SANS November Sydney 2018

5-17 November 2018

Information security training in Australia from SANS Institute, the global leader in security training. At SANS November Sydney 2018, SANS offers hands-on, immersion-style security training courses taught by real-world practitioners.

Pay in Australian Dollars when you register through Shearwater. Make sure to ask about early bird and group discounts.

Courses on offer

SEC301: Introduction to Cyber Security

Course Details

To determine if SANS SEC301: Introduction to Cyber Security is right for you, ask yourself five simple questions:

Do you have basic computer knowledge, but are new to cyber security and in need of an introduction to the fundamentals?
Are you bombarded with complex technical security terms that you don’t understand?
Are you a non-IT security manager who lays awake at night worrying that your company will be the next mega-breach headline story on the 6 o’clock news?
Do you need to be conversant in basic security concepts, principles, and terms, even if you don’t need “deep in the weeds” detail?
Have you decided to make a career change to take advantage of the job opportunities in cyber security and need formal training and certification?

If you answer yes to any of these questions, the SEC301: Introduction to Cyber Security training course is for you. Students with a basic knowledge of computers and technology but no prior cyber security experience can jump-start their security education with insight and instruction from real-world security experts in SEC301.

This completely revised and comprehensive five-day course covers a wide range of baseline topics, including terminology, the basics of computer networks, security policies, incident response, passwords, and even an introduction to cryptographic principles. The hands-on, step-by-step learning format will enable you to grasp all the information presented even if some of the topics are new to you. You’ll learn fundamentals of cyber security that will serve as the foundation of your security skills and knowledge for years to come.

Written by a security professional with over 30 years of experience in both the public and private sectors, SEC301 provides uncompromising real-world insight from start to finish. The course prepares you for the Global Information Security Fundamentals (GISF) certification test, as well as for the next SANS course in this progression, SEC401: Security Essentials Bootcamp Style. It also delivers on the SANS promise: You will be able to use the knowledge and skills you learn in SEC301 as soon as you return to work.

Price: $5,700 USD
Duration: 5 Days
Instructor: David R. Miller

SEC401: Security Essentials Bootcamp Style

Course Details

Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Learn tips and tricks from the experts so that you can win the battle against the wide range of cyber adversaries that want to harm your environment.

Is SEC401: Security Essentials Bootcamp Style the right course for you?

STOP and ask yourself the following questions:

Do you fully understand why some organizations get compromised and others do not?
If there were compromised systems on your network, are you confident that you would be able to find them?
Do you know the effectiveness of each security device and are you certain that they are all configured correctly?
Are proper security metrics set up and communicated to your executives to drive security decisions?

If you do not know the answers to these questions, SEC401 course will provide the information security training you need in a bootcamp-style format that is reinforced with hands-on labs.

Price: $6,580 USD
Duration: 6 Days
Instructor: Paul A. Henry

SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling

Course Details

The Internet is full of powerful hacking tools and bad guys using them extensively. If your organization has an Internet connection or one or two disgruntled employees (and whose doesn’t!), your computer systems will get attacked. From the five, ten, or even one hundred daily probes against your Internet infrastructure to the malicious insider slowly creeping through your most vital information assets, attackers are targeting your systems with increasing viciousness and stealth. As defenders, it is essential we understand these hacking tools and techniques.

You Will Learn:

How best to prepare for an eventual breach
The step-by-step approach used by many computer attackers
Proactive and reactive defenses for each stage of a computer attack
How to identify active attacks and compromises
The latest computer attack vectors and how you can stop them
How to properly contain attacks
How to ensure that attackers do not return
How to recover from computer attacks and restore systems for business
How to understand and use hacking tools and techniques
Strategies and tools for detecting each type of attack
Attacks and defenses for Windows, Unix, switches, routers, and other systems
Application-level vulnerabilities, attacks, and defenses
How to develop an incident handling process and prepare a team for battle
Legal issues in incident handling

Price: $6,580 USD
Duration: 6 Days
Instructor: Steve Anson

SEC530: Defensible Security Architecture

Course Details

In this course, students will learn the fundamentals of up-to-date defensible security architecture. There will be a heavy focus on leveraging current infrastructure (and investment), including switches, routers, and firewalls. Students will learn how to reconfigure these devices to better prevent the threat landscape they face today. The course will also suggest newer technologies that will aid in building a robust security infrastructure.

