SEC573: Python for Penetration Testers
Python for Penetration Testers. Your target has been well hardened. So far, your every attempt to compromise their network has failed. But, you did find evidence of a vulnerability, a lucky break in their defensive posture. Sadly, all of your tools have failed to successfully exploit it. Your employers demand results. What do you do when "off-the-shelf" tools fall short? You write your own tool.
The best penetration testers can customize existing open source tools or develop their own tools. The ability to read, write, and customize software is what distinguishes the good penetration tester from the great penetration tester. This course, SEC573: Python for Penetration Testers, is designed to give you the skills you need for tweaking, customizing, or outright developing your own tools to put you on the path of becoming a great penetration tester. Again and again, organizations serious about security emphasize their need for skilled tool builders. There is a huge demand for people who can understand a problem and then rapidly develop prototype code to attack or defend against it. Join us and learn Python in-depth and fully weaponized.
Unfortunately, many penetration testers do not have these skills today. The time and effort required to develop programming skills may seem overwhelming. But it is not beyond your reach. This course is designed to meet you at your current skill level, appealing to a wide variety of backgrounds ranging from people without a drop of coding experience all the way up to skilled Python developers looking to increase their expertise and map their capabilities to penetration testing. Because you can't become a world-class tool builder by merely listening to lectures, the course is chock full of hours of hands-on labs every day that will teach you the skills required to develop serious Python programs and how to apply those skills in penetration testing engagements.
SEC573: Python for Penetration Testers begins with an introduction to SANS pyWars. pyWars is a 4-day Capture the Flag competition that runs parallel to the course material. It will challenge your existing programming skills and help you develop new skills at your own individualized pace. This allows experienced programmers to quickly progress to more advanced concepts while novice programmers spend time building a strong foundation. This individualized approach allows everyone to hone their current skills making them the most lethal weapon they can be.
After introducing pyWars the course covers the essentials skills required to get the most out of the Python language. The essentials workshop labs will teach the concepts and techniques required to develop your own tools to those that are new to software development. The essentials workshop will also teach shortcuts that will make experienced developers even more deadly. Then we turn to applying those skills in today's real work penetration testing scenarios. You will develop a port scanning, antivirus evading, client infecting backdoor for placement on target systems. You will develop a SQL injection tool to extract data from websites that fail with off the shelf tools. You will develop a multi-threaded password guessing tool and a packet assembling network reconnaissance tool. The course concludes with a one-day Capture the Flag event that will test both your ability to apply your new tools and coding skills in a penetration testing challenge.
- Onsite training: Python for Pen Testers, SEC573
By the end of this course, students will have learned essentials skills that every penetration tester should have. For your next engagement you will command and conquer as you:
- Write a backdoor that uses Exception Handling, Sockets, Process execution, and encryption to provide you with your initial foothold in a target environment. The backdoor will include features such as a port scanner to find an open outbound port, the ability to evade antivirus software and network monitoring and the ability to embed payload from tools such as Metasploit.
- Write a SQL Injection tool that uses standard Python libraries to interact with target websites. You will be able to use different SQL attack techniques for extracting data from a vulnerable target system.
- Develop a password guessing attack tool with features like multi-threading, cookie handlers, support for application proxies such as Burp and much much more.
- Write a network reconnaissance tool that uses SCAPY, cStringsIO and PIL to reassemble TCP packet streams, extract data payloads such as images, display images, extract Metadata such as GPS coordinates and link those images with GPS coordinates to Google maps.
When you are ready to fully weaponize your penetration testing skillset...
When you are ready to go from being a good penetration tester to a great penetration tester...
When you are ready to begin using your own tools to automate your penetration testing skills...
Join us for Python for Penetration testers.
In-depth Python...Fully weaponized.
|SEC573.1: Essentials Workshop|
The course begins with a brief introduction to Python and the pyWars Capture the flag game. We set the stage for students to learn at their own pace in the 100% hands-on pyWars lab environment. As more advanced students take on Python based CTF challenges, students who are new to programming will start from the very beginning with Python essentials, including:
Variables, Math Operators, Strings, Functions, Modules, Compound Statements, Introspection
CPE/CMU Credits: 6
|SEC573.2: Essentials Workshop|
You will never learn to program by staring at Powerpoint slides. The second day continues the hands on lab-centric approach established on day one. This section continues covering the essentials of the language, covering data structures and programming concepts. With the essentials of the language under your belt, the pyWars challenges and the in-class labs start to cover more complex subjects, such as:
Lists, Loops, Tuples, Dictionaries, The Python Debugger, System Arguments & OptParser, File Operations
CPE/CMU Credits: 6
|SEC573.3: Pentesting Applications|
Day 3 shifts gears. With a core set of skills established, we can begin developing Penetration Testing tools that you can use in your next engagement. You will develop a back door command shell that evades antivirus software and provides you with that critical initial foot-hold in the target environment. You will then develop a customizable SQL Injection tool that you can use to extract all the data from a vulnerable database when off the shelf tools fail. Finally, we will discuss how to speed up your code with multi-threading.
