My Experience on Taking SANS Course (SEC660), The Advance Pentesting Course
SANS Institute, or SANS [1], I bet most of you have ever heard this name. SANS is world-wide institution which offer high quality cyber security training and certification. The course usually in format of 5–6 days of hands-on workshop. Almost every course offer certification which dubbed as GIAC certification.
This post is about my experience as participant of SANS SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking [2].
The CyberCast
Initially, I took this course on SANS Secure Singapore 2020. Due to COVID-19 outbreak, SANS convert all live-event courses to CyberCast, a virtual classroom.
Of course, Live-event and CyberCast have different interaction level. Which one suite you the best?
In my opinion, CyberCast is more lax. Even though you can’t fast forward or rewind the presentation like On-Demand content, you can access the session on any environment comfortable to you.
The content itself should be same. We get access to On-Demand course, the books, and the labs.
Now, Live-Event and CyberCast have different interaction. On CyberCast, mostly you are listening the instructor. Post any question on Slack channel where all participants will join in. Sometimes moderator will help answering the question.
Course Review
In this section I will give my honest, but might be biased, opinion about the course.
The course divided into 5 modules, which you can see on [2].
- Network Attacks for Penetration Testers
- Crypto, Network Booting Attacks, and Escaping Restricted Environments
- Python, Scapy, and Fuzzing
- Exploiting Linux for Penetration Testers
- Exploiting Windows for Penetration Testers
Module one is about network attacks. It’s not very deep but I see some interesting attack in my normal pentesting routines. MITM and spoofing is the key of this module.
Module two is about crypto and post exploitation. Again, it’s not very deep but I found them interesting. From crypto side I learn that there are some ways to break without knowing precisely the secret. The post exploitation taught me about C2 server and escaping from restriction. Some tricks that might or might not be happen in my daily routine here. But it’s fun.
Module three is about Python. Well, scapy and fuzzing the protocols. Finding crash point? Grammar-based fuzzing? That’s interesting. It’s getting more into exploitation side now. Can we make it more automatic? When dealing with grammar-based fuzzing, we need to know the grammar. What if we don’t? Can we write a smart sytem that can infer the grammar?
Module four and five is about exploitation. From 4th to 5th module, we will have the difficulties increasing. We learn from exploiting binaries with no protection to full protection.
Module four taught me some basic concept of exploit development. Stack overflow, ret2libc, ROP, and of course using shellcode. Now I’m wondering, can we reprogram any shellcode using ROP technique? Of course, automatically. Like, you give a shellcode and then you get a ROP-style shellcode for that binary. Must be interesting.
Module five taught me about some Windows internals and its exploitations. We also learn how to create a Metasploit module. Our lab is using Windows 10, so it’s useful to experience the madness for the latest hardened OS. Might be?
Oh, we also have CTF on last day! If you following all course materials from day one, you should be easily solve the challenge. Unfortunately, no Coin for winner.
Overall, I enjoy the course but might need practice more.
Xathrya’s rating: 9/10
Conclusion
This course is very satisfactory. I gain many things here. It is suitable for you who want to dive into advance pentest and exploit development.
In my opinion, this is not beginner friendly. I suggest you need some basic knowledge in Pentesting before dive in. Every module emphasize on analysis and module 3–5 build on top of previous module.
After this, maybe I need to learn about Heap Exploitation. Any thought what should I take?
Reference
[2] https://www.sans.org/course/advanced-penetration-testing-exploits-ethical-hacking
