentials 19
FOR508: Computer Forensics, Investigation, and Response 20
FOR610:Reverse-Engineering Malware: Malware Analysis Tools & Techniques 21
MGT411: SANS 27000 Implementation & Management 22
MGT414: SANS +S Training Program for the CISSP Certication Exam 23
MGT512:Security Leadership Essentials for Managers with Knowledge Compression 24
LEG523:Legal Issues in Information Technology & Information Security 25
AUD410: IT Security Audit and Control Essentials 26
AUD507: Auditing Networks, Perimeters, and Systems 27
DEV422: Defending Web Applications Security Essentials 28
DEV541: Secure Coding in Java/JEE: Developing Defensible Apps 28DEV544: Secure Coding in NET: Developing Defensible Apps 29
DEV545: Secure Coding in PHP: Developing Defensible Apps 29
SANS OnDemand Skill-Based Short Courses 30
SANS 2010 Live Training Calendar 31
Other SANS Training Options 32-33
SANS vLive! 33
SANS Technology Institute Masters Degree in Information Security 33
OnDemand Flex Pass 34-35
OnDemand Registration Information 36
OnDemand Course Fees 37
-
8/8/2019 Brochure Sans
4/40
Become a
SANS Cyber Guardian
and stay one step ahead
of the threats as well as
know what to do
when a breach occurs.
www.sans.org/cyber-guardian
CYBER GUARDIAN
P R O G R A M
T h e
SANS Cyber GuArdiANP R O G R A M
About the Program
SANS Cyber Guardian program is designed for the
elite teams of technical security professionals who
are part of the armed forces, Department of Defense,
government agencies, and organizations whose role
includes securing systems, reconnaissance, counter-
terrorism and counter hacks. These teams will be the
Cyber Security Special Forces where each individualsrole makes the team successful.
Program Overview
Prerequisite is completion of GSEC or CISSP
Core Courses and Certication:
- SEC 503: Intrusion Detection In-Depth - GCIA
- SEC 508: Computer Forensics, Investigation,
and Response - GCFA
- SEC 560: Network Penetration Testing and
Ethical Hacking - GPEN
Select a Red or Blue Team Specialty
Complete and Pass Two Specialty Courses and
Certications
Complete the GSE Hands-On Exam
Program Benets forSecurity Professionals
You will be prepared for all types of cyber attacks
and know how to react when a breach occurs
Receive SANS elite, hands-on training
Earn an exclusive GIAC Security Expert Certication
that will set you apart in the infosec eld
Receive a SANS Cyber Guardian Patch and use of
the logo for business cards and proposals
Career Opportunities infosec professionals with
SANS Cyber Guardian skills are in high demand.
You can opt to have SANS refer you to agencies and
organizations who need Cyber Guardians.
Program Benets forServices and Employers
Gain the reassurance that your systems are
being protected by the most qualied security
professionals available
Your employees will be able to keep you up-to-
date on the latest attacks
Use of the SANS Cyber Guardian logo for business
proposals, stationery, and business cards
Learnmoreatwww.sans.org/cyber-guardian
real Theats, real Skills, real Success
2
-
8/8/2019 Brochure Sans
5/40
EARN YOUR CERTIFI CATION
o four easons to Get GIAC Certied
1. Promotes hands-on technical skills and improves knowledge retention
TheGIACcerticationprocessforcedmetodigdeeperintotheinformationthatIwastaught
inclass.Asaresultofthis,Iintegratedthistrainingintomypracticalskillsetandimprovedmy
hands-onskills.-Dean Farrington, inFormation Security engineer, WellS Fargo
2. Provides proof that you possess hands-on technical skills
GIACprovesthatIhaveaverysolidtechnicalbackgroundtosupportanychallengeIdeal
witheveryday.Therearesomanynewtoolscomingupdaily,buttheunderlyingbackground
essentiallyremainsthesame.-Wayne Ho, BuSineSS inFormation Security oFFicer, gloBal Bank
3. Positions you to be promoted and earn respect among your peers
IthinktheGIACcerticationhasdenitelyhelpedprovidecredibilityformeintheworkplace.
This,inturn,hashelpedmebemoreeffectiveatmyjob. -matt auStin, Senior Security conSultant, Symantec
4. Proves to hiring managers that you are technically qualied for the job
Hiringmanagersarealwayslookingforwaystohelpsortthroughcandidates.GIACcertica-
tionsareamajordiscriminator.Theyensurethatthecandidatehashands-ontechnicalskills.
-cHriS ScHock, netWork engineer, StateoF coloraDo
To register or get more information, visit www.sans.org/OnDemand e-mail: [email protected] Phone: 301-654-7267 3
DoDDirective8570requires:
BytheendofCY2010, personnelperformingITandIMfunctionsmustbecertied.
BytheendofCY2011 personnelperformingCND-SPandISErolesmustbecertied.
IjobswillbecategorizedasTechnicalorManagementevelI,II,orIII,andtobequaliedforthosejobs,youmustbecertied.
DoDBaselineICertications
TECH II: GSEC TECH III: GSE CISSP CISA
MGT I: GSLC GISF MGT II: GSLC CISSP MGT II: GSLC CISSP
InformationssuranceSystemrchitecture&Engineering(ISE)Certications
IASAE I: CISSP IASAE II: CISSP
ComputerNetworkDefense(CND)Certications
CND Analyst: GCIA CND Incident Responder: GCIH CND Auditor: GSNA CISA
TrainingforCertications
AUD423: CISA AUD507: GSNA MGT414: CISSP MGT512: GSLC SEC301: GISF
SEC401: GSEC SEC503: GCIA SEC504: GCIH SEC401, SEC503 & SEC504: GSE
Its not about
the cert, its
about the
knowledgegained in pursuit
o the cert.
-Dave Hull,
TrusTeD signal, llC
Get more information atwww.sans.org/8570
-
8/8/2019 Brochure Sans
6/40
S A N S T R A I N I N G A N D Y
ForacompletelistoSANScourses,visitwww.sans.org.
SEC504Hacker Techniques,
Exploits, andIncident Handling
GCIH PG 11
SEC501Advanced Security
Essentials Enterprise Defender
GCED PG 8
SEC540VoIP Security
SEC560Network Pen
Testing and EthicalHacking
GPEN PG 16
SEC542Web App Pen
Testing and EthicalHacking
GWAPT PG 15
dditinal Penetratin esting Curses
DEV538:Web Application Pen Testing
SEC553:Metasploit for Pen Testers
SEC561:Network Penetration Testing
dditinal ncident Handling Curses
SEC517: Cutting-Edge Hacking Techniques
SEC550: Information Reconnaissance: CompetitiveIntelligence and Online Privacy
Network and Application
Security Curriculum
SEC501Advanced Security
Essentials Enterprise Defender
GCED PG 8
SEC301Intro to Information
SecurityGISF PG 6
SEC401SANS Security
EssentialsBootcamp Style
GSEC PG 7
Beginners
dditinal etwrk and pplicatin ecurity Curses
SEC440:20 Critical Security Controls:Planning, Implementing, and Auditing
SEC556: Comprehensive Packet Analysis
SEC566: 20 Critical Security Controls - In Depth
SEC617Wireless Ethical
Hacking, Pen Testing,and Defenses
GAWN PG 17
SEC709Developing Exploitsfor Pen Testers and
Security Researchers
PG 18
dditinal udit Curses
UD410:IT Security Audit and ControlEssentials PG 26
UD429: IT Security Audit Essentials BootcampUD521: PCI/DSS 1.2: Becoming and Staying
Compliant
SEC440:20 Critical Security Controls:Planning, Implementing, and Auditing
SEC566: 20 Critical Security Controls In Depth
A U D I C U I C U L U M
AUD507Auditing Networks, Perimeters,
and SystemsGSNA PG 27
SEC301 NOTE:I you have experi-
ence in the feld,please consider our
more advancedcourse SEC401.
