PTRACE SECURITY
Information Security Solutions
Python for Ethical Hackers
Version 3.0
https://www.ptrace-security.com Untermüli 9, 6300 Zug, Switzerland
PTRACE SECURITY
Information Security Solutions
Course Description
Today’s reality is this: No matter what business you are in, no matter where in the world you are – if you’ve got data,
then your business is at constant risk . These are the words used by Robert J. McCullen to describe the current
situation in the 2013 Global Security Report. Today, IT and security professionals are faced with an increasing
number of threats that are not only growing in volume, but also in sophistication and scale.
The Python for Ethical Hackers course will provide you the tools and teach you the techniques to quickly identify and
exploit vulnerabilities in your corporate network. After a quick introduction to the Python programming language,
you will learn through several hands-on exercises how to collect information about your target, launch complex Web
attacks, extend world-class tools such as the Burp Suite and WinDbg, discover software vulnerabilities, write reliable
exploits for Microsoft Windows, and develop custom scripts for your Android phone.
Highlights
Develop custom applications for extracting data from social networks
Understand how to develop customized network reconnaissance tools
Learn to automate complex network and Web attacks
Utilize Python to rapidly develop remote exploits
Learn to evade antivirus and IDS software with ad-hoc Python Voodoo
Audience
This course is well suited for penetration testers, network administrators, security engineers, auditors, exploit
developers, and IT professionals who are wishing to take their hacking skills to a completely new level.
Course Content
Module 0: The Course
Welcome
Course Overview
Setting up the Lab
Module 1: Python Essentials
Introduction to Python
Data types and variables
Operators and expressions
Conditional statements and loops
Functions, modules and packages
Input / output
Errors and Exceptions
Classes and objects
Standard modules
https://www.ptrace-security.com Untermüli 9, 6300 Zug, Switzerland
PTRACE SECURITY
Information Security Solutions
Debugging and introspection
Module 2: Intelligence Gathering
Passive information gathering with the Google API
Extracting information from Facebook, Twitter and LinkedIn
Metadata analysis
Extracting metadata from images
Extracting metadata from PDF files
Extracting metadata from Microsoft Office files
Extracting metadata from executable files
Advanced geolocation analysis
Module 3: Network Hacking
Passive network traffic analysis
PCAP file parsing and analysis
Network and port scanning
Using the Nmap port scanner from Python
Brute forcing SSH, Telnet and FTP user credentials
SNMP reconnaissance
Enumerating Windows users
Enumerating open TCP ports
Enumerating installed software
Advanced packet manipulation with Scapy
Module 4: Web Hacking
HTTP clients and servers
HTML and XML file analysis
Scanning and attacking Web applications
Extending the Burp Suite in Python
Building custom Web exploits from scratch
Module 5: Software Hacking
Static analysis with IDA Pro
Analyzing live applications with WinDbg and PyKd
Binary analysis with the Immunity Debugger
Building custom exploits from scratch
Antivirus and IDS evasion
https://www.ptrace-security.com Untermüli 9, 6300 Zug, Switzerland
PTRACE SECURITY
Information Security Solutions
Module 6: Mobile Hacking
Introduction to Python for Android
Android API overview
Building custom scripts for Android
Prerequisites
Training attendees should be familiar with the most common Web attacks (e.g. SQL Injections, Cross-Site Scripting,
etc.) as well as have a basic knowledge and understanding of popular software vulnerabilities (e.g. stack buffer
overflows, format strings, etc.).
Requirements
Laptop with at least forty (40) GB of free hard drive space and eight (8) GB of RAM
Latest Oracle VM VirtualBox and VirtualBox Extension Pack installed.
A working version of Burp Suite Professional (or Burp Suite Professional Trial)
A working version of IDA Pro 6.8+ (or IDA Pro Evaluation Version)
Trainer
Gianni Gnesa is a security researcher and professional trainer at Ptrace Security GmbH, a Swiss-based company that
offers specialized IT security services to customers worldwide. With several years of experience in vulnerability
research, exploit development, and penetration testing, Gianni is an expert in exposing the vulnerabilities of complex
commercial products and modern network infrastructures. In his spare time, Gianni conducts independent security
research on kernel exploitation and rootkit detection.
Contact Information
For further information, please contact Ptrace Security GmbH at [email protected]
https://www.ptrace-security.com Untermüli 9, 6300 Zug, Switzerland