SEC-560 (SANS 2013, Orlando)

docricedocrice Member Posts: 1,706 ■■■■■■■■■■
Up until SANS 2013, I took SANS courses using their OnDemand system which was very convenient from a scheduling perspective. For one thing, there are no travel costs involved. The other convenience is that I didn't have to wait for a SANS conference which had that particular course available.

I've been eyeing SEC-560 (Network Penetration Testing and Ethical Hacking) for a while now and since I've heard good things about SANS conferences from other people, I decided to sign-up. I enrolled back in January for the March event in Orlando since there was a discount involved in registering early. The upside here was that Ed Skoudis himself was teaching the class, and having gone through 504 via OnDemand, I was familiar with his teaching style.

Although I missed the first day of class (covering scoping and recon) due to a cancelled flight (bad weather), I was able to make it from the second day onward. The class itself was relatively sizable with I believe roughly eighty students in addition to the number of students in the Simulcast virtual class. There were several other people helping out who answered questions about the labs, etc. if Ed himself was busy helping others. These assistants aren't amateurs themselves - I think one of them was a NetWars competition winner, so as a student you were in good hands.

The class started at nine in the morning sharp. The course definitely requires Linux skills and one would find the course impossible to really get through without it. That said, I understand that at the end of Day 1 there was a session covering basic Linux commands for those who aren't familiar with the Linux CLI.

Sitting in a class led by Ed Skoudis is an amazing experience. He's a very eloquent but fast-paced speaker and will condense a large amount of information into a short period of time which can lead your brain into plenty of [buffer-overflows]. There's a lot of articulation into his presentation style which doesn't have much pause for verbal hiccups. There's also a lot of [injecting] of prior experiences and anecdotes into the lecture giving everything relevant real-world context. All of this is extremely valuable in putting things into perspective while removing the magic behind the intent and actions and simultaneously revealing the science behind the attacks.

There were plenty of hands-on labs which were leveraged by two hosts - a class-provided Linux virtual machine (VMware-based) as well as a Windows host which students had to provide themselves, either a physical or virtual host. Many of the exercises used both simultaneously. Some people brought their own Windows 7 laptops and ran the Linux VM on it, while others had both on a VM. I had both as a VM. Many of the exercises involved attacking a live set of server hosts in the class lab environment.

Coffee is provided before class as well at a mid-point before lunch and a mid-point after lunch. The latter two provided pastries, juice, and soda. There's a lot of material covered and you need to stay awake. Lots of topics from scanning, the use of Metasploit, pivoting, wireless attacks, web application vulnerabilities, etc. were covered. Everything ties in together at some point. During the breaks, Ed keeps those hanging around in the classroom entertained with his variety of music (covers a lot of ground) and his stories and other presentations. His World is interesting.

Everyone anticipates the Day 6 Capture the Flag event and throughout the week Ed drops subtle (and not so subtle) hints, sprinkling occasional gems along the path to the candy store up ahead. Be sure to have a notepad handy to jot these down.

And speaking of the Capture the Flag event, Day 6 was exciting in that teams of five were all hustling their skills with the material covered throughout the week in order to discover, assess, penetrate, and grab key flags from a lab network that provided sufficient real-world variety. I was not on one of the teams that captured all flags, but we were very, very close and at the midpoint of the competition, were ahead of the average pack. It was a lot of fun. If your team managed to capture all the flags and decrypt the final target, you had to provide Ed a debriefing and explain the process used in order to gain final access.

The CTF is definitely a teamwork effort and it makes it much more fun. This is in contrast to doing it on your own as I've had to with OnDemand. This is what really separates the experience between OnDemand and live-instruction. Working with others who come from a variety of different backgrounds and skill sets put you in a position where you have to exchange information and delegate tasks accordingly. You need to have an understanding of Windows, Linux, and networking to get through it all. 560 is certainly not a beginner's course.

In summary, it was a lot of fun. While I unfortunately missed the first day (and was highly jet-lagged the entire week), the experience was still thrilling, especially being in a room with a lot of other people who are just as security-minded. I complemented the pentesting course with almost two evenings of NetWars which enhanced the overall experience. This definitely goes beyond other "security training" classes I'd get at other providers who typically provide training on Cisco products, etc.. It's much more immersive and with high-caliber instructors like Ed Skoudis, you're guaranteed a massive amount of information to input.

The cost of taking a course at a SANS conference is a little more than doing the OnDemand version. You'd also have to factor in travel costs unless you're lucky to have the conference itself hosted at a location near your home. While I wouldn't attend the Orlando conference again due to the required travel distance (I live on the other side of the country), I may consider Las Vegas or San Diego in the future, budget-imploding costs permitting.

I still have yet to start on my SEC-560 book review / parsing and index-creating, but hopefully I'll have enough time for it in the coming weeks. I've heard that the GPEN exam is harder than the typical GIAC exam, so we'll see.
Hopefully-useful stuff I've written:


Sign In or Register to comment.