While this is not a monitoring course, this course will dovetail nicely with continuous security monitoring, ensuring that security architecture not only supports prevention, but also provides the critical logs that can be fed into a Security Information and Event Management (SIEM) system in a Security Operations Center.

Hands-on labs will reinforce key points in the course and provide actionable skills that students will be able to leverage as soon as they return to work.

You Will Learn To:

Analyze a security architecture for deficiencies
Apply the principles learned in the course to design a defensible security architecture
Maximize the current investment by reconfiguring existing equipment to become more defensible
Configure computer systems and network components to support proper logging and continuous monitoring
Improve both preventive and detective capabilities
Improve the security of devices from layer 1 (physical) through layer 7 (application)

Price: $6,580 USD
Duration: 6 Days
Instructor: Eric Conrad

SEC560: Network Penetration Testing and Ethical Hacking

Course Details

As a cyber security professional, you have a unique responsibility to find and understand your organization’s vulnerabilities and to work diligently to mitigate them before the bad guys pounce. Are you ready? SEC560, the flagship SANS course for penetration testing, fully arms you to address this duty head-on.

THE MUST-HAVE COURSE FOR EVERY WELL-ROUNDED SECURITY PROFESSIONAL

With comprehensive coverage of tools, techniques, and methodologies for network penetration testing, SEC560 truly prepares you to conduct high-value penetration testing projects step-by-step and end-to-end. Every organization needs skilled information security personnel who can find vulnerabilities and mitigate their effects, and this entire course is specially designed to get you ready for that role. The course starts with proper planning, scoping and recon, then dives deep into scanning, target exploitation, password attacks, and web app manipulation, with over 30 detailed hands-on labs throughout. The course is chock full of practical, real-world tips from some of the world’s best penetration testers to help you do your job safely, efficiently…and masterfully.

LEARN THE BEST WAYS TO TEST YOUR OWN SYSTEMS BEFORE THE BAD GUYS ATTACK

SEC560 is designed to get you ready to conduct a full-scale, high-value penetration test – and on the last day of the course, you’ll do just that. After building your skills in comprehensive and challenging labs over five days, the course culminates with a final full-day, real-world penetration test scenario. You’ll conduct an end-to-end pen test, applying knowledge, tools, and principles from throughout the course as you discover and exploit vulnerabilities in a realistic sample target organization, demonstrating the knowledge you’ve mastered in this course.

EQUIPPING SECURITY ORGANIZATIONS WITH COMPREHENSIVE PENETRATION TESTING AND ETHICAL HACKING KNOW-HOW

You will learn how to perform detailed reconnaissance, studying a target’s infrastructure by mining blogs, search engines, social networking sites, and other Internet and intranet infrastructures. Our hands-on labs will equip you to scan target networks using best-of-breed tools. We won’t just cover run-of-the-mill options and configurations, we’ll also go over the lesser known but super-useful capabilities of the best pen test toolsets available today. After scanning, you’ll learn dozens of methods for exploiting target systems to gain access and measure real business risk. You’ll dive deep into post-exploitation, password attacks, and web apps, pivoting through the target environment to model the attacks of real-world bad guys to emphasize the importance of defense in depth.

Price: $6,580 USD
Duration: 6 Days
Instructor: Jeff McJunkin

SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking

Course Details

SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking is designed as a logical progression point for those who have completed SANS SEC560: Network Penetration Testing and Ethical Hacking, or for those with existing penetration testing experience. Students with the prerequisite knowledge to take this course will walk through dozens of real-world attacks used by the most seasoned penetration testers. The methodology of a given attack is discussed, followed by exercises in a hands-on lab to consolidate advanced concepts and facilitate the immediate application of techniques in the workplace. Each day of the course includes a two-hour evening boot camp to drive home additional mastery of the techniques discussed. A sample of topics covered includes weaponizing Python for penetration testers, attacks against network access control (NAC) and virtual local area network (VLAN) manipulation, network device exploitation, breaking out of Linux and Windows restricted environments, IPv6, Linux privilege escalation and exploit-writing, testing cryptographic implementations, fuzzing, defeating modern OS controls such as address space layout randomization (ASLR) and data execution prevention (DEP), return-oriented programming (ROP), Windows exploit-writing, and much more!

