About This Talk
How to Hack (Legally): Python Edition
People often emphasize that the best way to learn is by doing, but when it comes to hacking, the trainee is at risk of legal implications and developing bad habits instead of following ethical procedures. Many people wishing to develop penetration testing skills are unaware of the number of resources available to them to set up a controlled environment where they can legally test hacking tools and techniques.
In this talk, I will cover a wide range of resources available to attendees, and how they can be used as learning tools. The resources I will cover include pre-built vulnerable virtual machines and web applications, open source tools that can be used in conjunction with Python for discovery/enumeration/exploitation, competitions and challenges, trainings geared towards hacking with Python, and certifications.
I will also outline general safe practices using my “TRUSTED” acrostic to ensure attendees understand what is and isn’t legal, and the consequences of not staying within ethical boundaries. During the talk, a link to my website (hack-hub.com) will be displayed so that participants can easily save a list of the resources outlined in this talk with additional information to reference later. I don’t profit or benefit in any way from people visiting my website, it simply exists as an information resource. Additionally, my presentation isn’t just a recital of what’s on the website, so attendees can uniquely benefit from my talk.
- Provide an ongoing centralized repository for helpful resources to promote safe and legal hacking (hack-hub.com)
- Outline general safe hacking practices to create awareness of what is acceptable and what could result in legal implications
- Share trusted sources of vulnerable targets which can be used to build a home lab for penetration testing with Python
- Introduce sources of vetted Python exploits and how to test them while discouraging the use of unknown/untrusted exploits
- Provide a list of trusted open source tools what can be used for recon, scanning, and exploitation within a home lab
- Discuss valuable trainings that can be pursued to develop Python hacking skills and different routes to certifications
- Describe the benefits of participating in hacking competitions and challenges, either individually or on a team
Below is a small sample of some of the resources that may be included in the repository and discussed in the lightning talk.
- Vulnerable machines: Vulnhub, Metasploitable
- Vulnerable web applications: DVWA, bWAPP, XVWA, various OWASP apps/VMs
- Penetration testing tools: Kali Linux, exploit-db, pypcap, scapy
- Training/certifications: OSCP, CEH, SANS GPEN, HackerSploit
- Competitions/challenges: picoCTF, pwnable, MITRE CTF