sans.org/sec573 • Watch a preview of this course • Discover how to take this course: Online, In-Person SEC573: Automating Information Security with Python Python is a simple, user-friendly language that is designed to make it quick and easy to automate the tasks performed by security professionals. Whether you are new to coding or have been coding for years, SANS SEC573: Automating Information Security with Python will have you creating programs that make your job easier and your work more efficient. This self-paced course starts from the very beginning, assuming you have no prior experience or knowledge of programming. We cover all of the essentials of the language up front. If you already know the essentials, you will find that the pyWars lab environment allows advanced developers to quickly accelerate to more advanced course material. All security professionals, including penetration testers, forensics analysts, network defenders, security administrators, and incident responders, have one thing in common: CHANGE. Change is constant. Technology, threats, and tools are constantly evolving. If we don’t evolve with them, we’ll become ineffective and irrelevant, unable to provide the vital defenses our organizations increasingly require. Maybe your chosen Operating System has a new feature that creates interesting forensics artifacts that would be invaluable for your investigation, if only you had a tool to access it. Often for new features and forensics artifacts, no such tool has yet been released. You could try moving your case forward without that evidence or hope that someone creates a tool before the case goes cold...or you can write a tool yourself. Or perhaps an attacker bypassed your defenses and owned your network months ago. If existing tools were able to find the attack, you wouldn’t be in this situation. You are bleeding sensitive data and the time-consuming manual process of finding and eradicating the attacker is costing you money and hurting your organization big time. The answer is simple if you have the skills: Write a tool to automate your defenses. If you are a penetration tester, you need to evolve as quickly as the threats you are paid to emulate. What do you do when “off-the-shelf” tools and exploits fall short? If you’re good, you write your own tool. SEC573 is designed to give you the skills you need to tweak, customize, or outright develop your own tools. We put you on the path to create your own tools, empowering you to better automate the daily routine of today’s information security professional and achieve more value in less time. Again and again, organizations serious about security emphasize their need for skilled tool builders. There is a huge demand for people who can understand a problem and then rapidly develop prototype code to attack or defend against it. Join us and learn Python in-depth and fully weaponized. Business Takeaways This course will help your organization: • Automate system processes and process their input quickly and efficiently • Create programs that increase efficiency and productivity • Develop tools to provide the vital defenses our organizations need You Will Be Able To • Leverage Python to perform routine tasks quickly and efficiently • Automate log analysis and packet analysis with file operations, regular expressions, and analysis modules to find evil • Develop forensics tools to carve binary data and extract new artifacts • Read data from databases and the Windows Registry • Interact with websites to collect intelligence • Develop UDP and TCP client and server applications • Automate system processes and process their output 6 Day Program 36 CPEs Laptop Required GPYC Python Coder giac.org/gpyc “ SEC573 is excellent. I went from having almost no Python coding ability to being able to write functional and useful programs.” — Caleb Jaren, Microsoft GIAC Python Coder The GIAC Python Coder (GPYC) certification validates a practitioner’s understanding of core programming concepts, and the ability to write and analyze working code using the Python programming language. GPYC certification holders have demonstrated knowledge of common python libraries, creating custom tools, collecting information about a system or network, interacting with websites and databases, and automating testing. • Python essentials: variable and math operations, strings and functions, and compound statements • Data structures and programming concepts, debugging, system arguments, and argparser • Python application development for pen testing: backdoors and SQL injection GPYC Python Coder giac.org/gpyc