Python for Cybersecurity

Nicholas Barker

2024-10-11

Introduction

When looking at languages that could have a good placement in Cybersecurity, Python is one of those no brainer languages. It is very strong, it has a place in every OS (Windows, MacOS, Linux), and the syntax is quite simple. I decided that I wanted to do another Coursera class. The class that I am following is INFOSEC’s Python for Cybersecurity Course.

Background Knowledge

My background in Python comes from taking classes in college where we weren’t doing things that related to cybersecurity, rather it was just to learn the language. As someone with knowledge in prior languages, learning Python wasn’t too hard.

When it comes to the cybsercurity knowledge for this class. The class assumes you understand things like the OSI Model, reading packets, SYN/ACK, etc. I would highly recommend taking a class before going into this one that covers the basics of cybersecurity. I could see that if I were brand new, I would be a little lost because of a lot of terminology that isn’t covered before the class. If you don’t know how networks work, I would recommend taking a more beginner friendly class.

Content

Initial Reaction

Looking at the content so far, we are building things in python that are based on applications that are used in the industry already. For example, one of the modules covers a port scanner. This port scanner is very basic but it shows how to do SYN/ACK with TCP/DNS with python. There are better tools to use but it is nice to see under the hood on how a port scanner actually works in Python. I’m of the opinion of “don’t fix what isn’t broken”, so I will be staying with tools I already use.

Class Breakdown

The class modules follow the different seciton of MITRE ATT&CK. Starting wirth Pre-Att&ck and moving through the different sections. It is a very clever way to break down the class, because, it shows one way that an engineer could breakdown the different sections when attacking a company, infrastructure, etc. My main takeaway from this class is that following things like MITRE ATT&CK and the Lockheed Cyber Kill Chain are great ways to learn and understand the way of attacks. This is good for both red and blue team operations. If you know what to look for you can identify what section of the attack a threat actor is on.

Overall

Overall the content was very good. I was planning on a more interactive class but I was surprised that we were essentially looking at code, not writing it. There are resources online if you require a more interactive approach to programming. This class more of less shows and explains how we could write custom tools for cybersecurity if we can’t find something to do it for us already.

TL;DR

The class was very short and the check on learnings were directly correlated to what was talked about in the videos. The github repo attached to this class allows for users to go back and look at the code so that they can actually test out the python scripts. I probably won’t continue the rest of the specilization because there are better courses that provide industry level certifications on Coursera.