SEC573 - Python for Pen Testers
Just finished this course up today and thought I'd share my experience: I want to preface this by saying I have ~15 hour of programming class from college (C++/x86 assembly) and a fair amount of experience with PoSH scripting and a couple levels of codewars.com in python 3.4.3. I say that to say: I'm not a software developer, but I'm no stranger to programming.
Five-day course taught by Joff Theyer he's a fantastic instructor who knows his python. The course is currently focused on python 2.7 only, is due to be updated to python 3.4 directly. The first two days are primarily focused on teaching programming basics such as control structures, variables/variable types, boolean math, etc. Days 3 and 4 are where the pen testing tasks like making network connections/website connections, SQL injection, password guessing, session hijacking, cookie forging, captia defeat, etc. Day 5 is a five hour long 'CTF', not really a CTF more like a series of programming challenges that where harder/extended versions of some of the exercises from the course.
My absolute favorite portion of the course was pyWars; think programming challenges in a linux python interpreter. pyWars runs days 1-4 with a promise of a challenge coin for the first person to solve all 66 problems. I was the closest with 62; close but no cigar. Fortunately my team won the CTF so I got a coin in the end anyway
So overall, fun class with practical applications of python with a pen test twist. The more you know about python, and programming in general, the more fun you'll have during the course. Some of the folks in my class had little to know scripting experience and they found portions of the class quite challenging.
Five-day course taught by Joff Theyer he's a fantastic instructor who knows his python. The course is currently focused on python 2.7 only, is due to be updated to python 3.4 directly. The first two days are primarily focused on teaching programming basics such as control structures, variables/variable types, boolean math, etc. Days 3 and 4 are where the pen testing tasks like making network connections/website connections, SQL injection, password guessing, session hijacking, cookie forging, captia defeat, etc. Day 5 is a five hour long 'CTF', not really a CTF more like a series of programming challenges that where harder/extended versions of some of the exercises from the course.
My absolute favorite portion of the course was pyWars; think programming challenges in a linux python interpreter. pyWars runs days 1-4 with a promise of a challenge coin for the first person to solve all 66 problems. I was the closest with 62; close but no cigar. Fortunately my team won the CTF so I got a coin in the end anyway
So overall, fun class with practical applications of python with a pen test twist. The more you know about python, and programming in general, the more fun you'll have during the course. Some of the folks in my class had little to know scripting experience and they found portions of the class quite challenging.
Comments
-
gwood113
Member Posts: 66 ■■■□□□□□□□
No, it's only taught live.
https://www.sans.org/course/python-for-pen-testers -
MJK9550
Member Posts: 160
So once you attend this course you take the certification test as well? or is that separate? I have wanted to get this certification and I see there is a course close to me in april of 2017
-
gwood113
Member Posts: 66 ■■■□□□□□□□
I did not opt to take the GIAC test.
Like all SANS courses, GIAC certification attempts are not included. You can opt to add an exam attempt when you pay for the course for a discounted price or wait and challenge it later. Details are available at sans.org and giac.org respectively.
