"SANS Security Essentials Bootcamp Style Network Penetration Testing"
Phoenix, AZ • February 14 - 20, 2010 The MosT TrusTed NaMe iN iNforMaTioN aNd sofTware securiTy Hands-on immersion training programs in: SANS Security Essentials Bootcamp Style Network Penetration Testing and Ethical Hacking Computer Forensics, Investigation, and Response SANS® +S™ Training Program for the CISSP® Certification Exam Securing Windows Also, get extra training with this one- day course: Windows Command-Line Kung Fu In-Depth for Info Sec Pros “There are many places to get security training, but SANS is premium training.” -Carl Ness, UNiversity of iowa Approved Training Register at www.sans.org/phoenix-2010 SEC401: SANS Security Essentials Bootcamp Style 6-Day Course • February 15 - 20, 2010 • Instructor: Jonathan Ham • 46 CPE Credits • Laptop Required This course is endorsed by the Committee on National Security Who Should Attend Systems (CNSS) NSTISSI 4013 Standard for Systems • Security Professionals who want to Administrators in Information Systems Security (INFOSEC). fill the gaps in their understanding of Maximize your training time and turbo-charge your career in security by learning the technical information security full SANS Security Essentials curriculum needed to qualify for the GSEC certification. • Managers who want to understand information security beyond simple Security Essentials is designed to give anyone interested in network security the skills terminology and concepts required to be an effective player in this space. This in-depth, comprehensive course • Anyone new to information security provides the essential, up-to-the-minute knowledge and skills required for securing with some background in information systems and/or organizations. It also gives you the language and theory of computer systems and networking security, all of it taught by the best security instructors in the industry. B O O T C A M P This session has extended hours. Evening Bootcamp Sessions: 5:15pm-7:00pm on course days 1–5. Attendance is required for the evening Bootcamp sessions as the information presented appears on the GIAC Exams. Get GSEC Certified These daily bootcamps give you the opportunity to apply the knowledge gained throughout Reinforce what you learned in the course in an instructor-led environment. It helps fill your toolbox with valuable tools you training and prove your skills and can use to solve problems when you go back to work. The material covered is based on Dr. knowledge with a GSEC certification. Eric Cole’s “cookbook for geeks,” and most students find it to be one of the highlights of their www.giac.org Security Essentials experience! SEC560: Network Penetration Testing and Ethical Hacking 6-Day Course • February 15 - 20, 2010 • Instructor: Ed Skoudis • 36 CPE Credits • Laptop Required Find Security Flaws Before the Bad Guys Do. IMPORTANT NOTE: Security vulnerabilities, such as weak configurations, unpatched systems, and SEC560 is one of the most technically rigor- ous courses offered by SANS. Attendees are botched architectures, continue to plague organizations. Enterprises need expected to have a working knowledge of TCP/ people who can find these flaws in a professional manner to help eradicate IP, cryptographic routines such as DES, AES, and them from our infrastructures. Lots of people claim to have penetration testing, MD5, and the Windows and Linux command lines before they step into class. Although ethical hacking, and security assessment skills, but precious few can apply these SEC401 and SEC540 are not pre-requisites for skills in a methodical regimen of professional testing to help make an orga- SEC560, these courses cover the groundwork nization more secure. This class covers the ingredients for successful network that all SEC560 attendees are expected to know. This course is technically in-depth and penetration testing to help attendees improve their enterprise’s security stance. programming knowledge is NOT required. We address detailed pre-test planning, including setting up an effective penetra- tion testing infrastructure and establishing ground rules with the target organi- Who Should Attend zation to avoid surprises and misunderstanding. Then we discuss a time-tested • Security personnel whose job involves to find assessing target networks and systems methodology for penetration and ethical hacking across the network, evalu- security vulnerabilities ating the security of network services and the operating systems behind them. • System administrators, technical auditors, Attendees will learn how to perform detailed reconnaissance, learning about a professional penetration testers, and consultants who want technical depth and target’s infrastructure by mining blogs, search engines, and social networking