CURRICULUM: Offensive Operations SEC560: Enterprise Penetration Testing, the flagship SANS course for penetration testing, equips you to assess and mitigate business risks across complex, modern enterprises. You will learn to plan, execute, and apply penetration tests using the latest tools and techniques through hands-on labs. Ideal for penetration testers, system administrators, and defenders, SEC560 strengthens your skills and understanding of the attacker mindset, enabling you to enhance organizational security immediately. SEC560 is designed to get you ready to conduct a full-scale, high-value penetration test, and at the end of the course you will do just that. After building your skills in comprehensive and challenging labs, the course culminates with a final real-world penetration test scenario. You will conduct an end-to-end penetration test, applying knowledge, tools, and principles from throughout the course as you discover and exploit vulnerabilities in a realistic target organization. You Will Be Able To ▐ Properly plan and prepare for an enterprise penetration test ▐ Perform detailed reconnaissance to aid in social engineering, phishing, targeting the right data, and demonstrating appropriate goals ▐ Perform safe and effective password guessing to gain initial access to the target environment or move deeper into the network ▐ Exploit target systems in multiple ways to gain access and measure real business risk ▐ Thoroughly pillage exploited systems to gather information and move further into the network towards your goals ▐ Use privilege escalation techniques to elevate access on Windows or Linux systems, or Active Directory itself ▐ Execute lateral movement and pivoting to further extend access to the organization and identify risks missed by surface scans ▐ Use Command and Control (C2, C&C) frameworks to manage and pillage compromised hosts remotely ▐ Attack the Active Directory domains and forests used by most organizations ▐ Execute multiple Kerberos attacks, including Kerberoasting, Golden Ticket, and Silver Ticket attacks ▐ Conduct Azure reconnaissance remotely, both with and without credentials ▐ Execute Entra ID password spray attacks Syllabus Summary SECTION 1: Comprehensive Penetration Test Planning, Scoping, Recon, and Scanning SECTION 2: Initial Access, Payloads, and Situational Awareness SECTION 3: Privilege Escalation, Persistence, and Password Attacks SECTION 4: Lateral Movement and Reporting SECTION 5: Domain Domination and Azure Annihilation SECTION 6: Penetration Test and Capture-the-Flag Exercise SEC560: Enterprise Penetration Testing™ CyberLive DoD 8140* GPEN Penetration Tester giac.org/gpen Who Should Attend ▐ Security personnel whose job involves assessing networks and systems to find and remediate vulnerabilities ▐ Penetration testers ▐ Ethical hackers ▐ Defenders who want to better understand offensive methodologies, tools, and techniques ▐ Auditors who need to build deeper technical skills ▐ Red Team members ▐ Blue Team members ▐ Forensics specialists who want to better understand offensive tactics ▐ Incident responders who want to understand the mindset of an attacker NICE Framework Work Roles ▐ Security Control Assessor (OPM 612) ▐ System Testing and Evaluation Specialist (OPM 671) ▐ Vulnerability Assessment Analyst (OPM 541) ▐ Pen Tester (OPM 541) ▐ Exploitation Analyst (OPM 121) ▐ Mission Assessment Specialist (OPM 112) ▐ Target Developer (OPM 131) ▐ Cyber Ops Planner (OPM 332) ▐ Cyber Operator (OPM 321) 6 Day Program 36 CPEs 30+ Labs For detailed course description, visit SANS.ORG/SEC560 WAYS TO TAKE SEC560 Live Online In-Person OnDemand * sans.org/8140 Jeff McJunkin Course Author