SecurityTube Python Scripting Expert Review
the_Grinch
Member Posts: 4,165 ■■■■■■■■■■
So I signed up today and just waiting for the information to start the course. Figured I'd start a thread and post my review of each module as I complete it. I know some would disagree with starting with programming on the path to security, but it's the area I am most worried about so I am doing the "face your fears" thing. Plus I want to complete a few certs prior to starting my Masters. Let the journey begin!
WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
Comments
-
contentpros Member Posts: 115 ■■■■□□□□□□I started this week on this course along with 2 others from my office. So far we are all enjoying the content. Vivek (the instructor) does a great job starting slow in module 1 and showing the basic concepts for working with python. If you are already a code monkey then module 1 may be kind of slow for you. If you have never written any code its a good pace. You may watch the first few videos and find yourself scratching your head but hang in there he does start to tie it all together in the later videos.
If you are thinking about taking this course or waiting for your info to get started, the suggested environment used for the labs is Python 2.7 (and some work in python3) running on Ubuntu 11.10 server 64-bit. So if you are in a holding pattern waiting for your info you may want to download Ubuntu server and get it patched and configured. You can use Backtrack or any other environment but if you run 11.10 server the paths and such used in the video should all be the same.
I only have watched the module 1 videos so far and we just received the download link for modules 4-9 this morning. So far the experience has been good.
Hope this helps,
~CP -
the_Grinch Member Posts: 4,165 ■■■■■■■■■■Awesome, thanks for the info! So all the programming is done in the command line?WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
onesaint Member Posts: 801I picked up the course as well and watched the intro. Haven't had time to watch the rest. I'm hoping to do it over lunch for the next month or two. I'm looking forward to all the comments and reviews.Work in progress: picking up Postgres, elastisearch, redis, Cloudera, & AWS.
Next up: eventually the RHCE and to start blogging again.
Control Protocol; my blog of exam notes and IT randomness -
afcyung Member Posts: 212the_Grinch wrote: »Awesome, thanks for the info! So all the programming is done in the command line?
Its done in VIM. -
the_Grinch Member Posts: 4,165 ■■■■■■■■■■Got an email this morning with all the needed information. Will begin the course on Monday!WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
afcyung Member Posts: 212I like it so far. Only a few videos into mod 1. I know nothing about computer languages and I am able to keep up and understand why the language works the way it does.
-
the_Grinch Member Posts: 4,165 ■■■■■■■■■■I agree with afcyung, I have a limited knowledge of python, but got through the first two videos and can already tell that I won't have an issue following along. Just need to get my development environment up and running...WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
docrice Member Posts: 1,706 ■■■■■■■■■■I signed up for this too although I haven't really started yet. I did look at the first video in the first module and I just got my Ubuntu 11.10 environment up so I can exactly follow along with the instructor. Whether I'd go for the cert is debatable, but having a structured video tutorial seems like a natural for for the subject.
For those who haven't signed up, I believe the individual videos will be released for free over time.Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/ -
YuckTheFankees Member Posts: 1,281 ■■■■■□□□□□Thanks for the heads up everyone, definitely sounds like something I would want to do in the future.
-
the_Grinch Member Posts: 4,165 ■■■■■■■■■■I also want to note that is accent gives the training a distinct advantage. I find that he paces himself extremely well, which makes learning and following very easy.WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
the_Grinch Member Posts: 4,165 ■■■■■■■■■■Completed two more videos in Module 1 and he is very through in his coverage thus far. Very happy I picked up this course, but definitely going to be some work involved once I get onto the other modules. Setting up the environment was very easy, though it is probably best to set it up in bridge mode so it gets assigned a reachable ip. So far so good though!WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
Jinverar Member Posts: 95 ■■■□□□□□□□The_Grinch - I picked up this course also. I took your recomendation and completed up to day 4 of the udacity course. I also completed the LPTHW before beginning. I seem to be able to grasp onto python unlike other languages. That makes me so happy. I also have some ruby, and ruby on rails The main thing for me is practice right now. I don't think I would have found this course without your signature block.Jinverar, TSS
-
the_Grinch Member Posts: 4,165 ■■■■■■■■■■Happy to help! I need to get back into study mode and start moving along with this.WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
onesaint Member Posts: 801I'm seriously with you on that, Grinch.
The new job has me streched a bit thin right now though. Jeeze, always so much to do, 'eh? And my Sec+ & VCP classes start at the end of August!Work in progress: picking up Postgres, elastisearch, redis, Cloudera, & AWS.