Attackers are becoming more clever and their attacks more complex. To keep up with the latest attack methods, you need a strong desire to learn, the support of others, and the opportunity to practice and build experience. This course provides attendees with in-depth knowledge of the most prominent and powerful attack vectors and furnishes an environment to perform these attacks in numerous hands-on scenarios. The course goes far beyond simple scanning for low-hanging fruit and shows penetration testers how to model the abilities of an advanced attacker to find significant flaws in a target environment and demonstrate the business risk associated with these flaws.

SEC660 starts off by introducing advanced penetration concepts and providing an overview to prepare students for what lies ahead. The focus of day one is on network attacks, an area often left untouched by testers. Topics include accessing, manipulating, and exploiting the network. Attacks are performed against NAC, VLANs, OSPF, 802.1X, CDP, IPv6, VOIP, SSL, ARP, SNMP, and others. Day two starts with a technical module on performing penetration testing against various cryptographic implementations, then turns to PowerShell and post exploitation, escaping Linux restricted environments and Windows restricted desktop environments. Day three jumps into an introduction of Python for penetration testing, Scapy for packet crafting, product security testing, network and application fuzzing, and code coverage techniques. Days four and five are spent exploiting programs on the Linux and Windows operating systems. You will learn to identify privileged programs, redirect the execution of code, reverse-engineer programs to locate vulnerable code, obtain code execution for administrative shell access, and defeat modern operating system controls such as ASLR, canaries, and DEP using ROP and other techniques. Local and remote exploits as well as client-side exploitation techniques are covered. The final course day is devoted to numerous penetration testing challenges that require students to solve complex problems and capture flags.

Among the biggest benefits of SEC660 is the expert-level hands-on guidance provided through the labs and the additional time allotted each evening to reinforce daytime material and master the exercises.

You Will Learn:

How to perform penetration testing safely against network devices such as routers, switches, and NAC implementations.
How to test cryptographic implementations.
How to leverage an unprivileged foothold for post exploitation and escalation.
How to fuzz network and stand-alone applications.
How to write exploits against applications running on Linux and Windows systems.
How to bypass exploit mitigations such as ASLR, DEP, and stack canaries.

Price: $6,580 USD
Duration: 6 Days
Instructor: Jake Williams

FOR500: Windows Forensic Analysis

Course Details

FOR500: Windows Forensic Analysis focuses on building in-depth digital forensics knowledge of Microsoft Windows operating systems. You can’t protect what you don’t know about, and understanding forensic capabilities and artifacts is a core component of information security. You will learn how to recover, analyze, and authenticate forensic data on Windows systems, track particular user activity on your network, and organize findings for use in incident response, internal investigations, and civil/criminal litigation. You will be able to use your new skills to validate security tools, enhance vulnerability assessments, identify insider threats, track hackers, and improve security policies. Whether you know it or not, Windows is silently recording an unbelievable amount of data about you and your users. FOR500 teaches you how to mine this mountain of data.

Proper analysis requires real data for students to examine. The completely updated FOR500 course trains digital forensic analysts through a series of new hands-on laboratory exercises that incorporate evidence found on the latest Microsoft technologies (Windows 7, Windows 8/8.1, Windows 10, Office and Office365, cloud storage, SharePoint, Exchange, Outlook). Students leave the course armed with the latest tools and techniques and prepared to investigate even the most complicated systems they might encounter. Nothing is left out – attendees learn to analyze everything from legacy Windows 7 systems to just-discovered Windows 10 artifacts.

