Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Tag Archives: 709

SANS EMEA Webcast series

In the build-up to the SANS London 2009 event (28 November – 6 December), SANS EMEA are running a series of webcasts to introduce some of the advanced classes they’ll be offering. These webcasts will including some of the top SANS trainers that will be attending the event.

The webcast series is starting out today with Stephen Sims, who will give a sneak peek of the SEC:709 “developing exploits for penetration testers and security researchers” class. This is SANS first and only 700 level course and it certainly lives up to the hype. I was lucky enough to attend the 2-day version of this class at last years SANS London event and learnt more than I thought possible in the short timescale. Drinking from the firehose at it’s very best. This year, Stephen has extended the course to 5 full-days and inserted a lot of new content.I wish I could attend the extended version myself this year, but some things are in the works. Needless to say, I’ll be at the event one way or another.

Instructor Bio:
Stephen Sims is an information security consultant currently working for  Wells Fargo in San Francisco, California. He has spent the past eight  years in San Francisco working for several large financial institutions  on network and systems security, penetration testing, exploitation  development, risk assessment and management. Prior to San Francisco,  Stephen worked in the Baltimore/DC area as a network security engineer  for companies such as General Motors and Sylvan Prometric. He is one of only a handful of individuals who hold the GIAC Security Expert (GSE)  Certification and also helps to author and maintain the current version  of the exam. He is a SANS certified instructor and the course author of  SANS’ first and only 700-level course, SEC709: Developing Exploits for  Penetration Testers and Security Researchers. Stephen also holds the  CISSP, CISA, and Network Offense Professional (NOP) certification, amongst others.

To preregister for the webcast, please visit: http://www.sans.org/info/48329

Hope to see you there.

Update: For those who didn’t manage to catch the live webcast, the recording is now available from the webcast archives.

SANS SEC:709 – Developing Exploits for Penetration Testers – Day 2

SANS SEC:709 – Developing Exploits for Penetration Testers – Day 2

I didn’t get a chance to post up my thoughts on the second day of the SEC:709 class before leaving London, so here’s a quick recap of the second day.

Today we began looking at the Windows side of exploit writing. Although in theory things are slightly harder with Windows exploitation than with Linux (at least at the level we were working at), things seemed to click on the second day. Whereas the first day was new concepts mixed with exercises to show how things work, the second day looked at the same points made in day 1 from a Windows standpoint. The examples were a chance to review some points from day 1 in a new light, and introduce some new points. The day was finished off with a Capture the Flag. Most people managed to get a couple of flags at least, but with the limited time, and a raging brain ache from “drinking from the fire-hose” so to speak, it was slow going. One person managed to get almost all the flags, which was impressive given the time spent learning these points. I guess with some more reviewing of the topics and some practice, I’ll be able to get the hang of this mystical side to penetration testing and security research.

Overall the course was very fun. As it’s a 700 level course (from my understanding SANS does 400, 500, 600 and now 700 level courses. 400 being the basics, through to 700, which is, more than a little advanced) so you get what you ask for. It’s high-tech from moment 1, and the pace is fast and furious. It’s not one of those courses where you can get into class 10 minutes late from lunch and still catchup. If you miss a concept, then everything that follows will be that much harder to grasp. Stephen Sims (the class author and the teacher for the London class) is looking to take the class to 4 days. I think this would make the concepts easier to grasp, as more time could be spent in labs to drill the concepts into your head. One of the other facilitators (class helpers, of which I was lucky enough to be one) said that the 4 day course should be the contents from days 1 and 2 repeated twice ;). Still Stephen said he wants to put more into the 4 day course. So keep your eyes peeled for that in the near future.

Overall my time in London was great. I managed to meet some really smart people, and the SANS Christmas dinner was really fun. Working as a facilitator for a SANS conference is fun, but a lot of work. If you’re thinking of try it out, expect a lot of >12 hour days, and bleeding fingers. Still, from my experiences it’s 100% worth it. Just getting a chance to work with the SANS instructors and staff is reward enough. If anybody will be attending the upcoming SANS Munich 2009 (June/July time) then looking for a stressed and tired looking facilitator, it’ll probably be me…

SANS SEC:709 – Developing Exploits for Penetration Testers – Day 1

SANS SEC:709 – Developing Exploits for Penetration Testers – Day 1

Day 1 of the SEC:709 course is finished. Before I give some points on the course, I want to say that I’m not a coder, and to be honest, scripting is enough of a challenge for me. So, when I said I’d facilitate for the course, I knew things would be above my head. Still, 50% through and I’m surprised at how much clearer things seem.

Day 1 covered the Linux side of exploit writing, as well as covering the basic points needed for tomorrows trip into the world of Windows. The pace is hectic and fast paced. Then again, with the amount to cover and the topics being highly technical (this is a SANS 700 level course), the exercises will need to be redone, and redone, and then once more to be sure. These are not the kind of labs you can GET in one try. Sure some of the basics fit together without too much brain ache, but the more advanced (well advanced for me) stuff will need some more work.

If you’re a penetration tester who wants to move beyond Metasploit and into the world of custom proof of concepts, then this is a great introduction. No 2 day course will take you from A to Z, but this one will give you the foundation to build on. I’ll let you know how day 2 does tomorrow… that is, if I survive 😉