A p p L I C A I O N S C U I YC U I C U L U M
Secure Coding
dditinal ecure Cding Curses
DEV304:Software Security Awareness
DEV320: Introduction to the Microsoft Security Development Lifecycle
DEV534:Secure Code Review for Java Web Apps
DEV536:Secure Coding for PCI Compliance
Web App Pen Testing
SEC542Web App Pen
Testing and EthicalHacking
GWAPT PG 15
dditinal Web ppPen esting Curses
DEV538:Web App Pen Testing
Web App Security
DEV422Defending Web
ApplicationsSecurity Essentials
PG 28
S C U I Y C U I C
FOR508Computer Forensics,
Investigation,and Response
GCFA PG 20
Penetration Testing Curriculum
DEV544.NET
Secure Coding
GSSP-.NET PG 29
DEV541Java/JEE
Secure Coding
GSSP-JAVA PG 28
DEV545PHP
Secure Coding
PG 29
Incident Handling Curriculum
4
SEC301Intro to Information
Security
GISF PG 6
SEC401SANS Security
EssentialsBootcamp Style
GSEC PG 7
-
8/8/2019 Brochure Sans
7/40
O U R C A R E E R R O A D M A P
ForacompletelistoGIACCertifcations,visitwww.giac.org.
System Administration Curriculum
SEC505SecuringWindows
GCWN PG 12
SEC501Advanced Security
Essentials Enterprise Defender
GCED PG 8
SEC506Securing
Linux/Unix
GCUX PG 13
dditinal yste dinistratin Curses
SEC434: Log Management In-Depth
SEC509: Securing Oracle PG 14
SEC531:Windows Command-Line Kung Fu
SEC546: IPv6 Essentials
SEC564: Security Architecture for Sys Admins
Intrusion Analysis Curriculum
SEC502PerimeterProtection
In-DepthGCFW PG 9
SEC501Advanced Security
Essentials
Enterprise DefenderGCED PG 8
SEC503IntrusionDetection
In-DepthGCIA PG 10
dditinal ntrusin nalysis Curses
SEC577:Virtualization Security Fundamentals
L G A LC U I C U L U M
f O N S I C SC U I C U L U M
M A N A G M N C U I C U L U M
SEC301Intro to
InformationSecurity
GISF PG 6
SEC401SANS Security
EssentialsBootcamp Style
GSEC PG 7
MGT414SANS +S
Training
Programfor the CISSPCertication
Exam
GISP PG 23
MGT525Project Management
and Eective
Communicationsfor Security
Professionals andManagers
GCPM
MGT512SANS Security
Leadership
Essentials ForManagers with
KnowledgeCompression
GSLC PG 24
SEC301Intro to
InformationSecurity
GISF PG 6
dditinal manageent Curses
MGT404: Fundamentals of Information Security Policy
MGT411: SANS 27000 Implementation & Management PG 22
MGT421: Leadership and Management Competencies
MGT432: Information Security for Business Executives
MGT438:How to Establish a Security Awareness Program
U L A
LEG523Legal Issues in
InformationTechnology and
Information Security
PG 30
GIAC certifcation available or coursesindicated with GIAC acronyms
5
dditinal Frensics Curses
FOR526: Advanced Filesystem Recovery andMemory Forensics
FOR408ComputerForensic
EssentialsPG 19
FOR508Computer Forensics,
Investigation,and Response
GCFA PG 20
FOR606Drive and
Data RecoveryForensics
FOR610REM: Malware
Analysis Tools &Techniques
GREM PG 21
FOR563Mobile Device
Forensics
FOR558NetworkForensics
SEC301Intro to Information
Security
GISF PG 6
SEC401SANS Security
EssentialsBootcamp Style
GSEC PG 7
-
8/8/2019 Brochure Sans
8/40
Intro to Inormation SecurityS E C U R I T Y
301O N L I N E T R A I N I N G
Who Should Register
Proessionals who need to hit
the ground running and need
an overview o inormation
assurance
Managers, inormation security
ofcers, and system administra-
tors who need an overview o risk
management and deense-in-
depth techniques
Anyone who writes, implements,
or must adhere to policy, disaster
recovery, or business continuity
Get GISF Certied
wwwgiacorg
WithSANSOnDemand,studentsreceive:
Four months o access to our 24/7online training and integratedassessment quizzes
A ull set o course books andhands-on CDs
Labs and hands-on exercises
Synchronized online coursewareand lectures
E-mail access to OnDemandvirtual mentors
Progress reports
Fred Kerby is an engineer, manager, and security practitioner whose experience spans several generations of networking.He is the information assurance manager at the Naval Surface Warfare Center, Dahlgren Division and has vast experience
with the political side of security incident handling. His team is one of the recipients of the SANS Security Technology
Leadership Award as well as the Government Technology Leadership Award. Fred received the Navy Meritorious Civilian
Service Award in recognition of his technical and management leadership in computer and network security. A frequent
speaker at SANS, Freds presentations reect his opinions and are not the opinions of the Department of the Navy.
IAMLevelIotheDepartmentoDeense
BaselineCertifcationor8570
Thisintroductorycertifcationcourseistheastestwayto
getuptospeedininormationsecurity.
Written and taught by battle-scarred security veterans, this entry-
level course covers a broad spectrum of security topics and is
liberally sprinkled with real life examples. A balanced mix of
technical and managerial issues makes this course appealing to
attendees who need to understand the salient facets of information
security and risk management. Organizations often tap someone
who has no information security training and say, Congratulations,you are now a security ofcer. If you need to get up to speed fast,
Security 301 rocks!
We begin by covering basic terminology and concepts, and then
move to the basics of computers and networking as we discuss
Internet Protocol, routing, Domain Name Service, and network
devices. We cover the basics of cryptography, and wireless
networking, then we look at policy as a tool to effect change in your
organization. In the nal day of the course, we put it all together
with an introduction to defense in-depth.
If youre a newcomer to the eld of
information security, this is the course
for you! You will develop the skills to
bridge the gap that often exists between
managers and system administrators
and learn to communicate effectively
with personnel in all departments and at
all levels within your organization.
This is the course SANS offers for
the professional just starting out
in security. If you have experience
in the eld, please consider our
more advanced offerings, suchas SEC401: SANS Security
Essentials Bootcamp Style.
6 To register or get more information, visit www.sans.org/OnDemand e-mail: [email protected] Phone: 301-654-7267
-
8/8/2019 Brochure Sans
9/40
Who Should Register
Security proessionals who want
to ll the gaps in their under-
standing o technical inormation
security
Network engineers wanting to
enter the eld o security
Security engineers, admins,
managers, and others wanting
a more detailed understanding
o the technical components o
security
Anyone new to inormationsecurity with some background
in inormation systems and
networking
Individuals with operational
responsibility or a rewall, VPN,
or Internet-acing device
Get GSEC Certied
wwwgiacorg
SANS Security ssentialsBootcam Style
S E C U R I T Y
401O N L I N E T R A I N I N G
ThiscourseisendorsedbytheCommitteeonNationalSecurity
Systems(CNSS)NSTISSI4013StandardorSystemsAdministratorsinInormationSystemsSecurity(INFOSEC).
Maximizeyourtrainingtimeandturbo-chargeyourcareerinsecuritybylearningtheullSANSSecurityEssentialscurriculumneededtoqualiyortheGSECcertifcation.
Security Essentials is designed to give anyone interested in network
security the skills required to be an effective player in this space. This
in-depth, comprehensive course provides the essential, up-to-the-
minute knowledge and skills required for securing systems and/or
organizations. It also gives you the language and theory of computer
security, all of it taught by the best security instructors in the industry.
WithSANSOnDemand,studentsreceive:
Four months of access to our 24/7 online training
and integrated assessment quizzes
A full set of course books and hands-on CDs Labs and hands-on exercises
Synchronized online courseware and lectures
E-mail access to OnDemand virtual mentors
Progress reports
Please nte that se curse aterial
fr C401 and m512 ay verlap. We
recend C401 fr thse interested in are technical curse f study and m512
fr thse priarily interested in a leadership-
riented but less technical learning experience.
IATLevelIIotheDepartmentoDeense
BaselineCertifcationor8570
Eric Cole, PhD is an industry recognized security expert, with over 15 years of hands-on experience. Cole currently
performs leading-edge security consulting and works in research and development to advance the state of the art in
information systems security. Cole has experience in information technology with a focus on perimeter defense, secure
network design, vulnerability discovery, penetration testing, and intrusion detection systems. Cole has a masters degree
in computer science from NYIT and a PhD from Pace University with a concentration in information security. Dr. Cole is
the author of several books including Hackerole, Hackers Beware, Hiding in Plain Site, Network Security Bible, and Insider
Threat. He is the inventor of over 20 patents and is a researcher, writer, and speaker. Eric is also a senior scientist with
Lockheed Martin Information Technology (LMIT) and Lockheed Martin (LM) fellow. Cole is actively involved with the SANS
Technology Institute (STI) and SANS working with students, teaching, and maintaining and developing courseware.
