Automating Information Security with Python Training Course Hands-on
This Automating Information Security with Python Training course is designed to give you the skills you need for tweaking, customizing, or outright developing your own tools. We put you on the path of creating your own tools, empowering you in automating the daily routine of today's information security professional, achieving more value in less time. Again and again, organizations serious about security emphasize their need for skilled tool builders. There is a huge demand for people who can understand a problem and then rapidly develop prototype code to attack or defend against it.
All security professionals, including Penetration Testers, Forensics Analysts, Network Defenders, Security Administrators, and Incident Responders, have one thing in common. CHANGE. Change is constant. Technology, threats, and tools are constantly evolving. If we don't evolve with them, we'll become ineffective and irrelevant, unable to provide the vital defenses our organizations increasingly require.
Maybe your chosen Operating Systems has a new feature that creates interesting forensics artifacts that would be invaluable for your investigation, if only you had a tool to access it. Often for new features and forensics artifacts, no such tool has yet been released. You could try moving your case forward without that evidence or hope that someone creates a tool before the case goes cold...or you can write a tool yourself.
Duration: 5 days
• We can adapt this Automating Information Security with Python Training course to your group’s background and work requirements at little to no added cost.
• If you are familiar with some aspects of this Automating Information Security with Python Training course, we can omit or shorten their discussion.
• We can adjust the emphasis placed on the various topics or build the Automating Information Security with Python Training course around the mix of technologies of interest to you (including technologies other than those included in this outline).
• If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Automating Information Security with Python Training course in manner understandable to lay audiences.
Audience / Target Group
• Security professionals who want to learn how to develop Python applications.
• Penetration testers who want to move from being a consumer of security tools to being a creator and customizer of security tools.
• Technologists who need custom tools to test their infrastructure and want to create those tools themselves.
A basic understanding of any programming or scripting language is highly recommended but not required for this class
After completing this Automating Information Security with Python Training course, attendees will be able to:
• How to leverage Python Scripting to maximize the effectiveness of your penetration tests.
• How to use TCP Sockets to build network applications.
• How to develop Web Application attack tools.
• How to parse TCP Packets and PCAP data to extract valuable data.
• How to use advanced application concepts, such as threading and message queueing.
Automating Information Security with Python Training - Course Content:
Essentials Workshop with pyWars
The course begins with a brief introduction to Python and the pyWars capture the flag game. We set the stage for students to learn at their own pace in the 100% hands-on pyWars lab environment. As more advanced students take on Python-based Capture The Flag challenges, students who are new to programming will start from the very beginning with Python essentials, including:
● Python Syntax, Variables, Math Operators, Strings, Functions, Modules, Control Statements, Introspection
Essentials Workshop with MORE pyWars
You will never learn to program by staring at PowerPoint slides. The second day continues the hands-on, lab-centric approach established on day one. This section covers data structures and more detailed programming concepts. Next, we focus on invaluable tips and trick to make you a better Python programmer and how to debug your code. Day two includes topics such as:
● Lists, Loops, Tuples, Dictionaries, The Python Debugger, Coding Tips, Tricks and Shortcuts, System Arguments, and the ArgParser Module
Day three includes in-depth coverage about how defenders can use Python automation as we cover Python modules and techniques that everyone can use. Forensicators and offensive security professionals will also learn essential skills they will apply to their craft. We will play the role of a network defender who needs to find the attackers on their network. We will discuss how to analyses network logs and packets to discover where the attackers are coming from and what they are doing. We will build scripts to empower continuous monitoring and disrupt the attackers before they exfiltration your data. Day 3 topics include:
● File Operations, Python Sets, Regular Expressions, Log Parsing, Data Analysis tools and techniques, Long Tail/Short Tail Analysis, Geolocation acquisition, blacklists and whitelists, Packet Analysis, Packet reassembly, Payload extraction
On day four we will play the role of a forensics analyst who has to carve evidence from artifacts when no tool exists to do so. Even if you don't do forensics you will find these skills covered on day four are foundational to every security role. We will discuss the process required to carve binary images, find appropriate data of interest in them, and extract that data. Once you have the artifact isolated, there is more analysis to be done. You will learn how to extract metadata from image files. Then we will discuss techniques for finding artifacts in other locations such as SQL databases and interacting with web pages. Day 4 subjects include:
● Acquiring Images from disk, memory and the network, File Carving, the STRUCT module, Raw Network Sockets and protocols, Image Forensics and PIL, SQL Queries, HTTP Communications with Python built in Libraries, Web communications with the Requests module
On day five we play the role of penetration tester whose normal tricks have failed. Their attempts to establish a foothold have been stopped by modern defenses. To bypass these defenses, you will build an agent to give you access to a remote system. Similar agents can be used for Incident response or systems administration, but our focus will be on offensive operations.Today's subjects include:
● Network Socket Operations, Exception Handling, Process execution, Blocking and Non-blocking Sockets, Asynchronous operations, the select module, Python objects, Argument packing and unpacking
In this final section you will be placed on a team with other students. Working as a team, you will apply the skills you have mastered in a series of programming challenges. Participants will exercise the skills and code they have developed over the previous five days as they exploit vulnerable systems, break encryption cyphers, analyze packets, parse logs, and automate code execution on remote systems. Test your skills! Prove your might!