On This Page

Coding for Security Pros: Black Hat Edition

Jonathan Trull – SecOps Labs & Optiv

July 30-31 & August 1-2


If you constantly find yourself wondering if there's a better or more efficient way of doing your job, then this course is for you! This course is designed to take those with little or no programming experience to the next level. Students will learn the fundamentals of the Python and Powershell programming languages and gain first hand experience applying these powerful tools to solve commonly experienced security problems. By taking this course you will develop the skills necessary to automate manual and time consuming security tasks, build your own security tools, seamlessly incorporate the results from open source tools into your team's workflows, and develop the glue necessary to bind your disparate security tools and datasets into a cohesive platform. Completion of this course will also open up other Black Hat training courses that require beginner to intermediate programming skills.

For Python, students will learn the following essential programming constructs:
• Building and running programs
• Variables, math operators, strings
• Flow control
• Functions and classes
• Data structures
• Use of and building third party modules
• Networking

For Powershell, students will learn the following basics:
• Building and running programs
• Using the help subsystem
• Running basic commands
• Using objects and the pipeline
• Filtering and iterating over Objects
• Extending the shell with third party modules
• Networking

In addition, students will learn how to develop, bug free programs that:
• Read and write files, including text, CSV, XML, and JSON files
• Parse log files and extract meaningful information
• Make API calls to open source security tools and parse and analyze the results
• Scrape web sites for meaningful information

To drive home the lessons, students will be required to complete increasingly more difficult hands-on security related coding challenges. Students may also elect to compete in a final hack-a-thon competition sponsored by Phantom (www.phantom.us) and present their project to the class and a panel of industry renowned security experts for judging. One lucky student will take home a $2,500 cash prize as the winner of the competition.

Who Should Take this Course

Anyone interested in learning to program and to automate routine security tasks and solve common security problems.

Student Requirements

Students should have a general understanding of the command line and know how to use a text editor and run programs.

What Students Should Bring

Students will need a laptop running Windows 7 or newer with local administrator privileges a virtual machines is sufficient. Students will also need sufficient privileges to connect to the Internet to install additional Python modules. Students will also need a web browser and the ability to get on the Internet. Prior to Blackhat, students should install Phantom's free Community Edition as some class modules will use this security automation & orchestration platform. Get Phantom at http://phantom.us/join. (Enter "Blackhat Class" in the field titled: How did you hear about us?).

What Students Will Be Provided With

• A USB containing all course slides, lab workbooks, handouts, and supporting documentation
• Answers to all of the coding challenges


Jonathan Trull is an experienced information security executive bringing more than 15 years of public and private sector experience to his current role. As vice president, information security with Optiv, Trull is responsible for developing and executing the company's information security strategy and program. Prior to his role at Accuvant, Trull was the chief information security officer (CISO) for Qualys where he was responsible for securing infrastructure and products, bringing security best practices to customers, providing strategic direction on the development of the QualysGuard Security Platform, researching realworld threats and providing guidance on how to address them. In his previous role as the CISO for the State of Colorado, Trull significantly reduced the state's risk by developing and executing a successful security program, known as Secure Colorado, for 17 executive branch agencies encompassing 26,000 employees and 150,000 systems. Trull also served as the Deputy State Auditor for the State of Colorado and as a lieutenant commander for the U.S. Navy focusing on computer network defense, attack and intelligence. Trull is dedicated to teaching and mentoring the next generation of cyber security professionals and serves on the faculty at Regis University in the information assurance graduate program, where he develops and teaches courses on network forensics, security architecture and design, malware analysis and legal concepts in information security. Trull is a long time advocate for using public-private partnerships and technological innovations to solve complex problems and make the Internet a safe place for all to work and play. In cooperation with Qualys, SANS Institute, Council on Cyber Security and the State of Colorado, he spearheaded the development of the Qualys Top 4 Controls tool that allows anyone to assess the security of their Windows computer for free. He also worked in cooperation with federal, state and private sector partners to form the Colorado Joint Cyber Crime Task Force, one of the nation's first cyber crime information sharing centers, with a primary focus of increasing cyber resiliency within Colorado. Trull has established himself as an innovative security leader and was recently named by the SANS Institute as one of the "People Who Made a Difference in Cybersecurity." He serves as an advisor to several security startups and venture capital firms, and has spoken at major security events such as RSA, Black Hat, Gartner, CSO50 and SANS. Trull is a Certified Information Systems Auditor (CISA) and an Offensive Security Certified Professional (OSCP). He earned a master's degree from the University of North Texas and a bachelor's degree from Metropolitan State University of Denver.