DEV550 – Python for Pentesters

Course Overview DEV550 – Python for Pentesters is an intermediate level course designed for pentesters who want to use Python to build specialized tools. This challenging course will expose students to target scanning, enumeration, exploit development, web application attacks, and persistence mechanisms through Python scripting. Upon completion, students will have built an arsenal of over 20 penetration testing tools. Objectives Provide students with the knowledge necessary to analyze technical situations, solving them through the development of Python tools  Target Audience hThis course is designed for students who have basic programming/scripting experience in C or Python, knowledge of networking concepts, and knowledge of penetration testing methods and hacking tools Estimated Course Length: 24 hours Day 1 Day 1 Introduction to building pentesting tools in Python. Students will review Python fundamentals and will develop target scanning and enumeration tools using modules from the Python Standard Library as well as third party modules. Topics List Python Fundamentals Socket Module I/O Functionality User Input Application Banner Grabbing Functions HTTP Methods Nmap Module Day 2 Students will begin the day by creating custom scanners using the Nmap module. They will develop algorithms to parse complex data sets and build additional functionality into their custom tools. The labs challenge students to use a variety of control structures like sequence, selection, and repetition Topics List Building Custom Scanners Parsing Nmap Data “If” statements Exception Handling Enhancing Tool Functionality OS Module Introduction to Exploit Development Day 3 Students will begin the day by taking a deep look at x86 memory architecture, operating system controls and debugging. Students will then learn how to construct exploits against stackbased buffer overflows, as well as how to embed shellcode into their Python scripts. Topics List x86 Memory Architecture Exploit Mitigation Controls Fuzzing Debugging Shellcode Constructing Exploits Day 4 The Pointers lectures and labs expose students to indirect addressing. Reading from and writing to files using file pointers and comparing call-by-value and call-by-reference methods are discussed. Finally the student will learn how to pass information to and get information back from functions. Topics List Pointers Indirect addressing File I/O using pointers Call methods for functions Modularize program with functions Working with pointers and functions Case Study: Solar-heated House; Problem: Design a program to estimate size of collecting area needed to support a solar-heated house Day 5 The Array Pointers lectures and labs teach students how to use arrays and how C implements arrays as pointers. Students learn how to access values in arrays, and how to process data in arrays using loops. Searching arrays is introduced and multi-dimensional arrays are described as a solution for storing tables of data. Topics List Arrays Relationship between arrays and pointers Process array data with loops Function and array interaction Searching and sorting arrays Case Study: Summary of Business Revenue; Problem: Regional medical center needs software to track its revenue by unit and quarter