OBJECTIF

This training, intended for people who already have a basic knowledge of Python language, displays the different modules and use cases of Python during intrusion tests. We will see many issues encountered during audits and solutions that can be implemented quickly with Python scripting to automate complex and specific tasks.

In particular, the objectives of the training are:

• Facilitate the development of Python exploits
• Automate task processing and automate operations
• Bypass security solutions
• Interfacing different languages with Python

PREREQUISITES

• Knowledge in Python

GENERAL INFORMATION

• Code : PYTPEN
• Duration : 3 Days
• schedule : 8h30 - 17h30
• place : training center, Center Urbain Nord, Tunis

TARGETED AUDIENCE

• •RSSI
• •Security Consultants
• •Engineers / Technicians
• •System Administrators and Networks

RESOURCES

• Course materials
• 40% demonstration
• 40% of theory
• 20% practical exercises

PROGRAM OF TRAINING

• Days 1
• Python for HTTP, requests

Development of a comprehensive search system
Captcha Bypass


• Development of a BurpSuite Python module

• Introduction to BurpSuite
• Development of passive detection module of Web Application Firewalls


• Exploiting a blind SQL injection

• Bit-by-bit extraction and behavioral analysis

• Days 2
• Introduction to distributed tasks

• Introduction to the Slowloris attack
• Development of a distributed slowloris exploit


• Python and HTTP corruption

• Introduction to MITMProxy
• Development of an "SSL Striping" module


• Python and forensics

• Volatility
• Chopper
• Network Forensics with Scapy


• Days 3
• The C and Python, Cython

• ctypes
• Development of a Cython Antivirus and Backdoors module


• Antivirus and Backdoors

• Shellcodes
• Creating an advanced backdoor


• Days 4
• Chain of exploitation

• Exploitation of multiple vulnerabilities
• Creating a complete exploit (POC)


• TP Final

•Capture the Flag