├── LICENSE ├── Part_10 ├── 10.1_Remote_Services │ ├── RemoteServices.py │ └── malicious.py └── 10.2_Web_Session_Cookie │ └── WebSessionCookieHijack.py ├── Part_11 ├── 11.1_Clipboard_Data │ └── ModifyClipboard.py └── 11.2_Local_Email_Collection │ └── LocalEmailAccounts.py ├── Part_12 ├── 12.1_Encrypted_Channel │ ├── EncryptedChannelClient.py │ └── EncryptedChannelServer.py └── 12.2_Protocol_Tunneling │ ├── ProtocolTunnelingClient.py │ └── ProtocolTunnelingServer.py ├── Part_13 ├── 13.1_Alternative_Protocol │ ├── DNSExfiltration.py │ └── DNSExfiltrationServer.py └── 13.2_Non-Application_Layer_Protocol │ ├── NonApplicationClient.py │ └── NonApplicationServer.py ├── Part_14 ├── 14.1_Data_Encryption │ ├── DataEncryption.py │ └── Documents │ │ └── Resume.docx └── 14.2_Account_Access_Removal │ └── AccountAccessRemoval.py ├── Part_15 ├── 15.1_Decoy_Process │ └── DecoyProcess.py ├── 15.2_Decoy_Content │ ├── DecoyContent.py │ ├── decoy1.txt │ ├── decoy2.txt │ └── decoys.txt └── 15.3_Decoy_Credentials │ └── DecoyCredentials.py ├── Part_16 ├── 16.1_PCAP_Collection │ └── PCAPCollection.py ├── 16.2_Protocol_Decoder │ ├── ProtocolDecoder.py │ ├── ProtocolTunnelingClient.py │ └── ProtocolTunnelingServer.py └── 16.3_Burn_In │ ├── BurnIn.py │ └── sites.txt ├── Part_17 ├── 17.1_Network_Monitoring │ ├── NetworkMonitoring.py │ └── http.cap ├── 17.2_System_Activity_Monitoring │ └── SystemActivityMonitoring.py └── 17.3_Behavioral_Analytics │ └── BehavioralAnalytics.py ├── Part_2 ├── 2.1 Network Scanning │ └── PortScan.py └── 2.2 DNS Exploration │ ├── DNSExploration.py │ └── subdomains.txt ├── Part_3 ├── 3.1 Default Accounts │ ├── defaults.txt │ └── test_default_creds.py └── 3.2 Autorun Scripts │ ├── Firefox.ico │ ├── USB.py │ └── malicious.py ├── Part_4 ├── 4.1_Spearphishing_Links │ ├── brython.js │ ├── brython_stdlib.js │ ├── example.html │ └── server.py └── 4.2_Scheduled_Execution │ └── sched.py ├── Part_5 ├── 5.1_Registry_Autorun │ ├── BuildExe.py │ ├── Firefox.ico │ ├── RegAutorun.py │ └── malicious.py └── 5.2_Hijack_Execution_Flow │ └── ChangePath.py ├── Part_6 ├── 6.1_Logon_Scripts │ ├── BuildExe.py │ ├── Firefox.ico │ ├── LogonScript.py │ └── malicious.py └── 6.2_Python_Library_Injection │ ├── LibraryInjection.py │ ├── safelibrary.py │ └── safelibrary.pyc ├── Part_7 ├── 7.1_Impair_Defenses │ └── ImpairDefenses.py └── 7.2_Hide_Artifacts │ ├── AlternateDataStreams.py │ └── benign.txt ├── Part_8 ├── 8.1_Credential_Dumping │ ├── BrowserCredDump.py │ └── ChromeDump.py └── 8.2_Network_Sniffing │ ├── NetworkCredentialSniffing.py │ └── merged.pcap ├── Part_9 ├── 9.1_User_Account_Discovery │ └── UserDiscovery.py └── 9.2_File_and_Directory_Discovery │ ├── Documents │ ├── Resume.docx │ └── clients.csv │ └── FileDiscovery.py ├── README.md └── requirements.txt /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/LICENSE -------------------------------------------------------------------------------- /Part_10/10.1_Remote_Services/RemoteServices.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_10/10.1_Remote_Services/RemoteServices.py -------------------------------------------------------------------------------- /Part_10/10.1_Remote_Services/malicious.py: -------------------------------------------------------------------------------- 1 | import os 2 | print("Malicious file executed") -------------------------------------------------------------------------------- /Part_10/10.2_Web_Session_Cookie/WebSessionCookieHijack.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_10/10.2_Web_Session_Cookie/WebSessionCookieHijack.py -------------------------------------------------------------------------------- /Part_11/11.1_Clipboard_Data/ModifyClipboard.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_11/11.1_Clipboard_Data/ModifyClipboard.py -------------------------------------------------------------------------------- /Part_11/11.2_Local_Email_Collection/LocalEmailAccounts.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_11/11.2_Local_Email_Collection/LocalEmailAccounts.py -------------------------------------------------------------------------------- /Part_12/12.1_Encrypted_Channel/EncryptedChannelClient.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_12/12.1_Encrypted_Channel/EncryptedChannelClient.py -------------------------------------------------------------------------------- /Part_12/12.1_Encrypted_Channel/EncryptedChannelServer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_12/12.1_Encrypted_Channel/EncryptedChannelServer.py -------------------------------------------------------------------------------- /Part_12/12.2_Protocol_Tunneling/ProtocolTunnelingClient.