PYTHON FOR PENTESTERS

Price

Application Deadline

10/02/2015

Schedule

24 hours Saturday & Sunday, starting 17:00 – 20:00 03 October 2015 – 25 October 2015
Description

The Python for Pentesters aims to teach you how to apply the powerful Python language to security research, penetration testing and attack automation using a fully hands-on practical approach with a gradual learning curve. This course has something for everyone – from the novice to the expert user! This course is ideal for penetration testers, security enthusiasts and network administrators who want to learn to automate tasks or go beyond just using ready made tools. We will be covering topics in system security, network security, attacking web applications and services, exploitation techniques, malware and binary analysis and task automation.

This training course is part of six-month program:

A non-exhaustive list of topics to be taught includes:

Module 1: Python Scripting – Language Essentials

Module 2: System Programming and Security

Module 3: Network Security Programming – Sniffers and Packet Injectors

Module 4: Attacking Web Applications

Module 5: Exploitation Techniques

Module 6: Malware Analysis and Reverse Engineering

Module 7: Attack Task Automation

Module 8: Further Study and Roadmap

Python Scripting – Language Essentials

Introduction to Interpreted Languages and Python

Data Types and variables

Operators and Expressions

Program Structure and Control

Functions and Functional Programming

Classes, Objects and other OOPS concepts

Modules, Packages and Distribution

Python in Linux and Unixes

Python in Windows

Python in Mobiles: iPhone and Androids

Python in Embedded Devices: Routers

Program Portability

Lab Exercises

System Programming and Security

I/O in Python

File and Directory Access

Multithreading and Concurrency

Inter Process Communication (IPC)

Permissions and Controls

Case Studies

Lab Exercises

Network Security Programming – Sniffers and Packet Injectors

Raw Socket basics

Socket Libraries and Functionality

Programming Servers and Clients

Programming Wired and Wireless Sniffers

Programming arbitrary packet injectors

PCAP file parsing and analysis

Case Studies

Lab Exercises

Web Application Security

Web Servers and Client scripting

Web Application Fuzzers

Scraping Web Applications – HTML and XML file analysis

Web Browser Emulation

Attacking Web Services

Application Proxies and Data Mangling

Automation of attacks such as SQL Injection, XSS etc.

Case Studies

Lab Exercises

Exploitation Techniques

Exploit Development techniques

Immunity Debuggers and Libs

Writing plugins in Python

Binary data analysis

Exploit analysis Automation

Case Studies

Lab Exercises

Malware Analysis and Reverse Engineering

Process Debugging basics

Pydbg and its applications

Analyzing live applications

Setting breakpoints, reading memory etc.

In-memory modifications and patching

Case Studies

Lab Exercises

Attack Task Automation

Task Automation with Python

Libraries and Applications

Case Studies

Lab Exercises

Instructor Profile

Drinor Selmanaj has experience in cyber security. He has been working with FLOSSK for 2 years now he is one of many contributors in Kosovo in many open source projects, he has been doing workshops around Kosovo in data security, also being a FLOSSKie he has been maintaining the network of the SFK (Software Freedom Kosova) the annual conference about open source in Kosovo. His expertise are networks and computer security. While on workdays he is the CEO of HelloWorld, a company which is focused on application development. His passion about computer security and networks never stops. He will be showing some awesome stuff at advanced cyber security training.

Instructor
Drinor Selmanaj | Instructor

Drinor Selmanaj has experience in cyber security. He has been working with FLOSSK for 2 years now he is one of many contributors in Kosovo in many open source projects, he has been doing workshops around Kosovo in data security, also being a FLOSSKie he has been maintaining the network of the SFK (Software Freedom Kosova) the annual conference about open source in Kosovo. His expertise are networks and computer security. While on workdays he is the CEO of HelloWorld, a company which is focused on application development. His passion about computer security and networks never stops. He will be showing some awesome stuff at advanced cyber security training.

Facebook
Twitter
LinkedIn