Special Offer w/ OnDemand: Get an iPad (32 G), Galaxy Tab A, or Take $250 Off OnDemand Training thru Jan 27


To attend this webcast, login to your SANS Account or create your Account.

Tech Tuesday Workshop - O Hacker, Where Art Thou?: A Hands-On Python Workshop for Geolocating Attackers

  • Tuesday, May 19, 2020 at 1:00 PM EST (2020-05-19 17:00:00 UTC)
  • Mark Baggett

You can now attend the webcast using your mobile device!



Law enforcement is in the business of putting bad guys in jail. To do that you have to know where they are hiding. Today attackers use various techniques to obfuscate their location including hiding their IP Addresses behind VPN software. How do you know where they really are?  

Incident Responders dealing with a threat have mountains of logs full of IP Addresses. Which addresses are being used by your attackers? Finding those that share the same country or city of origin can help to separate the wheat from the chaff. But how do you do that in mass for all of these IP Addresses quickly, efficiently and accurately?

In this two hour workshop we will look at how to tools and techniques for identifying the geographic point of origin of IP Addresses and wireless networks we identify during forensics investigations and incident response. We will use Python to leverage various online resources to turn that anonymous IP Address into a latitude and longitude suitable for your proverbial or literal ballistic missile strike.


This session assumes you have some understanding of programming and some familiarity with Python. Several samples of Python code will be distributed and used to interface with various website APIs. Those with no programming background will be able to complete the workshop and see how these things works. However they may be left with a large empty void in their hearts that could only be filled by attending SEC573 Automating information Security with Python.

System Requirements

  • Virtualization Software capable of running VMWare 14 Workstation compatible VM
  • 30 GB Free Hard Drive Space
  • 8 GB Memory
  • Your VM Will require access to the internet

Speaker Bio

Mark Baggett

Mark Baggett is the owner of Indepth Defense, an independent consulting firm that offers incident response and penetration testing services. Mark has more than 28 years of commercial and government experience ranging from Software Developer to Chief Information Security Officer. Mark is a Senior Instructor for The SANS Institute and the author of SANS Automating Information Security with Python course (SEC573). Mark has a Master's Degree in Information Security Engineering and many impressive certifications including being GSE #15. Mark is very active in the information security community. Mark is the founding president of The Greater Augusta ISSA (Information Systems Security Association) chapter and the cofounder of the BSidesAugusta information security conference. Since January 2011, Mark has served as the Technical Advisor to the DoD for SANS where he assists various government organizations in the development of information security capabilities.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.