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_12/12.2_Protocol_Tunneling/ProtocolTunnelingClient.py -------------------------------------------------------------------------------- /Part_12/12.2_Protocol_Tunneling/ProtocolTunnelingServer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_12/12.2_Protocol_Tunneling/ProtocolTunnelingServer.py -------------------------------------------------------------------------------- /Part_13/13.1_Alternative_Protocol/DNSExfiltration.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_13/13.1_Alternative_Protocol/DNSExfiltration.py -------------------------------------------------------------------------------- /Part_13/13.1_Alternative_Protocol/DNSExfiltrationServer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_13/13.1_Alternative_Protocol/DNSExfiltrationServer.py -------------------------------------------------------------------------------- /Part_13/13.2_Non-Application_Layer_Protocol/NonApplicationClient.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_13/13.2_Non-Application_Layer_Protocol/NonApplicationClient.py -------------------------------------------------------------------------------- /Part_13/13.2_Non-Application_Layer_Protocol/NonApplicationServer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_13/13.2_Non-Application_Layer_Protocol/NonApplicationServer.py -------------------------------------------------------------------------------- /Part_14/14.1_Data_Encryption/DataEncryption.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_14/14.1_Data_Encryption/DataEncryption.py -------------------------------------------------------------------------------- /Part_14/14.1_Data_Encryption/Documents/Resume.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_14/14.1_Data_Encryption/Documents/Resume.docx -------------------------------------------------------------------------------- /Part_14/14.2_Account_Access_Removal/AccountAccessRemoval.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_14/14.2_Account_Access_Removal/AccountAccessRemoval.py -------------------------------------------------------------------------------- /Part_15/15.1_Decoy_Process/DecoyProcess.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_15/15.1_Decoy_Process/DecoyProcess.py -------------------------------------------------------------------------------- /Part_15/15.2_Decoy_Content/DecoyContent.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_15/15.2_Decoy_Content/DecoyContent.py -------------------------------------------------------------------------------- /Part_15/15.2_Decoy_Content/decoy1.txt: -------------------------------------------------------------------------------- 1 | "A" 2 | -------------------------------------------------------------------------------- /Part_15/15.2_Decoy_Content/decoy2.txt: -------------------------------------------------------------------------------- 1 | "B" -------------------------------------------------------------------------------- /Part_15/15.2_Decoy_Content/decoys.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_15/15.2_Decoy_Content/decoys.txt -------------------------------------------------------------------------------- /Part_15/15.3_Decoy_Credentials/DecoyCredentials.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_15/15.3_Decoy_Credentials/DecoyCredentials.py -------------------------------------------------------------------------------- /Part_16/16.1_PCAP_Collection/PCAPCollection.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_16/16.1_PCAP_Collection/PCAPCollection.py -------------------------------------------------------------------------------- /Part_16/16.2_Protocol_Decoder/ProtocolDecoder.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_16/16.2_Protocol_Decoder/ProtocolDecoder.py -------------------------------------------------------------------------------- /Part_16/16.2_Protocol_Decoder/ProtocolTunnelingClient.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_16/16.2_Protocol_Decoder/ProtocolTunnelingClient.py -------------------------------------------------------------------------------- /Part_16/16.2_Protocol_Decoder/ProtocolTunnelingServer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_16/16.2_Protocol_Decoder/ProtocolTunnelingServer.py -------------------------------------------------------------------------------- /Part_16/16.3_Burn_In/BurnIn.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_16/16.3_Burn_In/BurnIn.py -------------------------------------------------------------------------------- /Part_16/16.3_Burn_In/sites.