Practical Insider Threat Penetration Testing Cases with Scapy (Shell Payload and Protocol Evasion)

Learn how to use python and scapy to perform applied penetration testing TTP’s in creating shell code and other network sec evasion from snort rules.

As the penetration testing landscape evolves and morphs; everyone seems to be “hot and heavy” on app-based testing, whether this be fuzzing a thick client or an API. One of the key things I’ve found with many clients is that they’ve gone “soft” on proper insider threat hygiene starting with network security basics. In this article, I’ll run through (2) scripts that I’ve made in Python using Scapy’s framework that can help out in many use cases: red team tunneling, purple team IOC’s, and general defender foundations. Let’s get the housekeeping out of the way:

*Disclaimer* — The tools and methodologies shown in this article are for security enhancement needs, education, and experimental use. Do not run or perform any illegal, unethical, or otherwise troublesome activities that violate policies, compliance requirements, or legislation locally or internationally.

Why this article?: Many newer security professionals in the field start rolling their eyes, followed with deep heavy groans when I still teach red and blue teams diligence in the network security fundamentals as well. No matter what your stance on where penetration testing, red teaming, and…