SANS Python for Pentesters in beta

Viewing 14 reply threads
  • Author
    Posts
    • #8017
      tturner
      Participant
    • #50793
      azmatt
      Participant

      The real loser here is my savings account.

    • #50794
      lorddicranius
      Participant

      I wonder how the class will compare to SecurityTube’s Python class (http://securitytube-training.com/online-courses/securitytube-python-scripting-expert/), because I’m sure it won’t be cheaper haha

    • #50795
      dynamik
      Participant

      Man, that’s kind of underwhelming. Two days are spent on Python basics, and the last day is exercises? Most of the foundation items are covered for free in Google’s two-day Python course: http://code.google.com/edu/languages/google-python-class/

      The SPSE covers the vast majority of these topics, and additional items, such as RE and scripting Immunity. The book appears to fill in the gaps, and includes additional content as well.

      That’s a huge expense to have someone teach you a subset of a $30 book. ::) The value I see in other SANS courses is the relatively large amount or original/unique content. There’s no way I could personally justify this.

    • #50796
      hayabusa
      Participant

      I’d have to agree with ajohnson…

      While there are some SANS courses I see value in, I can’t personally see or justify the cost associated with SANS courses, for this python course.

      SPSE has been good (as far as I’ve had time to go through it), and is far cheaper, and I still plan to buy a copy of Violent Python, anyway.

    • #50797
      tturner
      Participant

      Keep in mind 2 things.

      One, SANS markets courses at the lowest common denominator to maximize attendance, which in security means non-coders. They have to cover basics here and will probably never have a 500 level course that requires substantial knowledge coming into the course. If this course does well for them I’d expect to see a more challenging 600 level or perhaps 1 or 2 day advanced courses in the future.

      Second, this course is beta, and they very frequently make changes from beta to live and often even a year or two after going live sometimes make sweeping changes. If they see that people are not buying the course because of this they will shift gears. If however a bunch of people without experience sign up then we will just have to wait for the more advanced course.

      Personally I think SPSE is the better value by far but with Mark Baggett at the helm I’m expecting some pretty great stuff from this course as well. I plan on doing both but I probably won’t do the SANS course until they work the kinks out. That usually happens by the time they have the cert. GPYP maybe? 🙂

      Did anyone here take Joe McCray’s Python course earlier this year? http://strategicsec.com/services/training-services/classroom/python-for-security-professionals/ Anyone know if he’s doing another run of it?

    • #50798
      hayabusa
      Participant

      Missed Joe’s, and like you, perhaps IF they get a more advanced course, down the road, and the pricing is decent, MAYBE I’ll take a look.  (But you’re right, in that SPSE is considerably more affordable, even for beginners, and the beginning sections are pretty good primers, for folks who have done ‘no’ major python coding)

      I agree, with Baggett at the helm, it should at LEAST be a good course.

    • #50799
      dynamik
      Participant

      Just to be clear, I wasn’t implying the course would be poor quality. It just seems like a waste to spend two days on such basic material. I realize the courses are designed for broad appeal, but other 5xx courses have some teeth to them.

      If you look at the SPSE, you’ll see there are a ton of interesting directions you can take that aren’t ridiculously hardcore or intimidating. More often than not, it’s just introducing the student to a new library and providing some background on how to use it.

      They already have a two-day Scapy course. I wish they would have dropped the intro fluff and brought that material in instead. That would have freed up the networking portion for an intro to RE and exploit development, or a myriad of other topics.

    • #50800
      tturner
      Participant

      Unfortunately Scapy didn’t sell well so they appear to have abandoned that content.

    • #50801
      markbaggett
      Participant

      Hey.  This is awesome.  I appreciate that people are talking about the course already.  Thanks for your kind words and vote of confidence about ‘Baggett at the helm’.  It means a lot to me.  Here is a little background on the course. 

      I started teaching this course at on-site engagements for military customers almost two years ago.  It was originally a 3 day course and I listed several online courses (Google Python Class, Kahn Academy, SPSE didn’t exist at that time) as prerequisites.  We jumped straight into the 4 hands on projects where we build a AV/IDS Evading backdoor, sql injection tool, password guesser and a network recon tool.    As you can imagine prerequisites are difficult to enforce and I had a portion of the student that were lost.  I decided I had to cover the essentials, but I didn’t want to bore people who know how to code. 

      I put a lot of thought into how to cover the essentials for someone who is new to programming/Python and keep it engaging for people who can already code.  What I came up with is pyWars.  It is a CTF Challenge that runs the first 4 days and is deeply integrated into the course.  Skilled programmers will likely disengage from the course material and play pyWars until the material catches up to their skill.  New programmers will stay engaged early but turn to pyWars as they build their skills. 

      Thanks for the interest an “buzz generation.”  🙂

    • #50802
      lorddicranius
      Participant

      @tturner wrote:

      Did anyone here take Joe McCray’s Python course earlier this year? http://strategicsec.com/services/training-services/classroom/python-for-security-professionals/ Anyone know if he’s doing another run of it?

      I missed Joe’s too.  I heard if it went well he was gonna give it another go, but I didn’t hear anything afterward.

      @tturner wrote:

      Unfortunately Scapy didn’t sell well so they appear to have abandoned that content.

      I didn’t know they had a scapy course 😮

      Thanks for hopping in and giving some extra info, Mark.  pyWars sounds pretty cool and a neat idea for those with experience already.

      Maybe we can get the course in on a EHnet giveaway so we can get a course review here 😉

    • #50803
      tturner
      Participant

      @lorddicranius wrote:

      @tturner wrote:

      Did anyone here take Joe McCray’s Python course earlier this year? http://strategicsec.com/services/training-services/classroom/python-for-security-professionals/ Anyone know if he’s doing another run of it?

      I missed Joe’s too.  I heard if it went well he was gonna give it another go, but I didn’t hear anything afterward.

      @tturner wrote:

      Unfortunately Scapy didn’t sell well so they appear to have abandoned that content.

      I didn’t know they had a scapy course 😮

      Looks like Joe’s Python course is being offered again in a week or 2. http://www.trainace.com/courses/python/ I’m not sure if he’s the instructor or not.

      Also, the Scapy course was a Judy Novak original. SEC567, here’s a cheat sheet for the course http://www.sans.org/security-training/course_sums/1382.pdf I was very sad to see it go.

    • #50804
      dynamik
      Participant

      Yes, thanks for the feedback Mark. You should play up the PyWars piece a bit more on the course page. That sounds like a key aspect of the course that deserves more than a single bullet point under Lab Details.

    • #50805
      lorddicranius
      Participant

      @tturner wrote:

      Also, the Scapy course was a Judy Novak original. SEC567, here’s a cheat sheet for the course http://www.sans.org/security-training/course_sums/1382.pdf I was very sad to see it go.

      Awesome, thanks for the link 😀

    • #50806
      markbaggett
      Participant

      ajohnson – Good point.  I’ll take another look at the course description.

      lorddicranius  – Let me run the BETAs and make sure the product lineup is finalized before we talk about a course review. 

      All – Thanks for the feedback.  I appreciate it.

Viewing 14 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?