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_16/16.3_Burn_In/sites.txt -------------------------------------------------------------------------------- /Part_17/17.1_Network_Monitoring/NetworkMonitoring.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_17/17.1_Network_Monitoring/NetworkMonitoring.py -------------------------------------------------------------------------------- /Part_17/17.1_Network_Monitoring/http.cap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_17/17.1_Network_Monitoring/http.cap -------------------------------------------------------------------------------- /Part_17/17.2_System_Activity_Monitoring/SystemActivityMonitoring.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_17/17.2_System_Activity_Monitoring/SystemActivityMonitoring.py -------------------------------------------------------------------------------- /Part_17/17.3_Behavioral_Analytics/BehavioralAnalytics.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_17/17.3_Behavioral_Analytics/BehavioralAnalytics.py -------------------------------------------------------------------------------- /Part_2/2.1 Network Scanning/PortScan.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_2/2.1 Network Scanning/PortScan.py -------------------------------------------------------------------------------- /Part_2/2.2 DNS Exploration/DNSExploration.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_2/2.2 DNS Exploration/DNSExploration.py -------------------------------------------------------------------------------- /Part_2/2.2 DNS Exploration/subdomains.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_2/2.2 DNS Exploration/subdomains.txt -------------------------------------------------------------------------------- /Part_3/3.1 Default Accounts/defaults.txt: -------------------------------------------------------------------------------- 1 | admin pass 2 | robey foo 3 | -------------------------------------------------------------------------------- /Part_3/3.1 Default Accounts/test_default_creds.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_3/3.1 Default Accounts/test_default_creds.py -------------------------------------------------------------------------------- /Part_3/3.2 Autorun Scripts/Firefox.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_3/3.2 Autorun Scripts/Firefox.ico -------------------------------------------------------------------------------- /Part_3/3.2 Autorun Scripts/USB.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_3/3.2 Autorun Scripts/USB.py -------------------------------------------------------------------------------- /Part_3/3.2 Autorun Scripts/malicious.py: -------------------------------------------------------------------------------- 1 | print("I am a malicious program.") -------------------------------------------------------------------------------- /Part_4/4.1_Spearphishing_Links/brython.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_4/4.1_Spearphishing_Links/brython.js -------------------------------------------------------------------------------- /Part_4/4.1_Spearphishing_Links/brython_stdlib.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_4/4.1_Spearphishing_Links/brython_stdlib.js -------------------------------------------------------------------------------- /Part_4/4.1_Spearphishing_Links/example.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_4/4.1_Spearphishing_Links/example.html -------------------------------------------------------------------------------- /Part_4/4.1_Spearphishing_Links/server.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_4/4.1_Spearphishing_Links/server.py -------------------------------------------------------------------------------- /Part_4/4.2_Scheduled_Execution/sched.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_4/4.2_Scheduled_Execution/sched.py -------------------------------------------------------------------------------- /Part_5/5.1_Registry_Autorun/BuildExe.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_5/5.1_Registry_Autorun/BuildExe.py -------------------------------------------------------------------------------- /Part_5/5.1_Registry_Autorun/Firefox.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_5/5.1_Registry_Autorun/Firefox.ico -------------------------------------------------------------------------------- /Part_5/5.1_Registry_Autorun/RegAutorun.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_5/5.1_Registry_Autorun/RegAutorun.py -------------------------------------------------------------------------------- /Part_5/5.1_Registry_Autorun/malicious.py: -------------------------------------------------------------------------------- 1 | print("I am a malicious program.") -------------------------------------------------------------------------------- /Part_5/5.2_Hijack_Execution_Flow/ChangePath.