Python for SecurityExperts Cybrary Review

That is my report on the  Cybrary course, Python for Security Professionals, To begin with, I must say i appreciate the Cybrary.it model, the lessons are all free and you can purchase a certificate of completion (which may help validate the 15 CPEs the course is worth, if you want to justify that kind of thing) if you like at the end. However, the whole site model is interesting in that you could "complete" the courses (lol actually, I've "completed" most of the courses), and choose the relevant certificate, without ever having clicked the video links. That seemingly large security mistake type of invalidates the certificates, as everyone can obviously say the've completed the course and have the certificate with out done so. All of the aside, I enjoy the thought of free education material and we will now be delving into the content of the Python for Security Professionals course. Like my other reviews, I'm likely to go over the material and recommend this based in your experience and time commitment. The course contains 10 hours of video content, which are pretty decent particularly if you are trying to learn Python from scratch, but slightly less when you are trying to learn the nuances of Information Security. Most of the modules are video focused, but come with PDFs of slides, activities in python programs, and the completed answers to the activities in python programs. Overall, the first four modules are extremely basic and mostly just cover programming in python vs security specific tasks. Another issue is that currently every one of the videos are pretty blurry and it's hard to learn the code / command line found in the video series. Because of this you have to watch the videos in HD, however they address this in the comments and mention how they will be re-releasing the videos in an increased resolution. At the conclusion of the weekend, I'd recommend this course to an individual who is attempting to understand Python from scratch by having an Information Security focus, but also for someone with an increase of of a background in Python, I'd actually recommend a text more like Black Hat Python, for more of an Information Security focus. Nevertheless, even if you are knowledgeable about Python and Information Security, you could find the last two modules interesting (The Packet Gathering Module and the Info Gathering Module).


The very first module, Intro and Setup, is pretty basic and be easily skipped when you yourself have any prior Python experience. Here he goes over how exactly to setup and install Python, in addition to why it's a great language for rapid prototyping and security professionals.

Another module, Apprentice Python, can be very basic and still doesn't touch on anything security related. This module is all about basic usage and arithmetic in Python. There is also a stumbling block in the second video, as it's only a little odd when he googles for solutions and then reads stack overflow during the tutorial.

The Journeyman Python module is interesting, but still doesn't delve into anything necessarily Information Security specific. In this module he talks a whole lot about networking protocols and RFCs that govern these. These modules are interesting in that they're informative, but fairly incomplete in the information they relay, an example of this would be when he starts referring to ports and protocols he doesn't differentiate which transport protocol the application form protocols are traveling over, despite discussing the differences involving the TCP and UDP transport protocols. In this chapter you are shown you how for connecting to arbitrary TCP ports, which could be useful for banner grabbing. The last activity in this module teaches you how to hear a TCP port and thus create your personal arbitrary file server, however these lack really any security controls.

With Advanced Python he covers ctypes, regular expressions, multi-threading, and finally fuzzing. The multi-threading exercise in this module is pretty interesting, but still nothing really advanced, only a quick launching of multiple independent threads (vs something that's to consider deadlocks). The fuzzing section can be pretty interesting as this can be a core Information Security technique, so I appreciate the videos for Slides part 3, jperry even alludes to a buffer overflow in this video. Unfortunately, he also says fairly uneducated things like fuzzing and password cracking are similar in theory (the technique of bruteforce might be similar, but that hardly scratches the theory involved with either subject) or that writing a code cracker is against the CFAA, which is obviously false as industry professionals use password cracking all the time in penetration testing (trafficking hacked information or the specific act of hacking another person's system is illegal, not writing a code cracker). In this module's activities he also writes a reasonably insecure file server implementation. I say it's insecure not since it allows you to arbitrary read / write to a whole drive, but since it uses no authentication or encryption to protect the communications, meaning anyone could trivially hijack your fileserver activities.

Packet Analyzer module is where things get really cool. Partly two, jperry starts implementing an IP protocol parser and demonstrates bitwise manipulation to learn exact fields out of the protocol. This can be a pretty awesome tutorial for writing a network protocol parser in Python and something I'd truly call Python for Security Professionals. I suggest this section for those thinking about getting a more thorough handle of protocols and automated parsers.

The Info Gathering module can be really interesting, as here jperry writes a quick post-exploitation RAT in Python for Windows. That is excellent and where in actuality the class really starts digginging in to the Python applied to security specific applications. I enjoy where he uses python to parse the Windows registry key values, that is super useful for various security applications. Overall, I do believe this is a pretty good Python for Security Professionals video. This module also covers the majority of the content from the Post Exploitation Hacking course in this script. I suggest this module for moderately experienced hackers looking to start writing their very own implants https://www.scamrisk.com/cybrary-review/.

Overall, the modules were congratulations and I appreciate the relaxed approach of the course and exercises. Nevertheless, I do believe the whole course is great for someone trying to understand Python from scratch, however in the event that you already are a novice Python / Information Security enthusiast you need to checkout something more like Black Hat Python, and even if you are well versed with Python and Information Security you could find the last two modules interesting. For Cybrary.it, I must say i appreciate what they're doing with free education, I do believe this is a superb program and it deserves lots of support, however I don't think the certifications are worth anything, on the basis of the lack of business-logic security preventing anyone from just acquiring the certificates without having to have the courses.

Comments