@ISC2PGHChapter - Hands on Scripting lab with PowerShell and Python

(ISC)2 Pittsburgh Chapter - Hands on Scripting lab with PowerShell and Python (bring a laptop) [Packet Capture Analysis with Python, Network Flow Analysis with Python, Host Intrusion Detection with Powershell, Windows Filesystem Scanning with PowerShell] Presenter: Joshua Acklin, Cyber Security Engineer, CERT Introduction and completion of these labs. Packet Capture Analysis with Python This lab covers Python 2.7 and all content will revolve around the most recent version of Python 2.7. Students will walk through a basic Python guide and upon completion will create a simple Python application that identifies Unique IP addresses within a Packet Capture(pcap). Utilizing the Lab guide students will create a Python class with functions that sift through a large pcap, identify IP addresses, compare IP addresses with known IP address and make logical decisions on adding an IP address to a Python data structure. Network Flow Analysis with Python This lab is a continuation of Packet Capture Analysis with Python. In this lab, students will be provided a Python script skeleton: PacketSniffer to create a custom passive network flow analysis application. Using a Python library pyshark Students will create Python Objects to analyze network flow. Upon completion of PacketSniffer Students will monitor a probe within an adversaries network to identify IP addresses, ports, protocols, and anomalous behavior. Host Intrusion Detection with Powershell This lab is a continuation of Windows Filesystem Scanning with PowerShell. In this lab, students will be provided a PowerShell script skeleton: PowerHids to create a custom Host Intrusion Detection System. PowerHids will create a Window's system baseline and a periodic monitoring check against the baseline. The Windows Systems Students are expected to monitor are, File System, Windows Registry, Network, and Running Processes. Upon completion of the PowerHids Script students will monitor a Windows system and identify changes. Windows Filesystem Scanning with PowerShell This lab introduces the fundamental basis for creating scripts in PowerShell. In this lab, you will learn some of the key aspects of PowerShell, how to traverse through a windows system identifying Key Terrain Cyber, and identifying system that have been manipulated within a Windows System. Key concepts that will be explained include the purpose of PowerShell, the use of PowerShell’s programming paradigm to create effective scripts, the four core aspects within a Windows system (network, processes, files, and the registry). On the conclusion of this module will understand the concepts and the development of a script to traverse a Windows File System creating an effective baseline in which to compare against. No experience necessary