(week 1) De start van Sans 573 en examen via GIAC

Posted on by Leroy 0

Meer informatie over de cursus: https://www.sans.org/cyber-security-courses/automating-information-security-with-python/

Waarom Sans? 40 seconde filmpje

De GPYC-certificering is voor professionals in informatiebeveiliging, Python-ontwikkelaars, forensisch analisten, netwerkverdedigers en penetratietesters. Het examen zal certificeren dat ik een diepgaand begrip van kernprogrammeerconcepten kan aantonen en het vermogen om werkende code te schrijven en analyseren met behulp van de Python-programmeertaal. Het zal ook certificeren dat ik een sterke basiskennis heb van algemene Python-bibliotheken, het maken van aangepaste tools, het verzamelen van informatie over een systeem of netwerk, het interacteren met websites en databases en het automatiseren van testen.

Examen

De examen zal op een extern locatie onder camera en personeel toezicht worden gehouden:

GIAC code exam

Copy paste wat de cursus zal gaan behandelen:

  • Leverage Python to perform routine tasks quickly and efficiently
  • Automate log analysis and packet analysis with file operations, regular expressions, and analysis modules to find evil
  • Develop forensics tools to carve binary data and extract new artifacts
  • Read data from databases and the Windows Registry
  • Interact with websites to collect intelligence
  • Develop UDP and TCP client and server applications
  • Automate system processes and process their output

Defensive Python

Overview

In this section we take on the role of a network defender with more logs to examine than there is time in the day. Attackers have penetrated the network and you will have to analyze the logs and packet captures to find them. We will discuss how to analyze network logs and packets to discover where the attackers are coming from and what they are doing. We will build scripts to empower continuous monitoring and disrupt the attackers before they exfiltrate your data. Forensics and offensive security professional won’t be left out because the skills we will be developing, such as reading and writing files and parsing data, are also essential skill for their craft.

Topics
  • File Operations
  • Python Sets
  • Regular Expressions
  • Log Parsing
  • Data Analysis Tools and Techniques
  • Long-Tail/Short-Tail Analysis
  • Geolocation Acquisition
  • Packet Analysis
  • Packet Reassembly
  • Payload Extraction

Forensics Python

Overview

In our forensics-themed section, we will assume the role of a forensic analyst who has to carve evidence from artifacts when no tool exists to do so. Even if you don’t do forensics, you will find that the skills covered in this section are foundational to every security role. We will discuss the process required to carve binary images, find appropriate data of interest in them, and extract those data. Once you have the artifact isolated, there is more analysis to be done. You will learn how to extract metadata from image files. Then, we will discuss techniques for finding artifacts in other locations, such as SQL databases, and interacting with web pages.

Topics
  • Acquiring Images from Disk
  • Memory and the Network
  • File Carving
  • The STRUCT module
  • Raw Network Sockets and Protocols
  • Image Forensics and PIL
  • SQL Queries
  • Web Communications with the Requests Module
  • Effective use of Online Website APIs

Offensive Python

Overview

During our offensively themed section we play the role of penetration testers whose normal tricks have failed. Their attempts to establish a foothold have been stopped by modern defenses. To bypass these defenses, you will build an agent to give you access to a remote system. Similar agents can be used for incident response or systems administration. Although the theme is offensive, the core skills - interacting with system processes and handling errors and TCP network communications - will benefit all disciplines.

Topics
  • Network Socket Operations
  • Exception Handling
  • Process Execution
  • Blocking and Non-blocking Sockets
  • Using the Select Module for Asynchronous Operations
  • Python Objects
  • Argument Packing and Unpacking

Hiermee zal ik gedegen kennis hebben om goede code te kunnen schrijven.

Geef een reactie

Uw e-mailadres wordt niet gepubliceerd. Vereiste velden zijn gemarkeerd met *