FOR500: Windows Forensic Analysis will teach you to:
Conduct in-depth forensic analysis of Windows operating systems and media exploitation focusing on Windows 7, Windows 8/8.1, Windows 10, and Windows Server 2008/2012/2016
Identify artifact and evidence locations to answer critical questions, including application execution, file access, data theft, external device usage, cloud services, geolocation, file download, anti-forensics, and detailed system usage
Focus your capabilities on analysis instead of on how to use a particular tool
Extract critical answers and build an in-house forensic capability via a variety of free, open-source, and commercial tools provided within the SANS Windows SIFT Workstation

FOR500 is continually updated. The course uses an intellectual property theft and corporate espionage case that took over six months to create. You work in the real world, so your training should include real-world practice data. Our instructor development team used incidents from their own investigations and experiences to create an incredibly rich and detailed scenario designed to immerse students in an actual investigation. The case demonstrates the latest artifacts and technologies an investigator might encounter while analyzing Windows systems. The detailed workbook shows step-by-step the tools and techniques that each investigator should employ to solve a forensic case.

Windows Forensics Course Topics:

Windows Operating Systems Focus (Win7, Win8/8.1, Windows 10, Server 2008/2012/2016)
Windows File Systems (NTFS, FAT, exFAT)
Advanced Evidence Acquisition Tools and Techniques
Registry Forensics
Shell Item Forensics
- Shortcut Files (LNK) – Evidence of File Opening
- Shellbags – Evidence of Folder Opening
- JumpLists – Evidence of File Opening/Program Exec
Windows Artifact Analysis
- Facebook, Gmail, Hotmail, Yahoo Chat and Webmail Analysis
- E-Mail Forensics (Host, Server, Web)
- Microsoft Office Document Analysis
- Windows Recycle Bin Analysis
- File and Picture Metadata Tracking and Examination
- Prefetch Analysis
Event Log File Analysis
Firefox, Chrome, and Internet Explorer Browser Forensics
Deleted Registry Key and File Recovery
String Searching and File Carving
Examination of Cases Involving Windows 7, Windows 8/8.1, and Windows 10
Media Analysis and Exploitation involving:
- Tracking user communications using a Windows PC (e-mail, chat, IM, webmail)
- Identifying if and how the suspect downloaded a specific file to the PC
- Determining the exact time and number of times a suspect executed a program
- Showing when any file was first and last opened by a suspect
- Determining if a suspect had knowledge of a specific file
- Showing the exact physical location of the system
- Tracking and analysis of external and USB devices
- Showing how the suspect logged on to the machine via the console, RDP, or network
- Recovering and examining browser artifacts, even those used in a private browsing mode
- Discovering utilization of anti-forensics, including file wiping, time manipulation, and program removal
The Course Is Fully Updated to Include Latest Windows 7, 8, 8.1, 10 and Server 2008/2012/2016 Techniques

Price: $6,580 USD
Duration: 6 Days
Instructor: Carlos Cajigas

FOR518: Mac and iOS Forensic Analysis and Incident Response

Course Details

The constantly updated FOR518: Mac and iOS Forensic Analysis and Incident Response course provides the techniques and skills necessary to take on any Mac or iOS case without hesitation. The intense hands-on forensic analysis and incident response skills taught in the course will enable analysts to broaden their capabilities and gain the confidence and knowledge to comfortably analyze any Mac or iOS device. In addition to traditional investigations, the course presents intrusion and incident response scenarios to help analysts learn ways to identify and hunt down attackers that have compromised Apple devices.

Forensicate Differently!

FOR518: Mac and iOS Forensic Analysis and Incident Response will teach you:

Mac and iOS Fundamentals: How to analyze and parse the Hierarchical File System (HFS+) and Apple File System (APFS) by hand and recognize the specific domains of the logical file system and Mac-specific file types.
User Activity: How to understand and profile users through their data files and preference configurations.
Advanced Intrusion Analysis and Correlation: How to determine how a system has been used or compromised by using the system and user data files in correlation with system log files.
Apple Technologies: How to understand and analyze many Mac and iOS-specific technologies, including Time Machine, Spotlight, iCloud, Document Versions, FileVault, Continuity, and FaceTime.

