This is the first time I have taken an online SANS course. For motivated students, online learning can be just as effective as in-person courses.
Overall, I enjoyed taking SEC560, the material was current and relevant to my job. Although I work blue team, there is a lot of value that could be gained by taking a pen testing course. There is tremendous overlap between the course material and the TTP's used by ransomware attackers. These include the following techniques I have read or observed attackers using. I particularly enjoyed the emphasis on targeting the NTDS.dit file.
- Password attacks (password spraying, brute-force)
- NTDS.dit
- Domain attacks
- Domain enumeration (bloodhound)
- Kerberos attacks (kerbroasting)
Improvements to the course
I thought that the labs could have been more comprehensive. I would have enjoyed a bonus section that included more advanced topics in the course, including attacks against the domain such as kerbroasting, silver ticket, golden ticket attacks, AS-REP roasting, and AD CS attacks.