Python Backdoors Topics:
SQL Injection Attack Tools Topics:
CPE/CMU Credits: 6
|SEC573.4: Pentesting Applications|
In this section you will develop more tools that will make you a more lethal penetration tester. First, you will develop a custom web based password guesser. This will teach you how to get the most out of Python's web based libraries and interact with websites using cookies, proxies and other features to p0wn the most difficult web based authentication systems. Then, you will write a network reconnaissance tool that will demonstrate the power of Python's 3rd party libraries.
Password Attack Topics:
Network Reconnaissance Topics:
CPE/CMU Credits: 6
|SEC573.5: Capture the Flag|
In this final section you will be placed on a team with other students.
Working as a team, you will apply skills you have mastered in a series of penetration testing challenges. Participants will exercise the skills and code they have developed over the previous four days as they exploit vulnerable systems, break encryption cyphers, and remotely execute code on target systems. Test your skills! Prove your might!
CPE/CMU Credits: 6
To get the most value out of the course, students are required to bring their own laptop so that they can connect directly to the workshop network that we will create. It is the students' responsibility to make sure that the system is properly configured with all drivers necessary to connect to an Ethernet network.
Some of the course exercises are based on Windows, while others focus on Linux. VMware Player or VMware Workstation is required for the class. If you plan to use a Macintosh, please make sure you bring VMware Fusion, along with a Windows guest virtual machine.
You are required to bring Windows 7 (Professional, Enterprise, or Ultimate), Windows Vista (Business, Enterprise, or Ultimate), either a real system or a virtual machine. Windows 8 Pro is an acceptable option.
You will require administrative access to your Windows computer and the ability to install various software packages including Python on that computer.
IMPORTANT NOTE: You may also be required to disable your anti-virus tools temporarily for some exercises, so make sure you have the anti-virus administrator permissions to do so. DO NOT plan on just killing your anti-virus service or processes because most anti-virus tools still function even when their associated services and processes have been terminated. For many enterprise-managed clients, disabling your anti-virus tool may require a different password than the Administrator account password. Please bring that administrator password for your anti-virus tool.
The course includes a VMware image file of a guest Linux system that is larger than 5 GB. Therefore, you need a file system with the ability to read and write files that are larger than 5 GB, such as NTFS on a Windows machine.
Enterprise VPN clients may interfere with the network configuration required to participate in the class. If your system has an enterprise VPN client installed, you may need to uninstall it for the exercises in class.
You will use VMware to run Windows and Linux operating systems simultaneously when performing exercises in class. You must have either the free VMware Player 3 or later or the commercial VMware Workstation 6 or later installed on your system prior to coming to class. You can download VMware Player for free here.
Alternatively, if you want a more flexible and configurable tool, you can download a free 30-day trial copy of VMware Workstation here. VMware will send you a time- limited license number for VMware Workstation if you register for the trial at their Web site. No license number is required for VMware Player.
We will give you a DVD full of tools to use during the class and take home for later analysis. We will also provide a Linux image with all of our tools pre-installed that runs within VMware Player or VMware Workstation.
You do not need to bring a Linux system if you plan to use our Linux image in VMware. However, you are required to bring VMware Workstation or VMware Player. The class does not support VirtualPC or other non-VMware virtualization products.
Mandatory Laptop Hardware Requirements
During the workshop, you will be connecting to one of the most hostile networks on planet Earth! Your laptop might be attacked. Do not have any sensitive data stored on the system. SANS is not responsible for your system if someone in the class attacks it in the workshop.
By bringing the right equipment and preparing in advance, you can maximize what you'll see and learn as well as have a lot of fun.
If you have additional questions about the laptop specifications, please contact firstname.lastname@example.org.
|Who Should Attend|
A basic understanding of any programming or scripting language is require for this class.
|Why Take This Course?|
You Will Learn
|Other Courses People Have Taken|
Other Courses People Have Taken
Courses that Lead-in
Courses that are good follow-ups
|What You Will Receive|
A virtual machine with sample code and working examples
|Press & Reviews|
"All of the hands-on labs also come with solutions that Python novices like me can refer to when coding real pen-testing scripts. The examples and techniques presented in SEC 573 are relevant to today's attack scenarios." - Jacob Giannantonio, US Army
"SEC 573 is vital for anyone who considers themselves to be a pen tester." - Jeff Turner, Lexis Nexis Risk Solutions
"So far the content of Python for Penetration Testers has been great. I have learned several things even as an advanced user." - Matthew Garfinkle, ManTech International Corporation
Take your learning beyond the classroom. Explore our site network for additional resources related to this course's subject matter.
*CPE/CMU credits not offered for the SelfStudy delivery method