Python for Ethical Hackers - Information Security Solutions

PTRACE SECURITY Information Security Solutions [email protected] https://www.ptrace-security.com Ptrace Security GmbH Untermüli 9, 6300 Zug...

8 downloads 685 Views 104KB Size
PTRACE SECURITY Information Security Solutions

Python for Ethical Hackers Version 3.0

[email protected] https://www.ptrace-security.com

Ptrace Security GmbH Untermüli 9, 6300 Zug, Switzerland

1/4

PTRACE SECURITY Information Security Solutions

Course Description Today’s reality is this: No matter what business you are in, no matter where in the world you are – if you’ve got data,

then your business is at constant risk . These are the words used by Robert J. McCullen to describe the current situation in the 2013 Global Security Report. Today, IT and security professionals are faced with an increasing number of threats that are not only growing in volume, but also in sophistication and scale. The Python for Ethical Hackers course will provide you the tools and teach you the techniques to quickly identify and exploit vulnerabilities in your corporate network. After a quick introduction to the Python programming language, you will learn through several hands-on exercises how to collect information about your target, launch complex Web attacks, extend world-class tools such as the Burp Suite and WinDbg, discover software vulnerabilities, write reliable exploits for Microsoft Windows, and develop custom scripts for your Android phone.

Highlights 

Develop custom applications for extracting data from social networks



Understand how to develop customized network reconnaissance tools



Learn to automate complex network and Web attacks



Utilize Python to rapidly develop remote exploits



Learn to evade antivirus and IDS software with ad-hoc Python Voodoo

Audience This course is well suited for penetration testers, network administrators, security engineers, auditors, exploit developers, and IT professionals who are wishing to take their hacking skills to a completely new level.

Course Content Module 0: The Course 

Welcome



Course Overview



Setting up the Lab

Module 1: Python Essentials 

Introduction to Python



Data types and variables



Operators and expressions



Conditional statements and loops



Functions, modules and packages



Input / output



Errors and Exceptions



Classes and objects



Standard modules

[email protected] https://www.ptrace-security.com

Ptrace Security GmbH Untermüli 9, 6300 Zug, Switzerland

2/4

PTRACE SECURITY Information Security Solutions



Debugging and introspection

Module 2: Intelligence Gathering 

Passive information gathering with the Google API



Extracting information from Facebook, Twitter and LinkedIn



Metadata analysis





Extracting metadata from images



Extracting metadata from PDF files



Extracting metadata from Microsoft Office files



Extracting metadata from executable files

Advanced geolocation analysis

Module 3: Network Hacking 

Passive network traffic analysis 

PCAP file parsing and analysis



Network and port scanning



Brute forcing SSH, Telnet and FTP user credentials



SNMP reconnaissance





Using the Nmap port scanner from Python



Enumerating Windows users



Enumerating open TCP ports



Enumerating installed software

Advanced packet manipulation with Scapy

Module 4: Web Hacking 

HTTP clients and servers



HTML and XML file analysis



Scanning and attacking Web applications



Extending the Burp Suite in Python



Building custom Web exploits from scratch

Module 5: Software Hacking 

Static analysis with IDA Pro



Analyzing live applications with WinDbg and PyKd



Binary analysis with the Immunity Debugger



Building custom exploits from scratch



Antivirus and IDS evasion

[email protected] https://www.ptrace-security.com

Ptrace Security GmbH Untermüli 9, 6300 Zug, Switzerland

3/4

PTRACE SECURITY Information Security Solutions

Module 6: Mobile Hacking 

Introduction to Python for Android



Android API overview



Building custom scripts for Android

Prerequisites Training attendees should be familiar with the most common Web attacks (e.g. SQL Injections, Cross-Site Scripting, etc.) as well as have a basic knowledge and understanding of popular software vulnerabilities (e.g. stack buffer overflows, format strings, etc.).

Requirements 

Laptop with at least forty (40) GB of free hard drive space and eight (8) GB of RAM



Latest Oracle VM VirtualBox and VirtualBox Extension Pack installed.



A working version of Burp Suite Professional (or Burp Suite Professional Trial)



A working version of IDA Pro 6.8+ (or IDA Pro Evaluation Version)

Trainer Gianni Gnesa is a security researcher and professional trainer at Ptrace Security GmbH, a Swiss-based company that offers specialized IT security services to customers worldwide. With several years of experience in vulnerability research, exploit development, and penetration testing, Gianni is an expert in exposing the vulnerabilities of complex commercial products and modern network infrastructures. In his spare time, Gianni conducts independent security research on kernel exploitation and rootkit detection.

Contact Information For further information, please contact Ptrace Security GmbH at [email protected]

[email protected] https://www.ptrace-security.com

Ptrace Security GmbH Untermüli 9, 6300 Zug, Switzerland

4/4