SANS November Sydney 2018
This event has concluded. Please see below for upcoming training events.

This event has concluded. Please see below for upcoming training events.
SEC301: Introduction to Cyber Security
Course Details
To determine if SANS SEC301: Introduction to Cyber Security is right for you, ask yourself five simple questions:
If you answer yes to any of these questions, the SEC301: Introduction to Cyber Security training course is for you. Students with a basic knowledge of computers and technology but no prior cyber security experience can jump-start their security education with insight and instruction from real-world security experts in SEC301.
This completely revised and comprehensive five-day course covers a wide range of baseline topics, including terminology, the basics of computer networks, security policies, incident response, passwords, and even an introduction to cryptographic principles. The hands-on, step-by-step learning format will enable you to grasp all the information presented even if some of the topics are new to you. You’ll learn fundamentals of cyber security that will serve as the foundation of your security skills and knowledge for years to come.
Written by a security professional with over 30 years of experience in both the public and private sectors, SEC301 provides uncompromising real-world insight from start to finish. The course prepares you for the Global Information Security Fundamentals (GISF) certification test, as well as for the next SANS course in this progression, SEC401: Security Essentials Bootcamp Style. It also delivers on the SANS promise: You will be able to use the knowledge and skills you learn in SEC301 as soon as you return to work.
Price: $5,700 USD
Duration: 5 Days
Instructor: David R. Miller
SEC401: Security Essentials Bootcamp Style
Course Details
Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Learn tips and tricks from the experts so that you can win the battle against the wide range of cyber adversaries that want to harm your environment.
Is SEC401: Security Essentials Bootcamp Style the right course for you?
STOP and ask yourself the following questions:
If you do not know the answers to these questions, SEC401 course will provide the information security training you need in a bootcamp-style format that is reinforced with hands-on labs.
Price: $6,580 USD
Duration: 6 Days
Instructor: Paul A. Henry
SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling
Course Details
You Will Learn:
Price: $6,580 USD
Duration: 6 Days
Instructor: Steve Anson
SEC530: Defensible Security Architecture
Course Details
In this course, students will learn the fundamentals of up-to-date defensible security architecture. There will be a heavy focus on leveraging current infrastructure (and investment), including switches, routers, and firewalls. Students will learn how to reconfigure these devices to better prevent the threat landscape they face today. The course will also suggest newer technologies that will aid in building a robust security infrastructure.
While this is not a monitoring course, this course will dovetail nicely with continuous security monitoring, ensuring that security architecture not only supports prevention, but also provides the critical logs that can be fed into a Security Information and Event Management (SIEM) system in a Security Operations Center.
Hands-on labs will reinforce key points in the course and provide actionable skills that students will be able to leverage as soon as they return to work.
You Will Learn To:
Price: $6,580 USD
Duration: 6 Days
Instructor: Eric Conrad
SEC560: Network Penetration Testing and Ethical Hacking
Course Details
As a cyber security professional, you have a unique responsibility to find and understand your organization’s vulnerabilities and to work diligently to mitigate them before the bad guys pounce. Are you ready? SEC560, the flagship SANS course for penetration testing, fully arms you to address this duty head-on.
THE MUST-HAVE COURSE FOR EVERY WELL-ROUNDED SECURITY PROFESSIONAL
With comprehensive coverage of tools, techniques, and methodologies for network penetration testing, SEC560 truly prepares you to conduct high-value penetration testing projects step-by-step and end-to-end. Every organization needs skilled information security personnel who can find vulnerabilities and mitigate their effects, and this entire course is specially designed to get you ready for that role. The course starts with proper planning, scoping and recon, then dives deep into scanning, target exploitation, password attacks, and web app manipulation, with over 30 detailed hands-on labs throughout. The course is chock full of practical, real-world tips from some of the world’s best penetration testers to help you do your job safely, efficiently…and masterfully.
LEARN THE BEST WAYS TO TEST YOUR OWN SYSTEMS BEFORE THE BAD GUYS ATTACK
SEC560 is designed to get you ready to conduct a full-scale, high-value penetration test – and on the last day of the course, you’ll do just that. After building your skills in comprehensive and challenging labs over five days, the course culminates with a final full-day, real-world penetration test scenario. You’ll conduct an end-to-end pen test, applying knowledge, tools, and principles from throughout the course as you discover and exploit vulnerabilities in a realistic sample target organization, demonstrating the knowledge you’ve mastered in this course.
EQUIPPING SECURITY ORGANIZATIONS WITH COMPREHENSIVE PENETRATION TESTING AND ETHICAL HACKING KNOW-HOW
You will learn how to perform detailed reconnaissance, studying a target’s infrastructure by mining blogs, search engines, social networking sites, and other Internet and intranet infrastructures. Our hands-on labs will equip you to scan target networks using best-of-breed tools. We won’t just cover run-of-the-mill options and configurations, we’ll also go over the lesser known but super-useful capabilities of the best pen test toolsets available today. After scanning, you’ll learn dozens of methods for exploiting target systems to gain access and measure real business risk. You’ll dive deep into post-exploitation, password attacks, and web apps, pivoting through the target environment to model the attacks of real-world bad guys to emphasize the importance of defense in depth.