hands-on experience with penetration testing sites. We’ll then turn our attention to scanning, experimenting with numerous and ethical hacking tools tools in hands-on exercises. Our exploitation phase will include the use of • Security personnel from enterprises required exploitation frameworks, stand-alone exploits, and other valuable tactics, all to comply with the PCI DSS Penetration Test requirements with hands-on exercises in our lab environment. The class also discusses how to prepare a final report tailored to maximize the value of the test from both a management and technical perspective. The final portion of the class includes a comprehensive hands-on exercise in which students will conduct a penetration test against a hypothetical target organization following all of the steps. The course also describes the limitations of penetration testing techniques and other Get GPEN Certified practices that can be used to augment penetration testing to find vulnerabilities in Reinforce what you learned in training and architecture, policies, and processes. We address how penetration testing should be prove your skills and knowledge with a integrated as a piece of a comprehensive enterprise information security program. GPEN certification. www.giac.org SEC505: Securing Windows 6-Day Course • February 15 - 20, 2010 • Instructor: Jason Fossen • 36 CPE Credits • Laptop Recommended The Securing Windows course is fully updated for Windows Server 2008-R2 and Who Should Attend Windows 7. Most of the content applies to Windows Server 2003 and XP too, but • Windows network security engineers and the focus is on 2008/Vista/7. architects • Windows administrators with security duties Concerned about the 20 Critical Security Controls of the Consensus Audit Guide- • Anyone with Windows machines who wants lines? This course will help you implement the Critical Controls relevant to to implement the SANS 20 Critical Security Windows systems, not just audit them, and will walk you through most of the Controls tools step-by-step too. • Active Directory designers and administrators As a Windows security expert, how can you stand out from the crowd and offer • Those who must enforce security policies on Windows hosts management more than the usual apply-this-checklist advice? Be a security • Those deploying or managing a PKI or smart architect who understands the big picture. You can save your organization money, cards maintain compliance with regulations, secure your networks, and advance your • IIS administrators and Web masters with Web career all at the same time. How? By leveraging the Windows infrastructure servers at risk you’ve already paid for. • Administrators who use the command line or scripting to automate their duties and must This program is a comprehensive set of courses for Windows security architects learn PowerShell (the replacement for CMD and administrators. It tackles tough problems like Active Directory forest design, scripting and VBScript) how to use Group Policy to lock down desktops, deploying a Microsoft PKI and smart cards, pushing firewall and IPSec policies out to every computer in the domain, securing public IIS web servers, and PowerShell scripting. PowerShell is the future of Windows scripting and automation. Easier to learn and more powerful than VBScript, PowerShell is an essential tool for automation and scalable management. And if there’s one skill that will most benefit the career Get GCWN Certified Reinforce what you learned in training of a Windows specialist, it’s scripting, because most of your competition lack and prove your skills and knowledge scripting skills, so it’s a great way to make your resume stand out. Scripting skills with a GCWN certification. are also essential for being able to implement the 20 Critical Security Controls. www.giac.org MGT414: SANS® +S™ Training Program for the CISSP® Certification Exam 6-Day Course • February 15 - 20, 2010 • Instructor: Eric Conrad • 50 CPE Credits • Laptop Required Over the past 18 months, 98% of all respondents, who studied our SANS® +S™ Who Should Attend Training Program for the CISSP® Certification Exam and then took the exam passed; • Security professionals who are interested in understanding the compared to a national average of around 70% for other prep courses. concepts that are covered in the This is an accelerated review course that assumes the student has a basic understanding CISSP® exam as determined by ISC2. of networks and operating systems and focuses solely on the 10 domains of knowledge as • Managers who want to understand determined by (ISC)2: the critical areas of network security Domain 1 - Information Security Governance & Risk Management • System, security, and network Domain 2 - Access Controls administrators that want to under- Domain 