Final days to save $150 on top-notch cyber security training at SANS Seattle Spring 2020! Register now.

Pen Test Hackfest Summit & Training

Washington, DC | Thu, Nov 13 - Thu, Nov 20, 2014
This event is over,
but there are more training opportunities.

SEC573: Python for Penetration Testers

Sat, November 15 - Wed, November 19, 2014

SEC573 is a course every cyber analyst needs! The instuction and course material is the best I have seen in the 500+ hours of training I have received.

Jonathan C., DoD

PyWars in SEC573 was a great parallel thread. I enjoyed the challenges and found it a great way to practice during downtime and when I finished early.

Eric Gillespie, Anonymous

Python for penetration testers at Hackfest 2014. Your target has been well hardened. So far, your every attempt to compromise their network has failed. But, you did find evidence of a vulnerability, a lucky break in their defensive posture. Sadly, all of your tools have failed to successfully exploit it. Your employers demand results. What do you do when off-the-shelf tools fall short? You write your own tool.

The best penetration testers can customize existing open source tools or develop their own tools. The ability to read, write, and customize software is what distinguishes the good penetration tester from the great penetration tester. This course, SEC573: Python for Penetration Testers at Hackfest, is designed to give you the skills you need for tweaking, customizing, or outright developing your own tools to put you on the path of becoming a great penetration tester. Again and again, organizations serious about security emphasize their need for skilled tool builders. There is a huge demand for people who can understand a problem and then rapidly develop prototype code to attack or defend against it. Join us and learn Python in-depth and fully weaponized.

Unfortunately, many penetration testers at Hackfest do not have these skills today. The time and effort required to develop programming skills may seem overwhelming. But it is not beyond your reach. This course is designed to meet you at your current skill level, appealing to a wide variety of backgrounds ranging from people without a drop of coding experience all the way up to skilled Python developers looking to increase their expertise and map their capabilities to penetration testing. Because you can't become a world-class tool builder by merely listening to lectures, the course is chock full of hours of hands-on labs every day that will teach you the skills required to develop serious Python programs and how to apply those skills in penetration testing engagements.

SEC573: Python for Penetration Testers at Hackfest begins with an introduction to SANS pyWars. pyWars is a 4-day Capture the Flag competition that runs parallel to the course material. It will challenge your existing programming skills and help you develop new skills at your own individualized pace. This allows experienced programmers to quickly progress to more advanced concepts while novice programmers spend time building a strong foundation. This individualized approach allows everyone to hone their current skills making them the most lethal weapon they can be.

After introducing pyWars, here at Hackfest, the course will cover the essentials skills required to get the most out of the Python language. The essentials workshop labs will teach the concepts and techniques required to develop your own tools to those that are new to software development. The essentials workshop will also teach shortcuts that will make experienced developers even more deadly. Then we turn to applying those skills in today's real work penetration testing scenarios. You will develop a port scanning, antivirus evading, client infecting backdoor for placement on target systems. You will develop a SQL injection tool to extract data from websites that fail with off the shelf tools. You will develop a multi-threaded password guessing tool and a packet assembling network reconnaissance tool. The course concludes with a one-day Capture the Flag event that will test both your ability to apply your new tools and coding skills in a penetration testing challenge.


By the end of this course, students will have learned essentials skills that every penetration tester should have. For your next engagement you will command and conquer as you:

  • Write a backdoor that uses Exception Handling, Sockets, Process execution, and encryption to provide you with your initial foothold in a target environment. The backdoor will include features such as a port scanner to find an open outbound port, the ability to evade antivirus software and network monitoring and the ability to embed payload from tools such as Metasploit.
  • Write a SQL Injection tool that uses standard Python libraries to interact with target websites. You will be able to use different SQL attack techniques for extracting data from a vulnerable target system.
  • Develop a password guessing attack tool with features like multi-threading, cookie handlers, support for application proxies such as Burp and much much more.
  • Write a network reconnaissance tool that uses SCAPY, cStringsIO and PIL to reassemble TCP packet streams, extract data payloads such as images, display images, extract Metadata such as GPS coordinates and link those images with GPS coordinates to Google maps.

When you are ready to fully weaponize your penetration testing skillset...

When you are ready to go from being a good penetration tester to a great penetration tester...