Price: $6,580 USD
Duration: 6 Days
Instructor: Jeff McJunkin
SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
Course Details
SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking is designed as a logical progression point for those who have completed SANS SEC560: Network Penetration Testing and Ethical Hacking, or for those with existing penetration testing experience. Students with the prerequisite knowledge to take this course will walk through dozens of real-world attacks used by the most seasoned penetration testers. The methodology of a given attack is discussed, followed by exercises in a hands-on lab to consolidate advanced concepts and facilitate the immediate application of techniques in the workplace. Each day of the course includes a two-hour evening boot camp to drive home additional mastery of the techniques discussed. A sample of topics covered includes weaponizing Python for penetration testers, attacks against network access control (NAC) and virtual local area network (VLAN) manipulation, network device exploitation, breaking out of Linux and Windows restricted environments, IPv6, Linux privilege escalation and exploit-writing, testing cryptographic implementations, fuzzing, defeating modern OS controls such as address space layout randomization (ASLR) and data execution prevention (DEP), return-oriented programming (ROP), Windows exploit-writing, and much more!
Attackers are becoming more clever and their attacks more complex. To keep up with the latest attack methods, you need a strong desire to learn, the support of others, and the opportunity to practice and build experience. This course provides attendees with in-depth knowledge of the most prominent and powerful attack vectors and furnishes an environment to perform these attacks in numerous hands-on scenarios. The course goes far beyond simple scanning for low-hanging fruit and shows penetration testers how to model the abilities of an advanced attacker to find significant flaws in a target environment and demonstrate the business risk associated with these flaws.
SEC660 starts off by introducing advanced penetration concepts and providing an overview to prepare students for what lies ahead. The focus of day one is on network attacks, an area often left untouched by testers. Topics include accessing, manipulating, and exploiting the network. Attacks are performed against NAC, VLANs, OSPF, 802.1X, CDP, IPv6, VOIP, SSL, ARP, SNMP, and others. Day two starts with a technical module on performing penetration testing against various cryptographic implementations, then turns to PowerShell and post exploitation, escaping Linux restricted environments and Windows restricted desktop environments. Day three jumps into an introduction of Python for penetration testing, Scapy for packet crafting, product security testing, network and application fuzzing, and code coverage techniques. Days four and five are spent exploiting programs on the Linux and Windows operating systems. You will learn to identify privileged programs, redirect the execution of code, reverse-engineer programs to locate vulnerable code, obtain code execution for administrative shell access, and defeat modern operating system controls such as ASLR, canaries, and DEP using ROP and other techniques. Local and remote exploits as well as client-side exploitation techniques are covered. The final course day is devoted to numerous penetration testing challenges that require students to solve complex problems and capture flags.
Among the biggest benefits of SEC660 is the expert-level hands-on guidance provided through the labs and the additional time allotted each evening to reinforce daytime material and master the exercises.
You Will Learn:
Price: $6,580 USD
Duration: 6 Days
Instructor: Jake Williams
FOR500: Windows Forensic Analysis
Course Details
FOR500: Windows Forensic Analysis focuses on building in-depth digital forensics knowledge of Microsoft Windows operating systems. You can’t protect what you don’t know about, and understanding forensic capabilities and artifacts is a core component of information security. You will learn how to recover, analyze, and authenticate forensic data on Windows systems, track particular user activity on your network, and organize findings for use in incident response, internal investigations, and civil/criminal litigation. You will be able to use your new skills to validate security tools, enhance vulnerability assessments, identify insider threats, track hackers, and improve security policies. Whether you know it or not, Windows is silently recording an unbelievable amount of data about you and your users. FOR500 teaches you how to mine this mountain of data.
Proper analysis requires real data for students to examine. The completely updated FOR500 course trains digital forensic analysts through a series of new hands-on laboratory exercises that incorporate evidence found on the latest Microsoft technologies (Windows 7, Windows 8/8.1, Windows 10, Office and Office365, cloud storage, SharePoint, Exchange, Outlook). Students leave the course armed with the latest tools and techniques and prepared to investigate even the most complicated systems they might encounter. Nothing is left out – attendees learn to analyze everything from legacy Windows 7 systems to just-discovered Windows 10 artifacts.
FOR500 is continually updated. The course uses an intellectual property theft and corporate espionage case that took over six months to create. You work in the real world, so your training should include real-world practice data. Our instructor development team used incidents from their own investigations and experiences to create an incredibly rich and detailed scenario designed to immerse students in an actual investigation. The case demonstrates the latest artifacts and technologies an investigator might encounter while analyzing Windows systems. The detailed workbook shows step-by-step the tools and techniques that each investigator should employ to solve a forensic case.
