This course will cover using Python to interact with native system functionality on Windows and Linux.
The focus of the class will be the basic theory behind the common APIs that are relevant for many security-related tasks including memory manipulation, shellcode injection, and process hooking. Throughout the course students will learn how to create low-level wrappers of Python code to leverage existing functionality and combine these pieces to create basic tool sets.
This Python course is intended for penetration testers and security researchers who are interested in writing their own tools to prototype attack techniques and exploits. This course will not cover traditional "Python For Penetration Testers" material such as automating external tools, making HTTP requests, or parsing data.
Students should be familiar with Python basics: how to use pip, how to write functions and modules, and familiarity with the basic data types and bring a system capable of running a 64-bit virtual machine (either VMware of Virtual Box)
There are times when running a malicious program through a sandbox just isn’t enough – sometimes you need to go a deeper level and find out how it works, not just what it’s doing. When this happens, you need to use Reverse Engineering.
Reverse Engineering (RE) is the practice of analyzing a compiled executable, examining it at the assembly level, and determining how it works. In this class, students will learn the basics of Intel x86 and x64 assembly, the concepts behind reverse engineering, and how they can learn the secrets of a malicious executable using debuggers and disassemblers. Throughout the class, students will learn this by reversing an in-the-wild ransomware executable.
Requirements: Reverse engineering experience is not required. However, students should be familiar with the basics of programming (e.g. variables, constants, hexadecimal, etc.) Programs used in the class will be the debugger x64dbg (https://x64dbg.com/) and disassembler Ghidra (https://ghidra-sre.org/), although students are welcome to use any tools they are familiar with.
Students will also be required to use a Windows Virtual Machine that supports snapshots. VMWare Workstation, Fusion, or Virtualbox will work; VMWare Player will not. The Windows VM should be at least Windows 7. If students do not have a Windows license available, a time-limited copy of Windows can be downloaded from https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/ prior to class. All other tools will be provided to students.
Have you heard of Splunk, but don't know how to wield it to gain authority over big data? Have you used Splunk, but want to learn how to set it up and build it out properly? If so, this course is for you. In this course, you will work with Splunk from the ground up.
You'll learn the basics of Splunk terminology, along with how to use the Splunk web interface to find data. You'll also build your own Splunk environment, add data to the Common Information Model (CIM), create dashboards, and find events within the data. Finally, you'll gain more advanced searching techniques that are especially useful to those in network, security, and system administration roles.
By the end of the course, you will be confident in using Splunk and will be on the road to become a proficient Splunk architect and administrator as quickly as possible!
Required Materials: Laptop with Internet access (a web browser and SSH client) ; Splunk.com account