To register or get more information, visit www.sans.org/OnDemand e-mail: [email protected] Phone: 301-654-7267 7
-
8/8/2019 Brochure Sans
10/40
SANS Security ssentials nterrise Deender
S E C U R I T Y
501O N L I N E T R A I N I N G
Who Should Register
Students who have taken Secu-
rity Essentials and want a more
advanced 500-level course similar
to SEC401
People who have oundational
knowledge covered in SEC401,
do not want to take a specialized
500-level course, and still want
a broad advanced coverage o
the core areas to protect their
systems
Anyone looking or detailedtechnical knowledge on how
to protect against, detect, and
react to the new threats that will
continue to cause harm to an
organization
Get GCED Certied
wwwgiacorg
WithSANSOnDemand,studentsreceive:
Four months o access to our 24/7online training and integratedassessment quizzes
A ull set o course books andhands-on CDs
Labs and hands-on exercises
Synchronized onlinecourseware and lectures
E-mail access to OnDemandvirtual mentors
Progress reports
Eric Cole, PhD is an industry recognized security expert, with over 15 years of hands-on experience. Cole currently performs
leading-edge security consulting and works in research and development to advance the state of the art in information
systems security. Cole has experience in information technology with a focus on perimeter defense, secure network design,
vulnerability discovery, penetration testing, and intrusion detection systems. Cole has a masters degree in computer
science from NYIT and a PhD from Pace University with a concentration in information security. Dr. Cole is the author of
several books including Hackerole, Hackers Beware, Hiding in Plain Site, Network Security Bible, and Insider Threat. He is
the inventor of over 20 patents and is a researcher, writer, and speaker. Eric is also a senior scientist with Lockheed Martin
Information Technology (LMIT) and Lockheed Martin (LM) fellow. Cole is actively involved with the SANS Technology
Institute (STI) and SANS working with students, teaching, and maintaining and developing courseware.
Cybersecuritywillcontinuetoincreaseinimportanceasattacksbecomestealthier,haveagreaterfnancialimpactonanorganization,andcausereputationaldamage.
While Security Essentials lays a solid foundation for the security
practitioner, there is only so much that can be packed into a six-day
course. SEC501 is a follow up to SEC401: SANS Security Essentials (with
no overlap) and continues to focus on more technical areas needed to
protect an organization. The course focus is on:
Prevention - conguring a system or network correctly
Detection - identifying that a breach has occurred at the system or
network level
Reaction - responding to an incident and moving to evidence
collection/forensics
Prevention is ideal, but detection is a must. We have to ensure that we
constantly improve security to prevent as many attacks as possible. This
prevention/ protection occurs externally and internally. Attacks will
continue to pose a threat to an organization as data becomes more
portable and networks continue to be porous. Therefore a key focus
needs to be on data protection securing our critical information
whether it resides on a server, in a robust network architecture, or on a
portable device.
Despite our best effort at preventing attacks and protecting critical data,
some attacks will still be successful. Therefore we need to be able to
detect attacks in a timely fashion. This is accomplished
by understanding the trafc owing on your networks
and looking for indication of an attack. It also includes
performing penetration testing and
vulnerability analysis against anorganization to identify problems and
issues before a compromise occurs.
Finally, once an attack has been detected,
we must react in a timely fashion and
perform forensics. By understanding how
the attacker broke in, this can be fed back
into more effective and robust preventive
and detective measures, completing thesecurity lifecycle.
8 To register or get more information, visit www.sans.org/OnDemand e-mail: [email protected] Phone: 301-654-7267
-
8/8/2019 Brochure Sans
11/40
Who Should Register
Inormation security ofcers
Intrusion analysts IT managers
Network architects
Network security engineers
Network and systemadministrators
Security managers
Security analysts
Security architects Security auditors
Get GCFW Certied
wwwgiacorg
WithSANSOnDemand,studentsreceive:
4-months access to our 24/7 onlinetraining and integrated assessmentquizzes
A ull set o course books andhands-on CDs
Labs & hands-on exercises
Synchronized online coursewareand lectures
E-mail access to OnDemand virtualmentors
Progress reports
perimeter protection In-DethS E C U R I T Y
502O N L I N E T R A I N I N G
Thereisnosinglefxorsecuringyournetwork.Thats why this course is a comprehensive analysis of a wide breadth of technolo-
gies. This is probably the most diverse course in the SANS catalog, as mastery of
multiple security techniques are required to defend your network from remoteattacks. You cannot just focus on a single OS or security appliance. A proper secu-
rity posture comprises multiple layers. This course was developed to give you the
knowledge and tools necessary at every layer to ensure your network is secure.
The course starts by looking at common problems: Is there trafc passing by my
rewall I didnt expect? How did my system get compromised when no one can
connect to it from the Internet? Is there a better solution than anti-virus for con-
trolling malware? Well dig into these questions and more and answer them.
We all know how to assign an IP address, but to secure your network you really
need to understand the idiosyncrasies of the protocol. Well talk about how IP
works and how to spot the abnormal patterns. If you cant hear yourself sayingHummm, there are no TCP options in that packet. Its probably forged, then youll
gain some real insight from this portion of the material.
Once you have an understanding of the complexities of IP, well get into how to
control it on the wire. We focus on the underlying technology used by all of the
projects rather than telling you which are good and which are bad ones. A side-by-
side product comparison is only useful for that specic moment in time. By gaining
knowledge of what goes on under the cover, you will be empowered to make good
product choices for years to come. Just because two rewalls are stateful inspection,
do they really work the same on the wire? Is there really any difference between
stateful inspection and network-based intrusion prevention, or is it just marketing?These are the types of questions we address in this portion of the course.
We move on to a proper, wire-level assessment of a potential product, as well as
what options and features are available. Well even get into how to deploy trafc
control while avoiding some of the most common mistakes. Feel like your rewall
is generating too many daily entries for you to review the logs effectively? well ad-
dress this problem not by reducing the amount of critical data, but by streamlining
and automating the back end process of evaluating it.
But you cant do it all on the wire. A properly layered defense needs to include each
individual host not just the hosts exposed to access from the
Internet, but hosts that have any kind of direct or indirectInternet communication capability as well. Well start with OS
lockdown techniques and move on to third party tools that
can permit you to do anything from sandbox insecure appli-
cations to full-blown application policy enforcement.
Most signicantly, Ive developed this course material
using the following guiding principles: Learn the
process, not just one specic product; You learn
more by doing so hands-on problem-solving is
key; Always peel back the layers and identify
the root cause. While technical knowledge is
important, what really matters are the skills
to properly leverage it. This is why the course
is heavily focused on problem solving and root
cause analysis. While these are usually con-
sidered soft skills, they are vital to being an
effective role of security architect. So
along with the technical training,
youll receive risk management
capabilities and even a bit of
Zen empowerment.
Chris Brenton is a private consultant with over ten years of experience in the eld. He is one of the founding members ofthe initial Honeynet Project, one of the original Internet Storm Center handlers, and started up one of the rst managedsecurity ISPs. Over the years, hes been credited with the discovery of numerous vulnerabilities in various softwareproducts. Along with being a published author, Chris is responsible for maintaining all of the material in the SANSPerimeter Protection In-Depth course. In his spare time, Chris teaches rally and high-speed o road security driving wherehe can be found teaching students to make their side window the front of the car.
To register or get more information, visit www.sans.org/OnDemand e-mail: [email protected] Phone: 301-654-7267 9
-
8/8/2019 Brochure Sans
12/40
Who Should Register
Intrusion detection analysts(all levels)
Network engineers
System, security, and networkadministrators
Hands-on security managers
Individuals with operationalresponsibility or a rewall, VPN,or Internet-acing device
Get GCIA Certied
wwwgiacorg
WithSANSOnDemand,
studentsreceive: Four months o access to our 24/7
online training and integratedassessment quizzes
A ull set o course books andhands-on CDs
Labs and hands-on exercises
Synchronized online coursewareand lectures
E-mail access to OnDemandvirtual mentors
Progress reports
Intrusion Detection In-DethS E C U R I T Y
503O N L I N E T R A I N I N G
Mike Poor is a founder and senior security analyst for the DC rm Inguardians, LLC. In his recent past life he has worked
for Sourcere as a research engineer and for the SANS Institute leading their Intrusion Analysis Team. As a consultant,
Mike conducts forensic analysis, penetration tests, vulnerability assessments, security audits, and architecture reviews.
