Basic and Low-level Python Network Attacks
A penetration tester who only knows how to use tools written by others is limited to old techniques. Knowledge of a programming language will make you much more powerful. Python is the favorite choice for penetration testers because it combines simplicity and ease of use with advanced features.This course will commence by showing you how to get the Target and Attacker virtual machines running and properly networked together. You will learn how to connect to a server, and how to automate login requests. This will let you break into services by guessing PINs, and exploit blind vulnerabilities by observing time delays. You will also get your hands dirty and learn how to write custom scanning tools, so that you can send unusual patterns of packets to find and exploit hidden services. Next, you will learn how Web pages are delivered, and how to write your own tools to break into vulnerable websites. Some "blind" services don't return any useful information to guide attackers, but can still be exploited by measuring the time they take to respond. You will also be walked through an in depth understanding of the exact series of network packets required to connect to servers, you can perform many attacks that block traffic or misdirect it through the attacker's system. Using the Scapy library, you can then quickly make network tools, including clients and servers. This is the best way to learn exactly how networking works. Now that you understand normal networking, you can perform attacks that trick networks into sending data to the wrong destination, or refusing service to clients. Towards the end of the course, you will also learn to use these tools to make defenses that distract and confuse attackers, or that detect suspicious network activity.
About the author
Sam Bowne has been teaching computer networking and security classes at City College San Francisco since 2000. He has given talks and hands-on trainings at DEFCON, HOPE, B-Sides SF, B-Sides LV, BayThreat, LayerOne, Toorcon, and many other schools and conferences. Credentials: PhD, CISSP, DEF CON Black-Badge Co-Winner