The SEC560 course, “Enterprise Penetration Testing,” offered by SANS, prepares cybersecurity professionals to conduct penetration testing for modern enterprises. The course equips participants with the skills and knowledge needed to identify vulnerabilities and assess their organization’s security posture. Here are the key points:
Course Highlights:
- Duration: 6 days (in-person) or available online
- CPEs: 36
- Target Audience: Penetration testers, system administrators, and security professionals
- Key Focus: Planning and executing penetration tests for modern enterprises, including on-premise systems, Azure, and Azure AD
- GIAC Penetration Tester (GPEN) Certification: The course leads to the GPEN certification, validating the ability to conduct penetration tests using best practices and methodologies.
What You Will Learn:
- Properly plan and prepare for an enterprise penetration test
- Perform detailed reconnaissance, including social engineering and phishing
- Scan target networks and identify systems using Nmap and scripting tools
- Execute safe and effective password-guessing techniques for initial access and lateral movement
- Exploit target systems and assess real business risks
- Perform post-exploitation to move deeper into the network
- Use privilege escalation techniques on Windows and Linux systems
- Perform internal reconnaissance, lateral movement, and pivoting
- Crack passwords using modern tools and techniques
- Attack Azure and Azure AD, including password spray attacks
- Develop and deliver high-quality penetration test reports
Prerequisites:
- A working knowledge of TCP/IP
- Basic knowledge of Windows and Linux command lines
- No programming knowledge is required
- Recommended: SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling
- Recommended: SEC542: Web App Penetration Testing and Ethical Hacking
In Summary, SEC560 is a comprehensive penetration testing course that equips professionals with the skills and methodology to conduct successful penetration tests in modern enterprise environments. The course culminates in a real-world penetration test scenario to apply the knowledge and skills learned throughout the training. Successful completion leads to the GIAC Penetration Tester (GPEN) certification.
Difficulty: 2 out of 5.
GPEN claims to be a highly regarded certification that makes you an expert in penetration testing. It wants to compete against OSCP and PNPT... but it just can't.
GPEN is a multiple choice exam with a few short lab attack scenarios that teach you the basics of a few attack paths. You'll get a well rounded education in common pentesting tactics that can be received from a $30 TCM course. No, seriously.
Pretty much everything from GPEN is covered in the TCM PEH course. The GPEN material isn't bad... it's just not worth $1000 dollars much less $8000+. Since you can get everything by spending $30 on a TCM subscription, I'm not sure why you'd go for this one. It doesn't have a strong reputation in industry. While the SANS name carries weight, most people are looking for OSCP. If they accept anything instead, it's usually PNPT.
I think SANS missed the mark on this one.