3 - Cryptography stand the pragmatic applications of the CISSP® 10 Domains Domain 4 - Physical (Environmental) Security Domain 5 - Security Architecture & Design Domain 6 - Business continuity & Disaster Recovery Planning Domain 7 - Telecommunications & Network Security Domain 8 - Application Security Domain 9 - Operations Security Domain 10 - Legal, Regulations, Compliance & Investigations Get GISP Certified Reinforce what you learned in Each domain of knowledge is dissected into its critical components. Every component training and prove your skills is discussed in terms of its relationship to other components and other areas of network and knowledge with a security. After completion of the course, the student will have a good working knowledge GISP certification. of the 10 domains of knowledge and, with proper preparation, be ready to take and pass www.giac.org the CISSP® exam. Register at www.sans.org/phoenix-2010 SEC508: Computer Forensics, Investigation, and Response 6-Day Course • February 15 - 20, 2010 • Instructor: Rob Lee • 36 CPE Credits • Laptop Required Unpatched, unprotected computers connected to the Internet Who Should Attend can be compromised in less than three days. • Incident response team mem- bers responding to complex In the commercial sector, TJ Maxx, Hannaford, and TD Ameritrade are victims of large- security incidents/intrusions and scale data breaches and intrusions. Personal or account information of more than 100 need computer forensics to help million individuals has been compromised. In the government sector, cyber attacks on solve their cases government agencies and contractors, originating from China, have proved difficult to • Computer forensic profession- als who want to solidify and suppress. In both situations, incident response and mitigation, class action lawsuits, and expand their understanding of fines place remediation costs in the billions of dollars. file system forensic and incident This course will give you a firm understanding of computer forensics tools and techniques response related topics • Law enforcement officers, to investigate data breach intrusions, tech-savvy rogue employees, advanced persistent federal agents, or detectives threats, and complex digital forensic cases. Utilizing advances in spear phishing, Web who want to master computer application attacks, and persistent malware, these new sophisticated attackers advance forensics and expand their in- vestigative skill set to include rapidly through your network. Forensic investigators must master a variety of operating data breach investigations, systems, investigation techniques, incident response tactics, and even legal issues in order intrusion cases to solve challenging cases. SEC508 will teach you critical forensic analysis techniques and • Information security profes- tools in a hands-on setting for both Windows- and Linux-based investigations. sionals with some background in hacker exploits, penetration We will examine various investigation methodologies and techniques, discovering new testing, and incident response places to find evidence and discover the tracks of a cyber criminal or hacker, who is trying • Information security managers to stay hidden inside your network. You will be able to demonstrate how forensic tools who would like to master digital forensics to understand informa- function and become skilled with new tools, such as the Sleuthkit, Foremost, and the tion security implications and HELIX3 Pro Forensics Live CD. SANS hands-on technical course arms you with a deep potential litigation or manage understanding of the forensic methodology, tools, and techniques to solve advanced investigative teams computer forensics cases. FIGHT CRIME. UNRAVEL INCIDENTS… ONE BYTE AT A TIME. We not only teach a firm understanding of the computer forensics tools and techniques, we also teach you the legally approved forensic methodology that will result in success. FREE SANS Investigative Forensic Toolkit (SIFT) Advanced Get GCFA Certified The SIFT Kit Advanced consists of: Reinforce what you learned • Hard Drive USB mini adapter kit for SATA/IDE hard drives 1.8”/2.5”/3.5”/5.25” in training and prove your • SANS VMware based Forensic Analysis Workstation skills and knowledge with • Course DVD loaded with case examples, tools, and documentation a GCFA certification. www.giac.org • Best-selling book File System Forensic Analysis by Brian Carrier • New Addition! The SIFT Kit Advanced will now include a single version Helix3 Pro that will be individually licensed to each student. Get extra training with this one-day course SEC531: Windows Command-Line Kung Fu In-Depth for Info Sec Pros 1-Day Course • Sunday, February 14, 2010 • Instructor: Ed Skoudis • 6 CPE Credits For a complete course description, visit