In this course, we’ll take you on a journey to using Golang for security purposes such as OSINT technicals, scanning, reconnaissance, interacting with APIs and many more techniques that are essential for penetration testers and hackers. Everything is different because it is Golang! Golang is used in a wide range of security projects.
Who is this course for?
This course is for you if you are a Network Engineer, Hacker, Penetration Tester, Network Security, System Administrator and you are looking for a source to start penetration testing with Golang.
Why take it NOW?
Because the Golang is becoming more and more popular and its use in the field of security. So that in the near future most projects and security tools will be written in Golang.
Why this course?
It is a hands-on and practical course that avoids theoretical concepts. You can take this course if you want to level-up your knowledge in the penetration testing field and programming. This course is for you if you would like to write your own security tool with Golang.
What skills will you gain?
- Concurrency programming
- Write your own security tools
- Golang network modules
- Networking with Go
- Socket Programming and using it for penetration testing
- Interacting with search engines and APIs
What will you learn about?
- HTML Scraping and Escaping
- Goroutine and concurrency technicals in Go
- Bruteforce Attacks
- Information gathering and Scanning phases
Throughout the course:
- And many Go packages
Tools to be taught in specific modules:
- Installation and Introduction:
- Go compiler
- Go syntax:
- Golang Pure
- Enumeration and Scanning:
- Golang Pure
- Packet Capturing:
- Brute Force:
- Shodan API
- Web Scraping:
Course general information:
DURATION: 6 hours
CPE POINTS: On completion you get a certificate granting you 6 CPE points.
Course launch date: November 17th 2020
- Accessible even after you finish the course
- No preset deadlines
- Materials are video, labs, and text
- All videos captioned
Estimated times to finish the course modules:
- Installation and Introduction, 30-50m
- Go syntax, 80m
- Enumeration and Scanning, 30-40m
- Packet Capturing, 40m
- Brute Force, 30-40m
- OSINT, 60m
- Web Scraping, 60m
- Steganography, 60m
- TOTAL: About 400m, 6.30h
What will you need to follow along with the instructor?
The course can be implemented in any operating system. The only difference is in the installation of Golang.
What should you know before you join to take full advantage of the materials?
- Bash (beginner)
- Programming languages and their concepts (intermediate)
- Networking (beginner)
- Familiarity with the steps of penetration testing (CEH level)
Your instructor: Saeed Dehqan
Saeed is currently a project leader working with OWASP. At OWASP, he is a security researcher and project leader.
He has extensive experience in security areas such as network security, secure coding, server security, human resource vulnerabilities, DevOps, and more. He has 4 years of experience in research and works in the cybersecurity field with some companies. In programming, he works with several programming languages and he did several projects in the security field. Also, he works with Hakin9.org and PentestMag.com as an author and on the board of reviewers.
Installation and Introduction
In this module, we will cover setting up the Golang development environment on Linux, Go commands, Cross-compiling and IDE.
- Installation of the Golang
- Installation of the IDE
- Go commands
In this module, we will cover the syntax and fundamentals of Golang. This is a quick review and not in-depth. It provides the foundation necessary for the following chapters. In the following chapters, we'll see many examples that are enough to understand the Go syntax.
- Data types
- Slice and Maps
- Pointers, Struct and Interfaces
- Control Structures
- Error Handling
- Json Data Type
- Encrypt and decrypt of a message with a key using xor gate
Enumeration and Scanning
Scanning and enumeration are critical steps to a penetration test. In this module, we’ll be using Go to enumerate and gather data about the network and scan ports, services and banner grabbing. The most common tool to scan the ports and banner grabbing is Nmap but in this module, we’ll write our own tool to scan the hosts and detect the version of services that are active on the host.
- Send HTTP request and receive response
- Detect the services
- Banner grabbing
- Concurrency port scanning
- Finding named hosts
- TCP Server/client
- IP to hostname
- Hostname to IP
- MX records
In this module, we'll be working with gopacket and libpcap to capture the network traffic, reading and writing from the pcap files and detecting network devices.
- Network Packet Capturing
- Working with pcap files
In this module, we'll introduce the brute force or exhaustive keys attacks and learn how to write scripts that do a powerful brute force attack.
- HTTP basic authentication
- SSH password authentication
- HTML login forms
- Database brute force attacks
In the first part of this module, we talk about OSINT. Then we'll learn how to implement OSINT techniques in practice and how to gather data from search engines and how to interact with the APIs.
- Finding Linkedin, Facebook and Twitter accounts and posts
- Gathering email addresses from a company
- Gathering hostnames
- Interacting with search engines
- Shodan API
- OSINT: Add another search engine to the OSINT project
In this module, we'll write our own concurrency web scraper and crawler that crawls web pages and extracts URLs and entry points (forms, get parameters) and uses them for fuzzing attacks.
- Parsing HTML pages
- Extract tags and attributes
- Depth-first crawlers (DFS)
- Breadth-first crawlers (BFS)
Steganography is the concealment of a message or file within another file. In this module, we will introduce hiding arbitrary data within a PNG image. This technique can be useful for exfiltrating information, creating obfuscated C2 messages, and bypassing detective or preventive controls.
- Hiding data in images
Final exam - MCQ test
If you have any questions, please contact our eLearning Manager Marta at [email protected].