You can lookup GIAC certification holders.

Author: http://www.giac.org/certified-professional/terrence-oconnor/121884

Definitely a lot but not quite as many as Dr. Wright:
http://www.giac.org/certified-professional/craig-wright/107335

Chapter 1: Introduction
If you have not programmed in Python before, Chapter One provides background information about the language, variables, data types, functions, iteration, selection, and working with modules, and methodically walks through writing a few simple programs. Feel free to skip it if you are already comfortable with the Python programming language. After the first chapter, the following six chapters are fairly independent from one another; feel free to read them in whichever order you please, according to what strikes your curiosity.

Chapter 2: Penetration Testing with Python
Chapter Two introduces the idea of using the Python programming language to script attacks for penetration testing. The examples in the chapter include building a port scanner, constructing an SSH botnet, mass-compromising via FTP, replicating Conficker, and writing an exploit.

 Chapter 3: Forensic Investigations with Python
Chapter Three utilizes Python for digital forensic investigations. This chapter provides examples for geo-locating individuals, recovering deleted items, extracting artifacts from the Windows registry, examining metadata in documents and images, and investigating application and mobile device artifacts.

Chapter 4: Network Traffic Analysis with Python
Chapter Four uses Python to analyze network traffic. The scripts in this chapter geo-locate IP addresses from packet captures, investigate popular DDoS toolkits, discover decoy scans, analyze botnet traffic, and foil intrusion detection systems.

Chapter 5: Wireless Mayhem with Python
Chapter Five creates mayhem for wireless and Bluetooth devices. The examples in this chapter show how to sniff and parse wireless traffic, build a wireless keylogger, identify hidden wireless networks, remotely command UAVs, identify malicious wireless toolkits in use, stalk Bluetooth radios, and exploit Bluetooth vulnerabilities.

Chapter 6: Web Recon With Python
Chapter Six examines using Python to scrape the web for information. The examples in this chapter include anonymously browsing the web via Python, working with developer APIs, scraping popular social media sites, and creating a spear-phishing email.

Chapter 7: Antivirus Evasion with Python
In the Final chapter, Chapter Seven, we build a piece of malware that evades antivirus systems. Additionally, we build a script for uploading our malware against an online antivirus scanner.

I believe the continuing education component is a requirement of ANSI acceedidation. http://www.giac.org/about/ansi

It's the same type of deal with the CISSP. My OSCP didn't refresh that material, but I was still able to apply the CPEs towards maintaining that certification. The renewal process usually just requires relevant continuing education, and if you're keeping up with GSE-level material, you're clearly doing so.

And honestly, they needed a practical way to maintain certifications for people who have a higher number. Otherwise, they'll end up in a position where they're having to pay a fee, take an exam, and/or write a paper every few months. That's just not feasible.

I figured it'd be something like that. Dave used that trick at DefCon 20 (see the first video -- also the PXE boot trick is pretty slick): https://www.trustedsec.com/downloads/social-engineer-toolkit/

Still, if you weren't aware you could do that before, it's certainly a nice piece of info to pick up. Attacks don't always have to be sexy or complicated.


Right, you'll find SecurityTube's SPSE is like that too. What I've found to be important is that a resource provides you with a solid foundation and direction for future growth. Once you have the building blocks, you can usually get where you want to go on your own.

Yup...

Another yup...

I learnt about AV evasion earlier in the year, and I'd have to say it was a real eye opener! I was surprised how many AV's can be bypassed with relatively little effort.

There are a hundred ways to do it but here are a few to get the wheels turning:
http://www.scriptjunkie.us/2011/04/why-encoding-does-not-matter-and-how-metasploit-generates-exes/
http://schierlm.users.sourceforge.net/avevasion.html
http://intern0t.org/papers/BPAV%20-%20InterN0T.pdf
http://www.pentestgeek.com/2012/01/25/using-metasm-to-avoid-antivirus-detection-ghost-writing-asm/
http://pen-testing.sans.org/blog/2011/10/13/tips-for-evading-anti-virus-during-pen-testing

However, the best way is to write your own.