SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
SEC573: Automating Information Security with Python
SEC573Cyber Defense
- 6 Days (Instructor-Led)
- 36 Hours (Self-Paced)
Course created by:
Mark Baggett
Course created by:Mark Baggett
- GIAC Python Coder (GPYC)
- 36 CPEs
Apply your credits to renew your certifications
- In-Person, Virtual or Self-Paced
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
- Advanced Skill Level
Course material is geared for cyber security professionals with hands-on experience
- 128 Hands-On Lab(s)
Apply what you learn with hands-on exercises and labs
Learn Python in depth and gain essential skills for customizing and developing your own information security tools.
Featured Quote
I have had a few Python courses in the past in school, but I am already learning new things and ways to find new information on Day 1.
Course Overview
Are you ready to embrace the AI revolution or cloud automation and tackle the dynamic challenges of today’s cybersecurity landscape? The skill you need is PYTHON. Want to harness massive data streams for real-time threat detection, leverage data science to uncover hidden attack patterns, or build custom tools to outpace adversaries? From AI-driven anomaly detection to advanced data analytics, Python is the backbone of modern infosec, data science, machine learning, and automation. Do you need to hunt attackers in cloud environments, analyzing forensic artifacts, or developing penetration testing exploits? Without Python your options are limited.
Python for cyber security is the must-have skill for defending modern networks. Python equips you to stay ahead in a world where threats evolve faster than ever. And SEC573 gives you just what you need to get started. Have you ever wondered why so many SANS courses include a crash course in Python? It’s because you can’t finish the labs and master those essential skills without it.
When you’re ready to stop treating Python as optional—and start wielding it as your infosec superpower—you’re ready for SEC573. This course also prepares you for the GPYC certification (GIAC Python Coder), which validates your ability to apply Python to solve real-world cybersecurity problems.
What You’ll Learn
- Leverage Python to perform routine tasks quickly and efficiently
- Automate log analysis and packet analysis with file operations, regular expressions, and analysis modules to find evil
- Develop forensics tools to carve binary data and extract new artifacts
- Read data from databases and the Windows Registry
- Interact with websites to collect intelligence
- Develop UDP and TCP client and server applications
- Automate system processes and process their output
Business Takeaways
- Automate system processes and process their input quickly and efficiently
- Create programs that increase efficiency and productivity
- Develop tools to provide the vital defenses our organizations need
Meet Your Author
Mark Baggett
FellowMark Baggett has revolutionized cybersecurity through his leadership at SANS. His development of tools like Freq Server has strengthened threat detection, while his work in automation has empowered professionals to defend against evolving threats.
Read more about Mark BaggettCourse Syllabus
Explore the course syllabus below to view the full range of topics covered in SEC573: Automating Information Security with Python.
Section 1Essentials Workshop with pyWars
The course launches with a fast-paced Python intro and the pyWars lab environment, backed by more than 100 hands-on labs. Beginners master the fundamentals, while advanced students dive into bonus challenges. You'll gain the skills to build Python tools for AI, cloud, pen testing, network defense, and beyond—no filler, just what gets results.
Topics covered
- Variables and Math Operators
- Strings and Functions
- Control Statements
- Modules & VMs
Section 2Essentials Workshop with MORE pyWars
This section strengthens your core Python skills with hands-on labs on essential data structures like lists and dictionaries, managing isolated environments with venv, and mastering advanced debugging in VS Code. These skills are foundational across many fields, from software development to cybersecurity and data science.
Topics covered
- Python Virtual Environments
- Lists, Loops, and Tuples
- Dictionaries
- Debugging with Visual Studio Code
Section 3Defensive Python
In the role of a network defender, you’ll analyze logs and packet captures to identify indicators of compromise. You’ll develop scripts for continuous monitoring and master file handling, data analysis and working with network packets—fundamental skills for threat detection, incident response, and broader security operations.
Topics covered
- File Operations and Python Sets
- Log Parsing, Data Analysis Tools and Techniques
- Long-Tail/Short-Tail Analysis
- Geolocation Acquisition
- Packet Analysis and Reassembly
Section 4Forensics Python
In this forensics-themed section, you’ll develop the skills to manually extract and analyze digital artifacts in the absence of automated tools. You'll work with embedded data in disk images, SQL databases, and web content, and extract critical metadata—capabilities essential across incident response, threat hunting, and investigative roles.
Topics covered
- Disk, Memory, and Network Analysis
- File Carving and Binary Structures
- Image and SQL Data Extraction
- Window Registry IO
- Web Requests and API Usage
Section 5Offensive Python
In this offensive-themed section, you’ll build a custom remote access agent to bypass defenses when standard tools fail. Skills like process interaction, error handling, and TCP communication, while offensive in context, are essential across many cybersecurity roles.
Topics covered
- Network Socket Operations
- Exception Handling and Process Execution
- Blocking and Non-blocking Sockets
- Using the Select Module for Asynchronous Operations
- Python Objects
Section 6Capture-the-Flag Challenge
The Capstone section challenges students to apply their skills in real-world scenarios—exploiting systems, analyzing packets, parsing logs, automating tasks, and interacting with websites. Live students compete as teams, while OnDemand students tackle challenges independently, with expert support available when needed.
Things You Need To Know
Relevant Job Roles
Data Analysis (OPM 422)
NICE: Implementation and OperationResponsible for analyzing data from multiple disparate sources to provide cybersecurity and privacy insight. Designs and implements custom algorithms, workflow processes, and layouts for complex, enterprise-scale data sets used for modeling, data mining, and research purposes.
Explore learning pathTechnology Research and Development (OPM 661)
NICE: Design and DevelopmentResponsible for conducting software and systems engineering and software systems research to develop new capabilities with fully integrated cybersecurity. Conducts comprehensive technology research to evaluate potential vulnerabilities in cyberspace systems.
