YACC

 (YACC:  Yet Another Cool Class - not the parser generator)

I love the low cost online courses that I've taken this summer.  There's nothing like spending a Saturday focused on writing cool programs ... learning something new, with a knowledgeable instructor talking you through the tricky parts.

I just finished taking the second Ruby for Information Security Professionals course offered by Marcus Carey at threatagent.com.  Not surprisingly, I walked away a bit smarter and with a big grin on my face.

While his first class (http://jrnerqbbzrq.blogspot.com/2013/08/more-cool-classes.html) provides an introduction to Ruby in the context of writing Ruby code for Metasploit, this class doesn't touch Metasploit. Instead, it assumes you have a basic familiarity with Ruby, and focuses on various techniques for accessing Open Source Intelligence.  What this means is that he walks you through writing code to pull down information from various on-line sources of public information such as Bing, Twitter, LinkedIn and Shodan. :-)

By visiting several different sources of information, Marcus is able to introduce us to different techniques to collect information.  So for example, Bing provides a really sweet API that gives you  access to the full power of their search engine and get results back in easily parsed json.  LinkedIn however, chooses to hoard their information, forcing us to scrape information off their web pages.  Marcus shows us how to reverse engineer LinkedIn pages and use the power of Nokogiri to pull useful information from LinkedIn's cold-dead-hands.  How cool!

The class is taught via a webinar, where Marcus shares his desktop to demonstrate code as he builds up applications in real-time.  While watching Marcus' desktop, in another windows we're developing the same code.  When we have questions, Marcus can just demonstrate the answer for us to see. This is a great paradigm for teaching a class like this.  However, it works better if you can use two monitors - one with Marcus' desktop and the other showing the window that you're working in. If your desktop only has one monitor, you'll be switching back and forth between windows a lot. (Maybe pressing your laptop into service to watch the webinar would work.) He also provides a reference document which shows some of the key code snippets.

The class assumes you've taken his first Ruby course, and while Marcus works hard to bring everybody up to the same level, you'll probably struggle if you've never seen Ruby before.

You need to have a working copy of Ruby, with the 'whois', 'open-uri', 'nokogiri', 'shodan' and 'twitter' Ruby packages installed.  It would behoove you to get these installed ahead of time, I found that I couldn't get 'nokogiri' to install on my preferred Ubuntu system  - fortunately it installed with no fuss on my Pentoo system so I used that for the class.  Lots of folks used Kali, which seemed to work well.

Afterwards, Marcus makes available a video of the entire class.  Great for review.

So here's the bottom line:  For $125, this 8 hour long class is a screaming deal.  It's relevant to what we do, it's very well taught and it's just good wholesome fun!

You can read about it at: https://www.threatagent.com/training/ruby_osint

More Cool Classes

Last weekend I had the opportunity to take another really fun course.  This one was Ruby Programming for Information Security Professionals, offered by Marcus Carey at ThreatAgent.com. (https://www.threatagent.com/training)

It dovetailed very nicely with the Penetration Testing courses I took from Georgia Weidman earlier this summer.  Georgia's courses provided an accelerated introduction to using Metasploit (and some other pentesting tools).

With Georgia's classes under your belt, Marcus' Ruby class gives you one of the tools you need to take using Metasploit to the next level.  Since Metasploit modules (and Metasploit itself) are written in Ruby, Marcus' class gives you the introduction to Ruby that you need to start writing Metasploit modules.  And even if you're not itching to write an exploit module just yet, he teaches more than enough to let you read and understand Metasploit modules - which is itself a very powerful capability.

About 2/3 of the class is spent in an introduction to Ruby, starting with using the irb interactive Ruby environment, and moving on to the basics of the language.  Ruby turns out to be a delightful language and a pleasure to learn.  Marcus takes the class through the basics of the language using lots of hands-on examples, so it never gets boring.   After we've learned enough Ruby to be "dangerous", we finish off this part of the course writing some quick examples doing things like parsing json, accessing a web site, and making DNS queries.  What fun!

However, the last 1/3 of the class is the real pay-off.   That's when we start writing a Metasploit module.  The module utilizes some of the code we'd already written, and does a simple DNS reconnaissance of a selected domain.   Utilizing a template provided by Marcus, we go through the basics of producing a module which can be integrated into Metasploit.

As with the classes I took from Georgia Weidman, the class it taught via a live webinar.  It's easy to ask questions, and Marcus is very responsive and attentive to his students.  He teaches the class assuming that you're either running Ruby and Metasploit directly, or that you're running Kali.  The only "attacks" are really just accessing public DNS and web sites, so there's no need to provide sacrificial VMs for us to attack.  He provides a written outline for the class, which is very helpful as you work along with him through the examples.  After the class, he provides a video of the webinar, so you can review the class in detail.  Overall, the class is presented in an organized, interesting and professional manner.

As with Georgia's classes, this class is an incredible deal at $125 for the day long class.  If you'd like to read my rant about the cost of training, go back to my review of Georgia's class - which along with Marcus' class, is an example of what our community needs more of.

Since I've taken the class, I've been on an orgy of coding up a module for Metasploit.  It's been a long time since I've been so enthused about a project that I've gone into sleep-deprivation mode to work on it. :-)  I have Marcus to thank for that!

Anyway, here's the bottom line.  Ruby Programming for Information Security Professionals, taught by Marcus Carey is an awesome course.

This class is for you if you have some programming knowledge, but don't know Ruby and want to jump into writing Metasploit modules.  Yes, you can RTFM.  But for a relatively little bit of money, and 8 hours of your time, you can really jump-start the process and go from zero to writing a Metasploit module by the end of the day.  Of course, there's a ton about both Ruby and Metasploit that he doesn't have time to cover, but you will have enough that you can move forward by writing code ... not by just reading about writing code.

Combine this with Georgia's classes (take them first), and you'll be well on your way to being a very competent Metasploiter  (is that a word :-)

BTW, a little while ago I finally looked at Python ... and fell in love.  I've been studying it since then, with the intention of abandoning Perl for Python.  But I have to admit, Ruby really appeals to me and I'm wondering if I may just abandon Python and do all my programming in Ruby. Does that make me a fickle person? :-)