In this course, we’ll take you on a journey to using Golang for security purposes such as OSINT technicals, scanning, reconnaissance, interacting with APIs and many more techniques that are essential for penetration testers, hackers, programmers, and network administrators. Golang is used in a wide range of security projects.
Who is this course for?
This course is for you if you are a Network Engineer, Hacker, Penetration Tester, Network Security, System Administrator and you are looking for a source to start penetration testing with Golang.
Why take it NOW?
Because the Golang is becoming more and more popular and its use in the field of security. So that in the near future most projects and security tools will be written in Golang.
Why this course?
It is a hands-on and practical course that avoids theoretical concepts. You can take this course if you want to level-up your knowledge in the penetration testing field and programming. This course is for you if you would like to write your own security tool with Golang.
What skills will you gain?
- Concurrency programming
- Write your own security tools
- Golang network modules
- Networking with Go
- Socket Programming and using it for penetration testing
- Interacting with search engines and APIs
- Google Haking
- Regular Expressions
What will you learn about?
- HTML Scraping and Escaping
- Goroutine and concurrency technicals in Go
- Bruteforce Attacks
- Information gathering and Scanning phases
- Socket Programming
- Servers and clients
- How to write a backdoor
- Using Gopacket to capture the traffic
- BPF Syntax
Throughout the course:
- And many Go packages
Tools to be taught in specific modules:
- Installation and Introduction:
- Go compiler
- Go syntax:
- Golang Pure
- Enumeration and Scanning:
- Golang Pure
- Packet Capturing:
- Brute Force:
- Shodan API
- Web Scraping:
Course general information:
DURATION: 10 hours
CPE POINTS: On completion you get a certificate granting you 10 CPE points.
- Accessible even after you finish the course
- No preset deadlines
- Materials are video, labs, and text
- All videos captioned
Estimated times to finish the course modules:
- Installation and Introduction, 34m
- Go syntax, 100m
- Enumeration and Scanning, 80m
- Packet Capturing, 60-80m
- Brute Force, 60-80m
- OSINT, 60-80m
- Web Scraping, 60-80m
- Steganography, 30m
- TOTAL: About 11 hours and 25 minutes
What will you need to follow along with the instructor?
The course can be implemented in any operating system. The only difference is in the installation of Golang.
What should you know before you join to take full advantage of the materials?
- Programming languages and their concepts (beginner)
- Networking (beginner)
- Familiarity with the steps of penetration testing
Your instructor: Saeed Dehqan
Saeed is currently a project leader working with OWASP. At OWASP, he is a security researcher and project leader.
He has extensive experience in security areas such as network security, secure coding, server security, human resource vulnerabilities, DevOps, and more. He has 4 years of experience in research and works in the cybersecurity field with some companies. In programming, he works with several programming languages and he did several projects in the security field. Also, he works with Hakin9.org and PentestMag.com as an author, board of reviewers and instructor.
Installation and Introduction
In this module, we will cover setting up the Golang development environment on Linux, Go commands, Cross-compiling and IDE.
- Installation of the Golang
- Preparing environments
- Go commands and toolchains
- Writing the first package in Go
In this module, we will cover the syntax and fundamentals of Golang. This is a quick review and not in-depth. It provides the foundation necessary for the following chapters. In the following chapters, we’ll see many examples that are enough to understand the Go syntax.
- Go keywords and Program Structures
- Variables and Data Types
- Arrays, Slice and Maps
- Functions, Pointers, Struct and Interfaces
- Control Structures
- String cipher(rot-13)
- Encrypt and decrypt a message with a key using xor gate
Enumeration and Scanning
Scanning and enumeration are critical steps to a penetration test. In this module, we’ll be using Go to enumerate and gather data about the network and scan ports, services, and banner grabbing. The most common tool to scan the ports and banner grabbing is Nmap but in this module, we’ll write our own tool to scan the hosts and detect the version of services that are active on the host. Then, we will implement TCP servers and clients and learn how to use these to write command and controls and backdoors.
- Send HTTP request and work a response
- TCP Server/Clients
- Detect the services
- Banner grabbing
- Concurrency port scanning
- Finding named hosts
- Resolving the domain to IP and vice versa
- IP Lookup
- MX records
In this module, we’ll be working with gopacket and libpcap to capture the network traffic, gain usernames and passwords from the traffic, reading and writing from the pcap files, and detecting network devices.
- Introduction and installation
- Detecting network interfaces
- Network traffic sniffing
- Filtering the traffic using BPF
- Working with pcap files
- Port scanner using Gopacket
In this module, we’ll introduce the brute force or exhaustive keys attacks and learn how to write scripts that do a powerful brute force attack.
- HTTP basic authentication
- Detect all named hosts of a Subnet Mask
- SSH password authentication
- HTML login forms
- Writing a tool to identify web paths
In the first part of this module, we talk about OSINT. Then we’ll learn how to implement OSINT techniques in practice and how to gather data from search engines and how to use Google Dorks.
- Finding Linkedin, Facebook, and Twitter accounts and posts
- Interacting with search engines
- Shodan API
- OSINT: Add another search engine to the OSINT project
In this module, we’ll write our own concurrency web scraper and crawler that crawls web pages and extracts URLs, emails, media files and entry points (forms, get parameters), and uses them for fuzzing attacks. This module is completely project-oriented.
- Parsing HTML pages
- Regular Expression(Regexp) syntax
- Extract tags and attributes
- Depth-first crawlers (DFS)
- Breadth-first crawlers (BFS)
Steganography is the concealment of a message or file within another file. In this module, we will introduce hiding arbitrary data within a PNG, PDF, and MP4. We will learn how to embed a PDF into another PDF. Also, we will write scripts to find embedded files and combine or embed any other files.
- What is the EOF technique
- File signatures
- Embedding ZIP files into a PNG
- Embedding ZIP files into a MP4
- Embedding a PNG file into another PNG
- Embedding a PDF into a PNG or a PDF into another PDF
- How to use these techniques for other file types
If you have any questions, please contact our eLearning Manager Marta at [email protected].