SANS SEC642 Advanced Web App Penetration Testing, and Exploitation Techniques (2016) PDFs

SANS SEC642: Advanced Web App Penetration Testing, and Exploitation Techniques (2016) PDFs
English | Size: 123.79 MB
Category: Tutorial

As web applications and their mobile counterparts become more complex and hardened against attack, penetration testers need to continually update the techniques and tools they use to evaluate the security of these systems. This includes understanding how the various new technologies work, which tools work with cutting-edge technologies like HTTP/2 and NoSQL, how to perform special penetration tests like Web Application Firewall inspections, and how to perform custom exploitation to demonstrate maximum impact for the applications you test. This course is designed to expand past the methodology and the ‘how’ when we are presented with the challenges of web penetration testing, and dig into the more esoteric ‘why’ these techniques and tools work, so that you can adapt as needed in your assessments.
[Read more…]

SANS 401 2016

SANS 401 2016
English | Size: 349.81 MB
Category: Tutorial

SANS SEC401 :: Security Essentials is most popular course and introduces you to the critical components of network security in an in-depth, comprehensive six-day course. We recommend this course to students who are just beginning their security career and technical generalist who wear many different hats. You will gain the essential, up-to-the-minute knowledge and skills required for effective performance when given the responsibility for securing systems and/or organizations. This course will also help you prepare for the GIAC Security Essentials (GSEC). [Read more…]

Sans – SEC560 Network Penetration Testing and Ethical Hacking

Sans – SEC560 Network Penetration Testing and Ethical Hacking
English | Size:
Category:

Section 0 – Getting started with your OnDemand SANS series
0.1 Welcome to your Sans OnDemand course
0.2 Introduction to Lab exercises
Section 1 – Comprehensive pen testing planning, scoping and reconnaissance
1.1 Pen testing foundations
1.2 Pen testing process
1.3 Reconnaissance
1.4 Appendix intro to Linux
[Read more…]

SANS SEC760 Advanced Exploit Development for Penetration Testers (2014) PDFs

SANS SEC760 Advanced Exploit Development for Penetration Testers (2014) PDFs
English | Size: 4.33 GB
Category: Tutorial

SANS SEC760: Advanced Exploit Development for Penetration Testers teaches the skills required to reverse-engineer 32-bit and 64-bit applications, perform remote user application and kernel debugging, analyze patches for 1-day exploits, and write complex exploit, such as use-after-free attacks against modern software and operating systems. [Read more…]

SANS SEC660 Advanced Penetration Testing, Exploits, And Ethical Hacking (2014)

SANS SEC660 Advanced Penetration Testing, Exploits, And Ethical Hacking (2014)
English | Size: 513.36 MB
Category: Tutorial

SEC660: Advanced Penetration Testing, Exploits, and Ethical Hacking is designed as a logical progression point for those who have completed SANS SEC560: Network Penetration Testing and Ethical Hacking, or for those with existing penetration testing experience. Students with the prerequisite knowledge to take this course will walk through dozens of real-world attacks used by the most seasoned penetration testers. The methodology of a given attack is discussed, followed by exercises in a hands-on lab to consolidate advanced concepts and facilitate the immediate application of techniques in the workplace. Each day of the course includes a two-hour evening boot camp to drive home additional mastery of the techniques discussed. A sample of topics covered includes weaponizing Python for penetration testers, attacks against network access control (NAC) and virtual local area network (VLAN) manipulation, network device exploitation, breaking out of Linux and Windows restricted environments, IPv6, Linux privilege escalation and exploit-writing, testing cryptographic implementations, fuzzing, defeating modern OS controls such as address space layout randomization (ASLR) and data execution prevention (DEP), return-oriented programming (ROP), Windows exploit-writing, and much more! [Read more…]

2015 SANS CA Intro to Security

2015 SANS CA Intro to Security BS
English | Size: 1.31 GB
Category: CBTs

SANS Intro to Computer Security Slides, Videos & Subs. Enjoy
[Read more…]

SANS SEC580 – Metasploit Kung Fu for Enterprise Pen Testing

SANS SEC580 – Metasploit Kung Fu for Enterprise Pen Testing
English | Size: 778.85 MB
Category: Tutorial

Many enterprises today face regulatory or compliance requirements that mandate regular penetration testing and vulnerability assessments. Commercial tools and services for performing such tests can be expensive. While really solid free tools such as metasploit, are available, many testers do not understand the comprehensive feature sets of such tools and how to apply them in a professional-grade testing methodology. metasploit was designed to help testers with confirming vulnerabilities using an Open Source and easy-to-use framework. This course will help students get the most out of this free tool. [Read more…]

SANS FOR610 Reverse Engineering Malware

SANS FOR610 Reverse Engineering Malware
English | Size: 6.43 GB
Category: Tutorial

This malware analysis course prepares forensic investigators, incident responders, and malware specialists to reverse-engineer malicious software using practical tools and techniques.

This popular malware analysis course has helped forensic investigators, malware specialists, incident responders, and IT administrators assess malware threats. The course teaches a practical approach to examining malicious programs-spyware, bots, trojans, etc.-that target or run on Microsoft Windows. This training also looks at reversing Web-based malware, such as javascript and Flash files, as well as malicious document files. By the end of the course, you’ll learn how to reverse-engineer malicious software using a variety of system and network monitoring utilities, a disassembler, a debugger, and other tools for turning malware inside-out!
[Read more…]

SANS SEC 542 (GWAPT) Web App Penetration Testing and Ethical Hacking 2016

SANS SEC 542 (GWAPT) Web App Penetration Testing and Ethical Hacking 2016
English | Size: 3.80 GB
Category: CBTs

Web applications are a major point of vulnerability in organizations today. Web app holes have resulted in the theft of millions of credit cards, major financial and reputational damage for hundreds of enterprises, and even the compromise of thousands of browsing machines that visited Web sites altered by attackers. In this intermediate to advanced level class, you’ll learn the art of exploiting Web applications so you can find flaws in your enterprise’s Web apps before the bad guys do. Through detailed, hands-on exercises and training from a seasoned professional, you will be taught the four-step process for Web application penetration testing. You will inject SQL into back-end databases, learning how attackers exfiltrate sensitive data. You will utilize cross-site scripting attacks to dominate a target infrastructure in our unique hands-on laboratory environment. And you will explore various other Web app vulnerabilities in-depth with tried-and-true techniques for finding them using a structured testing regimen. You will learn the tools and methods of the attacker, so that you can be a powerful defender.
[Read more…]

SANS FOR578-USB v2015 Only USB

SANS FOR578-USB v2015 Only USB
English | Size: 30.71 GB
Category: Video Training


FOR578: Cyber Threat Intelligence will help network defenders and incident responders:

Construct and exploit threat intelligence to detect, respond, and defeat advanced persistent threats (APTs)
Fully analyze successful and unsuccessful intrusions by advanced attackers
Piece together intrusion campaigns, threat actors, and nation-state organizations
Manage, share, and receive intelligence on APT adversary groups
Generate intelligence from their own data sources and share it accordingly
Identify, extract, and leverage intelligence from APT intrusions
Expand upon existing intelligence to build profiles of adversary groups
Leverage intelligence to better defend against and respond to future intrusions.
[Read more…]