His primary job focus, however, is in intrusion detection, response, and mitigation. Mike currently holds both GSEC and
GCIA certications and is an expert in network engineering and systems, network, and Web administration. Mike is
a contributing author of the international best selling book Snort 2.1 from Syngress and is a handler for the Internet
Storm Center.
Learnpractical,hands-onintrusiondetectionandtrafc
analysisromtoppractitioners/authorsinthefeld.
This is the most advanced program in network intrusion detection that
has ever been taught. All of the course material is either new or just
updated to reect the latest attack patterns. This series is jam-packed
with network traces and analysis tips. The emphasis is on increasing
students understanding of the workings of TCP/IP and Hex, methods of
network trafc analysis, and one specic network intrusion detection
systemSnort. This course is not a comparison or demonstration of
multiple NIDS. Instead, the knowledge/information provided here allows
students to better understand the qualities that go into a sound NIDS
and the whys behind them, and thus, to be better equipped to make a
wise selection for their sites particular needs.
This is a fast-paced course and students are expected to have a basic
working knowledge of TCP/IP (see: www.sans.org/training/tcpip_quiz.
php) in order to fully understand the topics that will be discussed.
Although others may benet from this course, it is most appropriatefor students who are or who will become intrusion detection analysts.
Students generally range from novices with some TCP/IP background
all the way to seasoned analysts. The challenging, hands-on exercises
are specially designed for all experience levels. We strongly recommend
that you spend some time getting familiar with TCPdump,
WINdump, or another network analyzer output before
coming to class.
PEEISITEYoumustpossessatleastaworking
knowledgeoTCP/IPandHex.See
www.sans.org/training/tcpip_quiz.phptotestyourTCP/IPandHexbasicsknowledge.
CNDAnalystortheDepartmento
DeenseBaselineCertifcationor8570
10 To register or get more information, visit www.sans.org/OnDemand e-mail:[email protected] Phone: 301-654-7267
-
8/8/2019 Brochure Sans
13/40
IyourorganizationhasanInternetconnectionor
adisgruntledemployee(andwhosedoesnt!),yourcomputersystemswillgetattacked.
From the ve, ten, or even one hundred daily probes against your Inter-
net infrastructure, to the malicious insider slowly creeping through your
most vital information assets, to the spyware your otherwise wholesome
users inadvertently downloaded, attackers are targeting your systems
with increasing viciousness and stealth.
By helping you understand attackers tactics and strategies in detail, giv-
ing you hands-on experience in nding vulnerabilities and discovering
intrusions, and equipping you with a comprehensive incident handling
plan, the in-depth information in this course helps you turn the tables on
computer attackers. This course addresses the latest cutting-edge insidi-
ous attack vectors, the oldie-but-goodie attacks that are still so prevalent,
and everything in between.
Instead of merely teaching a few hack attack tricks, this course includes
a step-by-step process for responding to computer incidents; a detailed
description of how attackers undermine systems so you can prepare,
detect, and respond to them; and a hands-on workshop for
discovering holes before the bad guys do. This workshop
also includes the unique SANS Capture-the-Flag event on
the last day where you will apply your skills to match wits
with your fellow students and instructor in a fun and en-
gaging learning environment. Youll get to attack the
systems in our lab and capture the ags to help
make the lessons from the whole week more con-crete. Additionally, the course explores the legal
issues associated with responding to computer
attacks including employee monitoring, working
with law enforcement, and handling evidence.
Itisimperativethatyougetwrittenpermissionrom
theproperauthorityinyourorganizationbeore
usingthesetoolsandtechniquesonyour
companyssystemandalsothatyou
adviseyournetworkandcomputer
operationsteamsoyourtesting.
Who Should Register
Members and leaders o incident
handling teams
System administrators and
security personnel
Ethical hackers/penetrationtesters who want to understand
the concepts underlying their
testing regimen
Get GCIH Certied
wwwgiacorg
WithSANSOnDemand,studentsreceive:
Four months o access to our 24/7online training and integratedassessment quizzes
A ull set o course books andhands-on CDs
Labs and hands-on exercises
Synchronized onlinecourseware and lectures
E-mail access toOnDemand virtual
mentors Progress reports
CNDIncidentesponderortheDept.o
DeenseBaselineCertifcationor8570
Ed Skoudis is a founder and senior security consultant with InGuardians. Eds expertise includes hacker attacks anddefenses, the information security industry, and computer privacy issues, with over fteen years of experience in informa-tion security. Ed authored and regularly teaches the SANS courses on network penetration testing (SEC560) and incidentresponse (SEC504), helping over three thousand information security professionals each year improve their skills and abili-ties to defend their networks. He has performed numerous security assessments; conducted exhaustive anti-virus, anti-
spyware, Virtual Machine, and IPS research; and responded to computer attacks for clients in nancial, high technology,healthcare, and other industries. Ed conducted a demonstration of hacker techniques against nancial institutions forthe United States Senate and is a frequent speaker on issues associated with hacker tools and defenses. He has publishednumerous articles on these topics as well as the Prentice Hall best sellers Counter Hack ReloadedandMalware: FightingMalicious Code. Ed was also awarded 2004-2009 Microsoft MVP awards for Windows Server Security and is an alumnus ofthe Honeynet Project. Previous to InGuardians, Ed served as a security consultant with International Network Services(INS), Global Integrity, Predictive Systems, SAIC, and Bell Communications Research (Bellcore).
S E C U R I T Y
504O N L I N E T R A I N I N G
Hacker echniques, loits, andIncident Handling
To register or get more information, visitwww.sans.org/OnDemand e-mail: [email protected] Phone: 301-654-7267 11
-
8/8/2019 Brochure Sans
14/40
S E C U R I T Y
505O N L I N E T R A I N I N G
Who Should Register
Windows network securityengineers and architects
Windows administrators withsecurity duties
Anyone with Windows machineswho wants to implement theSANS 20 Critical Security Controls
Active Directory designers andadministrators
Those who must enorce securitypolicies on Windows hosts
Those deploying or managing aPKI or smart cards
IIS administrators and Web mas-ters with Web servers at risk
Administrators who use the com-mand line or scripting to auto-mate their duties and must learnPowerShell (the replacement orCMD scripting and VBScript)
Get GCWN Certied
wwwgiacorg
WithSANSOnDemand,studentsreceive:
Four months o access to our 24/7online training and integratedassessment quizzes
A ull set o course books andhands-on CDs
Labs and hands-on exercises
Synchronized online coursewareand lectures
E-mail access to OnDemandvirtual mentors
Progress reports
Jason Fossen is a principal security consultant at Enclave Consulting LLC, a published author, and a frequent public speakeron Microsoft security issues. He is the sole author of the SANS week-long Securing Windows course (SEC505), maintainsthe Windows day of Security Essentials (SEC401.5), and has been involved in numerous other SANS projects since 1998. Hegraduated from the University of Virginia, received his masters degree from the University of Texas at Austin, and holds anumber of professional certications. He currently lives in Dallas, Texas.
WillyoubetransitioningromWindowsXPtoWindows7?
The Securing Windows course is fully updated for Windows Server
2008-R2 and Windows 7. Most of the content applies to Windows Server2003 and XP too, but the focus is on 2008/Vista/7.
Concerned about the 20 Critical Security Controls of the Consensus Au-
dit Guidelines? This course will help you implement the Critical Controls
relevant to Windows systems, not just audit them, and will walk you
through most of the tools step-by-step too.
As a Windows security expert, how can you stand out from the crowd
and offer management more than the usual apply-this-checklist advice?
Be a security architect who understands the big picture. You can save
your organization money, maintain compliance with regulations, secure
your networks, and advance your career all at the same time. How? By
leveraging the Windows infrastructure youve already paid for.
This program is a comprehensive set of courses for Windows security
architects and administrators. It tackles tough problems like Active
Directory forest design, how to use Group Policy to lock down desktops,
deploying a Microsoft PKI and smart cards, pushing rewall and IPSec
policies out to every computer in the domain, securing public IIS web
servers, and PowerShell scripting.
PowerShell is the future of Windows scripting and automation. Easier to
learn and more powerful than VBScript, PowerShell is an essential tool
for automation and scalable management. And if theres one skill that
will most benet the career of a Windows specialist, its scripting, be-
cause most of your competition lack scripting skills, so its a great way to
make your resume stand out. Scripting skills are also essential for being
able to implement the 20 Critical Security Controls.
