DURATION: 10 hours

CPE POINTS: On completion you get a certificate granting you 10 CPE points. 

In this course, we’ll take you on a journey to using Golang for security purposes such as OSINT technicals, scanning, reconnaissance, interacting with APIs and many more techniques that are essential for penetration testers, hackers, programmers, and network administrators. Golang is used in a wide range of security projects.


Who is this course for? 

This course is for you if you are a Network Engineer, Hacker, Penetration Tester, Network Security, System Administrator and you are looking for a source to start penetration testing with Golang.

Why take it NOW? 

Because the Golang is becoming more and more popular and its use in the field of security. So that in the near future most projects and security tools will be written in Golang.

Why this course? 

It is a hands-on and practical course that avoids theoretical concepts. You can take this course if you want to level-up your knowledge in the penetration testing field and programming. This course is for you if you would like to write your own security tool with Golang.


Course benefits:

What skills will you gain?

  • Concurrency programming
  • Write your own security tools
  • Golang network modules
  • Networking with Go
  • Socket Programming and using it for penetration testing
  • Interacting with search engines and APIs
  • Google Haking
  • Regular Expressions

What will you learn about?

  • Net(lib)
  • Goquery(lib)
  • HTML Scraping and Escaping
  • Goroutine and concurrency technicals in Go
  • Bruteforce Attacks
  • Information gathering and Scanning phases
  • Socket Programming
  • Servers and clients
  • How to write a backdoor
  • Using Gopacket to capture the traffic
  • BPF Syntax

Throughout the course: 

  • Go
  • GoQuery
  • GoPacket
  • And many Go packages

Tools to be taught in specific modules: 

  • Installation and Introduction:
    • Go compiler
    • Go syntax: 
    • Golang Pure
  • Enumeration and Scanning: 
    • Golang Pure
  • Packet Capturing:
    • Gopacket  
    • Libpcap
  • Brute Force:
    • crypto
  • OSINT:
    • Google
    • Shodan API
  • Web Scraping:
    • Goquery
    • Regexps
    • Evine
  • Steganography:
    • Hexdump

Course general information: 

Course format: 

  • Self-paced
  • Pre-recorded
  • Accessible even after you finish the course
  • No preset deadlines
  • Materials are video, labs, and text
  • All videos captioned

Estimated times to finish the course modules:

  • Installation and Introduction, 34m
  • Go syntax, 100m
  • Enumeration and Scanning, 80m
  • Packet Capturing, 60-80m
  • Brute Force, 60-80m
  • OSINT, 60-80m
  • Web Scraping, 60-80m
  • Steganography, 30m
  • TOTAL: About 11 hours and 25 minutes

What will you need to follow along with the instructor?

The course can be implemented in any operating system. The only difference is in the installation of Golang.

What should you know before you join to take full advantage of the materials?

  • Programming languages and their concepts (beginner)
  • Networking (beginner)
  • Familiarity with the steps of penetration testing


Your instructor: Saeed Dehqan

Saeed is currently a project leader working with OWASP. At OWASP, he is a security researcher and project leader.
He has extensive experience in security areas such as network security, secure coding, server security, human resource vulnerabilities, DevOps, and more. He has 4 years of experience in research and works in the cybersecurity field with some companies. In programming, he works with several programming languages and he did several projects in the security field. Also, he works with Hakin9.org and PentestMag.com as an author, board of reviewers and instructor.


COURSE SYLLABUS


Module 1

Installation and Introduction

In this module, we will cover setting up the Golang development environment on Linux,  Go commands, Cross-compiling and IDE.

  • Installation of the Golang
  • Preparing environments
  • Go commands and toolchains
  • Writing the first package in Go
  • Compiling

Module 2

Go syntax

In this module, we will cover the syntax and fundamentals of Golang. This is a quick review and not in-depth. It provides the foundation necessary for the following chapters. In the following chapters, we'll see many examples that are enough to understand the Go syntax.

  • Go keywords and Program Structures
  • Variables and Data Types
  • Arrays, Slice and Maps
  • Functions, Pointers, Struct and Interfaces
  • Control Structures
  • Loops
  • Concurrency
  • String cipher(rot-13)

Exercise: 

  • Encrypt and decrypt a message with a key using xor gate

Module 3

Enumeration and Scanning

Scanning and enumeration are critical steps to a penetration test. In this module, we’ll be using Go to enumerate and gather data about the network and scan ports, services, and banner grabbing. The most common tool to scan the ports and banner grabbing is Nmap but in this module, we’ll write our own tool to scan the hosts and detect the version of services that are active on the host. Then, we will implement TCP servers and clients and learn how to use these to write command and controls and backdoors.

