SANS Secure Canberra 2019
This event has concluded. Please see below for upcoming training events.

This event has concluded. Please see below for upcoming training events.
SEC401: Security Essentials Bootcamp Style
Course Details
Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Learn tips and tricks from the experts so that you can win the battle against the wide range of cyber adversaries that want to harm your environment.
Is SEC401: Security Essentials Bootcamp Style the right course for you?
STOP and ask yourself the following questions:
If you do not know the answers to these questions, SEC401 course will provide the information security training you need in a bootcamp-style format that is reinforced with hands-on labs.
You Will Learn:
Learn to build a security roadmap that can scale today and into the future.
Price: $6,970 USD
Duration: 6 Days
Instructor: Bryan Simon
SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling
Course Details
The course is particularly well-suited to individuals who lead or are a part of an incident handling team. General security practitioners, system administrators, and security architects will benefit by understanding how to design, build, and operate their systems to prevent, detect, and respond to attacks.
You Will Learn:
Price: $6,970 USD
Duration: 6 Days
Instructor: Steve Anson
SEC555: SIEM with Tactical Analytics
Course Details
This course is designed to demystify the Security Information and Event Management (SIEM) architecture and process, by navigating the student through the steps of tailoring and deploying a SIEM to full Security Operations Center (SOC) integration. The material will cover many bases in the “appropriate” use of a SIEM platform to enrich readily available log data in enterprise environments and extract actionable intelligence. Once collected, the student will be shown how to present the gathered input into useable formats to aid in eventual correlation. Students will then iterate through the log data and events to analyze key components that will allow them to learn how rich this information is, how to correlate the data, start investigating based on the aggregate data, and finally, how to go hunting with this newly gained knowledge. They will also learn how to deploy internal post-exploitation tripwires and breach canaries to nimbly detect sophisticated intrusions. Throughout the course, the text and labs will not only show how to manually perform these actions, but how to automate many of the processes mentioned so students may employ these tasks the day they return to the office.
The underlying theme is to actively apply Continuous Monitoring and analysis techniques by utilizing modern cyber threat attacks. Labs will involve replaying captured attack data to provide real world results and visualizations.
This Course Will Prepare You To:
Price: $6,970 USD
Duration: 6 Days
Instructor: Tim Garcia
SEC599: Defeating Advanced Adversaries – Purple Team Tactics & Kill Chain Defenses
Course Details
SEC599 aims to leverage the purple team concept by bringing together red and blue teams for maximum effect. Recognizing that a prevent-only strategy is not sufficient, the course focuses on current attack strategies and how they can be effectively mitigated and detected using a Kill Chain structure. Throughout the course, the purple team principle will be maintained, where attack techniques are first explained in-depth, after which effective security controls are introduced and implemented.
Course authors Erik Van Buggenhout & Stephen Sims (both certified as GIAC Security Experts) are hands-on practitioners who have achieved a deep understanding of how cyber attacks work through penetration testing and incident response. While teaching penetration testing courses, they were often asked “But how do I prevent this type of attack?” With more than 20 labs plus a full-day “Defend-The-Flag” exercise during which students attempt to defend our virtual organization from different waves of attacks against its environment, SEC599 gives students real world examples of how to prevent attacks.
Our six-day journey will start with an analysis of recent attacks through in-depth case studies. We will explain what types of attacks are occurring and introduce the Advanced Persistent Threat (APT) Attack Cycle as a structured approach to describing attacks. In order to understand how attacks work, you will also compromise our virtual organization “SyncTechLabs” in our Day 1 exercises.
Throughout days 2 through 5 we will discuss how effective security controls can be implemented to prevent, detect, and respond to cyber attacks. Some of the topics we will address include:
In designing the course and its exercises, the authors went the extra mile to ensure that attendees “build” something that can be used later on. For this reason, the different technologies illustrated throughout the course (e.g., IDS systems, web proxies, sandboxes, visualization dashboards, etc.) will be provided as usable virtual machines on the course USB.
SEC599 will finish with a bang. During the “Defend-the-Flag” challenge on the final course day you will be pitted against advanced adversaries in an attempt to keep your network secure. Can you protect the environment against the different waves of attacks? The adversaries aren’t slowing down, so what are you waiting for?
Price: $6,970 USD
Duration: 6 Days
Instructor: James Shewmaker
SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
Course Details
SEC660 starts off by introducing advanced penetration concepts and providing an overview to prepare students for what lies ahead. The focus of day one is on network attacks, an area often left untouched by testers. Topics include accessing, manipulating, and exploiting the network. Attacks are performed against NAC, VLANs, OSPF, 802.1X, CDP, IPv6, VOIP, SSL, ARP, SNMP, and others. Day two starts with a technical module on performing penetration testing against various cryptographic implementations, then turns to PowerShell and post exploitation, escaping Linux restricted environments and Windows restricted desktop environments. Day three jumps into an introduction of Python for penetration testing, Scapy for packet crafting, product security testing, network and application fuzzing, and code coverage techniques. Days four and five are spent exploiting programs on the Linux and Windows operating systems. You will learn to identify privileged programs, redirect the execution of code, reverse-engineer programs to locate vulnerable code, obtain code execution for administrative shell access, and defeat modern operating system controls such as ASLR, canaries, and DEP using ROP and other techniques. Local and remote exploits as well as client-side exploitation techniques are covered. The final course day is devoted to numerous penetration testing challenges that require students to solve complex problems and capture flags.