You are encouraged to bring a virtual machine running
Windows Server 2008 Enterprise Edition congured asa domain controller, but this is not a requirement for
attendance since the instructor will demo everything
discussed on-screen. You can get a free evaluation ver-
sion of Server 2008 from Microsofts Web site (just do
a Google search on site:microsoft.com Server 2008
trial). You can use VMware, Virtual PC or any
other virtual machine software.
This is a fun and fascinating
course, a real eye-opener even
for Windows administrators with
years of experience. Come see
why theres a lot more to Windows
security than just applying patches
and changing passwords; come see
why a Windows network needs a
security architect.
Securing Windows
12 To register or get more information, visit www.sans.org/OnDemand e-mail:[email protected] Phone: 301-654-7267
-
8/8/2019 Brochure Sans
15/40
Who Should Register
Security proessionals looking to
learn the basics o securing Unixoperating systems
Experienced administrators
looking or in-depth descriptions
o attacks on Unix systems and
how they can be prevented
Administrators needing
inormation on how to secure
common Internet applications
on the Unix platorm
Auditors, incident responders,
and InoSec analysts who need
greater visibility into Linux and
Unix security tools, procedures,
and best practices
Get GCUX Certied
wwwgiacorg
Hal is founder and CEO of Deer Run Associates, a systems management and security consulting rm. He has spent morethan 15 years managing systems and networks for some of the largest commercial, government, and academic organiza-tions in the country. He is the technical editor forSysAdmin Magazine and was the recipient of the 2001 SAGE OutstandingAchievement award for his teaching and leadership in the eld of system administration. Hal participated in the rst SANStraining program and designed the SANS Step-by-Step course model. He is a top-rated instructor and author on topicsranging from information security to system and network management to Perl programming.
S E C U R I T Y
506O N L I N E T R A I N I N G
Experiencein-depthcoverageoLinuxandnixsecurityissues.
Examine how to mitigate or eliminate general problems that apply toall Unix-like operating systems, including vulnerabilities in the password
authentication system, le system, virtual memory system, and applica-
tions that commonly run on Linux and Unix. This course provides specic
conguration guidance and practical, real-world examples, tips, and tricks.
Throughout this course, you will become skilled at utilizing freely available
tools to handle security issues, including SSH, AIDE, sudo, lsof, and many
others. SANS practical approach with hands-on exercises every day
ensures that you can start using these tools as soon as you return to work.We will also put these tools to work in a special section that covers simple
forensic techniques for investigating compromised systems.
Sampling of Topics
Memory attacks, buer overows
File system attacks, race conditions
Trojan horse programs and rootkits
Monitoring and alerting tools
Unix logging and kernel-level auditing Building a centralized logging infrastructure
Network security tools
SSH for secure administration
Server lockdown for Linux and Unix
Controlling root access with sudo
SELinux and chroot() for application security
DNSSEC deployment andautomation
mod_security and Webapplication rewalls
Secure conguration of BIND,Sendmail, Apache
Forensic investigation
Securing Linu/Uni
To register or get more information, visitwww.sans.org/OnDemand e-mail: [email protected] Phone: 301-654-7267 13
WithSANSOnDemand,studentsreceive:
Four months o access to our 24/7 online training andintegrated assessment quizzes
A ull set o course books and hands-on CDs
Labs and hands-on exercises
Synchronized online courseware and lectures
E-mail access to OnDemand virtual mentors
Progress reports
PEEISITEStudentsmustpossessatleasta
workingknowledgeonix.Most
studentswhoattendthecourse
haveaminimumothreetofveyearsonixsystemadministration
experience.Totestyourknowledge,
seeournixKnowledgeuizat
http://www.sans.org/training/
unix_quiz.php.
-
8/8/2019 Brochure Sans
16/40
12 To register or get more information, visit www.sans.org/OnDemand e-mail: [email protected] Phone: 301-654-7267
Who Should Register
Oracle database administrators
responsible or installation andmanagement o Oracle databases
Developers who wish to create
secure data access applications
and Web sites
Security proessionals who are
concerned about the secu-
rity o their organizations Oracle
databases
Auditors and penetration testers
who need to evaluate the security
o Oracle databases
Security managers who need to
understand the security risks with
data held in an Oracle database
Securing OracleS E C U R I T Y
509O N L I N E T R A I N I N G
Tanya Baccam is a senior SANS instructor as well as a SANS courseware author. She also provides many security consulting
services, such as system audits, vulnerability and risk assessments, database assessments, Web application assessments,
and penetration testing. She has previously worked as the director of assurance services for a security services consultingrm, as well as manager of infrastructure security for a healthcare organization. She also served as a manager at Deloitte
& Touche in the Security Services practice. Throughout her career she has consulted with many clients about their security
architecture, including areas such as perimeter security, network infrastructure design, system audits, Web server security,
and database security. She has played an integral role in developing multiple business applications and currently holds the
CPA, GCFW, GCIH, CISSP, CISM, CISA, CCNA, CCSE, CCSA, and Oracle DBA certications.
ExpertsagreethatOracleisoneothemostcomplexsotwarepackagesavailabletoday.
Unfortunately, complexity often introduces an increased risk forvulnerabilities. These vulnerabilities are being increasingly targeted by
attackers. It is not uncommon for the SANS Internet Storm Center to see
hundreds of thousands of hack attempts against Oracle databases each
month.
SANS recognizes the need for comprehensive Oracle security training
to help organizations protect their most critical information resources.
In this course, the student is lead through the process of auditing and
securing Oracle by dening the risks to data, using auditing techniquesfor detecting unauthorized access attempts, using Oracle access controls
and user management functions, and developing reliable backup and
restore processes and techniques to secure the Oracle database, as well
as applications.
Throughout the course the student will be exposed to the database as
seen through the eyes of an attacker, including public and unreleased
techniques that are used to compromise the integrity of the database
or escalate a users privileges. In this fashion, the student gains a betterunderstanding of how an attacker sees a database as a target and
how we can congure the database to be resistant to known and
unknown attacks.
This course has been updated for versions of Oracle up to and
including 11g on Unix and Windows operating systems.
14 To register or get more information, visit www.sans.org/OnDemand e-mail:[email protected] Phone: 301-654-7267
WithSANSOnDemand,studentsreceive:
Four months o access to our 24/7 online training and integratedassessment quizzes
A ull set o course books and hands-on CDs
Labs and hands-on exercises
Synchronized online coursewareand lectures
E-mail access to OnDemand virtual mentors
Progress reports
-
8/8/2019 Brochure Sans
17/40
To register or get more information, visit www.sans.org/OnDemand e-mail: [email protected] Phone: 301-654-7267 13
Who Should Register
General security practitioners
Web site designers and
architects
Developers
Get GWAPT
Certied
wwwgiacorg
WithSANSOnDemand,studentsreceive:
Four months o access toour 24/7 online training andintegrated assessment quizzes
A ull set o course books andhands-on CDs
Labs and hands-on exercises
Synchronized online coursewareand lectures
E-mail access to OnDemandvirtual mentors
Progress reports
Web A penetrationesting and thical Hacking
S E C U R I T Y
542O N L I N E T R A I N I N G
Kevin Johnson is a senior security analyst with InGuardians. Kevin came to security from a development and system-administration background. He has many years of experience performing security services for Fortune 100 companies,and in his spare time contributes to a large number of open-source security projects. Kevin founded and leads thedevelopment on the Basic Analysis and Security Engine (BASE) project, the most popular Web interface for the Snortintrusion detection system. Kevin is an instructor for SANS, teaching both SEC504: Hacker Techniques, Exploits, andIncident Handling and SEC542: Web App Penetration Testing and Ethical Hacking. He has presented to many organizations,including Infragard, ISACA, ISSA, and the University of Florida.
AssessYourWebAppsinDepth
Web applications are a major point of vulnerability in organizations today.
Web app holes have resulted in the theft of millions of credit cards, majornancial and reputational damage for hundreds of enterprises, and even
the compromise of thousands of browsing machines that visited Web
sites altered by attackers. In this class, well learn the art of exploiting Web
applications so we can nd aws in our enterprises Web apps before the
bad guys do. Through detailed, hands-on exercises and training from a
seasoned professional, we will learn the four-step process for Web ap-
plication penetration testing. We will inject SQL into back-end databases
to learn how attackers exltrate sensitive data. We will use Cross-Site
Scripting attacks to dominate a target infrastructure in our unique hands-
on laboratory environment. And, we will explore various other Web app
vulnerabilities in depth with tried-and-true techniques for nding them
using a structured testing regimen. We will learn the tools and methods of
the attacker so that you can be a powerful defender.
