GIAC Launches New Certification for Python Coders, GPYC

The new GIAC Python Code certification is targeted toward penetration testers and information security professionals who want to use the Python programming language to enhance their effectiveness during information security engagements or projects. It is also helpful for experienced Python developers who want to build additional information security skills. Get certified in Python code: www.giac.org/u/hjF

Successful GPYC candidates will demonstrate an understanding of core programming concepts, and the ability to write and analyze working code using the Python programming language. They will be familiar with several common Python libraries, and be able to use that functionality in their programs.

"The security industry is evolving.  The constant development of malware and new attack techniques means that security professionals must be able to rapidly develop tools to respond to these new threats.  Likewise, penetration testers can no longer wait for someone else to develop the tools they need and must know how to develop their own tools. Employers need to know that their perspective new-hires have the ability to leverage Python to develop those tools. Now, the GPYC exam provides the ability to identify people who really have the skills that meet the needs of perspective employers," Mark Baggett, author of SANS training course, SEC573: Python for Penetration Testers.

GPYC certified professionals will be able to demonstrate the following:

• Ability to create and modify customer tools makes them a valuable member of any information security team
• Code developers with information security skills can:

1. Customize tools to their environment
2. Develop tools for the information security community
3. Increase productivity by automating previously manual tasks
4. Simulate advanced attacks and more

• Specialized focus on skills and techniques that will assist an InfoSec pro in penetration tests, daily work, and special projects
• Develop Python-based tools to interact with network traffic, create custom executables, test and interact with databases and websites, and parse logos or sets of data

About GIAC

Global Information Assurance Certification (GIAC) is a certification body featuring over 30 hands-on, technical certifications in information security. GIAC has certified over 50,000 IT security professionals since it was founded in 1999. Eleven GIAC certifications are accredited under the IEC/ISO/ANSI 17024 quality standard for certifying bodies.

How to build an Android application testing toolbox

Mobile devices hold a trove a data that could be crucial to criminal cases, and they also can play a key role in accident reconstructions, IP theft investigations and more. It's not just investigators who care about examining a mobile device — so do those interested in application research and data, and enterprises who rely on smartphones and tablets to perform work tasks, engage with customers and deliver new services.Effectively accessing and testing smartphones requires an optimal application toolbox, and the chops to use it. Listen to this webinar that details how to build your Android application testing toolbox to ensure you're set up to successfully access and examine the information you need from Android mobile phones.

GIAC instructor Domenica Crognale, who is one of the course co-authors of GIAC FOR585: Advanced Smart Phone Forensics, and who teaches the course as well, details why testing of mobile phone applications is critical — especially given the fact that Android apps change weekly and even daily. It is becoming more common for application developers to restrict very important user artifacts from being accessed from these Android devices. This most often includes the SQLite databases, which likely contain the information that examiners are after. It's not just commercially available applications you have to consider. Often, custom-built apps aren't parsed by commercial tools, so you'll need to know how to access and parse any data stored on the device.

During the webinar, Domenica talks about the importance of rooting Android devices as well as ways to access and parse the data. She explains how to do this using utilities that exist on the SIFT workstation or that can be downloaded for free from the GIAC website.

This webcast explores topics such as:

1) Choosing the best test device

 During a forensics acquisition, many tools will apply a soft root onto the phone that is then removed once the data is obtained. But a full physical acquisition is not always necessary for application testing. Ideally, we want a test phone that is always rooted, whether or not the device loses power, because the root basically unlocks access to the core of the device's operating system so you can access, add, remove or tweak anything inside the phone.

2) Rooting your Android

During the webinar, Domenica walks through a demo of a root, how to locate the root and share information on free and publicly-available root tools.

3) Utilizing File Browsers for quick file/folder access

Sometimes a file browser is all you really need to get to the data you're after. Domenica shares her favorite third-party applications for accessing the file system.

4) Examining application directories of interest

Once you have access to the files you need, utilize tools available on the SIFT workstation to view the contents of SQLite databases.