www.sans.org/phoenix-2010 Take SEC531 and SEC560 and receive a free autographed copy of Ed Skoudis’ book, “Counter Hack Reloaded”. Register at www.sans.org/phoenix-2010 Special Events Enrich your conference experience! Evening talks given by our faculty and selected subject matter experts help you broaden your knowledge, get the most for your training dollar, and hear from the voices that matter in computer security. Look Out! Open Source Data Exfiltration Detection Speaker: Eric Conrad Your firewall has been turned inside-out. With the advent of client-side attacks, infected USB drives, and infected mobile devices, perimeter network defenses have failed. The bad guys are already in. How do you stop them? By looking out. This talk will discuss techniques for detecting the outbound flow of sensitive information: data exfiltration. Specific examples for detecting sensitive data exfiltration will be present- ed using the Snort Intrusion Detection System, ngrep, and other open source tools. The Art of Incident Response Speaker: Rob Lee Incident Response teams are the front line special operations troops of the information security profession. They are asked to mitigate minor virus outbreaks and respond to massive corporate intrusions across enterprise networks of 10,000 systems or more. And win. Every time. Rob Lee will use his 13 years of experience from the U.S. Air Force, government agencies, and commercial organizations that have been hit by incidents to discuss what tactics and strategies really work. Utilizing the 20 Critical Security Controls as a framework, he will detail the top 6 things your organization can do today to increase the efficiency and effectiveness of any incident response capability. This is a not-to-be-missed talk if you regularly respond to incidents. What’s New for Security in Windows 7 and Server 2008-R2? Speaker: Jason Fossen The Vista nightmare is finally over, but what’s new for security in Windows 7 and Server 2008-R2 then? The aim of this talk is to give you a bird’s eye view of the Win7 security enhancements to help you decide whether to upgrade or to grit your teeth and stick with XP for another ten years. Topics include BitLocker To Go for flash drives, AppLocker program whitelisting, IPSec DirectAccess, BranchCache, PowerShell 2.0, booting from VHD files, IE8 SmartScreen Filter, hyper-detailed logging, and the hated User Account Control prompt. Bring your questions and get it straight without the anti-Microsoft FUD or the pro-Microsoft propaganda! Advanced Forensics Techniques: Catching Hackers on the Wire Speaker: Jonathan Ham Digital forensics is about more than just hard drive analysis. Packet captures, web proxies, Snort alerts, and other sources of network-based evidence can help investigators track an attacker’s activities throughout an organization. Jonathan Ham presents a couple of scenarios in which an advanced investigation of network- based evidence can yield a richer understanding of events. We’ll spend an hour exploring sources of evidence that we can use to close the loop faster, and get better results in both incident response and investigation. “No hard drive? No problem!” Vendor Expo and Vendor Welcome Reception Given that (virtually) everything in security is accomplished with a tool, exposure to those tools is a very important part of the SANS Training Event learning experience. Leading solutions providers will be on-hand for a one- day exposition, an added bonus to registered training event attendees. All vendor events are included with training event registration. Event Location Hyatt Regency Phoenix 122 North Second Street • Phoenix, AZ 85004 US Phone: 602-252-1234 • Fax: 602-254-9472 Web Site: http://phoenix.hyatt.com A special discount rate of $175 S/D will be honored based on space availability. These rates include high-speed Internet in your room. This special rate is only available thru January 25, 2010. Government per diem rooms are also available with proper ID. Please call reservations and ask for the SANS government rate. Book your reservation now as there is limited availability! Note: You must mention that you are attending the SANS Institute training to get the discounted rate. Top 5 reasons to stay at the Hyatt Regency Phoenix 1 All SANS attendees receive complimentary High-Speed Internet when booking in the SANS Block. 2 No need to factor in daily cab fees and the time associated with travel to alternate hotels. 3 By staying at the Hyatt Regency, you gain the opportunity to further network with your industry peers and remain in the center of the activity surrounding the conference. 4 SANS schedules morning and evening events at the Hyatt Regency that you won’t want to miss! 5 Everything is in one convenient location! Register at www.sans.org/phoenix-2010