FOR518: Mac and iOS Forensic Analysis and Incident Response aims to train a well-rounded investigator by diving deep into forensic and intrusion analysis of Mac and iOS. The course focuses on topics such as the HFS+ and APFS file systems, Mac-specific data files, tracking of user activity, system configuration, analysis and correlation of Mac logs, Mac applications, and Mac-exclusive technologies. A computer forensic analyst who completes this course will have the skills needed to take on a Mac or iOS forensics case.

Parse the HFS+ file system by hand, using only a cheat sheet and a hex editor
Understand the APFS file system and its significance
Determine the importance of each file system domain
Conduct temporal analysis of a system by correlating data files and log analysis
Profile how individuals used the system, including how often they used the system, what applications they frequented, and their personal system preferences
Identify remote or local data backups, disk images, or other attached devices
Find encrypted containers and FileVault volumes, understand keychain data, and crack Mac passwords
Analyze and understand Mac metadata and their importance in the Spotlight database, Time Machine, and Extended Attributes
Develop a thorough knowledge of the Safari Web Browser and Apple Mail applications
Identify communication with other users and systems though iChat, Messages, FaceTime, Remote Login, Screen Sharing, and AirDrop
Conduct an intrusion analysis of a Mac for signs of compromise or malware infection
Acquire and analyze memory from Mac systems
Acquire iOS and analyze devices in-depth

In-Depth HFS+ File System Examination and an Introduction to APFS
File System Timeline Analysis
Advanced Computer Forensics Methodology
Mac-Specific Acquisition and Incident Response Collection
Mac Memory Acquisition and Analysis
File System Data Analysis
Metadata Analysis
Recovery of Key Mac Files
Volume and Disk Image Analysis
Analysis of Mac Technologies, including Time Machine, Spotlight, and FileVault
Advanced Log Analysis and Correlation
iDevice Analysis and iOS Artifacts

Price: $6,580 USD
Duration: 6 Days
Instructor: Sarah Edwards

FOR578: Cyber Threat Intelligence

Course Details

Every security practitioner should attend the FOR578: Cyber Threat Intelligence course . This course is unlike any other technical training you have experienced. It focuses on structured analysis in order to establish a solid foundation for any security skillset and to amplify existing skills. The course will help practitioners from across the security spectrum to:

Develop analysis skills to better comprehend, synthesize, and leverage complex scenarios
Identify and create intelligence requirements through practices such as threat modeling
Understand and develop skills in tactical, operational, and strategic-level threat intelligence
Generate threat intelligence to detect, respond to, and defeat focused and targeted threats
Learn the different sources to collect adversary data and how to exploit and pivot off of it
Validate information received externally to minimize the costs of bad intelligence
Create Indicators of Compromise (IOCs) in formats such as YARA, OpenIOC, and STIX
Move security maturity past IOCs into understanding and countering the behavioral tradecraft of threats
Establish structured analytical techniques to be successful in any security role

It is common for security practitioners to call themselves analysts. But how many of us have taken structured analysis training instead of simply attending technical training? Both are important, but very rarely do analysts focus on training on analytical ways of thinking. This course exposes analysts to new mindsets, methodologies, and techniques that will complement their existing knowledge as well as establish new best practices for their security teams. Proper analysis skills are key to the complex world that defenders are exposed to on a daily basis.

The analysis of an adversary’s intent, opportunity, and capability to do harm is known as cyber threat intelligence. Intelligence is not a data feed, nor is it something that comes from a tool. Intelligence is actionable information that answers a key knowledge gap, pain point, or requirement of an organization. This collection, classification, and exploitation of knowledge about adversaries gives defenders an upper hand against adversaries and forces defenders to learn and evolve with each subsequent intrusion they face.

Cyber threat intelligence thus represents a force multiplier for organizations looking to establish or update their response and detection programs to deal with increasingly sophisticated threats. Malware is an adversary’s tool, but the real threat is the human one, and cyber threat intelligence focuses on countering those flexible and persistent human threats with empowered and trained human defenders.

Knowledge about the adversary is core to all security teams. The red team needs to understand adversaries’ methods in order to emulate their tradecraft. The Security Operations Center needs to know how to prioritize intrusions and quickly deal with those that need immediate attention. The incident response team needs actionable information on how to quickly scope and respond to targeted intrusions. The vulnerability management group needs to understand which vulnerabilities matter most for prioritization and the risk that each one presents. The threat hunting team needs to understand adversary behaviors to search out new threats.

