Pentesting with Perl

Overview

The object of the course is to cover many of the tasks that need to be performed during a penetration assessment as well as to improve existing tools and build new tools as needed.

This course will help to streamline much of the tedious aspects of pentesting. We will use Perl to get the job done quickly and effectively. The goal of the course is to help everyone to automate many of the tasks they are performing manually, so that they can focus on more complex issues. The ability to automate tasks is critical to being a successful penetration tester. We need to be spending time on the most complex issues that cannot be tested through the use of automated tools!

Course Syllabus

• Perl and CPAN modules
• Scalars
• Arrays
• Hashes
• Objects
• Union and intersection of two files
• Base64 encode/decode
• IP/Hostnames reverse, resolve and extract information
• Convert CIDRs to Ranges and Ranges to CIDRs
• Extracting information from: Nmap, Nikto, Sslscan, Dirbuster, and Fierce
• Extracting links and email addresses from a website
• Building a basic Port-scanner
• Building a useful Port-scanning
• Building a sniffer to parse PDML (synergy decrypter)
• Phishing attacks on steroids!
• Improving Metasploit with Perl (psexec)
• Web login bruteforcer (GET and POST)
• Web directory bruteforcer
• BurpSuite Automation with Perl
• Building and Improving custom Nikto checks

Teaching Methods

Lecture, hands-on labs and code review.

Who should attend

Anyone with an interest in automating mundane tasks during a penetration test.

Prerequisites

Understanding of at least a single programming language (Perl, Python, Ruby, PHP, Java, C#, C, C++), and familiarity with Nmap, Metasploit and other penetration testing tools

What to bring

Laptop (installed with Ubuntu or Windows XP and VMware Player)

Materials Supplied

Modules, Examples and Slides

Trainer

Joshua "Jabra" Abraham is the Director of Services at Praetorian. In this capacity, he is responsible for leading, directing, and executing client-facing engagements that include Praetorian's tactical and strategic service offerings. Prior to joining Praetorian, Josh spent six years at Rapid7 where he helped build the company's professional services division, defined the firm's core methodologies, and trained new employees on the latest hacking techniques.

Over the years, Josh has become a well-known resource for his contributions to the information security space. An avid researcher and presenter, Josh has spoken at numerous conferences including BlackHat, DefCon, ShmooCon, The SANS Pentest Summit, Infosec World, SOURCE Barcelona, CSI, OWASP, LinuxWorld, Comdex, and BLUG.

In his spare time, Josh is a contributing developer to numerous open source security projects such as the BackTrack LiveCD, BeEF, Nikto, Fierce, Metasploit, GISKismet, and PBNJ. Josh is also a respected security resource to the media and has been quoted by news outlets such as ComputerWorld, DarkReading, and SC Magazine. Josh holds a BS in Computer Science from Northeastern University.