Read all of our show notes and find more information about us at Beautiful Soup
Brief Introduction
Date of recording – May 28th, 2015
Hosts – Tobias Macey and Chris Patti
Overview – Interview with Mark Bagett
Follow us on iTunes, Stitcher or TuneIn
Give us feedback! (iTunes, Twitter, email, Disqus comments)
You can donate (if you want)!
Interview with Mark Bagett
Introductions
How were you first introduced to Python? – Chris
Started using it for automating tasks while working as a sysadmin
Found code that launched an attack on FTP server – in Python
What are some of the tasks in your job that you use Python for? -Tobias
Trusted command & control backdoor for Windows
Mostly not used by malware authors – thus far (at least Mark hasn’t seen it used that way)
Flame virus – 5MB payload – incredibly advanced
Lua interpreter bundled along with the scripts
Vale framework – Python framework that takes payloads out of penetration testing executables
What is it about Python that makes it useful for penetration testing and other information security tasks?
Same thing that makes it useful for anything else
mpacket from core security
What are some of the more useful Python penetration testing tools?
OFFENSE
Beautiful Soup
scapy
Volatility
DEFENSE
Counter dictionary from collections
Pandas
iPython
matplotlib
We’ve noticed that a lot of the literature around information security and penetration testing focuses on targeting Windows. Can you enlighten us as to why that is?
Windows event tracing
logman
event trace providers – implement packet sniffing (Can turn every browser into a key logger)
Primary attack surface – Where most attacks are targeted
Fewer purely Linux systems
Very few ports open – maybe 80, 22
Very likely no user just sitting there waiting to run an executable you send
More freedom on Linux – less formalized patching process, more variable tools = more exploits
Will write code to only use built in modules for Python that will run in customer target environments
What are some of the legal considerations that you have to deal with on a regular basis as a penetration tester?
There have recently been a number of attacks based on hijacking the TCP/IP stack. Is Python being used for any of these exploits or tools to defend against them?
Data analytics
Detect repeated sequence numbers – Man in the Middle Attack
As simple as 5 lines of Python code
import scapy, start sniffing packets, pull together all packets – make list of associated packets
Can pull together all packets inside of stream
Time spefic source communicates with specific destination
Bro – intrusion detection suite
Built into Security Onion – Doug Berks
FLOSS Weekly episode 296 with Bro developers
What are some activities that you do on a regular basis for which you would turn to another language or toolchain, rather than using Python?
Powershell – The Python of windows
Whitelisted and ubiquitous
Password cracking – compiled language like C or assembly
For anyone who is interested in getting involved in the security industry, and penetration testing in particular, what resources or tools would you recommend?
Developers make the best InfoSec professionals
Lots of jobs and opportunities
Developer -> Systems Administration -> Information Security
Security conferences – BSides, Defcon, Black Hat
Online capture the flag challenges (google it) – good practice for critical thinking and using code for security exercises
Get involved in the industry – Meetups, etc.
SANS institute course, Python for Penetration Testers, SEC573 by Mark Baggett – sans.org
Lots of free online resources
Violent Python
PicoCTF
Counter Hack Challenges
Picks
Tobias
Authy
OpenWRT
TP-Link Archer C7
Schemas For The Real World by Carina C. Zona
The Soul of Software by Avdi Grimm
China Mieville
Chris
Rapscallion Munich Dark
Write
Marginal Way
Frankie and Johnny’s
pyenv
Mark Bagett
Corelabs impacket
Google Labs – Rekall
Adams peanut butter cup fudge ripple cheesecake
BSides security conference
Keep in Touch
Twitter: @markbaggett
In Depth Defense
The intro and outro music is from Requiem for a Fish The Freak Fandango Orchestra / CC BY-SA