  • Send HTTP request and work a response
  • TCP Server/Clients
  • Detect the services
  • Banner grabbing
  • Concurrency port scanning
  • Finding named hosts
  • Resolving the domain to IP and vice versa
  • IP Lookup
  • MX records

Module 4

Packet Capturing

In this module, we'll be working with gopacket and libpcap to capture the network traffic, gain usernames and passwords from the traffic, reading and writing from the pcap files, and detecting network devices.

  • Introduction and installation
  • Detecting network interfaces
  • Network traffic sniffing
  • Filtering the traffic using BPF
  • Working with pcap files
  • Port scanner using Gopacket

Module 5

Brute Force

In this module, we'll introduce the brute force or exhaustive keys attacks and learn how to write scripts that do a powerful brute force attack.

  • HTTP basic authentication
  • Detect all named hosts of a Subnet Mask
  • SSH password authentication
  • HTML login forms
  • Writing a tool to identify web paths

Module 6

OSINT

In the first part of this module, we talk about OSINT. Then we'll learn how to implement OSINT techniques in practice and how to gather data from search engines and how to use Google Dorks.

  • Finding Linkedin, Facebook, and Twitter accounts and posts
  • Interacting with search engines
  • Shodan API

Exercise: 

  • OSINT: Add another search engine to the OSINT project

Module 7

Web Crawling

In this module, we'll write our own concurrency web scraper and crawler that crawls web pages and extracts URLs, emails, media files and entry points (forms, get parameters), and uses them for fuzzing attacks. This module is completely project-oriented.

  • Parsing HTML pages
  • Regular Expression(Regexp) syntax
  • Extract tags and attributes
  • Depth-first crawlers (DFS)
  • Breadth-first crawlers (BFS)

Exercise:

  • Web Scraping: Extract CSS and javascript files from the crawled contents

Module 8

Steganography

Steganography is the concealment of a message or file within another file. In this module, we will introduce hiding arbitrary data within a PNG, PDF, and MP4. We will learn how to embed a PDF into another PDF. Also, we will write scripts to find embedded files and combine or embed any other files.

  • What is the EOF technique
  • File signatures
  • Embedding ZIP files into a PNG
  • Embedding ZIP files into a MP4
  • Embedding a PNG file into another PNG
  • Embedding a PDF into a PNG or a PDF into another PDF
  • How to use these techniques for other file types

QUESTIONS? 

If you have any questions, please contact our eLearning Manager at [email protected].

(1,550 views)

Course Reviews

3.5

3.5
4 ratings
  • 5 stars1
  • 4 stars2
  • 3 stars0
  • 2 stars0
  • 1 stars1
  1. Great materials prepared, better with more details

    4

    The course went from introduction to actual materials very quickly. The course work is very easy to digest, although much needed self research (also good if taken other security or hacking courses before).

    Other than the fact that the entire course was conducted on Kali (Linux) environment, some of the tools actually require a bit of self research to get them on your system (using Mac).

    Would like to have appendixes on the materials such as links shown and used in the course work too, although i simply paused the video and copy the links.

  2. Text to speech audio, Very less explanation on the content presented, it's only typing and watching

    1

    The content seems to be good but the “text to speech audio” is very bad and annoying. If i knew the audio is text to speech and the course is not at all engaging, i wouldn’t have purchased this course. Also, The course is missing explanations for the code presented. It’s like watching somebody type their code withoout any “valuable” explanations. I would suggest hackin9 to provide a preview of the course so that the buyers can have a feel on what to expect on the courses that they are paying for. disappointed.

  3. Great info, love more explanations

    4

    The scripts created were very useful also the techniques presented. The only regret is I wanted more explanation on go usage for every code and not looking for typing in the screen (for that, we can check directly the github repo)

  4. Traiano Giuseppe WelcomeDecember 16, 2020 at 5:54 pmReply

    Awesome way to learn Golang and get a grounding in hacking techniques!

    5

    I highly recommend this course as a major step in mastering golang for offensive security and for getting a good introduction into advanced hacking techniques.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023