Offensive Python
RT421
Table of Contents
Description
The world of information security consists of a multitude of complex issues and techniques on how to deal with the many environments that can be vulnerable to global cyber-attacks. The groups that get stronger are not only the hackers who try to hurt you but also the defense groups in the organizations, the more known the attacks, the more definite their defense.
The course offers participants advanced levels of attack to evade the many defense mechanisms available in the market today with the help of independent tools and Python programming capabilities .
How to make the most of this course?
In order to succeed in the course, the following requirements must be met:
- Participation in all practical laboratories
Self-work at home between lessons; - Repetition of materials, self-learning, performing tasks, etc …
In addition to regular classroom studies, the participant is required to practice at least 10 hours a week in order to gain practical experience in the field.
A personal computer suitable for running virtual machines, with an Internet connection
Transition of the scenarios in the Cyberium system
Target audience
- Ethical hackers and penetration testers
- Students preparing for OSCP, OSCE, GPEN, GXPN, CEH
- Information security professionals and cybersecurity consultants
- System and network security administrators
- Programmers who want to get their hands dirty
Objectives
- Understanding the cyber threat landscapes
- Acquiring knowledge and tools
- Identifying attacks when accruing on the network
- Testing networks and systems for vulnerabilities and create an attack mechanism
- Reinforce Metasploit framework using Python
- Becoming familiar with a variety of available tools for performing security-related tasks
Pre-requisites
- ThinkCyber Level-2 Courses
Syllabus
Description
This module will teach the participants how to use python programming language during any penetration testing or ethical hacking operation and how to use Python to automate your network analysis scripts on various information security fields.
Technical content
- Offensive Networking
o Raw Sockets Basics
o Socket Libraries and Functionality
o Programming Servers and Clients
o Writing Packet Sniffers
o PCAP File Parsing and Analysis
o Automating Network Attacks with Python - Utilizing Scapy
o Crafting packets with Scapy
o Routing using Scapy
o Creating Automation with Scapy
o Offensive Scapy Techniques
o DDoS Attack
o Port Scanning and Version Detection
o Automate the Process of PCAP Parsing
o Using Scapy to Create a Custom Wireless Data leakage tool
Description
This module will teach participants to handle common and various ethical hacking techniques to write automation processes to that procedure.
Technical content
- Ethical Hacking
o Privesc Enumeration Scripts
o Python I/O Handling - Password Cracking
o Wordlist Generation Tool
o Building Password Guessing Tool
o Password Cracking with Python
o Automating Brute-force Attacks
o Automate Banner Grabbing - Advanced Scanning with Python
o Shodan CLI Integration
o Automated Nmap Script
o Advanced Shodan Search with Python - Web Application pen-testing automation process
o Fuzzing
o Requests and Response
o Examine Directories and Files
o Parsing HTML Files
o URL Fetching and Parsing
o Customizing SQL Injection Querieso Parsing Tweets
Description
Metasploit framework is written in Ruby and does not support scripts written in Python, so it requires some additional tuning to automate the actions of the attacker using Metasploit and Python together. In this module, participants will learn how to automate Metasploit script using Python and other useful techniques for ethical hacking.
Technical content
- Creating Offensive Tool
o Interact Python with Metasploit
o Create Metasploit Scripts
o Build a Port Scanner
o Process Monitoring with Python
o Cracking Tools
o Reverse Shells
o Extracting Images from TCP Streams - Mimicking Metasploit Framework
o Auxiliary in Python
o Understanding Reverse and Bind Shells
o Working with Anonymity
o Enumerating Services
o Post Exploitation Procedures
o Introduction to Buffer Overflow attacks
o Pymetasploit3 – Metasploit Automation Library
Labs
- Lab 1 Python Basics
- Lab 2 Writing Code
- Lab 3 Networking with Python
- Lab 4 Password Cracking
- Lab 5 Scapy
- Lab 6 Scanning with Python
- Lab 7 Automation with Python
- Lab 8 Web Security with Python
- Lab 9 Build Payloads
- Lab 10 Local Attacks
- Lab 11 Useful Libraries
Course type
This course is delivered in the following ways:
- Virtual classroom with proctored labs and scenarios executed in our Cyberium Arena
- In situ classroom with proctored labs and scenarios executed in our Cyberium Arena
All sessions are recorded and attendees can replay them during 30 days. All course material is electronically made available to the participant.
Course Group: FOUNDATION
Hands-on / Theory MiX
The following course incorporates a high level of hands-on labs exercises, as well as real life case studies:
Certification
This course prepares the participant to the following certification:
- GPYC (SANS)
Required EqUIPMENT
Network connection
As this course extensively uses a cloud based Learning Management System, including a lab arena, attendees need a stable broadband connection to the Internet.
BYOD – Bring Your Own Device
As it is a very practical course, and in order for the participants to make the most of the course, they need a laptop with the following capabilities:
- Audio and Video
- 8 GB RAM
- 200 GB Disk Space
- Virtualization capabilities ( supporting latest version of Virtualbox or similar virtual machine application)
And also a Good Headset with Mic
