Last Day to Save $300 on Cyber Security Training at SANS Seattle Spring 2020! 7 Courses Available.


Washington, DC | Fri, Jun 14 - Sat, Jun 22, 2013
This event is over,
but there are more training opportunities.

SEC573: Python for Penetration Testers Sold Out

Mon, June 17 - Fri, June 21, 2013

Highly recommended. SEC573 truly gives you the power to forensicate at scale - or hunt adversaries.

Mark Osborn, SecureWorks

SEC573 is a course every cyber analyst needs! The instuction and course material is the best I have seen in the 500+ hours of training I have received.

Jonathan C., DoD

Your target has been well hardened. So far, your every attempt to compromise their network has failed. But, you did find evidence of a vulnerability, a lucky break in their defensive posture. Sadly, all of your tools have failed to successfully exploit it. Your employers demand results. What do you do when √ʬ¬off-the-shelf√ʬ¬ tools fall short? You write your own tool.

The best penetration testers can customize existing open source tools or develop their own tools. The ability to read, write, and customize software is what distinguishes the good penetration tester from the great penetration tester. This course is designed to give you the skills you need for tweaking, customizing, or outright developing your own tools to put you on the path of becoming a great penetration tester. Again and again, organizations serious about security emphasize their need for skilled tool builders. There is a huge demand for people who can understand a problem and then rapidly develop prototype code to attack or defend against it. Join us and learn Python in-depth and fully weaponized.

Unfortunately, many penetration testers do not have these skills today. The time and effort required to develop programming skills may seem overwhelming. But it is not beyond your reach. This course is designed to meet you at your current skill level, appealing to a wide variety of backgrounds ranging from people without a drop of coding experience all the way up to skilled Python developers looking to increase their expertise and map their capabilities to penetration testing. Because you can't become a world-class tool builder by merely listening to lectures, the course is chock full of hours of hands-on labs every day that will teach you the skills required to develop serious Python programs and how to apply those skills in penetration testing engagements.

The course begins with an introduction to SANS pyWars. pyWars is a 4-day Capture the Flag competition that runs parallel to the course material. It will challenge your existing programming skills and help you develop new skills at your own individualized pace. This allows experienced programmers to quickly progress to more advanced concepts while novice programmers spend time building a strong foundation. This individualized approach allows everyone to hone their current skills making them the most lethal weapon they can be.

After introducing pyWars the course covers the essentials skills required to get the most out of the Python language. The essentials workshop labs will teach the concepts and techniques required to develop your own tools to those that are new to software development. The essentials workshop will also teach shortcuts that will make experienced developers even more deadly. Then we turn to applying those skills in today√ʬ¬s real work penetration testing scenarios. You will develop a port scanning, antivirus evading, client infecting backdoor for placement on target systems. You will develop a SQL injection tool to extract data from websites that fail with off the shelf tools. You will develop a multi-threaded password guessing tool and a packet assembling network reconnaissance tool. The course concludes with a one-day Capture the Flag event that will test both your ability to apply your new tools and coding skills in a penetration testing challenge.


By the end of this course, students will have learned essentials skills that every penetration tester should have. For your next engagement you will command and conquer as you:

  • Write a backdoor that uses Exception Handling, Sockets, Process execution, and encryption to provide you with your initial foothold in a target environment. The backdoor will include features such as a port scanner to find an open outbound port, the ability to evade antivirus software and network monitoring and the ability to embed payload from tools such as Metasploit.
  • Write a SQL Injection tool that uses standard Python libraries to interact with target websites. You will be able to use different SQL attack techniques for extracting data from a vulnerable target system.
  • Develop a password guessing attack tool with features like multi-threading, cookie handlers, support for application proxies such as Burp and much much more.
  • Write a network reconnaissance tool that uses SCAPY, cStringsIO and PIL to reassemble TCP packet streams, extract data payloads such as images, display images, extract Metadata such as GPS coordinates and link those images with GPS coordinates to Google maps.

When you are ready to fully weaponize your penetration testing skillset...

When you are ready to go from being a good penetration tester to a great penetration tester...

