
This video provides an overview of the entire course.
In this video, we will learn how to inspect network traffic at the packet level using Dshell.
Learn to set up a Python virtual environment
Learn to import packet capture
Use Dshell decoders to fuller analyze automate network traffic
In this video, we will continue to deepen the level of knowledge of packet analysis with Scapy.
Familiarize ourselves with object-oriented notations
Practice using the Scapy interactive interpreter
Automate packet capture investigation through the Scapy interpreter
In this video, we will design a Python based Scapy tool to automate our network analysis.
Familiarize ourselves with common Python data structures
Learn to import 3rd party modules into our own application
Unleash the power of Python and Scapy by building our own application
In this video, we will add breadth to our Python capability to extend functionality using Impacket.
Further expand our application to import Impacket
Decode raw packets using Impacket
Get a better understanding of encapsulation and how Impacket handles data
In this video, we will develop the technique to scan files in a directory in or to obtain items and properties.
Understand the basis of recursion and how it applies to directories
Learn about the OS module and how it applies to Python
Develop a Python based directory scanner
In this video, we will learn to populate properties of files such as permissions and timestamps.
Understand how to populate file properties
Populate and examine file permissions
Learn and query the different available timestamps of any given file in Windows
In this video, we will become familiar with the Windows registry and how the key:value data store maintains OS configuration data.
Learn how to interact with the registry using regedit
Use Python to interact with the registry by querying keys
Learn to query and enumerate subkeys and further traverse the registry
In this video, we will learn about the Windows Portable Executable format. We will also learn how an attacker may be able to modify an executable to hide information.
Learn Python modules to open and read Portable Executables
Learn to use pedit to examine Windows binaries
Explore and modify the structure of Windows binaries with pedit
In this video, we will further the understanding of directory traversal in GNU/Linux systems. We will also understand and accomplish traversal recursively.
Learn the concepts of threading to implement recursive traversing
Begin using pools and queues to communicate between threads
Build a Python based directory scanner with the ability to traverse directories
Using the power of recursive traversal, we will begin to search and populate file properties.
Enrich your understanding of directory traversal
Modify our application to populate file properties
Search returned results to understand indicators of compromise
In this video, we will explore other important properties of file that will allow you to decipher a known bad or malicious actor.
Learn how a digest algorithm works with a file
Develop a Python application to hash a file
Alter our application to compare file hashes using dynamic arguments
In this video, we will experiment with correlating log entries to events encountered on the system.
Learn about system logs and how to access them
Learn to interact with the Systemd Journal with Python
Continue development by writing entries into the journal
In this video, we will continue our experimentation with reading and parsing system logs.
Further interact with the Systemd journal
Use our Python skills to effectively parse information regarding system events
Narrow down events by looking filtering data with a python application
In this video, we will use the powerful Python based Volatility, learn to import and analyze volatile memory images of Windows-based systems.
Learn the basics of how to use the Volatility framework
Learn the importance of Volatility profiles and provided plugins
Learn to analyze and capture evidence of actual Windows malware with Volatility
In this video, we will capture images of volatile memory on Linux systems. We will also learn to use the Python-based LiMEaide to ease memory capture, especially in remote environments.
Begin to understand how LiMEaide acquires memory and how capture differs on Linux-based systems
Use LiMEaide to capture a memory image from a Linux system
Learn to deploy LiMEaide with pre-generated profiles
In this video, we will continue to expand our knowledge of Volatility by providing images from Linux-based systems.
Learn to import and analyze Linux memory images with custom profiles
Learn the plugins for Linux systems and how they differ from Windows plugins
Find evidence of a remote session in a collected volatile memory image
In this video, we will begin to think as an attacker and learn how to enumerate devices on a network.
Learn the basics of calling system commands in Python
Learn how to enumerate network devices
Using Python, build an application that will perform a ping sweep enumeration
In this video, we will further our attack by enumerating devices found on our network. This will provide us with services that may be exploitable.
Introduce network sockets and network connections in Python
Use sockets and build a Python application to enumerate open ports of a device
Analyze the services running to obtain an attack vector
Once an attack vector has been found we will proceed with exploitation to take over the system.
Learn about a common attack vector through exploitable web services
Develop a Python-based reverse shell to gain access into the system
Exploit the system and understand your access
In this video, we will learn how to perform post enumeration once access has been obtained.
Learn what post-enumeration will provide an attacker
Learn how popular post-exploitation scripts find data
Challenge yourself to modify your enumeration applications to find system data
In this video, we will learn how to perform data exfiltration.
Learn how an attacker may exfiltrate data from a system using Python
Build a Python application to exfiltrate data across a network
Exfiltrate important data from a compromised system proving malicious actions
Python is uniquely positioned as a programming language to perform cyber investigations and perform forensics analysis. Unleash the power of Python by using popular libraries and Python tools to help you create efficient and thorough forensics investigations. This course will walk you through digital forensics on network traffic, host analysis, and memory analysis.
The course starts with network forensics, an important aspect of any investigation. You will learn to read, sort, and sniff raw packets and also analyze network traffic. These techniques will help you drive your host analysis. You will learn about tools you'll need to perform a complete investigation with the utmost efficiency in both Windows and GNU/Linux environments with Python. Next, you will learn more advanced topics such as viewing data in PE and ELF binaries. It's vital to analyze volatile memory during an investigation as it provides details about what is actually running on a given system. So, you will learn the best tools to obtain and analyze volatile memory images. Finally, you will learn how to use Python in order to think like an attacker. You will complete enumeration, exploitation, and data exfiltration.
By the end of the course, you will be able to make the most of Python processes and tackle varied, challenging, forensics-related problems. So, grab this course and think like an attacker!
About the Author
Daryl Bennett is a manager of a Cyberspace Threat Emulation team with the United States Air Force, where he leads military and civilian members in the employment and execution of offensive security on order to audit the security of network infrastructures. He is a key operator, focusing on risk analysis and the overall security posture of cyberspace systems. Additionally, he has 5+ years' experience working in the open-source community. He is a development specialist in a wide range of domains, including GNU/Linux applications, Android mobile, and autonomous systems. He is passionate about sustaining, developing, and implementing both current and new technologies, while practicing analytical problem-solving and learning as much as possible in the process.