When you are ready to begin using your own tools to automate your penetration testing skills...

Join us for Python for Penetration testers.

In-depth Python...Fully weaponized.


Course Syllabus

Mark Baggett
Sat Nov 15th, 2014
9:00 AM - 5:00 PM


The course begins with a brief introduction to Python and the pyWars Capture the flag game. We set the stage for students to learn at their own pace in the 100% hands-on pyWars lab environment. As more advanced students take on Python based CTF challenges, students who are new to programming will start from the very beginning with Python essentials, including:

Variables, Math Operators, Strings, Functions, Modules, Compound Statements, Introspection

CPE/CMU Credits: 6

Mark Baggett
Sun Nov 16th, 2014
9:00 AM - 5:00 PM


You will never learn to program by staring at Powerpoint slides. The second day continues the hands on lab-centric approach established on day one. This section continues covering the essentials of the language, covering data structures and programming concepts. With the essentials of the language under your belt, the pyWars challenges and the in-class labs start to cover more complex subjects, such as:

Lists, Loops, Tuples, Dictionaries, The Python Debugger, System Arguments & OptParser, File Operations

CPE/CMU Credits: 6

Mark Baggett
Mon Nov 17th, 2014
9:00 AM - 5:00 PM


Day 3 shifts gears. With a core set of skills established, we can begin developing Penetration Testing tools that you can use in your next engagement. You will develop a back door command shell that evades antivirus software and provides you with that critical initial foot-hold in the target environment. You will then develop a customizable SQL Injection tool that you can use to extract all the data from a vulnerable database when off the shelf tools fail. Finally, we will discuss how to speed up your code with multi-threading.

Python Backdoors Topics:

  • Network Sockets, Exception Handling, Process Execution, Metasploit Integration, Antivirus and IDS Evasion

SQL Injection Attack Tools Topics:

  • Introduction to SQL, Blind SQL Injection Techniques, Developing Web Clients, Multi-Threaded Applications, Mutexes and Semaphores, Message Queues and Thread Communications

CPE/CMU Credits: 6

Mark Baggett
Tue Nov 18th, 2014
9:00 AM - 5:00 PM


In this section you will develop more tools that will make you a more lethal penetration tester. First, you will develop a custom web based password guesser. This will teach you how to get the most out of Python's web based libraries and interact with websites using cookies, proxies and other features to p0wn the most difficult web based authentication systems. Then, you will write a network reconnaissance tool that will demonstrate the power of Python's 3rd party libraries.

Password Attack Topics:

  • HTTP Form Password Guessing, Advanced Web Client Techniques, HTTP Proxies/HTTP Cookies, Session Hijacking

Network Reconnaissance Topics:

  • TCP Packet Reassembly With Scapy, Extracting Images from TCP Streams, Analyzing Image Metadata

CPE/CMU Credits: 6

Mark Baggett
Wed Nov 19th, 2014
9:00 AM - 5:00 PM


In this final section you will be placed on a team with other students.

Working as a team, you will apply skills you have mastered in a series of penetration testing challenges. Participants will exercise the skills and code they have developed over the previous four days as they exploit vulnerable systems, break encryption cyphers, and remotely execute code on target systems. Test your skills! Prove your might!

CPE/CMU Credits: 6

Additional Information

Laptop Requirements:

To get the most value out of the course, students are required to bring their own laptop so that they can connect directly to the workshop network that we will create. It is the students' responsibility to make sure that the system is properly configured with all drivers necessary to connect to an Ethernet network.

Some of the course exercises are based on Windows, while others focus on Linux. VMware Player or VMware Workstation is required for the class. If you plan to use a Macintosh, please make sure you bring VMware Fusion, along with a Windows guest virtual machine.


You are required to bring Windows 7 (Professional, Enterprise, or Ultimate), Windows Vista (Business, Enterprise, or Ultimate), either a real system or a virtual machine. Windows 8 Pro is an acceptable option.

You will require administrative access to your Windows computer and the ability to install various software packages including Python on that computer.

IMPORTANT NOTE: You may also be required to disable your anti-virus tools temporarily for some exercises, so make sure you have the anti-virus administrator permissions to do so. DO NOT plan on just killing your anti-virus service or processes because most anti-virus tools still function even when their associated services and processes have been terminated. For many enterprise-managed clients, disabling your anti-virus tool may require a different password than the Administrator account password. Please bring that administrator password for your anti-virus tool.

