Offensive Python

RT421

Table of Contents

Description

The world of information security consists of a multitude of complex issues and techniques on how to deal with the many environments that can be vulnerable to global cyber-attacks. The groups that get stronger are not only the hackers who try to hurt you but also the defense groups in the organizations, the more known the attacks, the more definite their defense.

The course offers participants advanced levels of attack to evade the many defense mechanisms available in the market today with the help of independent tools and Python programming capabilities .

How to make the most of this course?

In order to succeed in the course, the following requirements must be met:

  • Participation in all practical laboratories
    Self-work at home between lessons;
  • Repetition of materials, self-learning, performing tasks, etc …

In addition to regular classroom studies, the participant is required to practice at least 10 hours a week in order to gain practical experience in the field.
A personal computer suitable for running virtual machines, with an Internet connection
Transition of the scenarios in the Cyberium system

Target audience

  • Ethical hackers and penetration testers
  • Students preparing for OSCP, OSCE, GPEN, GXPN, CEH
  • Information security professionals and cybersecurity consultants
  • System and network security administrators
  • Programmers who want to get their hands dirty

Objectives

  • Understanding the cyber threat landscapes
  • Acquiring knowledge and tools
  • Identifying attacks when accruing on the network
  • Testing networks and systems for vulnerabilities and create an attack mechanism
  • Reinforce Metasploit framework using Python
  • Becoming familiar with a variety of available tools for performing security-related tasks

Pre-requisites

  • ThinkCyber Level-2 Courses

Syllabus

Description

This module will teach the participants how to use python programming language during any penetration testing or ethical hacking operation and how to use Python to automate your network analysis scripts on various information security fields.

Technical content

  • Offensive Networking
    o Raw Sockets Basics
    o Socket Libraries and Functionality
    o Programming Servers and Clients
    o Writing Packet Sniffers
    o PCAP File Parsing and Analysis
    o Automating Network Attacks with Python
  • Utilizing Scapy
    o Crafting packets with Scapy
    o Routing using Scapy
    o Creating Automation with Scapy
    o Offensive Scapy Techniques
    o DDoS Attack
    o Port Scanning and Version Detection
    o Automate the Process of PCAP Parsing
    o Using Scapy to Create a Custom Wireless Data leakage tool

Description

This module will teach participants to handle common and various ethical hacking techniques to write automation processes to that procedure.

Technical content

  • Ethical Hacking
    o Privesc Enumeration Scripts
    o Python I/O Handling
  • Password Cracking
    o Wordlist Generation Tool
    o Building Password Guessing Tool
    o Password Cracking with Python
    o Automating Brute-force Attacks
    o Automate Banner Grabbing
  • Advanced Scanning with Python
    o Shodan CLI Integration
    o Automated Nmap Script
    o Advanced Shodan Search with Python
  • Web Application pen-testing automation process
    o Fuzzing
    o Requests and Response
    o Examine Directories and Files
    o Parsing HTML Files
    o URL Fetching and Parsing
    o Customizing SQL Injection Querieso Parsing Tweets

Description

Metasploit framework is written in Ruby and does not support scripts written in Python, so it requires some additional tuning to automate the actions of the attacker using Metasploit and Python together. In this module, participants will learn how to automate Metasploit script using Python and other useful techniques for ethical hacking.

Technical content

  • Creating Offensive Tool
    o Interact Python with Metasploit
    o Create Metasploit Scripts
    o Build a Port Scanner
    o Process Monitoring with Python
    o Cracking Tools
    o Reverse Shells
    o Extracting Images from TCP Streams
  • Mimicking Metasploit Framework
    o Auxiliary in Python
    o Understanding Reverse and Bind Shells
    o Working with Anonymity
    o Enumerating Services
    o Post Exploitation Procedures
    o Introduction to Buffer Overflow attacks
    o Pymetasploit3 – Metasploit Automation Library

Labs

The following labs are part of the actual RT421 course:
  • Lab 1 Python Basics
  • Lab 2 Writing Code
  • Lab 3 Networking with Python
  • Lab 4 Password Cracking
  • Lab 5 Scapy
  • Lab 6 Scanning with Python
  • Lab 7 Automation with Python
  • Lab 8 Web Security with Python
  • Lab 9 Build Payloads
  • Lab 10 Local Attacks
  • Lab 11 Useful Libraries

Real cases studies

Case study #1 (OP001)
According to the latest revelation from the "whistleblower" Edward Snowden, British spy agency GCHQ hackers are using NSA search engines similar to Shodan in an attempt to exploit them. Your team was selected to mitigate the case; most of the engines running on Python. Use your automated tools to solve the case.
Reference
Case study #2 (OP002)
Recently, the Internet witnessed a record-breaking, most massive DDoS attack of over 1 Tbps against France-based hosting provider OVH. Following the recent attack, a special team was hired to track the attack.
Reference
Previous
Next
RT421

 Course type

This course is delivered in the following ways:

  • Virtual classroom with proctored labs and scenarios executed in our Cyberium Arena
  • In situ classroom with proctored labs and scenarios executed in our Cyberium Arena

All sessions are recorded and attendees can replay them  during 30 days. All course material is electronically made available to the participant.

 Course Group: FOUNDATION

LEVEL
0%
1
HOURS

 Hands-on / Theory MiX

The following course incorporates a high level of hands-on labs exercises, as well as real life case studies:

1 %
Hands-on
1
Labs
1
Case studies

Certification

This course prepares the participant to the following certification:

  • GPYC (SANS)

Required EqUIPMENT

Network connection

As this course extensively uses a cloud based Learning Management System, including a lab arena, attendees need a stable broadband connection to the Internet.

BYOD – Bring Your Own Device

As it is a very practical course, and in order for the participants to make the most of the course, they need a laptop with the following capabilities:

  • Audio and Video
  • 8 GB RAM
  • 200 GB Disk Space
  • Virtualization capabilities ( supporting latest version of Virtualbox or similar virtual machine application)

And also a Good Headset with Mic

More Details

Subscribe