Windows Forensics Course Topics:
Price: $6,580 USD
Duration: 6 Days
Instructor: Carlos Cajigas
FOR518: Mac and iOS Forensic Analysis and Incident Response
Course Details
The constantly updated FOR518: Mac and iOS Forensic Analysis and Incident Response course provides the techniques and skills necessary to take on any Mac or iOS case without hesitation. The intense hands-on forensic analysis and incident response skills taught in the course will enable analysts to broaden their capabilities and gain the confidence and knowledge to comfortably analyze any Mac or iOS device. In addition to traditional investigations, the course presents intrusion and incident response scenarios to help analysts learn ways to identify and hunt down attackers that have compromised Apple devices.
Forensicate Differently!
FOR518: Mac and iOS Forensic Analysis and Incident Response will teach you:
FOR518: Mac and iOS Forensic Analysis and Incident Response aims to train a well-rounded investigator by diving deep into forensic and intrusion analysis of Mac and iOS. The course focuses on topics such as the HFS+ and APFS file systems, Mac-specific data files, tracking of user activity, system configuration, analysis and correlation of Mac logs, Mac applications, and Mac-exclusive technologies. A computer forensic analyst who completes this course will have the skills needed to take on a Mac or iOS forensics case.
Price: $6,580 USD
Duration: 6 Days
Instructor: Sarah Edwards
FOR578: Cyber Threat Intelligence
Course Details
Every security practitioner should attend the FOR578: Cyber Threat Intelligence course . This course is unlike any other technical training you have experienced. It focuses on structured analysis in order to establish a solid foundation for any security skillset and to amplify existing skills. The course will help practitioners from across the security spectrum to:
It is common for security practitioners to call themselves analysts. But how many of us have taken structured analysis training instead of simply attending technical training? Both are important, but very rarely do analysts focus on training on analytical ways of thinking. This course exposes analysts to new mindsets, methodologies, and techniques that will complement their existing knowledge as well as establish new best practices for their security teams. Proper analysis skills are key to the complex world that defenders are exposed to on a daily basis.
The analysis of an adversary’s intent, opportunity, and capability to do harm is known as cyber threat intelligence. Intelligence is not a data feed, nor is it something that comes from a tool. Intelligence is actionable information that answers a key knowledge gap, pain point, or requirement of an organization. This collection, classification, and exploitation of knowledge about adversaries gives defenders an upper hand against adversaries and forces defenders to learn and evolve with each subsequent intrusion they face.
Cyber threat intelligence thus represents a force multiplier for organizations looking to establish or update their response and detection programs to deal with increasingly sophisticated threats. Malware is an adversary’s tool, but the real threat is the human one, and cyber threat intelligence focuses on countering those flexible and persistent human threats with empowered and trained human defenders.
Knowledge about the adversary is core to all security teams. The red team needs to understand adversaries’ methods in order to emulate their tradecraft. The Security Operations Center needs to know how to prioritize intrusions and quickly deal with those that need immediate attention. The incident response team needs actionable information on how to quickly scope and respond to targeted intrusions. The vulnerability management group needs to understand which vulnerabilities matter most for prioritization and the risk that each one presents. The threat hunting team needs to understand adversary behaviors to search out new threats.
In other words, cyber threat intelligence informs all security practices that deal with adversaries. FOR578: Cyber Threat Intelligence will equip you, your security team, and your organization in the tactical, operational, and strategic level cyber threat intelligence skills and tradecraft required to better understand the evolving threat landscape and to accurately and effectively counter those threats.
Price: $5,700 USD
Duration: 5 Days
Instructor: Jake Williams
FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
Course Details
Learn to turn malware inside out! This popular course explores malware analysis tools and techniques in depth. FOR610 training has helped forensic investigators, incident responders, security engineers, and IT administrators acquire the practical skills to examine malicious programs that target and infect Windows systems.
Understanding the capabilities of malware is critical to an organization’s ability to derive threat intelligence, respond to information security incidents, and fortify defenses. This course builds a strong foundation for reverse-engineering malicious software using a variety of system and network monitoring utilities, a disassembler, a debugger, and many other freely available tools.
In summary, FOR610 malware analysis training will teach you how to:
Price: $6,580 USD
Duration: 6 Days
Instructor: Hal Pomeranz
CORE NetWars Tournament
Course Details
Laptop Requirements: A laptop capable of running a VMware virtual machine, with a DVD drive and connecting to an Ethernet network is required.
CORE NetWars Tournament participants receive 6 CPEs
CORE NetWars Tournament is a computer and network security challenge designed to test a participant’s experience and skills in a safe environment. It is accessible to a broad level of player skill ranges and is split into separate levels so that advanced players may quickly move through earlier levels to the level of their expertise.
NetWars Levels:
Topics Include:
Who Should Attend:
Price: $1,610 USD (FREE with any 4-6 day course)
Duration: 2 Evenings
Instructor: Jeff McJunkin
Need help? Talk to a training Advisor
Resources
After you complete the form, a SANS training advisor will contact you to answer any questions you might have on registrations, courses, and group discounts.
Get answers! Our SANS training advisors are ready to take your call and provide all the information you need on upcoming courses.
1300 228 872
Mon – Fri, 9am – 6pm