Advanced Information Security Automation with Python

This course is designed as the logical progression point for students who have completed  Automating Information Security with Python, or for those who are already familiar with basic Python programming concepts. This  course jumps immediately into advanced concepts. It looks at coding techniques used by popular open-source information security packages and how to apply them to our own Python cybersecurity projects.

Course Key Learnings:

• New pyWars features, virtual environments, and VSCode
• How to use unit testing to evaluate code in development
• Python object-oriented coding
• Decorators
• Iterators
• Context managers
• Data descriptors
• Object attribute security and attacks
• Multi-threading
• Multi-processing
• How to understand and mitigate object serialization attacks
• The right way to do application logging
• Command line tool automation with PEXPECT
• Interpreter and object model attacks

Course Content: 

Module1: : Python Package Essentials

Overview

The first course section jumps straight into pyWars.  You’ll learn how developers use unit tests to evaluate their programs during the development process and prevent small changes in core function from having cascading affects in your applications. We’ll deep dive into the Python package structure, and you’ll learn how setup.py can be used to build a deployable package and how to handle common structural errors such as circular references.

Topics

• Virtual Environment
• Using an IDE
• Unit Testing
• Building Packages
• PIP Installable Package
• Understanding Package Imports
• Absolute vs. Relative Imports
• Circular References

Module2:  Python Objects

Overview

This course section will teach you to develop custom Python objects and data structures to support the needs of modern cybersecurity projects. We will build a model cybersecurity project called the Security Professionals Friend 100 (SPF100) that incorporates features found in popular cybersecurity packages such as Scapy and Volatility. You’ll see how the right data structure can make your applications much easier to use and speed the development process.

Topics

• Argument Packing
• Objects
• Inheritance Super
• Inheriting and Extending Built-in Objects
• The Magic Dunders
• Slicing

Module3: : Python Objects (continued)

Overview

In this section we continue adding new features to SPF100 that make Python objects more versatile. You’ll learn how to customize the behavior of objects when accessing their attributes, and how to resolve attribute naming conflicts by using name mangling. We will discuss attribute privacy, the security pitfalls associated with any developer trying to protect object attributes, and how to exploit them. This section will provide you with a firm understanding of how to perform error handling in your projects. We’ll complete the session by adding custom iterators to our project that can process network packets in interesting ways.

Topics

• Attribute Access
• Executable Attributes
• Name Mangling
• Attribute Privacy
• Object Comparison Operations
• Advanced Exception Handling
• Object Iteration
• Object Instantiation

Module4: Advanced Concepts

Overview

Knowing how to code is only part of the battle. When it comes to solving real-world cybersecurity problems, a bit more is required. Show us an information security professional who doesn’t hate working with timestamps and time zones and we’ll show you an information security professional who has never had to deal with timestamps and time zones. In this course section you will learn how to properly process and handle timestamps and solve problems that require knowledge of multiple time zones. You will learn how and when to use multi-processing and multi-threading to spread out the load and handle large amounts of data. We will continue to build on SPF100 and leverage Python features such as context managers in order to make the package as user-friendly as it is in other popular cybersecurity projects.

Topics

• Dataclasses and NamedTuples
• Timestamps and Time Zones
• Concurrency
  • Multi-threading
  • Multi-processing
• Serialization Attack and Mitigation
• Context Managers

Module5: Advanced Concepts (continued)

Overview

This course section will examine some of the most common struggles developers face when designing cyber tools. We will discuss how to automate command line tools that require interaction. This goes far beyond just running the program and capturing the output. We will talk about the ability to fully automate and interact with any command line. Next, we will add the ability to generate logs. You’ll learn how to control the logs for other modules and configure applications so that you are alerted when critical events take place. We’ll show you how you can use decorators to quickly add functionality to existing code with minimal changes to those programs. You will learn how to develop your own powerful decorators to improve any code base. We’ll wrap up our discussion with a look at more security vulnerabilities that affect the Python interpreter and commonly used functions.

Topics

• CLI Tool Automation
• Logging
• Decorators
• Python Attacks

Module6:: Capture-the-Flag Challenge