Advanced Penetration Testing, Exploit Writing, and Ethical Hacking (SEC660)

SEC660 is designed as a logical progression point for students who have completed SEC560: Network Penetration Testing and Ethical Hacking , or for those with existing penetration testing experience.

This course provides you with in-depth knowledge of the most prominent and powerful attack vectors and furnishes an environment to perform these attacks in numerous hands-on scenarios.

The course goes far beyond simple scanning for low-hanging fruit and teaches you how to model the abilities of an advanced attacker to find significant flaws in a target environment and demonstrate the business risk associated with these flaws. 

• Business Takeaways:
  • Perform penetration testing safely against network devices such as routers, switches, and NAC implementations.
  • Test cryptographic implementations.
  • Leverage an unprivileged foothold for post exploitation and escalation.
  • Fuzz network and stand-alone applications.
  • Write exploits against applications running on Linux and Windows systems.
  • Bypass exploit mitigations such as ASLR, DEP, and stack canaries.
• You Will Be Able To
  • Perform fuzz testing to enhance your company's SDL process.
  • Exploit network devices and assess network application protocols.
  • Escape from restricted environments on Linux and Windows.
  • Test cryptographic implementations.
  • Model the techniques used by attackers to perform 0-day vulnerability discovery and exploit development.
  • Develop more accurate quantitative and qualitative risk assessments through validation.
  • Demonstrate the needs and effects of leveraging modern exploit mitigation controls.
  • Reverse-engineer vulnerable code to write custom exploits.
• Hands-On Training
  • Exploit routing protocol implementations such as OSPF.
  • Bypass different types of NAC implementations.
  • Exploit patch updates.
  • Perform man-in-the-middle attacks to remove SSL.
  • Perform IPv6 attacks.
  • Exploit poor cryptographic implementations using CBC bit flipping attacks and hash length extension attacks.
  • Hijack network booting environments.
  • Exploit virtualization implementations.
  • Write Python scripts to automate testing.
  • Write fuzzers to trigger bugs in software.
  • Reverse-engineer applications to locate code paths and identify potential exploitable bugs.
  • Debug Linux applications.
  • Debug Windows applications.
  • Write exploits against buffer overflow vulnerabilities.
  • Bypass exploit mitigations such as ASLR, DEP, stack canaries, SafeSEH, etc.
  • Use ROP to bypass or disable security controls.