GIAC Penetration Tester Certification (GPEN)

The SEC560 course, “Enterprise Penetration Testing,” offered by SANS, prepares cybersecurity professionals to conduct penetration testing for modern enterprises. The course equips participants with the skills and knowledge needed to identify vulnerabilities and assess their organization’s security posture. Here are the key points:

Course Highlights:

• Duration: 6 days (in-person) or available online
• CPEs: 36
• Target Audience: Penetration testers, system administrators, and security professionals
• Key Focus: Planning and executing penetration tests for modern enterprises, including on-premise systems, Azure, and Azure AD
• GIAC Penetration Tester (GPEN) Certification: The course leads to the GPEN certification, validating the ability to conduct penetration tests using best practices and methodologies.

What You Will Learn:

• Properly plan and prepare for an enterprise penetration test
• Perform detailed reconnaissance, including social engineering and phishing
• Scan target networks and identify systems using Nmap and scripting tools
• Execute safe and effective password-guessing techniques for initial access and lateral movement
• Exploit target systems and assess real business risks
• Perform post-exploitation to move deeper into the network
• Use privilege escalation techniques on Windows and Linux systems
• Perform internal reconnaissance, lateral movement, and pivoting
• Crack passwords using modern tools and techniques
• Attack Azure and Azure AD, including password spray attacks
• Develop and deliver high-quality penetration test reports

Prerequisites:

• A working knowledge of TCP/IP
• Basic knowledge of Windows and Linux command lines
• No programming knowledge is required
• Recommended: SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling
• Recommended: SEC542: Web App Penetration Testing and Ethical Hacking

In Summary, SEC560 is a comprehensive penetration testing course that equips professionals with the skills and methodology to conduct successful penetration tests in modern enterprise environments. The course culminates in a real-world penetration test scenario to apply the knowledge and skills learned throughout the training. Successful completion leads to the GIAC Penetration Tester (GPEN) certification.