When you are ready to begin using your own tools to automate your penetration testing skills...

Join us for Python for Penetration testers.

In-depth Python...Fully weaponized.


Course Syllabus

Mark Baggett
Mon Jun 17th, 2013
9:00 AM - 5:00 PM

CPE/CMU Credits: 6

  • Variables
  • Math Operators
  • Strings
  • Functions
  • Modules
  • Compound Statements
  • Introspection

Mark Baggett
Tue Jun 18th, 2013
9:00 AM - 5:00 PM

CPE/CMU Credits: 6

  • Lists
  • Loops
  • Tuples
  • Dictionaries
  • The Python Debugger
  • System Arguments & OptParser
  • File Operations

Mark Baggett
Wed Jun 19th, 2013
9:00 AM - 5:00 PM

CPE/CMU Credits: 6


Developing Python Backdoors

  • Network Sockets
  • Exception Handling
  • Process Execution
  • Metasploit Integration
  • Antivirus and IDS Evasion

Developing SQL Injection Attack Tools

  • Introduction to SQL
  • Blind SQL Injection Techniques
  • Developing Web Clients
  • Multi-Threaded Applications
  • Mutexes and Semaphores
  • Message Queues and Thread Communications

Mark Baggett
Thu Jun 20th, 2013
9:00 AM - 5:00 PM

CPE/CMU Credits: 6


Developing Password Attack Tools

  • HTTP Form Password Guessing
  • Advanced Web Client Techniques
  • HTTP Proxies/HTTP Cookies
  • Session Hijacking

Developing Network Reconissance Tools

  • TCP Packet Reassembly With Scapy
  • Extracting Images from TCP Streams
  • Analyzing Image Metadata

Mark Baggett
Fri Jun 21st, 2013
9:00 AM - 5:00 PM

CPE/CMU Credits: 6


Test your skills. Prove your might.

Additional Information

Any laptop that can run one Linux virtual machine. Students will also require access to a Windows Computer on which they have administrative access. The Windows computer can be their Host computer or a Guest VM.

If you have additional questions about the laptop specifications, please contact

  • Security Professionals who want to learn how to develop Python applications.
  • Penetration testers who want to move from being a consumer of security tools to the creator security tools.
  • Technolgists that need custom tools to test their infrastructure and desire to create those tools themselves.

A basic understanding of any programming or scripting language is require for this class.

  • The reverse Backdoor shell - Write your own backdoor!
  • SQL Injection Utility - When SQLMAP just wont do the job.
  • Multi-Threaded Password Guessing - That customized CAPTCHA can't stop me
  • Advanced Network Recon - There is no where to hide.
  • pyWars - An Online hacking competition for the first 4 days of class with challenges for the beginner and the advanced programmer
  • Day 5 Capture the Flag - Test your newly acquired skills in a 1 day Capture the Flag competition

You Will Learn

  • Learn to Leverage Python Scripting to maximize the effectiveness of your penetration tests
  • Learn to use TCP Sockets to build network applications
  • How to Develop Web Application attack tools
  • Understand how to parse TCP Packets and PCAP data to Extract valuable data
  • Utilize advanced application concepts such as threading and message queueing

Other Courses People Have Taken

Courses that Lead-in

  • SEC504
  • SEC560
  • SEC660
  • SEC542
  • SEC642

Courses that are good follow-ups

  • SEC560
  • SEC660
  • SEC542
  • SEC642

A virtual machine with sample code and working examples

A copy of Violent Python

Author Statement

Today basic scripting skills are essential to professionals in all aspects of information security. Understanding how to develop your own applications means you can automate tasks and do more, with fewer resources, in less time. As penetration testers, knowing how to use canned information security tools is a basic skill that you must have. Knowing how to build your own tools when the tools someone else wrote fail is what seperates the great penetration testers from the good. This course is designed for security professionals who have some basic scripting skills and want to learn how to apply them to the field of penetration testing. The course will cover the essential skills that are needed to develop applications that interact with networks, websites, databases, and file systems so you can take your career to the next level. We will cover these essential skills as we build practical applications that you can immediately put into use in your penetration tests. -Mark Baggett