We are offering a new course in Cybersecurity Scripting for the Fall 2016 semester, and I wanted to use this post to explain the scope of the class and its objectives, the skill-set required to take this course, and what you will get out of it.
Let’s take a look at the course description, then I will provide an example of the types of topics that will be covered, and what will be expected in terms of assignments.
Course Description: This course presents the student with an understanding of information security programming and script writing utilizing Python and other scripting languages.
Okay, the catalog description is a bit short, but it does state that the course will be using Python and other scripting languages. On of those “other” scripting languages is BASH.
While progressing through the course, you will be given programming assignments that will focus on exploiting, redirecting, or monitoring network traffic and services. From day one, you should be comfortable writing a Python program that uses functions and classes to solve a problem. Along with simple data structures like multi-dimensional arrays, linked-lists, and dictionaries. As for the networking side of things, since we are writing programs that exploit standard network protocols and services, you have to have a good understanding of how the protocols and services work in order to “hand craft” packets in Python.
For example, one of the first programs we will work on is a Python program that will send a basic ICMP packet to a host, collect the response, and dump it to a .pcap file. You will be required to create and transmit the ICMP packet using only Python code. Then, a BASH script will be created that uses the tcpdump command to read the .pcap file, or you can have a Python program parse it directly.
At this point your asking if I am just trying to make people run away from the course, right? Scary stuff? I say, not really… If you can code in Python and read that example, and you understand what an ICMP packet is, as well as how the request and response process works, then you are off to a good start.
Maybe you know what tcpdump is, and have played with it a bit before, and you recognized what a .pcap file is, if so even better. If not, no sweat, we will be covering it. So really at this point the only hurdle is to know how do I make that ICMP packet, and send it out using Python. And, what do I do to collect that response and analyze it? Ahh!!! Now the curiosity comes out, this is where your mind should be if you are looking to enter this course. You realize that an ICMP packet is just a simple ping, but the tool you are creating cannot use the ping command without doing a system call. Instead, it would be more efficient to do things in a different way. So you learn to use the power of Python and its libraries in order to craft your own ICMP packet using your knowledge of the OSI model and network protocols and make that ping a reality! Your code is also so l33t that it is running a separate thread that is sniffing the network at the same time and waiting, watching for that response to come back from the target…. IT’S ALIVE!!!
Okay, so I got a bit carried away there, but my intent is to provide enough information to students interested in taking the course so that when enrolling in it, they can make an informed decision on whether they are “ready” for this or not. So if you are interested, come talk to me, and we will discuss the course in more detail and find out if it’s a fit for you, or not, in the Fall. My goal is to get you to succeed and learn as much as possible in this course, not to set you up for failure.