SEC560 Review

SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
Hey all,


I’m writing up a quick review of the course i’ve just completed, SEC560 Network Penetration Testing and Ethical Hacking. This course aligns to the GIAC GPEN certification


This course is pretty well reviewed so I won’t take to much of your time. I’d ask you to check out a few links, do some searches. One good review is here: https://www.ethicalhacker.net/forums/viewtopic.php?f=64&t=2177&p=9126&hilit=sec560#p9126. It is an old thread but much of the basics are the same, the daily format/schedule is the same, but the tools and techniques in many cases have been updated.


Now given my work schedule and a lack of desire to spend additional funds on travel (I paid out of pocket), I took the course via Simulcast a format that allows the student to watch the SANS training from home over the internet. On simulcast, i’ll say it is well done, they’ve obviously well prepared for the format and it integrates well into the course. You can ask questions in the simulcast software (A Citrix Go To Training /GTM setup) and they will ask the instructor in near real time so you can actually participate in class, there are moderators online to assist and answer questions. The issue I had with this was that there was rarely confirmation that a question would be asked or when. So i’d ask a question in chat and no one would respond, a minute or two later the moderator would (I suspect) signal the instructor and ask the question. So while I understand not interrupting the class to ask questions, I wish they would acknowledge the question was received and would be asked.


As far my reasons for taking the course, while I have a few hacking certifications the CEH and CPT, I did not feel comfortable with the skillset. I felt like there were large gaps in my knowledge. At my company we may be developing a PT capability so I want to pick up that capability if I can. I want a wide skillset to provide to any employer.


I feel that the SEC560 course provided me some benefit. While it didn’t cover much that was new in terms of the overall process, I was able to understand a little better how a PT works for his client and I got plenty of hands on using techniques and tools that are relevant. Do I still have a lot to learn? Yes, absolutely. My advice for the course is this, get your books out as early as possible and endeavor to go through them before class. At the very least, read up on the content for the next day the night before. Make sure you are not... distracted, either by work or needing sleep, ect. I was working for the first two days so I had to rack out about halfway through, though I had the benefit of having read what we were doing, and I was able to wake up and do the labs I missed.


Course access includes VPN Lab access and the opportunity to participate in Netwars, a CTF, and in our case CyberCity, a new offering from SANS. Also, before I forget, we were able to test a new capability that SANS is deploying that you will all love after having to lug all of your books around. ;)


So NetWars. NetWars is a unique offering by SANS and let me tell you its very fun to get into the lab and start finding answers, especially if they come easily. If they don’t it can be frustrating. Same for cybercity I expect and of course in the Ctf. Make sure you have attack plan when you begin the CTF, my team finished well, but I didn’t feel like I had the biggest impact on that though I had a few ideas that were on the right track.


So all in all, SEC560 is a useful course that I feel will be a benefit to me, my company and my career. I don’t have a date yet for the GPEN exam, I expect to take some time to go through the books, and through the labs until these attacks and the process becomes second nature to me. Thanks for reading.

Comments

  • impelseimpelse Member Posts: 1,237 ■■■■□□□□□□
    Good review, thank you, The 560 is in my radar.
    Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
    It is your personal IPS to stop the attack.

  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    Thanks for the perspective. I took 560 at an actual SANS event and Simulcast was a part of it. I remember Ed occasionally answering a student question directly toward what appeared to be a camera at the front of the class. Perhaps one of the main drawbacks of Simulcast is for capture-the-flags where I assume all the Simulcast students are working together separately from students physically at the event. I'm not sure if this puts Simulcast students at a disadvantage since they can't verbally communicate directly with their peers (with that sense of real-time speed) unless they decided to set up a conference bridge, but at the same time the experience probably simulates what happens in real life where a pentesting team has members scattered around the world and they communicate via chat, etc..

    560 wraps together a good mix of domains (Windows, Linux, networking, credential attacks, web app attacks, etc.) and sums it nicely at the end via the CTF. The CTF is about the collaboration experience, in my opinion, and being able to leverage the various strengths of each member. Winning and actually capturing the ultimate flag is great, but getting in there and grabbing what you can under time constraint is makes the pressure fun.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
    Doc,

    The actually broke us out into an adobe connect session for the CTF where we could use microphones, share documents, and chat with each other. Depending on the size of the simulcast group you'll get broken into teams selected by the mod on that day. It works out pretty well, We got some decent communications, I think everyone decided to text chat rather than voice chat, I personally would have preferred voice I think, but it worked out. We came in third, minutes behind group two.
  • SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
    Update:

    Took my first practice test today, got an 80% with a 1 page "index" and a having only been through the material once. I expect with a full read through of the material, some lab time (I haven't had much time yet to get back in) I will score much higher. (I hope)

    My personal opinion, I was dismayed at the significant coverage of WebApp :) I don't have experience in this area, and It will be one area I have to focus on deeply. Outside of that, I marked 2 questions for official review for having 2 answers, a few questions that did not seem to be covered in the book or had scant coverage. My big issues occurred at the end of the exam around q 100+. Not because of exam tiredness so I think they just threw in more curveball and analysis questions at that point. Big helpers are confidence in your answers, if you are confident in your answers, click it and move on, don't bother looking up answers you know. Another thing is using elimination. For the practice at least, there was clear room for eliminating answers. some questions can be easily answered that way, but watch for those that use that against you. I think i'll schedule for a week, week and a half out.
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    Good review. I just finished my OnDemand course, so I'll have to give my thoughts on that later in a separate post. Suffice to say I prefer vLive or another form of "Live" over doing it on my own.
  • SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
    Tired. I passed the GPEN today. Scored an 88. Not as high as I would have liked but the test was tougher than the practice exam, I felt that the exam came more out of the labs than out of the actual course material. Best advice I can give, if you know the answer, and you know it's right, don't doubt yourself (but make sure you select the right answer!) I know a few times I was 100% sure the answer was right, but went into the books and of course it was correct. I didn't feel like many questions at all had numerous answers, everything was pretty straight forward, though there was some content I don't remember seeing at all. Anyway. Glad its out of the way. I'll likely review some things, get some practice in and see what i've got for the future.
  • chanakyajupudichanakyajupudi Member Posts: 712
    Congratulations. This exam is on my to do list. What do you think would be your next course or exam if any following this path.
    Work In Progress - RHCA [ ] Certified Cloud Security Professional [ ] GMON/GWAPT if Work Study is accepted [ ]
    http://adarsh.amazonwebservices.ninja


  • ZoovashZoovash Member Posts: 84 ■■□□□□□□□□
    Congratulations !
    Have you used any other resources besides the official material ?
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
  • SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
    Thank you all. I didn't really use any additional materials, I started reading penetration testing: a hands-on introduction to hacking prior to the course, but didn't really use it while studying. I did however seek out youtube videos on the Web App attacks like SQL Injection.

    As for what is next, it's hard to say. 561 is an option, I also eventually want to get to a level where I can read and modify exploits so GXPN may be in the chute. Finally GREM is something i'd like to tackle. But for now 561 is the only one that is even reasonable right now.

    Outside of SANS, I may look at eCCPT or OSCP.
  • chanakyajupudichanakyajupudi Member Posts: 712
    Good one. Best of luck !
    Work In Progress - RHCA [ ] Certified Cloud Security Professional [ ] GMON/GWAPT if Work Study is accepted [ ]
    http://adarsh.amazonwebservices.ninja


  • impelseimpelse Member Posts: 1,237 ■■■■□□□□□□
    Congrats
    Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
    It is your personal IPS to stop the attack.

Sign In or Register to comment.