Get highly relevant, immediately applicable cyber security training in Seattle - Mar. 23-28.

Northern Virginia 2014

Reston, VA | Mon, Mar 17 - Sat, Mar 22, 2014
This event is over,
but there are more training opportunities.

SEC573: Python for Penetration Testers New

Mon, March 17 - Fri, March 21, 2014

SEC573 is excellent. I went from having almost no python coding ability to being able to write functional and useful programs.

Caleb Jaren, Microsoft

SEC573 has significantly helped with my foundational knowledge of Python, while exposing me to more advanced applications of it.

Chris Miller, Global Payments

Your target has been well hardened. So far, your every attempt to compromise their network has failed. But, you did find evidence of a vulnerability, a lucky break in their defensive posture. Sadly, all of your tools have failed to successfully exploit it. Your employers demand results. What do you do when √ʬ¬off-the-shelf√ʬ¬ tools fall short? You write your own tool.

The best penetration testers can customize existing open source tools or develop their own tools. The ability to read, write, and customize software is what distinguishes the good penetration tester from the great penetration tester. This course is designed to give you the skills you need for tweaking, customizing, or outright developing your own tools to put you on the path of becoming a great penetration tester. Again and again, organizations serious about security emphasize their need for skilled tool builders. There is a huge demand for people who can understand a problem and then rapidly develop prototype code to attack or defend against it. Join us and learn Python in-depth and fully weaponized.

Unfortunately, many penetration testers do not have these skills today. The time and effort required to develop programming skills may seem overwhelming. But it is not beyond your reach. This course is designed to meet you at your current skill level, appealing to a wide variety of backgrounds ranging from people without a drop of coding experience all the way up to skilled Python developers looking to increase their expertise and map their capabilities to penetration testing. Because you can't become a world-class tool builder by merely listening to lectures, the course is chock full of hours of hands-on labs every day that will teach you the skills required to develop serious Python programs and how to apply those skills in penetration testing engagements.

The course begins with an introduction to SANS pyWars. pyWars is a 4-day Capture the Flag competition that runs parallel to the course material. It will challenge your existing programming skills and help you develop new skills at your own individualized pace. This allows experienced programmers to quickly progress to more advanced concepts while novice programmers spend time building a strong foundation. This individualized approach allows everyone to hone their current skills making them the most lethal weapon they can be.

After introducing pyWars the course covers the essentials skills required to get the most out of the Python language. The essentials workshop labs will teach the concepts and techniques required to develop your own tools to those that are new to software development. The essentials workshop will also teach shortcuts that will make experienced developers even more deadly. Then we turn to applying those skills in today√ʬ¬s real work penetration testing scenarios. You will develop a port scanning, antivirus evading, client infecting backdoor for placement on target systems. You will develop a SQL injection tool to extract data from websites that fail with off the shelf tools. You will develop a multi-threaded password guessing tool and a packet assembling network reconnaissance tool. The course concludes with a one-day Capture the Flag event that will test both your ability to apply your new tools and coding skills in a penetration testing challenge.


By the end of this course, students will have learned essentials skills that every penetration tester should have. For your next engagement you will command and conquer as you:

  • Write a backdoor that uses Exception Handling, Sockets, Process execution, and encryption to provide you with your initial foothold in a target environment. The backdoor will include features such as a port scanner to find an open outbound port, the ability to evade antivirus software and network monitoring and the ability to embed payload from tools such as Metasploit.
  • Write a SQL Injection tool that uses standard Python libraries to interact with target websites. You will be able to use different SQL attack techniques for extracting data from a vulnerable target system.
  • Develop a password guessing attack tool with features like multi-threading, cookie handlers, support for application proxies such as Burp and much much more.
  • Write a network reconnaissance tool that uses SCAPY, cStringsIO and PIL to reassemble TCP packet streams, extract data payloads such as images, display images, extract Metadata such as GPS coordinates and link those images with GPS coordinates to Google maps.

When you are ready to fully weaponize your penetration testing skillset...

When you are ready to go from being a good penetration tester to a great penetration tester...

When you are ready to begin using your own tools to automate your penetration testing skills...

Join us for Python for Penetration testers.

In-depth Python...Fully weaponized.


Course Syllabus

Mark Baggett
Mon Mar 17th, 2014
9:00 AM - 5:00 PM


The course begins with a brief introduction to Python and the pyWars Capture the flag game. We set the stage for students to learn at their own pace in the 100% hands-on pyWars lab environment. As more advanced students take on Python based CTF challenges, students who are new to programming will start from the very beginning with Python essentials, including:

Variables, Math Operators, Strings, Functions, Modules, Compound Statements, Introspection

CPE/CMU Credits: 6

Mark Baggett
Tue Mar 18th, 2014
9:00 AM - 5:00 PM


You will never learn to program by staring at Powerpoint slides. The second day continues the hands on lab-centric approach established on day one. This section continues covering the essentials of the language, covering data structures and programming concepts. With the essentials of the language under your belt, the pyWars challenges and the in-class labs start to cover more complex subjects, such as:

Lists, Loops, Tuples, Dictionaries, The Python Debugger, System Arguments & OptParser, File Operations

CPE/CMU Credits: 6

Mark Baggett
Wed Mar 19th, 2014
9:00 AM - 5:00 PM


Day 3 shifts gears. With a core set of skills established, we can begin developing Penetration Testing tools that you can use in your next engagement. You will develop a back door command shell that evades antivirus software and provides you with that critical initial foot-hold in the target environment. You will then develop a customizable SQL Injection tool that you can use to extract all the data from a vulnerable database when off the shelf tools fail. Finally, we will discuss how to speed up your code with multi-threading.

