Hacking with Python

מק"ט: #71565 | משך קורס: 32 שעות אק'
| מספר מפגשים: 4

Practical Penetration Testing with Python Workshop

This course is a practical guide to discovering and exploiting security flaws in network and software technologies. By “network technologies” we mean Ethernet, ARP, IPv4, IPv6, ICMP, UDP, TCP, DHCP, DNS, NTP, and HTTP. We examine a wide variety of different protocols and transports, and the means to exploit them to achieve denial of service, identity spoofing and even arbitrary remote command execution. Throughout the course, we spell out the specific steps you need to follow to detect each type of vulnerability, and how to exploit it to perform unauthorized actions.

*שדות חובה
PDF version

קהל היעד

  • Software developers, security analysts, experienced Networking (NOC) and IT teams 

תנאי קדם

  • Hands-on familiarity with networking technologies (TCP/IP, Ethernet, ARP, DHCP, DNS, HTTP)
  • Good system skills (Linux or Windows, preferably both)
  • Good scripting skills (Powershell, Bash…) and/or coding (.Net, Java, Objective-C… etc.)


Day 1:

  • Introduction to python-scapy
  • Crafting TCP/IP datagrams
  • Performing simple floods and src-spoofing with scapy
    • LAND attack
    • MAC-flood
    • SYN-flood
  • Sniffing network traffic with scapy
  • Performing TCP handshake attacks
    • RAW TCP 3-way handshake
    • Sockstress

Day 2:

  • Service discovery with nmap and scapy
    • Scanner honeypot
  • Advanced floods and DoS
    • IPv6 ICMPv6 RA flood
    • DHCP Starvation
  • Packet malformations
    • IP fragmentation attacks
    • The mysterious case of UDP CRC (CVE-2016-10229)
    • DHCPv6 overflow and remote code execution (CVE-2018-15688)
  • Application-layer flooding
    • slow-http and slow-loris
  • Amplification attacks
    • Smurf “attack”
    • DNS/NTP/memcache amplifications

Day 3:

  • What about ARP?
  • build your own ARP Monitor
  • MITM through ARP poison
  • Crypto brute-force
    • guessing zip passwords
    • other docs too: office docs, pdf’s, rar’s
  • Login brute-force
    • brute-forcing web services
    • ssh authentication
    • other protocols? RDP? FTP? SMTP?
  • Using common password dictionaries
    • how big you need the list to be?
  • Password dictionary construction
    • build your own password generator in python
  • Password pre-mutations
    • password complexity is password simplicity
  • Customized password dictionaries
    • our own all-in-one password generation tool

Day 4:

  • Python is great for blue-teams too..
    • many open source modules make investigative-life easier
  • Sniffing and parsing traffic with python
    • from scapy to libpcap/npcap
  • Even better .. use linux netfilter stream reassembly
    • iptables stateful connection logging
  • Tailing logs with python
    • hook log file and parse netfilter data
  • Process information with psutil
    • psutil is a cross-platform library to get process related information
  • Matching network with process info
    • this is where our code becomes “endpoint-security”
  • Gathering OS metadata (users, parent processes, cmdlines, path, exe hash etc.)
    • our own net-proc monitor