In this course, we’ll take you on a journey to using Golang for security purposes such as OSINT technicals, scanning, reconnaissance, interacting with APIs and many more techniques that are essential for penetration testers and hackers. Everything is different because it is Golang! Golang is used in a wide range of security projects.


Who is this course for? 

This course is for you if you are a Network Engineer, Hacker, Penetration Tester, Network Security, System Administrator and you are looking for a source to start penetration testing with Golang.

Why take it NOW? 

Because the Golang is becoming more and more popular and its use in the field of security. So that in the near future most projects and security tools will be written in Golang.

Why this course? 

It is a hands-on and practical course that avoids theoretical concepts. You can take this course if you want to level-up your knowledge in the penetration testing field and programming. This course is for you if you would like to write your own security tool with Golang.


Course benefits:

What skills will you gain?

  • Concurrency programming
  • Write your own security tools
  • Golang network modules
  • Networking with Go
  • Socket Programming and using it for penetration testing
  • Interacting with search engines and APIs

What will you learn about?

  • net(lib)
  • GoQuery(lib)
  • html(lib)
  • HTML Scraping and Escaping
  • Goroutine and concurrency technicals in Go
  • Bruteforce Attacks
  • Information gathering and Scanning phases
  • Socket Programming
  • Servers and clients

Throughout the course: 

  • Go
  • GoQuery
  • GoPacket
  • And many Go packages

Tools to be taught in specific modules: 

  • Installation and Introduction:
    • Go compiler
    • Go syntax: 
    • Golang Pure
  • Enumeration and Scanning: 
    • Golang Pure
  • Packet Capturing:
    • Gopacket  
    • Libpcap
  • Brute Force:
    • pq
    • go-sql-driver/mysql
    • mgo.v2
  • OSINT:
    • Google
    • Shodan API
    • Goquery
  • Web Scraping:
    • Goquery
    • Regexps
  • Steganography:
    • Hexdump

Course general information: 

DURATION: 6 hours

CPE POINTS: On completion you get a certificate granting you 6 CPE points. 

Course launch date: November 17th 2020

Course format: 

  • Self-paced
  • Pre-recorded
  • Accessible even after you finish the course
  • No preset deadlines
  • Materials are video, labs, and text
  • All videos captioned

Estimated times to finish the course modules:

  • Installation and Introduction, 30-50m
  • Go syntax, 80m
  • Enumeration and Scanning, 30-40m
  • Packet Capturing, 30m
  • Brute Force, 30-40m
  • OSINT, 60m
  • Web Scraping, 60m
  • Steganography, 60m
  • TOTAL: About 400m, 6.30h

What will you need to follow along with the instructor?

The course can be implemented in any operating system. The only difference is in the installation of Golang.

What should you know before you join to take full advantage of the materials?

  • Programming languages and their concepts (beginner)
  • Networking (beginner)
  • Familiarity with the steps of penetration testing

Your instructor: Saeed Dehqan

Saeed is currently a project leader working with OWASP. At OWASP, he is a security researcher and project leader.
He has extensive experience in security areas such as network security, secure coding, server security, human resource vulnerabilities, DevOps, and more. He has 4 years of experience in research and works in the cybersecurity field with some companies. In programming, he works with several programming languages and he did several projects in the security field. Also, he works with Hakin9.org and PentestMag.com as an author, board of reviewers and instructor.


COURSE SYLLABUS


Module 1

Installation and Introduction

In this module, we will cover setting up the Golang development environment on Linux,  Go commands, Cross-compiling and IDE.

  • Installation of the Golang
  • Preparing environments
  • Go commands and toolchains
  • Writing the first package in Go
  • Compiling

Module 2

Go syntax

In this module, we will cover the syntax and fundamentals of Golang. This is a quick review and not in-depth. It provides the foundation necessary for the following chapters. In the following chapters, we'll see many examples that are enough to understand the Go syntax.

  • Go keywords and Program Structures
  • Variables and Data Types
  • Arrays, Slice and Maps
  • Functions, Pointers, Struct and Interfaces
  • Control Structures
  • Loops
  • Concurrency
  • String cipher(rot-13)

Exercise: 

  • Encrypt and decrypt of a message with a key using xor gate

Module 3

Enumeration and Scanning

Scanning and enumeration are critical steps to a penetration test. In this module, we’ll be using Go to enumerate and gather data about the network and scan ports, services, and banner grabbing. The most common tool to scan the ports and banner grabbing is Nmap but in this module, we’ll write our own tool to scan the hosts and detect the version of services that are active on the host. Then, we will implement TCP servers and clients and learn how to use these to write command and controls and backdoors.

  • Send HTTP request and work a response
  • TCP Server/Clients
  • Detect the services
  • Banner grabbing
  • Concurrency port scanning
  • Finding named hosts
  • Resolving the domain to IP and vice versa
  • IP Lookup
  • MX records

Module 4

Packet Capturing

In this module, we'll be working with gopacket and libpcap to capture the network traffic, reading and writing from the pcap files and detecting network devices.

  • Network Packet Capturing
  • Gopacket
  • Libpcap
  • Working with pcap files

Module 5

Brute Force

In this module, we'll introduce the brute force or exhaustive keys attacks and learn how to write scripts that do a powerful brute force attack.

  • HTTP basic authentication
  • Detect all named hosts of a Subnet Mask
  • SSH password authentication
  • HTML login forms
  • Database brute force attacks

Module 6

OSINT

In the first part of this module, we talk about OSINT. Then we'll learn how to implement OSINT techniques in practice and how to gather data from search engines and how to interact with the APIs.

  • Finding Linkedin, Facebook, and Twitter accounts and posts
  • Gathering email addresses from a company
  • Gathering hostnames
  • Interacting with search engines
  • Shodan API

Exercise: 

  • OSINT: Add another search engine to the OSINT project

Module 7

Web Crawling

In this module, we'll write our own concurrency web scraper and crawler that crawls web pages and extracts URLs and entry points (forms, get parameters) and uses them for fuzzing attacks.

  • Parsing HTML pages
  • Extract tags and attributes
  • Depth-first crawlers (DFS)
  • Breadth-first crawlers (BFS)

Exercise:

  • Web Scraping: Extract CSS and javascript files from the crawled contents

Module 8

Steganography

Steganography is the concealment of a message or file within another file. In this module, we will introduce hiding arbitrary data within a PNG image. This technique can be useful for exfiltrating information, creating obfuscated C2 messages, and bypassing detective or preventive controls.

  • Hiding data in images

Final exam

Final exam - MCQ test 


QUESTIONS? 

If you have any questions, please contact our eLearning Manager Marta at [email protected].

Course Reviews

N.A

ratings
  • 5 stars0
  • 4 stars0
  • 3 stars0
  • 2 stars0
  • 1 stars0

No Reviews found for this course.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013