We will study the attackers view of the Web and analyze the art of
reconnaissance, specically targeted to Web applications. We will also
examine the mapping phase when we interact with a real application
to determine its internal structure. In the discovery phase well focus on
client-side portions of the application, such as Flash objects and Java
applets. We then move into the nal stage, exploitation, using advanced
methods to gain further access within the application and wrapping
things up with a walk-through of an entire attack scenario. Students will
learn methods of combining various attacks to better gauge
the business impact of application vulnerabilities.
Throughout the class, we will learn the context behind the
attacks so that you understand the real-life applications
of our exploitation. In the end, we will be able to
assess your own organizations Web applications
to nd some of the most common and
damaging Web app vulnerabilities. By knowing
your enemy, you can defeat your enemy.
General security practitioners as well as Web
site designers, architects, and developers will
benet from learning the practical art of Web
application penetration testing.
To register or get more information, visitwww.sans.org/OnDemand e-mail: [email protected] Phone: 301-654-7267 15
-
8/8/2019 Brochure Sans
18/40
12 To register or get more information, visit www.sans.org/OnDemand e-mail: [email protected] Phone: 301-654-7267
Who Should Register
Penetration testers
Ethical hackers Auditors who need to build deeper
technical skills
Security personnel whose jobinvolves assessing target networks
and systems to nd security
vulnerabilities
Get GPEN Certied
wwwgiacorg
WithSANSOnDemand,studentsreceive:
Four months o access to our 24/7online training and integratedassessment quizzes
A ull set o course books andhands-on CDs
Labs and hands-on exercises
Synchronized onlinecourseware andlectures
E-mail accessto OnDemandvirtual mentors
Progress reports
Network penetration estingand thical Hacking
S E C U R I T Y
560O N L I N E T R A I N I N G
Ed Skoudis is a founder and senior security consultant with InGuardians. Eds expertise includes hacker attacks anddefenses, the information security industry, and computer privacy issues, with over fteen years of experience in informa-tion security. Ed authored and regularly teaches the SANS courses on network penetration testing (SEC560) and incidentresponse (SEC504), helping over three thousand information security professionals each year improve their skills and abili-ties to defend their networks. He has performed numerous security assessments; conducted exhaustive anti-virus, anti-
spyware, Virtual Machine, and IPS research; and responded to computer attacks for clients in nancial, high technology,healthcare, and other industries. Ed conducted a demonstration of hacker techniques against nancial institutions forthe United States Senate and is a frequent speaker on issues associated with hacker tools and defenses. He has publishednumerous articles on these topics as well as the Prentice Hall best sellers Counter Hack ReloadedandMalware: FightingMalicious Code. Ed was also awarded 2004-2009 Microsoft MVP awards for Windows Server Security and is an alumnus ofthe Honeynet Project. Previous to InGuardians, Ed served as a security consultant with International Network Services(INS), Global Integrity, Predictive Systems, SAIC, and Bell Communications Research (Bellcore).
FindSecurityFlawsBeoretheBadGuysDo.
Security vulnerabilities, such as weak congurations, unpatched systems,
and botched architectures, continue to plague organizations. Enterprisesneed people who can nd these aws in a professional manner to help
eradicate them from our infrastructures. Lots of people claim to have
penetration testing, ethical hacking, and security assessment skills, but
precious few can apply these skills in a methodical regimen of professional
testing to help make an organization more secure. This class covers the
ingredients for successful network penetration testing to help attendees
improve their enterprises security stance.
We address detailed pre-test planning, including setting up an effective
penetration testing infrastructure and establishing ground rules with thetarget organization to avoid surprises and misunderstanding. Then we
discuss a time-tested methodology for penetration and ethical hacking
across the network, evaluating the security of network services and the
operating systems behind them.
Attendees will learn how to perform detailed reconnaissance, learning
about a targets infrastructure by mining blogs, search engines, and social
networking sites. Well then turn our attention to scanning, experimenting
with numerous tools in hands-on exercises. Our exploitation phase will
include the use of exploitation frameworks, stand-alone exploits, and
other valuable tactics, all with hands-on exercises in our lab en-
vironment. The class also discusses how to prepare a nal report
tailored to maximize the value of the test from both a manage-
ment and technical perspective. The nal portion of the class in-
cludes a comprehensive hands-on exercise in which students will
conduct a penetration test against a hypothetical target
organization following all of the steps.
The course also describes the limitationsof penetration testing techniques
and other practices that can be used
to augment penetration testing to nd
vulnerabilities in architecture, policies, and
processes. We address how penetration testing should
be integrated as a piece of a comprehensive enterprise
information security program.
ttendees are expected t have a wrking
knwledge f CP/P; cryptgraphic rutines,
such as D, , and mD5; and the
Windws and inux cand lines
befre they step int class.
16 To register or get more information, visit www.sans.org/OnDemand e-mail:[email protected] Phone: 301-654-7267
-
8/8/2019 Brochure Sans
19/40
To register or get more information, visit www.sans.org/OnDemand e-mail: [email protected] Phone: 301-654-7267 13
Who Should Register
Security proessionals who
are concerned about the
weaknesses o wirelessnetworks
Penetration testers who want
to include wireless network
security assessments in their
organizations services oerings
Auditors who must evaluate
wireless networks to ensure
they meet an acceptable level
o risk and are compliant withorganizational policy
Get GAWN
Certied
wwwgiacorg
WithSANSOnDemand,studentsreceive:
Four months o access to
our 24/7 online training andintegrated assessment quizzes
A ull set o course books andhands-on CDs
Labs and hands-on exercises
Synchronized online coursewareand lectures
E-mail access to OnDemandvirtual mentors
Progress reports
Wireless thical Hacking,penetration esting, and Deenses
S E C U R I T Y
617O N L I N E T R A I N I N G
Joshua Wright is a senior security analyst with InGuardians, LLC and a senior instructor with the SANS Institute. A widely
recognized expert in the wireless security eld, Josh has worked with private and government organizations to evaluate
the threat surrounding wireless technology. As an open-source enthusiast, Josh has developed a variety of tools that
can be leveraged for penetration testing and security analysis. Prior to joining InGuardians, Josh was the senior security
researcher for Aruba Networks, leading a team committed to signicantly improving the security of modern networks. In
his spare time, Josh looks for any opportunity to void the warranty on wireless electronics.
Wirelesstechnologyundamentallychangesacceptedsecurityparadigms.
With the pervasive deployment of wireless technology, attackers havelatched on with sophisticated and effective techniques to exploit wireless
systems at work, at home, or on the road. Despite the signicant threats,
organizations are deploying WiFi, Bluetooth, and proprietary wireless
technology at a breakneck pace. This can expose internal networks and
client systems, often allowing attackers to bypass intrusion detection
systems and other defenses.
To be a wireless security expert, you need to have a comprehensive un-
derstanding of the technology, the threats, the exploits, and the defensetechniques along with hands-on experience in evaluating and attacking
wireless networks. This course takes an in-depth look at these elds, ex-
posing you to wireless security threats through the eyes of an attacker.
Using readily available and custom-developed tools, youll navigate
your way through the techniques attackers use to exploit WiFi networks,
including attacks against WEP, WPA/WPA2, PEAP, TTLS, and other systems.
Well also examine the commonly overlooked threats associated with
Bluetooth, WiMAX, and proprietary wireless systems. With the SWATtoolkit, well back up the course content with hands-on labs and practical
exercises designed to reinforce the course concepts.
Through the use of assessment and analysis techniques, this course will
show you how to identify the threats that expose
wireless technology, building on this knowledge to
identify defensive techniques that can be used to
protect wireless resources.
