Python for Ethical Hackers

Designed to push your Python scripting skills to the next level!

  • Professional Course Material

    The Python for Ethical Hackers (PFEH) course is based on cutting-edge research and real world experience accumulated over the years by our Red Team.

  • Hands-on Lab Exercises

    In order to consolidate the concepts taught throughout the course, each lecture is followed by several hands-on lab exercises.

  • Get the CPH certification!

    The Certified Python Hacker (CPH) certification is a 48 hours practical exam to prove the student's ability to develop customized offensive tools under pressure.

Highlights

■ Develop custom applications for extracting data from social networks.

■ Understand how to develop customized network reconnaissance tools.

■ Learn to automate complex network and Web attacks.

■ Utilize Python to rapidly develop remote exploits.

■ Learn to evade antivirus and IDS software with ad-hoc Python Voodoo.

Course Description

Today’s reality is this: No matter what business you are in, no matter where in the world you are – if you’ve got data, then your business is at constant risk. These are the words used by Robert J. McCullen to describe the current situation in the 2013 Global Security Report. IT and security professionals are faced with an increasing number of threats that are not only growing in volume, but also in sophistication and scale.

The Python for Ethical Hackers (PFEH) course provides you the tools and teach you the techniques to quickly identify and fix weaknesses in your corporate network. After a quick introduction to the Python programming language, you will learn through several hands-on exercises how to collect information about your target, launch complex Web attacks, extend world-class tools such as the Burp Suite and WinDbg, discover software vulnerabilities, write reliable exploits for Microsoft Windows, and develop custom scripts for your Android phone.

Course curriculum

  • 01

    Welcome to the course!

  • 02

    Introduction to Python

    • Module overview

    • Module objectives

    • Introduction to Python

    • Introduction to Python - Few words about Python

    • Data types and variables

    • Data types and variables - Basic Data Types in Python

    • Data types and variables - Conversion functions in Python

    • Operators and expressions

    • Conditional statements and loops

    • Functions and modules

    • Input / output

    • Errors and exceptions

    • Python Essentials Quiz

    • Exercises
  • 03

    Python Essentials: Standard modules

    • Standard modules

    • The sys module

    • The os module

    • The re module

    • The socket module

    • Standard Modules Quiz

    • Exercises
  • 04

    Python Essentials: Advanced topics

    • Classes and objects

    • Debugging and introspection

    • Exercises
  • 05

    Intelligence Gathering

    • Overview

    • Passive information gathering with Google

    • Metadata analysis

    • Extracting metadata from PDF files

    • Extracting metadata from Microsoft Office files

    • Extracting information from social networks

    • Exercises
  • 06

    Network Hacking

    • Overview

    • Network and port scanning with Nmap

    • Network traffic analysis

    • PCAP file parsing

    • Packet sniffing

    • Packet manipulation

    • Scapy API

    • Exercises
  • 07

    Web Hacking

    • Overview

    • HyperText Markup Language (HTML) analysis

    • Extending the Burp Suite in Python

    • Burp Extender API

    • HTTP traffic analysis with the Burp Suite

    • Building custom Web exploits from scratch

    • Exercises
  • 08

    Software Hacking

    • Overview

    • Static analysis with IDA Pro

    • What is IDAPython?

    • IDAPython basics

    • Analyzing functions in IDAPython

    • Enumerating the attack surface of an application with IDAPython

    • Analyzing live applications with WinDbg

    • PyKD basics

    • Scripting WinDBG with PyKd

    • Binary analysis with Immunity Debugger

    • Writing a custom PyCommand for the Immunity Debugger

    • Building custom exploits from scratch

    • Antivirus and IDS evasion

    • Exercises
  • 09

    Mobile Hacking

    • Module overview

    • Module objectives

    • Android platform overview

    • Python for Android

    • Installing Python for Android

    • Hello World with QPython

    • Writing Python scripts for Android

    • Android & SL4A Quiz

    • Exercises
  • 10

    Next steps

    • More resources for you

    • Congrats! Here's what's next.

    • Before you go...

Audience

This course is well suited for penetration testers, network administrators, security engineers, software developers, and IT professionals who are wishing to take their Python skills to the next level.

Prerequisites

Training attendees should be familiar with the most common Web attacks (e.g. SQL Injections, Cross-Site Scripting, etc.) as well as have a basic knowledge and understanding of popular software vulnerabilities (e.g. stack buffer overflows, format strings, etc.). No prior programming experience is needed.

Requirements

■ Laptop with at least forty (40) GB of free hard drive space and eight (8) GB of RAM.

■ Latest Oracle VM VirtualBox and VirtualBox Extension Pack installed.

■ A working version of Burp Suite Professional (or Burp Suite Professional Trial).

■ A working version of IDA Pro 6.8+ (for the IDAPython section).

Course Registration