Tag Archives: training

My take on SANS 660, The HexFactor and Netwars

I have just attended the SANS 660 course in London, it is one of the most advanced course SANS has to offer and it did not disappoint!

Its bootcamp format means you will start your day at 9am and finish it at 7pm! The last two hours being called a “bootcamp”, basically 2 hours of exercises linked to the content of the day that really helps understanding the different techniques that were discussed.

Speaking about content, although they state that previous programming experience is “recommended”, it is not, is it mandatory!

And for the last 2 days you really need some understanding of x86 assembly to get a chance to follow the fast pace. I have to admit that the last day I was lost after lunch!

But what do you get if you buckle up and go on the ride? You get an incredible amount of information as it goes into a great level of details on how to identify and write your own exploits. But it also allows you to get a better appreciation of what to look for when reviewing the security of a network, an application, a website or a system. This is not just a “hacking” course, and the “ethical” at the end of the full course name is there for a reason.

The lecturer, Stephen Sims, is quite inspiring. Of all the lecturers I have met in the different courses I have taken those last 15 years, he is probably the one who knew his subject the most! It is also great that he is always willing to help his students understand what they are doing wrong during exercises. And it is apparently not just computer hacking that he is good at, being a core member of a signed music band going by the name of a modern hard-disk.

The highlights of the course for me were:

  • The different techniques to attack a network with the consequences of badly, or shall I say commonly, configured routers;
  • Ways to get out of a locked down desktop;
  • What to do with a buffer overflow, how to locate/change/utilise those different address pointers and defeat canaries and use gadgets.

Although at the end it will feel like you need a larger brain and many more weeks to assimilate this new information, you will also get a sense that you have only barely touched the surface of all those techniques…

Then of course, after each of those hard days working you can relax at the next door pub… and if you didn’t have enough, this is where you can take part in a hacking challenge, the Hex Factor challenge. It is basically a “capture the flag” contest where you setup a team, or go at it solo, and are faced with a number of different challenges:

  • 2 quizzes
  • 3 hacking challenges (i.e.: breaking into a network, a server, etc)
  • 3 reverse engineering challenges (i.e.: bypassing a password in an executable)
  • 3 forensic challenges (i.e.: recovering data hidden somewhere)

This is really a great environment, not only to meet like minded people (although some may say it is a bad thing! ;), but also to actually practise your newly acquired skills. It is also good that each of those challenges have different level, allowing anyone to participate, from the manager to the engineer! This event takes place in a number of conferences and is organised by volunteers. So I’d like to congratulate everyone who was involved to make it such an entertaining event!

Finally, this year there was the Netwars challenge. It has a similar format as the HexFactor one and ran for 2 days (after the Hexfactor was finished). It is an individual hacking contest with increasingly more difficult challenges. The fact you see the top 10 scores on a big screen live, the buzz of having a large room full of people hacking away, the organisers making sure everything is going smoothly and that everyone feels confortable really made those 2 nights special.

To conclude I will say that, again, SANS did not disappoint. It was a top quality course part of a great conference with huge opportunities to network and practice your skills. So I can happily recommend for anyone to attend the 660 class, and also, if you really want to make the most of it you have to stay in a close by hotel, be ready not to sleep too much and embrace the geekiness around you :)

SANS, Stephen, Thank you very much!

SANS Ondemand Training course – A few Tips

I went to a SANS Forensic course (508) last year and a few weeks ago I decided to try something new… to stay at home and dedicate 5 days to do their Ethical Wireless Hacking training course (617).

Let me first say that the 617 training course was really good, the author of the course and the recordings were made by Joshua Wright who runs the http://www.willhackforsushi.com blog. He is very knowledgeable and his enthusiasm was even contagious through audio only. In fact this is a huge understatement! I was truly amazed by his skills, stories and training delivery!
So much that for 7 days I was up at 9am and worked until 2am each day on the different content material covered by the course.

As I almost lost my sanity and started dreaming of ToDS/FromDS bits and fuzzing I thought I would share a few tips on this type of training course.

– Check the last time the course was updated, and if there is an upcoming update – with SANS or with the author. The course I took was last updated about a year ago and as I checked the author blog it did sound as if a lot have changed since then. He may be updating his material soon. (This week??)
– Prepare your training environment a few days in advance: is a dedicated laptop required? vmware installation? what are the OS requirements? You may need much more time to bring everything up to date, making sure everything works (i.e.: driver udpate required). Although I did a few prep on the Sunday evening, I spent all Monday morning configuring my “Lab Laptop”.

– Do not book an exam straigth after the training course. Although it is tempting because everything is fresh in your mind, it also means you have much more pressure to read and digest everything in the course.

– I would recommend you break down the training course over the months you have (The Ondemand courses give you 4 months!). In fact, I would recommend 2 days a week training other 3 weeks. And use the rest of the days to do your lab exercises.

– Be careful with the time the labs require. It can indeed takes much more time that is planned for in the training timetable. This is especially true if you want to do all the exercises, even the optional ones, and if you get curious after learning something new. I.e.: you may want to research a tool you have just used on the internet, check if there is a new version, install it, realise you need to compile it and that you do not have the right library for this, etc, etc.. You can quickly endup spending 2h on a 10 minutes exercise. Although you would have fully understood it and more, you will also be feeling the pressure to catch up on the training plan!

– Do the two practise tests! they are really close to the real thing! do them in the same conditions as the exam: do not use your computer to do anything else than answering the multiple questions, print out any notes and see if their format works, block the allocated time, etc.

– Do an extensive index of the course material, this will be invaluable during the exam to conduct a quick search in the training books.

The main, and somewhat obvious, difference between a training at a conference center and one on demand from home is that no one is pushing you to rush.
At a conference, if you only have 25 minutes for a lab exercise, that is it… at home… you may be carried away… As explained above it is easy to get delayed and running behind scheduled.

So of course, you could just be disciplined… but if you are as curious as I am, then I would strongly advise you take your time with this type of training medium!

To conclude, I cannot recommend enough this SANS course. It provides an incredible level of depth related to wireless hacking technics. I found that course eye opening more that once and the ondemand training platform works very well.
I do however regret not taking it at a conference for only one reason, I would have liked to meet Joshua in person!