Over the past month the PrimalSec team has been aggressively going after some SANS and Offensive Security training. We recently completed the Offensive Security Wireless Professional (OSWP) and GIAC Certified Forensic Analyst (GCFA) trainings and exam challenges.
We are currently knee deep into the Offensive Security Certified Professional (OSCP) course and are having a blast! We will wait till we finish OSCP to write up a review, but we wanted to share some insight into OSWP and GCFA.
Offensive Security offers hands down the most impressive and challenging training and certification programs available in the offensive security arena. They pride themselves on the “Try Harder” methodology which is really focused on teaching you how to find the answer instead of hand feeding it to you. The Offensive Security Wireless Professional (OSWP) course/certification is a relatively quick course that is jam packed with hands-on labs. The OSWP course (Offensive Security Wireless Attacks – WiFu) can be done in 2-3 weeks if the person has some prior experience messing with wireless hacking using aircrack-ng.
The course gives the student a good deal of technical knowledge and theory on 802.11 technology and then quickly dives you into practical hands-on application. The test was also rather refreshing because it was no longer the multiple choice certification exam, but a hands on application of the skills in a lab environment and technical report of the work. PrimalSec thoroughly enjoyed their experience with the OSWP certification, and with a price tag of $450 for the course and certification attempt you get loads of return on investment. PrimalSec is striving forward with OSCP, and then plans to jump into OSCE training, we are hooked and if you love geeking out with offensive security you will be too.
The GIAC GCFA certification was all about Finding Evil in all the things. The associated SANS course is FOR 508: Advanced Computer Forensics and Incident Response dives you down into the file systems at the hex level, and requires students to know quite a bit about forensic theory and application of common tools. The PrimalSec team had plenty of Incident Response experience, but we didn’t have a lot of Kung-Fu with File Systems — mostly network traffic, malware, and memory forensics. So we went into the course having to hit the learning curve of the low level file system stuff, and did so in only two weeks. This was a rather aggressive sprint that we only advise for those with little lives outside of 1’s and 0’s.
The course is focused on mostly open source tools, specifically The Sleuth Kit(TSK). As with any SANS course you will find yourself with a great deal of information to cover (5-6 Books). You can use these resources, and any other printed resources on the exam but they don’t provide a great deal of help if you don’t know the material. If you’re looking to up your forensics Kung-Fu in File Systems, Memory, and ALL THE THINGS and don’t mind diving deep into file systems, check out the SANS GCFA course and certification.