Previous post

Training That I Would Like…

I often find myself thinking about what training I’d like to help keep my knowledge moving forward. This morning I sat down and wrote up a small list of the training that I would like to receive over the next two years (if possible).

SANS Security 508: Computer Forensics, Investigation, and Response

Learning more than just how to use a forensic tool, you will be able to demonstrate how the tool functions step-by-step. You will become skilled with tools, such as the Sleuthkit, Foremost, and the HELIX Forensics Live CD. We will rapidly move on to advanced forensic and investigation analysis topics and techniques. This SANS hands-on technical course arms you with a deep understanding of the forensic methodology, tools, and techniques to solve even the most difficult case.

I’ve always been interested in Forensic Analysis but have never received any formal training. I know how to handle incidents and safeguard data for further investigation but I don’t know how to take that next step. Plus, being able to pull something from nothing is a really cool concept 🙂

SANS Security 560: Network Penetration Testing and Ethical Hacking

Attendees will learn how to perform detailed reconnaissance, learning about a target’s infrastructure by mining blogs, search engines, and social networking sites. We’ll then turn our attention to scanning, experimenting with numerous tools in hands-on exercises. Our exploitation phase will include the use of exploitation frameworks, stand-alone exploits, and other valuable tactics, all with hands-on exercises in our lab environment. The class also discusses how to prepare a final report, tailored to maximize the value of the test from both a management and technical perspective. The final portion of the class includes a comprehensive hands-on exercise, conducting a penetration test against a hypothetical target organization, following all of the steps.

I know how to run tools like a script kiddie but need, and want, to know more about discovering and exploiting vulnerabilities.

SANS Security 617: Wireless Ethical Hacking, Penetration Testing, and Defenses

This course takes an in-depth look at these fields, exposing you to wireless security threats through the eyes of an attacker. Using readily available and custom-developed tools, you’ll navigate your way through the techniques attackers use to exploit WiFi networks, including attacks against WEP, WPA/WPA2, PEAP, TTLS, and other systems. We’ll also examine the commonly overlooked threats associated with Bluetooth, WiMAX, and proprietary wireless systems. Using the SWAT toolkit, we’ll back up the course content with hands-on labs and practical exercises designed to reinforce the concepts.

I want to take this class for the same reasons mentioned above for Sec 560 but from a wireless angle.

Pentesting with BackTrack :: PWB

“Pentesting with BackTrack” (previously known as Offensive Security 101) is an online course designed for network administrators and security professionals who need to get acquainted with the world of offensive security. The course introduces the latest hacking tools and techniques, and includes remote live labs for exercising the material presented to the students.

This course gives a solid understanding of the penetration testing process, and is equally important for those wanting to either defend or attack their network. The course can be taken from your home, as long as you have a modern computer with high speed internet.

I have heard nothing but good things about this course (mainly from Rob “Mubix” Fuller) and, although I have a copy of BackTrack, I feel that I only use about 1% of it. I want to learn how to use this image to its full potential.

Written by Andrew Hay



Devastatingly handsome CISO @DataGravityInc.

Security, DFIR, DevOps, cloud, business, and BBQ renaissance man of most trades (master of some).