DEV550 – Python for Pentesters
DEV550 – Python for Pentesters is an intermediate level course designed for pentesters who want to use Python to build specialized tools. This challenging course will expose students to target scanning, enumeration, exploit development, web application attacks, and persistence mechanisms through Python scripting.
Upon completion, students will have built an arsenal of over 20 penetration testing tools.
This course is designed for students who have basic programming/scripting experience in C or Python, knowledge of networking concepts, and knowledge of penetration testing methods and hacking tools
Provide students with the knowledge necessary to analyze technical situations, solving them through the development of Python tools
- Introduction to building pentesting tools in Python. Students will review Python fundamentals and will develop target scanning and enumeration tools using modules from the Python Standard Library as well as third party modules.
- Students will begin the day by creating custom scanners using the Nmap module. They will develop algorithms to parse complex data sets and build additional functionality into their custom tools.
- Students will begin the day by taking a deep look at x86 memory architecture, operating system controls and debugging. Students will then learn how to construct exploits against stackbased buffer overflows, as well as how to embed shellcode into their Python scripts.
- Students will learn about common web application vulnerabilities, reconnaissance methods and attack vectors. Students will then write code to identify and exploit Standard Query Language (SQL) and Cross-Site Scripting (XSS) vulnerabilities to reveal server-side details, as well as to find directory traversal vulnerabilities.
- On the final day of class, students will learn how to conduct postexploitation pillaging and employ persistence techniques. They will then learn how to build reverse shells, send encoded data via HTTP requests, and control their persistence tool via command and control mechanisms.