GXPN/SANS SEC 660 – Advanced Penetration Testing, Exploit Writing, and Ethical Hacking

Early in 2022 after completing training and GPEN certification, started self-learning for binary analysis. Later in 2022, I was able to get a sponsored training and certification voucher from the company. I opted for the OnDemand package which allows me to watch video tutorials and do hands-on exercises as per my schedule.

The course hard copy books were delivered to the shipping addresses submitted while completing the registration process. The overall process was very very smooth with the UPS tracking system. The book was delivered with a well-packed cartoon box without any damage. The shipment took approx 7 days to reach Bangalore[India]. I also received books in pdf format as well as lectures in mp3[never used mp3] format and 3 VMs for completing exercises.

SEC660 starts off by introducing advanced penetration concepts and providing an overview to prepare students for what lies ahead. The focus of day one is on network attacks, especially the areas often left untouched by testers. Topics include accessing, manipulating, and exploiting the network. Attacks are performed against NAC, VLANs, OSPF, 802.1X, CDP, IPv6, SSL, ARP, and others. Day two starts with a technical module on performing penetration testing against various cryptographic implementations, then turns to network booting attacks, escaping Linux restricted environments such as chroot, and escaping Windows restricted desktop environments. Day three jumps into an introduction of Python for penetration testing, Scapy for packet crafting, product security testing, network and application fuzzing, and code coverage techniques. Days four and five are spent exploiting programs on the Linux and Windows operating systems. You will learn to identify privileged programs, redirect the execution of code, reverse-engineer programs to locate vulnerable code, obtain code execution for administrative shell access, and defeat modern operating system controls such as ASLR, canaries, and DEP using ROP and other techniques. Local and remote exploits as well as client-side exploitation techniques are covered.

The detailed syllabus can be found here but quick summary has been listed below:

  • Network Attacks for Penetration Tester
    • Talks about the C2 framework and advanced network attacks like VLAN Hopping, NAC Bypass, etc.
  • Crypto and Post Exploitation
    • Discuss about different crypto algorithms and attacks related to them. Also talks about the PowerShell based post-exploitation framework.
  • Python, Scapy and Fuzzing
    • Introduction to Python. Packet Manipulation with the help of Scapy and Software Fuzzing
  • Exploiting Linux for Penetration Tester
    • Introduction to Stack and Assesmbly Language
    • Exploiting Vulnerable Software. Code Redirection. Bypassing Stack Protectors
  • Exploiting Windows for Penetration Tester
    • Windows ShellCode, ByPassingg Windows Protection,ROP
  • Exam Information
    • Questions: 60
    • Passing %: 67
    • Duration: 3 hrs

I referred LiveOverflow Binary Exploitation Playlist and writeups for Exploit Education excercises.Followed strict schedule while going through study materials. Ensured to capture topics for preparing the index while going through the material and also attempted the exercise. The instructors do explain a few of the exercises and few of them are left to try on their own. The support channel is provided where we can ask questions if we encounter any hurdles in completing the exercise. Hand-on Excercise should be attempted,so don’t skip.

The course will take you through Advanced Network Attacks. The course discusses the NAC bypass, Captive Portal Bypass, Network Manipulation, VLAN Hopping, IPv6 based attacks. In the second module, we learn about different crypto algorithms. Technique to identify the algorithm and also attacks associated with them. The other half of the second module discusses post-exploitation techniques like escaping a restricted desktop environment and includes a primer on PowerShell and Empire. In the third module, the lessons are on the basics of Python and how can we use it. The course discusses Scapy and how it can be leveraged to create packets and perform attacks. In the last part of this module, detailed discussion on fuzzing, its importance, and its types. The fourth module discusses stack memory layout and assembly language and takes deeper into Linux memory attacks. The exercises are on the introductory as well as stack protector solutions. In the last module, the discussion shifts to the Windows environment. The course explains different mitigations available and bypass techniques. The exercises again take you into the depth of the subject so as a student need to be ready to keep pace with the content.

After completing the study material and hands-on exercises, reviewed the materials and marked a few topics for revisiting before the exam. Attempted the first practice and unfortunately had to quickly complete/leave the exam as I got pulled in for urgent work at the office :(. After a week attempted another practice test and this time took longer to complete. Unfortunately just got 64% but helped to identify the weaker sections which I had taken for granted. Since two were there still for the final exam, revisited the weaker sections, attempted exercise, and went through the solution explained by the instructors.

I scheduled the exam for 28 January 2023 and chose Proctored method rather than onsite. The experience was smooth and did not experience any interruptions. I had selected a late-night slot for the exam. I was asked to show the exam area. Ensure that you have a chair-table setup as we can not appear the exam from the couch or similar seating arrangement. Asked to produce ID cards and also control the system. If any changes are performed on the system, a note is made available about what changes have been made and how it could be reverted to the original state.

The exam went well and scored above the required passing score. A few questions were confusing or maybe I hadn’t prepared well :). The CyberLive[practical] was also good and wasn’t straight forward. Submitted the exam just before completion and there was a sigh of relief when saw the congratulatory message 🙂

I would recommend this course and will suggest learning a bit about memory exploitation from youtube or other available options before taking this up. The course quickly goes into depth, so having exposure to these fundamentals from before will help you to keep pace with the materials. Stephen and James have recorded content at a good pace and have explained the solutions to exercise by doing it. So, you can try on your own and if you feel you are stuck, you can watch the solution to understand the approach taken by them. There was a significant difference between the exam and the practice test so please be ready to get surprised during the exam 🙂 Please feel free to ping me here, if I can be of any help.

Up ↑

%d bloggers like this: