Workshop

Seasides 2025 Edition

Automate Your Hacking: Zero to Hero

In the ever-evolving landscape of cybersecurity, automation has become a crucial tool in any security researcher’s arsenal. While there’s no shortage of open-source and commercial information security tools, the ability to write your own or modify existing ones remains an invaluable skill.

This workshop aims to bring attendees up to date on various automation techniques for accomplishing information security tasks. The workshop covers a broad spectrum of security areas, such as vulnerability discovery & exploitation, network monitoring & security, malware analysis, and modifying existing tools.

Targeted at security professionals—including penetration testers, bug hunters, red teamers, threat researchers, SOC analysts, and network/DevOps professionals—the workshop demonstrates and teaches how security tasks can be automated easily. Using a scenario-driven approach, the workshop addresses various requirements faced by security teams, providing practical, hands-on experience in automating security tasks.

 

Advanced Security Automation Training Agenda

Linux Command-line Fu

  • File Operations:
    • Search, Parse, and Manipulate Files.
  • Bash Scripting Basics:
    • Automating Tasks Using Bash Scripts.

Web Security Automation

  • HTTP Requests:
    • Crafting and Handling HTTP Requests.
  • Working with APIs:
    • API Interaction and Automation.
  • Handling Data Formats:
    • Parsing and Manipulating HTML, JSON, XML, and CSV Files.
  • Browser Control/Automation:
    • Using Selenium and Puppeteer for Browser Automation.
  • Bruteforcing Web Applications:
    • Automating Attacks on Web Forms and APIs.
  • Writing Custom Burp Suite Plugins:
    • Extending Burp Suite Functionality with Custom Plugins.

Network/Vulnerability Scanning & Exploitation

  • Raw Socket Programming:
    • Crafting and Sending Custom Network Packets.
  • PCAP Parsing:
    • Analyzing Network Traffic from PCAP Files.
  • Automating Nmap and Custom Scripts:
    • Custom Scanning and Enumeration Scripts.
  • Bruteforcing Network Services:
    • Automating Brute Force Attacks Against Network Protocols.
  • Understanding Public Exploits:
    • Reviewing Exploits from Exploit-DB and GitHub.
  • Writing Your Own PoC Exploits:
    • Developing Proof-of-Concept Exploits.
  • Writing Nuclei Templates:
    • Automating Vulnerability Scanning with Nuclei.

Malware Analysis

  • 3rd Party Lookups:
    • Gathering Intelligence from Public Repositories.
  • File Classification and Working with Hashes:
    • Identifying and Categorizing Malware Files.
  • Handling Binary File Formats:
    • Extracting and Analyzing Data from Binary Files.
  • String Analysis:
    • Identifying Embedded Strings in Malware Samples.
  • Pattern Matching:
    • Using Regex and Yara Rules for Threat Detection.

Miscellaneous Topics

  • Automate Public Cloud Tasks:
    • Scripting Cloud Operations on AWS, Azure, and GCP.
  • OSINT and IoCs:
    • Collecting Open Source Intelligence and Indicators of Compromise.
  • Log Analysis and Reporting:
    • Analyzing Logs for Threat Detection and Generating Reports.
  • Alert Notifications:
    • Setting Up Alerts for Security Events.

 

Basic experience of writing code in any programming language (Python preferred).

Basic understanding of cybersecurity principles and networking concepts.

Laptop with 

  • Wi-Fi capabilities
  • At least 4 GB RAM free
  • Admin rights
  • virtualization software installed VMWare, VirtualBox)
  • Ubuntu-like OS on host, if not planning to use a VM

This intensive one-day hands-on workshop empowers students to create numerous practical utilities, enhancing their security automation skills. Participants will receive comprehensive notes on the workshop topics, complemented by relevant code snippets for future reference.