The SWAT Toolkitconsists of:
Powerful AirPcap TX wireless USB
adapter for Windows and Linux
systems USB Global Positioning
System (GPS) adapter High-power
Bluetooth interface All software
and tools used in lab exercises
To register or get more information, visitwww.sans.org/OnDemand e-mail: [email protected] Phone: 301-654-7267 17
-
8/8/2019 Brochure Sans
20/40
12 To register or get more information, visit www.sans.org/OnDemand e-mail: [email protected] Phone: 301-654-7267
Who Should Register
Incident handlers looking to take
the next step in understanding
exploitation in its most technical
orm
Network and system security pro-
essionals looking to understand
the methods used to write exploit
code and discover vulnerabilities
Programmers and code review
engineers looking to understand
the threat o exploitation and how
to write Proo o Concept (POC)code to demonstrate exploitation
techniques
Certication-holders looking to
improve and put their practical
knowledge to the test
Anyone looking to build credibility
and take a technical course onadvanced hacking techniques
WithSANSOnDemand,studentsreceive:
Four months o access to our 24/7online training and integratedassessment quizzes
A ull set o course books andhands-on CDs
Labs and hands-on exercises
Synchronized online courseware
and lectures E-mail access to OnDemand
virtual mentors
Progress reports
Develoing xloits or penetrationesters and Security esearchers
S E C U R I T Y
709O N L I N E T R A I N I N G
Stephen Sims is an information security consultant currently working for Wells Fargo in San Francisco, California. He
has spent the past eight years in San Francisco working for several large nancial institutions on network and systemssecurity, penetration testing, exploitation development, and risk assessment and management. Prior to San Francisco,Stephen worked in the Baltimore/DC area as a network security engineer for companies such as General Motors and SylvanPrometric. He is one of only a handful of individuals who holds the GIAC Security Expert (GSE) Certication and also helpsto author and maintain the current version of the exam. He is a SANS certied instructor and the course author of SANSrst and only 700-level course, SEC709: Developing Exploits for Penetration Testers and Security Researchers. Stephen alsoholds the CISSP, CISA, and Network Oense Professional (NOP) certications, amongst others.
Zero-dayvulnerabilitiesarebeingdiscoveredmorere-quently,andmaliciouscomputerattackersareconstantlytryingtoexploitthem.
But when a new aw is discovered, it is often difcult to determine
whether it is truly exploitable, making an analysis of business risk difcult,
if not impossible. Things get even murkier when the aw is discovered
in home-grown applications supporting an enterprise. Yet until now,
only a small, self-selected, high-tech priesthood of security researchers
have had the skills to determine whether a given aw can lead directly to
exploitation.
Do you want to join the skilled security researcher elite and stop relying
on others to nd your applications vulnerabilities and start writing yourown Proof of Concept (POC) code? Do you want the skills to be part of
the security researcher priesthood?
In this course we bridge the gaps and take a step-by-step look at Linux
and Windows operating systems and how exploitation truly works under
the hood. This ve-day course rapidly progresses through exploitation
techniques used to attack stacks, heaps, and other memory segments
on Linux and Windows. This is a fast-paced course that provides you
with the skills to hit the ground running with vulnerability research. We
end the course with a Capture the Flag (CTF) exercise requiring you to
discover and exploit vulnerabilities on remote systems.
Attendees can apply the skills developed in this class to create and
customize exploits for penetration tests of homegrown software
applications and newly discovered aws in widespread
commercial software. Understanding the process of
exploit development can help enterprises analyze
their actual business risks better than the ambiguous
hypotheticals we often contend with in most traditionalvulnerability assessments.
This course is not for the faint of heart or those
with modest skills. It provides leading-edge skills
for the best technical security professionals,
security researchers, and pen testers. If you
are able to absorb it, the knowledge gained
throughout the course will help you write
custom exploits to gain privileged system
access and determine the real risk to your
business. Precompiled exploits wont help
you here!
18 To register or get more information, visit www.sans.org/OnDemand e-mail:[email protected] Phone: 301-654-7267
-
8/8/2019 Brochure Sans
21/40
To register or get more information, visit www.sans.org/OnDemand e-mail: [email protected] Phone: 301-654-7267 13
Who Should Register
Inormation technology proes-sionals who wish to learn core
concepts in computer orensicsinvestigations and e-discovery
Law enorcement ofcers, ederalagents, or detectives who desireto be introduced to core orensictechniques and topics
Inormation security managerswho need a digital orensicsbackground in order to manageinvestigative teams and under-
stand the implications o potentialligation-related issues
Inormation technology lawyersand paralegals who need tounderstand the basics o digitalorensic investigations
Anyone interested in computerorensic investigations with somebackground in inormationsystems, inormation security, and
computers
WithSANSOnDemand,studentsreceive:
4-months access to our 24/7online training and integratedassessment quizzes
A ull set o course booksand hands-on CDs
Labs & hands-on
exercises Synchronizedonline coursewareand lectures
E-mail accessto OnDemandvirtual mentors
Progress reports
Comuter forensic ssentialsF O R E N S I C S
408O N L I N E T R A I N I N G
Rob Lee is a director for MANDIANT (www.mandiant.com). Rob is the curriculum lead for digital forensic training at the
SANS Institute (forensics.sans.org ). He has over 13 years of experience in computer forensics, vulnerability and exploit
discovery, intrusion detection/prevention, and incident response. Rob graduated from the U.S. Air Force Academy and
served in the Air Force as a founding member of the 609th Information Warfare Squadron, the rst U.S. military unit
focused on information operations. Later, as a member of the Air Force Oce of Special Investigations, he conducted
computer crime investigations, incident response, and computer forensics. Prior to joining MANDIANT, he worked with avariety of government agencies in the law enforcement, U.S. Department of Defense, and intelligence communities as the
technical lead for a vulnerability discovery and exploit development team, lead for a cyber forensics branch, and lead for
a computer forensic and security software development team. Rob coauthored Know Your Enemy, 2nd Edition. He earned
his MBA from Georgetown University in Washington DC. Rob was awarded the Digital Forensic Examiner of the Year from
the Forensic 4Cast 2009 Awards.
Mastercomputerorensics.Learnessentialinvestigationtechniques.
With todays ever-changing technologies and environments, it is inevi-
table that organizations will deal with some form of cyber crime such
as computer fraud, insider threat, industrial espionage or phishing. As a
result, many organizations are hiring digital forensic professionals and are
callling cybercrime law enforcement agents to help ght and solve these
types of crime
SEC408: Computer Forensic Essentials focuses on the essentials that a
forensic investigator must know to investigate core computer crime inci-
dents successfully. You will learn how computer forensic analysts focus on
collecting and analyzing data from computer systems to track user-basedactivity that could be used internally or in civil/criminal litigation.
This course covers the fundamental steps of the in-depth computer
forensic methodology so that each student will have the complete quali-
cations to work as a computer forensic investigator in the eld helping
solve and ght crime. This course is the rst course in the SANS Computer
Forensic Curriculum. If this is your rst computer forensics course with
SANS, we recommend that you take this introductory course rst to set a
strong foundation for the full SANS Computer Forensic Curriculum.
FIGHT CRIME. UNRAVEL INCIDENTS... ONE BYTE AT A TIME.
Withthiscourse,youwillreceiveaFEESANSInvestigative
ForensicToolkit(SIFT)Essentials
As a part of this course you will receive a SANS Investigative
Forensic Toolkit (SIFT) Essentials with a Tableau Write Block
Acquisition Kit. The entire kit will enable each investigator
to accomplish proper and secure examinations of SATA,
IDE, or Solid State Drives (SSD). The toolkit consists of:
Free SANS Investigative Forensic Toolkit (SIFT)- One Tableau T35es eSATA Forensic Bridge
- IDE Cable/Adapters
- SATA Cable/Adapters
- FireWire and USB Cable Adapters
- Forensic Notebook Adapters (IDE/SATA)
- HELIX Incident Response and Computer Forensics Live CD
SANS Windows XP Forensic Analysis VMwareWorkstation
Course DVD: Loaded withcase examples, tools, anddocumentation
To register or get more information, visitwww.sans.org/OnDemand e-mail: [email protected] Phone: 301-654-7267 19
-
8/8/2019 Brochure Sans
22/40
16 To register or get more information, visit www.sans.org/OnDemand e-mail: [email protected] Phone: 301-654-726712 To register or get more information, visit www.sans.org/OnDemand e-mail: [email protected] Phone: 301-654-7267
Who Should Register
Incident response team membersresponding to complex security inci-
dents/intrusions and need computerorensics to help solve their cases
Computer orensic proessionals whowant to solidiy and expand theirunderstanding o le system orensicand incident response related topics
Law enorcement ofcers, ederalagents, or detectives who wantto master computer orensics andexpand their investigative skill set toinclude data breach investigations,
intrusion cases
Inormation security proessionalswith some background in hackerexploits, penetration testing, andincident response
Inormation security managers whowould like to master digital orensicsto understand inormation securityimplications and potential litigationor manage investigative teams
Get GCFA Certied
wwwgiacorg
Rob Lee is a director for MANDIANT (www.mandiant.com). Rob is the curriculum lead for digital forensic training at the
SANS Institute (forensics.sans.org ). He has over 13 years of experience in computer forensics, vulnerability and exploit
discovery, intrusion detection/prevention, and incident response. Rob graduated from the U.S. Air Force Academy and
served in the Air Force as a founding member of the 609th Information Warfare Squadron, the rst U.S. military unit
focused on information operations. Later, as a member of the Air Force Oce of Special Investigations, he conducted
computer crime investigations, incident response, and computer forensics. Prior to joining MANDIANT, he worked with a
variety of government agencies in the law enforcement, U.S. Department of Defense, and intelligence communities as the
technical lead for a vulnerability discovery and exploit development team, lead for a cyber forensics branch, and lead for
a computer forensic and security software development team. Rob coauthored Know Your Enemy, 2nd Edition. He earned
his MBA from Georgetown University in Washington DC. Rob was awarded the Digital Forensic Examiner of the Year from
the Forensic 4Cast 2009 Awards.
npatched,unprotectedcomputersconnectedtotheInternetcanbecompromisedinlessthanthreedays.
