Well, another SANS event has come to an end. This one was personally my most favourite SANS event to date. This year I got chosen to help facilitate the SEC504 – Hacker Techniques, Exploits & Incident Handling track with John Strand (see pauldotcom.com). As usual the weather was cold, the days were packed, and the courses were awesome. A bit of an unexpected highlight this year was the food .. definitely a step up from last year (wish I could say the same for the Crowne)!
The full line up of courses were
* SEC401: SANS Security Essentials Bootcamp Style – Mark Hofman
* SEC504: Hacker Techniques, Exploits & Incident Handling – John Strand
* SEC560: Network Penetration Testing and Ethical Hacking – Bryce Galbraith
* SEC508: Computer Forensics, Investigation & Response – Chad Tilbury
I heard really good reports from all classes (both staff and students).
As for the SEC504 class .. well John Strand is an absolutely great guy. I think he must have covered more distance than any other instructor at the Canberra event. He can’t stnad still and loves to just walk amongst all the students while he’s teaching (I like that style .. it kind of keeps you concentrating while he’s moving about), or maybe he just has a mild case of A.D.D. Having done Security Essentials last year, this course was really what I was wanting. There was some seriously useful (if not scary) information that gets taught and demonstrated during the class. Knowing this information will make you look at your entire infrastructure in a totally different manner, which will hopefully help you detect and react better to intrusion attempts.
Of course, to defend against a hacker, you have to think like a hacker, and this course shows you how to do some basic “hacking”. This all culminates in the day 6 capture the flag hacking challenge. The goal of this challenge is to compromise 4 machines, grabbing 4 different files (or flags) and putting that information together to solve a final challenge. The class all did extremely well in this challenge with the bulk of students obtaining 3 of the 4 flags.
A full overview of the course is available here
I personally cannot recommend SANS courses highly enough. I have obtained many security certifications during my career, and the SANS/GIAC certs are by far the most useful and practical certs out there!
A quick heads up .. SANS are coming to Sydney on the 9-14th of November. If you can get along, I strongly recommend you do so. More info can be found at http://www.sans.org/sydney09/