The course includes a VMware image file of a guest Linux system that is larger than 5 GB. Therefore, you need a file system with the ability to read and write files that are larger than 5 GB, such as NTFS on a Windows machine.

Enterprise VPN clients may interfere with the network configuration required to participate in the class. If your system has an enterprise VPN client installed, you may need to uninstall it for the exercises in class.


You will use VMware to run Windows and Linux operating systems simultaneously when performing exercises in class. You must have either the free VMware Player 3 or later or the commercial VMware Workstation 6 or later installed on your system prior to coming to class. You can download VMware Player for free here.

Alternatively, if you want a more flexible and configurable tool, you can download a free 30-day trial copy of VMware Workstation here. VMware will send you a time- limited license number for VMware Workstation if you register for the trial at their Web site. No license number is required for VMware Player.

We will give you a DVD full of tools to use during the class and take home for later analysis. We will also provide a Linux image with all of our tools pre-installed that runs within VMware Player or VMware Workstation.


You do not need to bring a Linux system if you plan to use our Linux image in VMware. However, you are required to bring VMware Workstation or VMware Player. The class does not support VirtualPC or other non-VMware virtualization products.

Mandatory Laptop Hardware Requirements

  • x86- or x64-compatible 1.5 GHz CPU Minimum or higher
  • DVD Drive (not a CD drive)
  • 2 GigaByte RAM minimum with 4 GB or higher recommended
  • Ethernet adapter (A wired connection is required in class. If your laptop supports only wireless, please make sure to bring an Ethernet adapter with you.)
  • 6 GigaByte available hard drive space

During the workshop, you will be connecting to one of the most hostile networks on planet Earth! Your laptop might be attacked. Do not have any sensitive data stored on the system. SANS is not responsible for your system if someone in the class attacks it in the workshop.

By bringing the right equipment and preparing in advance, you can maximize what you'll see and learn as well as have a lot of fun.

If you have additional questions about the laptop specifications, please contact

  • Security Professionals who want to learn how to develop Python applications.
  • Penetration testers who want to move from being a consumer of security tools to the creator security tools.
  • Technolgists that need custom tools to test their infrastructure and desire to create those tools themselves.

A basic understanding of any programming or scripting language is require for this class.

  • The reverse Backdoor shell - Write your own backdoor!
  • SQL Injection Utility - When SQLMAP just wont do the job.
  • Multi-Threaded Password Guessing - That customized CAPTCHA can't stop me
  • Advanced Network Recon - There is no where to hide.
  • pyWars - An Online hacking competition for the first 4 days of class with challenges for the beginner and the advanced programmer
  • Day 5 Capture the Flag - Test your newly acquired skills in a 1 day Capture the Flag competition

You Will Learn

  • Learn to Leverage Python Scripting to maximize the effectiveness of your penetration tests
  • Learn to use TCP Sockets to build network applications
  • How to Develop Web Application attack tools
  • Understand how to parse TCP Packets and PCAP data to Extract valuable data
  • Utilize advanced application concepts such as threading and message queueing

Other Courses People Have Taken

Courses that Lead-in

Courses that are good follow-ups

A virtual machine with sample code and working examples

A copy of Violent Python

"SEC573 is vital for anyone who considers themselves to be a pen tester." - Jeff Turner, Lexis Nexis Risk Solutions

"So far the content of Python for Penetration Testers has been great. I have learned several things even as an advanced user." - Matthew Garfinkle, ManTech International Corporation

Author Statement

Today basic scripting skills are essential to professionals in all aspects of information security. Understanding how to develop your own applications means you can automate tasks and do more, with fewer resources, in less time. As penetration testers, knowing how to use canned information security tools is a basic skill that you must have. Knowing how to build your own tools when the tools someone else wrote fail is what seperates the great penetration testers from the good. This course is designed for security professionals who have some basic scripting skills and want to learn how to apply them to the field of penetration testing. The course will cover the essential skills that are needed to develop applications that interact with networks, websites, databases, and file systems so you can take your career to the next level. We will cover these essential skills as we build practical applications that you can immediately put into use in your penetration tests. -Mark Baggett