Explore learning pathMalware Analyst
Digital Forensics and Incident ResponseMalware analysts face attackers’ capabilities head-on, ensuring the fastest and most effective response to and containment of a cyber-attack. You look deep inside malicious software to understand the nature of the threat – how it got in, what flaw it exploited, and what it has done, is trying to do, or has the potential to achieve.
Explore learning pathDigital Forensics Analyst
Digital Forensics and Incident ResponseThis expert applies digital forensic skills to a plethora of media that encompass an investigation. The practice of being a digital forensic examiner requires several skill sets, including evidence collection, computer, smartphone, cloud, and network forensics, and an investigative mindset. These experts analyze compromised systems or digital media involved in an investigation that can be used to determine what really happened. Digital media contain footprints that physical forensic data and the crime scene may not include.
Explore learning pathDigital Forensics (OPM 212)
NICE: Protection and DefenseResponsible for analyzing digital evidence from computer security incidents to derive useful information in support of system and network vulnerability mitigation.
Explore learning pathMilitary Operations / Law Enforcement Agents
Digital Forensics and Incident ResponseExecute digital forensic operations under demanding conditions, rapidly extracting critical intelligence from diverse devices. Leverage advanced threat hunting and malware analysis skills to neutralize sophisticated cyber adversaries.
Explore learning pathIntrusion Detection/SOC Analysts
Digital Forensics and Incident ResponseAnalyze network and endpoint data to swiftly detect threats, conduct forensic investigations, and proactively hunt adversaries across diverse platforms including cloud, mobile, and enterprise systems.
Explore learning pathBlue Teamer - All Around Defender
Cyber DefenseThis job, which may have varying titles depending on the organization, is often characterized by the breadth of tasks and knowledge required. The all-around defender and Blue Teamer is the person who may be a primary security contact for a small organization, and must deal with engineering and architecture, incident triage and response, security tool administration and more.
Explore learning pathSoftware Security Assessment (OPM 622)
NICE: Design and DevelopmentResponsible for analyzing the security of new or existing computer applications, software, or specialized utility programs and delivering actionable results.
Explore learning pathIntrusion Detection / (SOC) Analyst
Cyber DefenseSecurity Operations Center (SOC) analysts work alongside security engineers and SOC managers to implement prevention, detection, monitoring, and active response. Working closely with incident response teams, a SOC analyst will address security issues when detected, quickly and effectively. With an eye for detail and anomalies, these analysts see things most others miss.
Explore learning pathApplication Pen Tester
Offensive OperationsApplication penetration testers probe the security integrity of a company’s applications and defenses by evaluating the attack surface of all in-scope vulnerable web-based services, clientside applications, servers-side processes, and more. Mimicking a malicious attacker, app pen testers work to bypass security barriers in order to gain access to sensitive information or enter a company’s internal systems through techniques such as pivoting or lateral movement.
Explore learning pathDefensive Cybersecurity (OPM 511)
NICE: Protection and DefenseResponsible for analyzing data collected from various cybersecurity defense tools to mitigate risks.
Explore learning pathCybersecurity Analyst / Engineer
Cyber DefenseAs this is one of the highest-paid jobs in the field, the skills required to master the responsibilities involved are advanced. You must be highly competent in threat detection, threat analysis, and threat protection. This is a vital role in preserving the security and integrity of an organization’s data.
Explore learning pathDigital Evidence Analysis (OPM 211)
NICE: InvestigationResponsible for identifying, collecting, examining, and preserving digital evidence using controlled and documented analytical and investigative techniques.
Explore learning pathCourse Schedule & Pricing
Looking for Group Purchase Options?Contact Us
GIAC Certification Attempt
Add a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.
OnDemand Course Access
When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.
Filter by:
Location & instructorDate & TimeCourse priceEnrollment options
- Location & instructor
Virtual (OnDemand)
Instructed by Mark BaggettDate & TimeOnDemand (Anytime)Self-Paced, 4 months accessCourse price$8,780 USD*Prices exclude applicable local taxesEnrollment options - Location & instructor
Washington, DC, US & Virtual (live)
Instructed by Mark BaggettDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes - Location & instructor
Virtual (live)
Instructed by Joshua BaroneDate & TimeFetching schedule..View event detailsCourse price€8,230 EUR*Prices exclude applicable local taxesEnrollment options - Location & instructor
Chicago, IL, US & Virtual (live)
Instructed by Joshua BaroneDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes - Location & instructor
Melbourne, VIC, AU & Virtual (live)
Instructed by Mark BaggettDate & TimeFetching schedule..View event detailsCourse priceA$13,350 AUD*Prices exclude applicable local taxes - Location & instructor
Melbourne, VIC, AU & Virtual (live)
Instructed by Mark BaggettDate & TimeFetching schedule..View event detailsCourse priceA$13,350 AUD*Prices exclude applicable local taxesEnrollment options - Location & instructor
Las Vegas, NV, US & Virtual (live)
Instructed by Mark BaggettDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes - Location & instructor
Rockville, MD, US & Virtual (live)
Instructed by Michael MurrDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes
Showing 8 of 17
Learn Alongside Leading Cybersecurity Professionals From Around The World
- Slide 1 of 3Python is a tool required in the world of InfoSec, and SEC573 helped me build that tool belt.
- Slide 2 of 3Very well put together. I have been afraid of learning how to code for years. Within the first days' worth of material my mind has been put at ease.
- Slide 3 of 3SEC573 is excellent. I went from having almost no Python coding ability to being able to write functional and useful programs.
Slide 1 of 0
(1/0)
Benefits of Learning with SANS
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources