Python for SecuritySpecialists Cybrary Review

This really is my review of the  Cybrary course, Python for Security Professionals, First of all, I truly appreciate the Cybrary.it model, the lessons are free and you can get a certificate of completion (which may help validate the 15 CPEs the course is worth, if you need to justify that form of thing) if you prefer at the end. However, the whole site model is interesting in that you can "complete" some of the courses (lol actually, I've "completed" most of the courses), and choose the relevant certificate, without ever having clicked some of the video links. That seemingly large security mistake sort of invalidates the certificates, as everyone can obviously say the've completed the course and have the certificate without having done so. All of that aside, I really like the idea of free education material and we will now be delving into the information of the Python for Security Professionals course. Like my other reviews, I'm likely to review the material and recommend this based on your own experience and time commitment. The course contains 10 hours of video content, which are pretty decent especially if you want to learn Python from scratch, but slightly less when you want to learn the nuances of Information Security. Every one of the modules are video focused, but come with PDFs of slides, activities in python programs, and the completed solutions to the activities in python programs. Overall, the initial four modules are extremely basic and mostly just cover programming in python vs security specific tasks. Another issue is that currently most of the videos are pretty blurry and it's hard to learn the code / command line found in the video series. For this reason you've to view the videos in HD, nonetheless they address this in the comments and mention how they will soon be re-releasing the videos in an increased resolution. By the end of the weekend, I'd recommend this course to someone who is attempting to understand Python from scratch with an Information Security focus, but for someone with increased of a background in Python, I'd actually recommend a text more like Black Hat Python, for more of an Information Security focus. Nevertheless, even though you are experienced with Python and Information Security, you might find the past two modules interesting (The Packet Gathering Module and the Info Gathering Module).

The initial module, Intro and Setup, is pretty basic and be easily skipped when you have any prior Python experience. Here he goes over just how to setup and install Python, as well as why it's a good language for rapid prototyping and security professionals.

Another module, Apprentice Python, is also very basic and still doesn't touch on anything security related. This module is about basic usage and arithmetic in Python. There is also a stumbling block in the next video, as it's only a little odd when he googles for solutions and then reads stack overflow during the tutorial.

The Journeyman Python module is interesting, but nonetheless doesn't delve into anything necessarily Information Security specific. In this module he talks a great deal about networking protocols and RFCs that govern these. These modules are interesting in that they are informative, but fairly incomplete in the data they relay, an example of this will be when he starts speaing frankly about ports and protocols he doesn't differentiate which transport protocol the applying protocols are traveling over, despite discussing the differences between the TCP and UDP transport protocols. In this chapter you're shown you how to connect to arbitrary TCP ports, which could be helpful for banner grabbing. The last activity in this module demonstrates to you how to hear a TCP port and thus create your personal arbitrary file server, however these lack really any security controls.

With Advanced Python he covers ctypes, regular expressions, multi-threading, and finally fuzzing. The multi-threading exercise in this module is pretty interesting, but nonetheless nothing really advanced, only a quick launching of multiple independent threads (vs something that's to think about deadlocks). The fuzzing section is also pretty interesting as this can be a core Information Security technique, so I appreciate the videos for Slides part 3, jperry even alludes to a barrier overflow in this video. Unfortunately, he also says fairly uneducated things like fuzzing and password cracking are similar theoretically (the means of bruteforce might be similar, but that hardly scratches the theory involved with either subject) or that writing a password cracker is against the CFAA, which is certainly false as industry professionals use password cracking all the time in penetration testing (trafficking hacked information or the particular act of hacking another person's system is illegal, not writing a password cracker). In this module's activities he also writes a fairly insecure file server implementation. I say it's insecure not as it lets you arbitrary read / write to a whole drive, but as it uses no authentication or encryption to safeguard the communications, meaning anyone could trivially hijack your fileserver activities.

Packet Analyzer module is where things get really cool. Simply two, jperry starts implementing an IP protocol parser and demonstrates bitwise manipulation to learn exact fields from the protocol. This is a pretty awesome tutorial for writing a network protocol parser in Python and something I'd truly call Python for Security Professionals. I recommend this section for anyone interested in finding a more thorough handle of protocols and automated parsers.

The Info Gathering module is also really interesting, as here jperry writes an instant post-exploitation RAT in Python for Windows. This really is excellent and where in fact the class really starts digginging into the Python placed on security specific applications. I really like where he uses python to parse the Windows registry key values, this really is super helpful for various security applications. Overall, I believe this can be a very good Python for Security Professionals video. This module also covers all the content from the Post Exploitation Hacking course in this script. I recommend this module for moderately experienced hackers looking to start writing their very own implants go now.

Overall, the modules were done well and I appreciate the relaxed approach of the course and exercises. Nevertheless, I believe the whole course is great for someone trying to understand Python from scratch, however in the event that you already are a newcomer Python / Information Security enthusiast you ought to checkout something more like Black Hat Python, and even though you are well versed with Python and Information Security you might find the past two modules interesting. For Cybrary.it, I truly appreciate what they are doing with free education, I believe this is a superb program and it deserves a lot of support, however I don't think the certifications are worth anything, on the basis of the not enough business-logic security preventing anyone from just acquiring the certificates without having to have the courses.