Problem
Security concepts stick when you build the tools yourself instead of only reading about them. This repository collects the Python I wrote working through Coursera's "Exploit Development, Malware & Defensive Strategies" course — turning each topic into a small, runnable script.
Approach
- Built each tool from raw sockets where it mattered: a TCP network scanner, an ARP-spoofing man-in-the-middle, and an HTTP packet sniffer.
- Wrote a simple remote-access pair (backdoor + listener) and a keylogger to understand how offensive tooling actually behaves on the wire.
- Kept every script small and self-contained with a per-tool README, and packaged one with PyInstaller to see how a script becomes a distributable binary.
Impact
- Turns abstract exploitation and network concepts into code that can be rerun, read, and modified.
- Builds a reusable base for socket programming, packet parsing, and indicator extraction.
- Connects the offensive techniques directly to the defensive SOC and malware work elsewhere in my portfolio.
Result
A practical script library that reinforces Python as a security analyst's tool — built by hand, one technique at a time.
What I Learned
- Writing a scanner or spoofer from sockets teaches far more than running a finished tool.
- Small, readable scripts are better long-term learning assets than one-off experiments.
- Understanding how offensive tooling is built makes it easier to detect and defend against.
Next Steps
- Group the tools by workflow and expand the per-tool usage notes.
- Add sample inputs or tests for the scripts that parse network traffic.
- Turn the strongest exercises into writeup-backed mini case studies.