Current Scheduled Classes
Larry Pesce
Director Of Research
SEC617: Wireless Penetration Testing and Ethical Hacking
This course is designed for professionals seeking a comprehensive technical ability to understand, analyze, and defend the various wireless technologies that have become ubiquitous in our environments and, increasingly, key entrance points for attackers.
Instructor: Larry Pesce
Upcoming Training Sessions:
Amsterdam, Netherlands | May 20 – May 25, 2019
SansFire | Washington, DC | June 17 – June 22, 2019
Justin Searle
Director of ICS Security
ICS410: ICS/SCADA Security Essentials
This course provides a foundational set of standardized skills and knowledge for industrial cybersecurity professionals. The course is designed to ensure that the workforce involved in supporting and defending industrial control systems is trained to keep the operational environment safe, secure, and resilient against current and emerging cyber threats.
SANS Cyber Defense Initiative | Washington, DC | Dec 11 – Dec 18
SANS Secure Singapore | March 11 – March 2019
ICS Security Summit & Training | Orlando, FL | March 20 – March 24 2019
SANS Orlando | Apr 1 – Apr 5 2019
SANS Security West | San Diego | May 9 – May 13 2019
SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques
This course is designed to expand past the methodology and the ‘how’ when we are presented with the challenges of web penetration testing, and dig into the more esoteric ‘why’ these techniques and tools work, so that you can adapt as needed in your assessments.
ASSESSING AND EXPLOITING CONTROL SYSTEMS AND IOT
This course teaches hands-on penetration testing techniques used to test individual components of a control system, including embedded electronic field devices, network protocols, RF communications, Human Machine Interfaces (HMIs), and various forms of master servers and their ICS applications. Skills you will learn in this course will apply directly to systems such as the Smart Grid, PLCs, RTUs, smart meters, building management, manufacturing, Home Area Networks (HAN), smart appliances, SCADA, substation automation, synchrophasors, and even IoT. This course is structured around the formal penetration testing methodology created by UtiliSec for the United States Department of Energy.
Jay Beale
Chief Operating Officer, CTO and Principal Security Consultant
AIKIDO ON THE COMMAND LINE - LINUX LOCKDOWN AND PROACTIVE SECURITY
This course begins with core system lockdown, then moves on to application defense, where we create least-privilege and well-confined configurations that break exploits. Using defense-in-depth, students will not only create jails but also tune the server programs within them to keep exploits from reaching their vulnerable code. For example, students will jail the a web server with SELinux, AppArmor and a Linux container, configure the server for increased resilience, and deactivate modules to remove vulnerable code. Then we’ll use remote code execution exploits and compare before/after, seeing how our defense broke the attack. Once we’ve accomplished all of this best practice work, we’ll get deeper protection from applying the latest security technology to better deflect attacks.
David Mayer
Senior Security Consultant
SEC560: Network Penetration Testing and Ethical Hacking (Mentor Session)
SEC560 is designed to get you ready to conduct a full-scale, high-value penetration test and at the end of the course you’ll do just that. After building your skills in comprehensive and challenging labs, the course culminates with a final real-world penetration test scenario. You’ll conduct an end-to-end pen test, applying knowledge, tools, and principles from throughout the course as you discover and exploit vulnerabilities in a realistic sample target organization, demonstrating the skills you’ve gained in this course.
Mentor Session SEC560 | Boca Raton, FL | Feb 7 – Feb 22, 2019