I just returned home from an amazing week in San Diego attending SANS Security West. A good friend and I traveled all the way to California for two reasons, San Diego is amazing, and more importantly, Ed Skoudis was teaching SEC 560 Network Penetration Testing and Ethical Hacking. This was my third and favorite SANS course and Ed exceeded all my expectations. When I went down the security track a year ago I picked up a copy of Counter Hack Reloaded and read it cover to cover. For a few months I tried to time my schedule with Ed’s in order to take the class from him, and I think it was the right move. He taught all the concepts with the grace and skill of a master in the field. He filled every lesson with his personal stories and lessons learned from his pentesting.
I hope to emulate him one day by running my own pentesting company and this course was the perfect primer on how to do that correctly. Despite all the tech, one of the main takeaways was covered on day one, where he emphasized that a pentester is there to provide value, value to the business, explained in business terms. Hacking a company and owning the domain controller is cool, but there needs to be something that the company can take away from the experience. They need to better understand their vulnerabilities and employ the proper safeguard for the future.
Along with the six day course, the conference had SANS@Night security talks, two NetWars tournaments and a small vendor faire. I also met up with a two of my previous instructors, Bryce Galbraith and Keith Palmgren. The whole week was an amazing experience with lots of networking opportunities as well as time to hone my craft. I played a total of three CTFs. I won the Monday night one thrown by LightCyber, placed first in the NetWars first timer’s board, and our team finished second in the 560 end-of-course pentest. I missed out on the 560 coin, I guess I’ll just have to win it this November at Hackfest.