Pentesting with Perl
Joshua Abraham july 23-24
$2000
Ends February 1
$2200
Ends June 1
$2400
Ends July 20
$2700
July 21-24
Overview
The object of the course is to cover many of the tasks that need to be performed during a penetration assessment as well as to improve existing tools and build new tools as needed.
This course will help to streamline much of the tedious aspects of pentesting. We will use Perl to get the job done quickly and effectively. The goal of the course is to help everyone to automate many of the tasks they are performing manually, so that they can focus on more complex issues. The ability to automate tasks is critical to being a successful penetration tester. We need to be spending time on the most complex issues that cannot be tested through the use of automated tools!
Course Syllabus
- Perl and CPAN modules
- Scalars
- Arrays
- Hashes
- Objects
- Union and intersection of two files
- Base64 encode/decode
- IP/Hostnames reverse, resolve and extract information
- Convert CIDRs to Ranges and Ranges to CIDRs
- Extracting information from: Nmap, Nikto, Sslscan, Dirbuster, and Fierce
- Extracting links and email addresses from a website
- Building a basic Port-scanner
- Building a useful Port-scanning
- Building a sniffer to parse PDML (synergy decrypter)
- Phishing attacks on steroids!
- Improving Metasploit with Perl (psexec)
- Web login bruteforcer (GET and POST)
- Web directory bruteforcer
- BurpSuite Automation with Perl
- Building and Improving custom Nikto checks
Teaching Methods
Lecture, hands-on labs and code review.
Who should attend
Anyone with an interest in automating mundane tasks during a penetration test.
Prerequisites
Understanding of at least a single programming language (Perl, Python, Ruby, PHP, Java, C#, C, C++), and familiarity with Nmap, Metasploit and other penetration testing tools
What to bring
Laptop (installed with Ubuntu or Windows XP and VMware Player)
Materials Supplied
Modules, Examples and Slides
Trainer
Joshua "Jabra" Abraham joined Rapid7 in 2006 as a Security Consultant. Josh has extensive IT Security and Auditing experience and worked as an enterprise risk assessment analyst for Hasbro Corporation. Josh specializes in penetration testing, web application security assessments, wireless security assessments, and custom code development. In the past, he has spoken at BlackHat, DEF CON, ShmooCon, Infosec World, CSI, OWASP Conferences, LinuxWorld, Comdex and BLUG. In his spare time, he contributes code to open source security projects such as the BackTrack LiveCD, BeEF, Nikto, Fierce, and PBNJ.