Among the biggest benefits of SEC660 is the expert-level hands-on guidance provided through the labs and the additional time allotted each evening to reinforce daytime material and master the exercises.
You Will Learn:
Price: $6,970 USD
Duration: 6 Days
Instructor: Tim Medin
FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting
Course Details
This in-depth incident response and threat hunting course provides responders and threat hunting teams with advanced skills to hunt down, identify, counter, and recover from a wide range of threats within enterprise networks, including APT nation-state adversaries, organized crime syndicates, and hactivism. Constantly updated, FOR508: Advanced Incident Response and Threat Hunting addresses today’s incidents by providing hands-on incident response and threat hunting tactics and techniques that elite responders and hunters are successfully using to detect, counter, and respond to real-world breach cases.
The course uses a hands-on enterprise intrusion lab – modeled after a real-world targeted APT attack on an enterprise network and based on APT group tactics to target a network – to lead you to challenges and solutions via extensive use of the SIFT Workstation collection of tools.
During the intrusion and threat hunting lab exercises, you will identify where the initial targeted attack occurred and how the adversary is moving laterally through multiple compromised systems. You will also extract and create crucial cyber threat intelligence that can help you properly scope the compromise and detect future breaches.
During a targeted attack, an organization needs the best incident response team in the field. FOR508: Advanced Incident Response and Threat Hunting will train you and your team to respond, detect, scope, and stop intrusions and data breaches.
GATHER YOUR INCIDENT RESPONSE TEAM –
IT’S TIME TO GO HUNTING
FOR508 Incident Response and Threat Hunting Course Topics
Price: $6,970 USD
Duration: 6 Days
Instructor: Joshua Lemon
FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
Course Details
This course covers the tools, technology, and processes required to integrate network evidence sources into your investigations, with a focus on efficiency and effectiveness. You will leave this week with a well-stocked toolbox and the knowledge to use it on your first day back on the job. We will cover the full spectrum of network evidence, including high-level NetFlow analysis, low-level pcap exploration, ancillary network log examination, and more. We cover how to leverage existing infrastructure devices that may contain months or years of valuable evidence as well as how to place new collection platforms while an incident is already under way.
Whether you are a consultant responding to a client’s site, a law enforcement professional assisting victims of cybercrime and seeking prosecution of those responsible, an on-staff forensic practitioner, or a member of the growing ranks of “threat hunters”, this course offers hands-on experience with real-world scenarios that will help take your work to the next level. Previous SANS SEC curriculum students and other network defenders will benefit from the FOR572 perspective on security operations as they take on more incident response and investigative responsibilities. SANS Forensic alumni from 408 and 508 can take their existing knowledge and apply it directly to the network-based attacks that occur daily. In FOR572, we solve the same caliber of real-world problems without the use of disk or memory images.
The hands-on labs in this class cover a wide range of tools and platforms, including the venerable tcpdump and Wireshark for packet capture and analysis; NetworkMiner for artifact extraction; and open-source tools including nfdump, tcpxtract, tcpflow, and more. Newly added tools in the course include the SOF-ELK platform – a VMware appliance pre-configured with the ELK stack. This “big data” platform includes the Elasticsearch storage and search database, the Logstash ingest and parse utility, and the Kibana graphical dashboard interface. Together with the custom SOF-ELK configuration files, the platform gives forensicators a ready-to-use platform for log and NetFlow analysis. For full-packet analysis and hunting at scale, the Moloch platform is also used. Through all of the in-class labs, your shell scripting abilities will also be used to make easy work of ripping through hundreds and thousands of data records.
FOR572 is truly an advanced course – we hit the ground running on day one. Bring your entire bag of skills: forensic techniques and methodologies, networking (from the wire all the way up to user-facing services), Linux shell utilities, and everything in between. They will all benefit you throughout the course material as you FIGHT CRIME. UNRAVEL INCIDENTS…ONE BYTE (OR PACKET) AT A TIME.
Advanced Network Forensics: Threat Hunting, Analysis and Incident Response Course Topics:
Price: $6,970 USD
Duration: 6 Days
Instructor: Ryan Johnson
CORE NetWars Tournament
Course Details
Laptop Requirements: A laptop capable of running a VMware virtual machine, with a DVD drive and connecting to an Ethernet network is required.
CORE NetWars Tournament participants receive 6 CPEs
CORE NetWars Tournament is a computer and network security challenge designed to test a participant’s experience and skills in a safe environment. It is accessible to a broad level of player skill ranges and is split into separate levels so that advanced players may quickly move through earlier levels to the level of their expertise.
NetWars Levels:
Topics Include:
Digital Forensics and Incident Response
Who Should Attend:
Price: $1,610 USD (FREE with any 4-6 day course )
Duration: 2 Evenings
Instructor: Tim Medin
Need help? Talk to a training Advisor
Resources
After you complete the form, a SANS training advisor will contact you to answer any questions you might have on registrations, courses, and group discounts.
Get answers! Our SANS training advisors are ready to take your call and provide all the information you need on upcoming courses.
1300 228 872
Mon – Fri, 9am – 6pm