In the commercial sector, TJ Maxx, Hannaford, and TD Ameritrade are victims of
large-scale data breaches and intrusions. Personal or account information of
more than 100 million individuals has been compromised. In the government
sector, cyber attacks on government agencies and contractors, originating
from China, have proved difcult to suppress. In both situations, incident re-
sponse and mitigation, class action lawsuits, and nes place remediation costs
in the billions of dollars.
This course will give you a rm understanding of computer forensics tools and
techniques to investigate data breach intrusions, tech-savvy rogue employees,
advanced persistent threats, and complex digital forensic cases. Utilizing ad-
vances in spear phishing, Web application attacks, and persistent malware, thesenew sophisticated attackers advance rapidly through your network. Forensic in-
vestigators must master a variety of operating systems, investigation techniques,
incident response tactics, and even legal issues in order to solve challenging
cases. SEC508 will teach you critical forensic analysis techniques and tools in a
hands-on setting for both Windows- and Linux-based investigations.
We will examine various investigation methodologies and techniques, discov-
ering new places to nd evidence and discover the tracks of a cyber criminal
or hacker, who is trying to stay hidden inside your network. You will be able to
demonstrate how forensic tools function and become skilled with new tools,
such as the Sleuthkit, Foremost, and the HELIX3 Pro Forensics Live CD. SANS
hands-on technical course arms you with a deep understanding of
the forensic methodology, tools, and techniques to solve advanced
computer forensics cases.
FIGHT CRIME. UNRAVEL INCIDENTS ONE BYTE AT A TIME. We not
only teach a rm understanding of the computer forensics tools
and techniques, we also teach you the legally approved forensic
methodology that will result in success.
FEESANSInvestigativeForensicToolkit(SIFT)Advanced
20 To register or get more information, visit www.sans.org/OnDemand e-mail:[email protected] Phone: 301-654-7267
Comuter forensics,Investigation, and esonse
F O R E N S I C S
508O N L I N E T R A I N I N G
The SIFTKitAdvancedconsists of:
Hard Drive USB mini adapter kit for SATA/IDE hard drives1.8/2.5/3.5/5.25
SANS VMware based Forensic Analysis Workstation
Course DVD loaded with case examples, tools, anddocumentation
Best-selling book File System Forensic Analysisby Brian Carrier
New Addition! The SIFT Kit Advanced will
now include a single version Helix3 Prothat will be individually licensed to
each student.
-
8/8/2019 Brochure Sans
23/40
To register or get more information, visit www.sans.org/OnDemand e-mail: [email protected] Phone: 301-654-7267 17To register or get more information, visit www.sans.org/OnDemand e-mail: [email protected] Phone: 301-654-7267 13
Who Should Register
Anyone whose job requires anunderstanding o key aspects o
malicious programs Individuals with responsibilities
in incident handling, orensicanalysis, Windows security, andsystem administration
Individuals responsible orsupporting their organizationsinternal security needs
Engineers rom security productand service companies who are
looking to deepen their malwareanalysis expertise
Get GREM Certied
wwwgiacorg
WithSANSOnDemand,studentsreceive:
4-months access to our 24/7online training and integratedassessment quizzes
A ull set o course booksand hands-on CDs
Labs & hands-on exercises
Synchronized onlinecourseware and lectures
E-mail access to OnDemandvirtual mentors
Progress reports
Reverse-Engineering Malware:Malware Analysis Tools and Techniques
F O R E N S I C S
610O N L I N E T R A I N I N G
Lenny Zeltser leads the security consulting practice at Savvis. He is also a Board of Directors member at SANS TechnologyInstitute, a SANS faculty member, and an incident handler at the Internet Storm Center. Lenny frequently speaks on
information security and related business topics at conferences and private events, writes articles, and has co-authored
several books. Lenny is one of the few individuals in the world who has earned the highly-regarded GIAC Security Expert
(GSE) designation. He also holds the CISSP certication. Lenny has an MBA degree from MIT Sloan and a Computer Science
degree from the University of Pennsylvania. For more information about his projects, see www.zeltser.com.
Expandyourcapacitytofghtmaliciouscodebylearninghowtoanalyzebots,worms,andtrojans.
This popular four-day course discusses practical approaches to examining
Windows malware using a variety of monitoring utilities, a disassembler,
a debugger, and other tools useful for reverse-engineering malicious
software. You dont have to be a full-time malware searcher to benet
from this courseas organizations increasingly rely on their staff to act as
rst responders during a security incident, malware analysis skills become
increasingly important.
By covering both behavioral and code analysis approaches, this unique
course provides a rounded approach to reverse-engineering. As a result,
the course makes malware analysis accessible even to individuals with alimited exposure to programming concepts. The materials do not assume
that the students are familiar with reverse-engineering; however, the
difculty level of concepts and techniques increases quickly as the course
progresses.
In the rst half of the course, you will learn how to set up an inexpensive
and exible laboratory for understanding inner-workings of malware,
and demonstrate the process by exploring capabilities of real-world
specimens. You will learn to examine the programs behavioral patterns
and assembly code, and study techniques for bypassing common codeobfuscation mechanisms. The course also explores how to analyze
browser-based malware.
In the second half of the course, you will review key assembly language
concepts. You will learn to examine malicious code to understand its ow
by identifying key logic structures, looking at examples of bots,
rootkits, key loggers, and so on. You will understand how to
work with PE headers and handle DLL interactions. You will
also develop skills for analyzing self-defending malware
through advanced unpacking techniques and bypassing
code-protection mechanisms. Finally, you will discover
how to bypass obfuscation techniques employed by
browser-based malicious scripts.
Hands-on workshop exercises are an essential
aspect of this course, and allow you to apply
reverse-engineering techniques by examining
malicious code in a carefully-controlled
environment. When performing the analysis, youwill study the supplied specimens behavioral
patterns, and examine key portions of its
assembly code.
REM course on YouTube
http://wwwyoutubecom/
watch?v=5AFdZ0v23YA
To register or get more information, visitwww.sans.org/OnDemand e-mail: [email protected] Phone: 301-654-7267 21
-
8/8/2019 Brochure Sans
24/40
Who Should Register
ISOs
ISSMs
Management proessionals
considering or implementing
ISO/IEC 27000 standard
Auditors
Get G7799 Certied
wwwgiacorg
WithSANSOnDemand,studentsreceive:
Four months o access to our 24/7online training and integratedassessment quizzes
A ull set o course books andhands-on CDs
Labs and hands-on exercises
Synchronized online
courseware and lectures E-mail access to OnDemand
virtual mentors
Progress reports
With more than twenty years of experience, David Hoelzer has served in positions ranging from the highly technical to
senior management for a variety of organizations. For the last ten years, David has been the director of research forCyber-Defense and the principal examiner for Enclave Forensics. In addition to day-to-day responsibilities, he has acted
as an expert witness for the Federal Trade Commission and continues to teach at major SANS events, teaching security
professionals from organizations including NSA, USDA Forest Service, Fortune 500 security engineers and managers,
DHHS, various DoD sites, national laboratories, and many colleges and universities. From time to time David also speaks
nationally and internationally on various security topics.
TheInternationalStandardsOrganization(ISO)hasrecentlyrevisedwhathasbecomethedeactodocumentorcreatingandmaintainingasecureenterprise,todayknownastheISO