null Bangalore Workshop 19 May 2018 Python School of Security Register

General hands-on event.

Proposed sessions for this event:

• Python School of Security - Session by Abhinav Chourasia
• Python School of Security - Session by Bharath

Information security is overwhelmed with tools but using off-the-shelf tools does not always guarantee success. Improvisation is at heart of penetration testing. There are always tasks that need to be automated or to be done in a different way. When off-the-shelf tools/solutions don't work you'll have to improvise and solve problems. As a Penetration Tester, ability to program in some programming language is an essential skill.

Python is an easy to learn programming language that has a rich set of useful libraries and vast community support. Python has gained a lot of momentum in information security. It's a easy choice for anyone getting started security or even for a seasoned security practitioner.

This workshop is meant to be a quick intro to essentials of Python language and usig Python to automate various tasks that you encounter during a penetration test. We'll spend some amount of time learning the Python language itself and some amount of time in automating security tasks.

Learning outcomes

• You'll learn essentials of Python programming language to be able to write your own (simple) scripts/tools
• You'll learn to use Python language to automate various tasks during security assessments
• You'll learn enough Python to be able to read others code and tweak the code to work for your case
• You'll get a kick start with Python programming that is enough to continue learning the language on your own

What will be covered?

1. Quick intro to Python programming
2. Interacting with various protocols using Python(especially HTTP & DNS)
3. Working with various data formats in Python(JSON, XML etc)
4. Using various security related third-party libraries/tools in Python
5. Python related concepts that will help you in writing and publishing (better) security tools
6. Writing simple web scrapers

What not to expect out of the workshop?

• Coverage of intermediate/advanced Python concepts such as Generators, Iterators, Object Oriented concepts and multithreading etc
• This is a workshop is geared towards penetration testers who want to use Python to automate security tasks so don't expect an exhaustive intro penetration testing during the workshop

What do you need to know?

• Little bit of programming experience in some language but not necessarily Python is preferable. (Enough to know what is a variable, 'if' conditonal, 'for' loop etc.). Concepts covered in this document should be enough: Python in one Easy Lesson
• Some exposure to Penetration Testing is expected. We don't expect audience to be proficient at pentesting but we will expect that you know the basics of a pentest
• Basic knowledge of Linux command-line is necessary (Usage of commands like cd, ls, grep, less etc.)
• Able to use at least any one command line and one graphical text editor (nano, vim, gedit, Sublime, VS Code etc)

What you should bring to the workshop?

• Laptop with administrator access (mandatory)
• Minimum 2 GB RAM and 5 GB free hard disk space.(More the better)
• Preferably running Linux as primary OS but Windows/Mac is permissible
• Oracle VirtualBox 5.x or later installed. (VMWare users are on their own)
• An SSH client on the host OS. (Most Linux distributions have SSH client by default, Windows user can use putty)
• Your own Internet connectivity (Internet is needed for few exercises and also for additonal reading)

What to expect in this session?

• Hands-on, lab driven approach
• Fast paced learning with some hand holding
• Focus on writing custom tools/scripts using Python