Python Backdoors Topics:

  • Network Sockets, Exception Handling, Process Execution, Metasploit Integration, Antivirus and IDS Evasion

SQL Injection Attack Tools Topics:

  • Introduction to SQL, Blind SQL Injection Techniques, Developing Web Clients, Multi-Threaded Applications, Mutexes and Semaphores, Message Queues and Thread Communications

CPE/CMU Credits: 6

Mark Baggett
Thu Mar 20th, 2014
9:00 AM - 5:00 PM


In this section you will develop more tools that will make you a more lethal penetration tester. First, you will develop a custom web based password guesser. This will teach you how to get the most out of Python√ʬ¬s web based libraries and interact with websites using cookies, proxies and other features to p0wn the most difficult web based authentication systems. Then, you√ʬ¬ll write a network reconnaissance tool that will demonstrate the power of Python√ʬ¬s 3rd party libraries.

Password Attack Topics:

  • HTTP Form Password Guessing, Advanced Web Client Techniques, HTTP Proxies/HTTP Cookies, Session Hijacking

Network Reconnaissance Topics:

  • TCP Packet Reassembly With Scapy, Extracting Images from TCP Streams, Analyzing Image Metadata

CPE/CMU Credits: 6

Mark Baggett
Fri Mar 21st, 2014
9:00 AM - 5:00 PM


In this final section you will be placed on a team with other students.

Working as a team, you will apply skills you have mastered in a series of penetration testing challenges. Participants will exercise the skills and code they have developed over the previous four days as they exploit vulnerable systems, break encryption cyphers, and remotely execute code on target systems. Test your skills! Prove your might!

CPE/CMU Credits: 6

Additional Information

Any laptop that can run one Linux virtual machine. Students will also require access to a Windows Computer on which they have administrative access. The Windows computer can be their Host computer or a Guest VM.

If you have additional questions about the laptop specifications, please contact

  • Security Professionals who want to learn how to develop Python applications.
  • Penetration testers who want to move from being a consumer of security tools to the creator security tools.
  • Technolgists that need custom tools to test their infrastructure and desire to create those tools themselves.

A basic understanding of any programming or scripting language is require for this class.

  • The reverse Backdoor shell - Write your own backdoor!
  • SQL Injection Utility - When SQLMAP just wont do the job.
  • Multi-Threaded Password Guessing - That customized CAPTCHA can't stop me
  • Advanced Network Recon - There is no where to hide.
  • pyWars - An Online hacking competition for the first 4 days of class with challenges for the beginner and the advanced programmer
  • Day 5 Capture the Flag - Test your newly acquired skills in a 1 day Capture the Flag competition

You Will Learn

  • Learn to Leverage Python Scripting to maximize the effectiveness of your penetration tests
  • Learn to use TCP Sockets to build network applications
  • How to Develop Web Application attack tools
  • Understand how to parse TCP Packets and PCAP data to Extract valuable data
  • Utilize advanced application concepts such as threading and message queueing

Other Courses People Have Taken

Courses that Lead-in

  • SEC504
  • SEC560
  • SEC660
  • SEC542
  • SEC642

Courses that are good follow-ups

  • SEC560
  • SEC660
  • SEC542
  • SEC642

A virtual machine with sample code and working examples

A copy of Violent Python

"All of the hands-on labs also come with solutions that Python novices like me can refer to when coding real pen-testing scripts. The examples and techniques presented in SEC 573 are relevant to today's attack scenarios." - Jacob Giannantonio, US Army

"SEC 573 is vital for anyone who considers themselves to be a pen tester." - Jeff Turner, Lexis Nexis Risk Solutions

"So far the content of Python for Penetration Testers has been great. I have learned several things even as an advanced user." - Matthew Garfinkle, ManTech International Corporation

Author Statement

Today basic scripting skills are essential to professionals in all aspects of information security. Understanding how to develop your own applications means you can automate tasks and do more, with fewer resources, in less time. As penetration testers, knowing how to use canned information security tools is a basic skill that you must have. Knowing how to build your own tools when the tools someone else wrote fail is what seperates the great penetration testers from the good. This course is designed for security professionals who have some basic scripting skills and want to learn how to apply them to the field of penetration testing. The course will cover the essential skills that are needed to develop applications that interact with networks, websites, databases, and file systems so you can take your career to the next level. We will cover these essential skills as we build practical applications that you can immediately put into use in your penetration tests. -Mark Baggett