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_5/5.2_Hijack_Execution_Flow/ChangePath.py -------------------------------------------------------------------------------- /Part_6/6.1_Logon_Scripts/BuildExe.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_6/6.1_Logon_Scripts/BuildExe.py -------------------------------------------------------------------------------- /Part_6/6.1_Logon_Scripts/Firefox.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_6/6.1_Logon_Scripts/Firefox.ico -------------------------------------------------------------------------------- /Part_6/6.1_Logon_Scripts/LogonScript.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_6/6.1_Logon_Scripts/LogonScript.py -------------------------------------------------------------------------------- /Part_6/6.1_Logon_Scripts/malicious.py: -------------------------------------------------------------------------------- 1 | print("I am a malicious program.") -------------------------------------------------------------------------------- /Part_6/6.2_Python_Library_Injection/LibraryInjection.py: -------------------------------------------------------------------------------- 1 | import safelibrary 2 | 3 | print("Hello World") -------------------------------------------------------------------------------- /Part_6/6.2_Python_Library_Injection/safelibrary.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_6/6.2_Python_Library_Injection/safelibrary.py -------------------------------------------------------------------------------- /Part_6/6.2_Python_Library_Injection/safelibrary.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_6/6.2_Python_Library_Injection/safelibrary.pyc -------------------------------------------------------------------------------- /Part_7/7.1_Impair_Defenses/ImpairDefenses.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_7/7.1_Impair_Defenses/ImpairDefenses.py -------------------------------------------------------------------------------- /Part_7/7.2_Hide_Artifacts/AlternateDataStreams.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_7/7.2_Hide_Artifacts/AlternateDataStreams.py -------------------------------------------------------------------------------- /Part_7/7.2_Hide_Artifacts/benign.txt: -------------------------------------------------------------------------------- 1 | This is a benign file -------------------------------------------------------------------------------- /Part_8/8.1_Credential_Dumping/BrowserCredDump.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_8/8.1_Credential_Dumping/BrowserCredDump.py -------------------------------------------------------------------------------- /Part_8/8.1_Credential_Dumping/ChromeDump.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_8/8.1_Credential_Dumping/ChromeDump.py -------------------------------------------------------------------------------- /Part_8/8.2_Network_Sniffing/NetworkCredentialSniffing.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_8/8.2_Network_Sniffing/NetworkCredentialSniffing.py -------------------------------------------------------------------------------- /Part_8/8.2_Network_Sniffing/merged.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_8/8.2_Network_Sniffing/merged.pcap -------------------------------------------------------------------------------- /Part_9/9.1_User_Account_Discovery/UserDiscovery.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_9/9.1_User_Account_Discovery/UserDiscovery.py -------------------------------------------------------------------------------- /Part_9/9.2_File_and_Directory_Discovery/Documents/Resume.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_9/9.2_File_and_Directory_Discovery/Documents/Resume.docx -------------------------------------------------------------------------------- /Part_9/9.2_File_and_Directory_Discovery/Documents/clients.csv: -------------------------------------------------------------------------------- 1 | Fake Name, (987)-654-3210, 123-45-6789, fake2@yahoo.com -------------------------------------------------------------------------------- /Part_9/9.2_File_and_Directory_Discovery/FileDiscovery.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/Part_9/9.2_File_and_Directory_Discovery/FileDiscovery.py -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/README.md -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hposton/python-for-cybersecurity/HEAD/requirements.txt --------------------------------------------------------------------------------