Last weekend. I took the certification exam to become a GIAC certified incident handler. Both the exam and the course material leading up to it were interesting enough to deserve a few comments.

One thing I was moderatedly surprised by in the SANS course was the initial focus on Linux shell tools and Windows Powershell. I’ve been using Linux for a long time, so there weren’t any surprises there. The Powershell material was new to me.

Aside from that, the sheer number and capability of tools available and even specially written for crackers was eye-opening. Most notable on a high level was the degree of aautomation available even for complex tasks; all the user has to do is identify a field vulnerable to sql injection attack (to pick one example) and there are automated tools to identify the database, detail the schema, and extract the data. All it takes is time and enough savvy to find a single opening. After that, automation makes it easy.