In this talk, I will introduce you to the core concepts of chosen python as your programming language as a cybersecurity professional, how it can improve your agility and performance. The core concept of cybersecurity involves protecting information and systems from major cyberthreats, these cyberthreat takes many forms (e.g web application attacks, malware, ransomware, phishing, exploit kits)
2. L Raji Abdulgafar
L Bug Hunter
L InfoSec as a Service
L PY
$WHOAMI
@mrgaphy @abdulgaphy
3. INTRODUCTION
Widespread of technology and access to the internet are
shaping the way business activity is done today. while
these phenomena are known to have brought global
business to a whole new level, they have also brought
with them, the mixed blessing called “cybercrime.”
The term “cybersecurity” is used to refer to the security
offered through on-line services to protect your online
information in other way cybersecurity refer to a set of
techniques used to protect the integrity of networks,
programs and data from attack, damage and
unauthorized access.
@mrgaphy @abdulgaphy
4. @mrgaphy @abdulgaphy
In this talk, I will introduce you to the core concepts of
chosen python as your programming language as a
cybersecurity professional, how it can improve your agility
and performance.
The core concept of cybersecurity involves protecting
information and systems from major cyberthreats, these
cyberthreat takes many forms (e.g web application attacks,
malware, ransomware, phishing, exploit kits)
According to FORBES, the global cybersecurity market is
expected to reach 170 billion by 2020. this rapid growth is
being fueled by an array of technology trend, including the
onslaught of initiatives with ever-evolving security.
INTRODUCTION CONT…
5. Learning a programming language is like starting a friction
fire……….it takes a bit of work upfront, but once you get
the initial ember the fire starts quickly.
LEARNING TO CODE
6. DATA TYPES
Strings - “Hello”
Numbers - 123
Lists – [‘hello’,’2’,’1’]
Tuples - (‘1’,’2’,’3’) (immutable)
Dictionaries – d = {‘key1’:’dog’,’key2’:’cat’}
PYTHON 101
Python is a brilliant language. It is known to be a lazy programming l
Used to write small lines of codes that does many tasks.
This is a simple print line statement >>> print(“Welcome, Pentesters”
@mrgaphy @abdulgaphy
7. L python can be run directly from the cli.
L Python code can be written directly into a python
interpreter using a python ide.
L Python code can be in a file.
RUNNING A PYTHON CODE
8. WHY PYTHON?
L EASY (install, learn,
code)
L Tons of libraries
L Code is easy to
understand
L Multiplatform
L Good for prototyping
9. WHAT MAKES PYTHON SUCH AN EFFECTIVE
LANGUAGE FOR SECURITY PROFESSIONAL
@mrgaphy @abdulgaphy
L It is a scripting language.
L Many tasks can be automated to save time.
L Python supports pre-built extensive libraries that are
specifically designed for penetration testing and provide
some powerful functionalities.
L The syntax isn’t too complicated and there are a lot of 3rd
party modules that can do heavy lifting for you.
10. Python modules are one of the most powerful features.
They extend functionality for your python script. So if you
wanted to make a web request, you could just import the
module “urllib” instead of having to write all the code from
scratch.
There are many built-In modules and 3rd party modules
developed by the InfoSec community
@mrgaphy @abdulgaphy
WHAT A PYTHON MODULES DOES
11. You might think “I don’t know how to write code”, and you
may tune this talk out because you think you wont
understand it.
…..BUT I DO NOT WRITE CODE
@mrgaphy @abdulgaphy
12. HTTPSERVER
It creates and listens at the HTTP server,
dispatching the requests to a handler.
@mrgaphy @abdulgaphy
14. Cryptography could be viewed as a process of information
hiding and verification. This process includes the protocols
(standards), algorithms and strategies to securely and
consistently prevent or delay unauthorized access to
sensitive information and enable the verifiability of every
component in a communication.
CRYPTOGRAPHIC
SERVICES
15. • When performing web application assessments, the ability
to craft web
requests in Python is essential
• Python has many libraries to support interaction with web
resources
(urllib, urllib2, requests, BeautifulSoup, etc.) We are going to
explore
several of these in the presentation.
MAKING WEB REQUESTS
17. GET Request to fetch all the web page (digest
authentication, redirections, cookies and more).
REQUESTS: MODULE FOR WEB
18. L Scapy
L Optparse
L Requests
L Urllib
L Pycipher
L Nmap
L SSL
L Json
L RE
L Argparse
L Sys
L OS
L BeautifulSoup
SOME PYTHON MODULES
19. WHO IS USING PYTHON?
L Immunity Debugger
L Peach
L Sulley
L Paimei
L Scapy
L Spike Proxy
L Core Impact
L Canvas
L W3AF
L Sqlmap
L Impacket
L Google
L Peepdf
Editor's Notes
You can’t rely on automated tools
can save loads of time when dealing with manual and repetitive tasks
writing a tool for something gives you a deeper understanding on the topic.