In other words, cyber threat intelligence informs all security practices that deal with adversaries. FOR578: Cyber Threat Intelligence will equip you, your security team, and your organization in the tactical, operational, and strategic level cyber threat intelligence skills and tradecraft required to better understand the evolving threat landscape and to accurately and effectively counter those threats.

Price: $5,700 USD
Duration: 5 Days
Instructor: Jake Williams

FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques

Course Details

Learn to turn malware inside out! This popular course explores malware analysis tools and techniques in depth. FOR610 training has helped forensic investigators, incident responders, security engineers, and IT administrators acquire the practical skills to examine malicious programs that target and infect Windows systems.

Understanding the capabilities of malware is critical to an organization’s ability to derive threat intelligence, respond to information security incidents, and fortify defenses. This course builds a strong foundation for reverse-engineering malicious software using a variety of system and network monitoring utilities, a disassembler, a debugger, and many other freely available tools.

In summary, FOR610 malware analysis training will teach you how to:

Build an isolated, controlled laboratory environment for analyzing the code and behavior of malicious programs
Employ network and system-monitoring tools to examine how malware interacts with the file system, registry, network, and other processes in a Windows environment
Uncover and analyze malicious JavaScript and other components of web pages, which are often used by exploit kits for drive-by attacks
Control relevant aspects of the malicious program’s behavior through network traffic interception and code patching to perform effective malware analysis
Use a disassembler and a debugger to examine the inner workings of malicious Windows executables
Bypass a variety of packers and other defensive mechanisms designed by malware authors to misdirect, confuse, and otherwise slow down the analyst
Recognize and understand common assembly-level patterns in malicious code, such as code L injection, API hooking, and anti-analysis measures
Assess the threat associated with malicious documents, such as PDF and Microsoft Office files
Derive Indicators of Compromise (IOCs) from malicious executables to strengthen incident response and threat intelligence efforts.

Price: $6,580 USD
Duration: 6 Days
Instructor: Hal Pomeranz

CORE NetWars Tournament

Course Details

Laptop Requirements: A laptop capable of running a VMware virtual machine, with a DVD drive and connecting to an Ethernet network is required.

CORE NetWars Tournament participants receive 6 CPEs

CORE NetWars Tournament is a computer and network security challenge designed to test a participant’s experience and skills in a safe environment. It is accessible to a broad level of player skill ranges and is split into separate levels so that advanced players may quickly move through earlier levels to the level of their expertise.

NetWars Levels:

Level 1 – Played on local Linux image without root
Level 2 – Played on local Linux image with root
Level 3 – Attack a DMZ
Level 4 – Pivot to intranet
Level 5 – Master of your domain… castle versus castle

Topics Include:

Vulnerability Assessment
Packet Analysis
Penetration Testing
System Hardening
Malware Analysis
Digital Forensics and Incident Response

Who Should Attend:

Security Professionals
System Administrators
Network Administrators
Ethical Hackers
Penetration Testers
Incident Handlers
Forensic Analysts
Security auditors
Vulnerability assessment personnel
Security Operations Center (SOC) staff members

Price: $1,610 USD (FREE with any 4-6 day course)
Duration: 2 Evenings
Instructor: Jeff McJunkin

Need help? Talk to a training Advisor

1300 228 872

Request a Callback

Resources

2018 Course Catalogue

Get Started

Request a Callback

After you complete the form, a SANS training advisor will contact you to answer any questions you might have on registrations, courses, and group discounts.

Request a Callback

Ask us a question

Get answers! Our SANS training advisors are ready to take your call and provide all the information you need on upcoming courses.

1300 228 872
Mon – Fri, 9am – 6pm

SANS November Sydney 2018

Courses on offer

1300 228 872

Request a Callback

2018 Course Catalogue

Get Started

Request a Callback

Ask us a question

Compliance

Penetration Testing

Managed Services

Phishing Prevention

Company

Subscribe to Our Security Updates

Search for products or services