Next up: eventually the RHCE and to start blogging again.
Control Protocol; my blog of exam notes and IT randomness -
the_Grinch Member Posts: 4,165 ■■■■■■■■■■Yup, it is funny how quickly life and work gets in the way!WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
the_hutch Banned Posts: 827Okay, I think I'm officially going to start this next week after I take CISSP. Enrolling now to get the study material. I figure this will a good way to keep my mind occupied during the the three to four weeks of waiting to find out if I passed.
-
the_Grinch Member Posts: 4,165 ■■■■■■■■■■Yeah, my goal is to complete this and then move onto OSCP. Hopefully those two will get me out of the support desk!WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
the_hutch Banned Posts: 827the_Grinch wrote: »Yeah, my goal is to complete this and then move onto OSCP. Hopefully those two will get me out of the support desk!
That's pretty much my goal too. It seems like the three things that people keep saying are helpful for OSCP are Bash, Python and Assembly.
I know bash inside and out. So I'm not worried about that at all. So I'll use this for python and there is also a free primer on securitytube for Assembly. Does anyone happen to know anything about the format of the exam? Had trouble finding specific details on the securitytube site. -
the_Grinch Member Posts: 4,165 ■■■■■■■■■■If you login to the student portal, module 9-01 is Exam Pattern and Mock ExamWIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
the_hutch Banned Posts: 827It will probably be a few days until I have access. The only thing I'm wondering, is...hands-on practical or multiple choice?
-
the_Grinch Member Posts: 4,165 ■■■■■■■■■■Most definitely hands on, pretty sure he gives you a program to write.WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
the_hutch Banned Posts: 827So I just finished all the videos in the first module. I have to say, I'm hooked. I'm very excited to start getting into the actual security implementations. How's progress going for everyone else?
-
veritas_libertas Member Posts: 5,746 ■■■■■■■■■■How are you guys liking the course so far? Does the accent make the videos difficult to listen to?
-
the_hutch Banned Posts: 827Just finished module 3 of 10. Still loving the course. There has not been a single time that I have had difficulting understanding him (and I personally hate dealing with outsourced helpdesks). If anything, it amuses me. I think the part I get the biggest kick out of is that he uses the phrase "curly bracket" (in his indian accent) instead of saying parenthesis.
First two modules, you don't do much security stuff. Mostly just python fundamentals. But in module three, things have really taken off. Best thing about module three is integrating scapy into python script. This allows you to build and inject packets into a network based on conditional circumstances. I can now write all kinds of scanning tools, man in the middle arp poisoning tools, syn flood tools, smurf and fraggle tools, TCP session hijacking tools, and many others. All of this, based on what I learned in module 3. However, to be clear...he DOES NOT teach you how to program most of the tools that I just mentioned. He teaches you how to integrate packet injection into script. You are going to need a basic understanding of how most packet based attacks work (I learned everything I needed to know here in CEH...and much of it is covered in Sec+ too). Then you have to know how to apply it.
For example, you need to know that to make a MITM attack, you need to spoof ARP reply packets to your two victims. Or for a syn flood, that you need to select an open TCP port and then continually blast that port with SYN requests from different client addresses, recieve the SYN ACK, but then leave the connection half-open without sending the subsequent ACK reply.
But once you learn how to inject packets at will, or based on circumstance...the sky is the limit. And once again...I just finished module 3. Can't wait to see what else is in store. -
the_Grinch Member Posts: 4,165 ■■■■■■■■■■His accent is actually an advantage I think. It forces him to speak slowly which allows you to follow better then if a native english speaker were giving the course. Or at least that's my opinion anyway.WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
Killj0y Member Posts: 39 ■■□□□□□□□□These are good reviews for the course. I am excited. I am going to sign up in two weeks. I did want to ask and I apologize if this was answered already, what version of python do you guys work in? 2.65, 2.7, 3, 3.1?Certifications: GPEN, SMFE, CISSP, OSCE, OSCP, OSWP, Security+, CEHv6, MCSE+Sec:2003
-
datschmo Member Posts: 59 ■■□□□□□□□□I did want to ask and I apologize if this was answered already, what version of python do you guys work in? 2.65, 2.7, 3, 3.1?
Suggested environment was 2.7 with some work in 3. -
Killj0y Member Posts: 39 ■■□□□□□□□□Thanks for the heads up. That should work.Certifications: GPEN, SMFE, CISSP, OSCE, OSCP, OSWP, Security+, CEHv6, MCSE+Sec:2003