Python: Digital Forensics & Binary Exploits with Python

What you'll learn

Learn network forensics to drive your host analysis
Investigate with the utmost efficiency in Windows and GNU/Linux environments
Get the best tools to obtain and analyze volatile memory images
Use Python to complete enumeration, exploitation, and data exfiltration
Remove unwanted code such as the password or product key tests, and add Trojan code
Analyze simple Windows executable files and modify them using the Immunity Debugger
Analyze simple Linux executable files and modify them using the gdb debugger

Requirements

Prior programming experience with python is beneficial but not required.

Description

Python is uniquely positioned as a programming language to perform cyber investigations and perform forensic analysis. Unleash the power of Python by using popular libraries and Python tools to help you create efficient and thorough forensics investigations.

This learning paths follows a practical approach & can be of utmost importance as it guides you to read, sort, and sniff raw packets and also analyze network traffic. You will learn various tools required to perform a complete investigation with the utmost efficiency in both Windows and GNU/Linux environments with Python. It then explains binary exploits that allow you to skip past unwanted code, such as the password or product key tests, and add Trojan code. You will perform the exploit development process: finding a vulnerability, analyzing a crash in a debugger, creating a crafted attack, and achieving remote code execution on Windows and Linux.

By the end of the course, you will be able to make the most of Python processes and tackle varied, challenging, forensics-related problems. So, grab this course and think like an attacker!

Contents and Overview

This training program includes 2 complete courses, carefully chosen to give you the most comprehensive training possible.

The first course, Python Digital Forensics starts with network forensics, an important aspect of any investigation. You will learn to read, sort, and sniff raw packets and also analyze network traffic. These techniques will help you drive your host analysis. You will learn about tools you'll need to perform a complete investigation with the utmost efficiency in both Windows and GNU/Linux environments with Python. Next, you will learn more advanced topics such as viewing data in PE and ELF binaries. It's vital to analyze volatile memory during an investigation as it provides details about what is actually running on a given system. So, you will learn the best tools to obtain and analyze volatile memory images. Finally, you will learn how to use Python in order to think like an attacker. You will complete enumeration, exploitation, and data exfiltration. By the end of the course, you will be able to make the most of Python processes and tackle varied, challenging, forensics-related problems. So, grab this course and think like an attacker!

The second course, Binary Exploits with Python takes you through explaining binary exploits that allow you to skip past unwanted code, such as the password or product key tests, and add Trojan code. You will perform the exploit development process: finding a vulnerability, analyzing a crash in a debugger, creating a crafted attack, and achieving remote code execution on Windows and Linux. You will use the gdb debugger to analyze Linux executables and Python code to exploit them. On Windows, you'll use the Immunity debugger and Python.

About the Authors:

Daryl Bennett is a manager of a Cyberspace Threat Emulation team with the United States Air Force, where he leads military and civilian members in the employment and execution of offensive security on order to audit the security of network infrastructures. He is a key operator, focusing on risk analysis and the overall security posture of cyberspace systems. Additionally, he has 5+ years' experience working in the open-source community. He is a development specialist in a wide range of domains, including GNU/Linux applications, Android mobile, and autonomous systems. He is passionate about sustaining, developing, and implementing both current and new technologies while practicing analytical problem-solving and learning as much as possible in the process.

Sam Bowne has been teaching computer networking and security classes at City College San Francisco since 2000. He has given talks and hands-on at DEFCON, HOPE, B-Sides SF, B-Sides LV, BayThreat, LayerOne, Toorcon, and many other schools and conferences. Credentials: Ph.D., CISSP, DEF CON Black-Badge Co-Winner

Who this course is for:

This learning path is aimed at the practitioner, security professional, possessing a deep interest in solving common forensics tasks & who wish to upgrade their experience with Python.