Read all of our show notes and find more information about us at Beautiful Soup
Brief Introduction
Date of recording – May 28th, 2015Hosts – Tobias Macey and Chris PattiOverview – Interview with Mark BagettFollow us on iTunes, Stitcher or TuneInGive us feedback! (iTunes, Twitter, email, Disqus comments)You can donate (if you want)!Interview with Mark Bagett
IntroductionsHow were you first introduced to Python? – ChrisStarted using it for automating tasks while working as a sysadminFound code that launched an attack on FTP server – in PythonWhat are some of the tasks in your job that you use Python for? -Tobias Trusted command & control backdoor for WindowsMostly not used by malware authors – thus far (at least Mark hasn’t seen it used that way)Flame virus – 5MB payload – incredibly advancedLua interpreter bundled along with the scriptsVale framework – Python framework that takes payloads out of penetration testing executables
What is it about Python that makes it useful for penetration testing and other information security tasks? Same thing that makes it useful for anything elsempacket from core securityWhat are some of the more useful Python penetration testing tools? OFFENSEBeautiful SoupscapyVolatilityCounter dictionary from collectionsPandasiPythonmatplotlib
We’ve noticed that a lot of the literature around information security and penetration testing focuses on targeting Windows. Can you enlighten us as to why that is? Windows event tracinglogmanevent trace providers – implement packet sniffing (Can turn every browser into a key logger)Primary attack surface – Where most attacks are targeted
Fewer purely Linux systems Very few ports open – maybe 80, 22Very likely no user just sitting there waiting to run an executable you sendMore freedom on Linux – less formalized patching process, more variable tools = more exploits
Will write code to only use built in modules for Python that will run in customer target environments
What are some of the legal considerations that you have to deal with on a regular basis as a penetration tester?
There have recently been a number of attacks based on hijacking the TCP/IP stack. Is Python being used for any of these exploits or tools to defend against them? Data analyticsDetect repeated sequence numbers – Man in the Middle AttackAs simple as 5 lines of Python codeimport scapy, start sniffing packets, pull together all packets – make list of associated packetsCan pull together all packets inside of streamTime spefic source communicates with specific destinationBro – intrusion detection suiteBuilt into Security Onion – Doug BerksFLOSS Weekly episode 296 with Bro developers
What are some activities that you do on a regular basis for which you would turn to another language or toolchain, rather than using Python? Powershell – The Python of windowsWhitelisted and ubiquitousPassword cracking – compiled language like C or assembly
For anyone who is interested in getting involved in the security industry, and penetration testing in particular, what resources or tools would you recommend? Developers make the best InfoSec professionalsLots of jobs and opportunitiesDeveloper -> Systems Administration -> Information Security
Security conferences – BSides, Defcon, Black Hat
Online capture the flag challenges (google it) – good practice for critical thinking and using code for security exercises
Get involved in the industry – Meetups, etc.
SANS institute course, Python for Penetration Testers, SEC573 by Mark Baggett – sans.org
Lots of free online resources
Violent Python
PicoCTF
Counter Hack Challenges
Picks
TobiasAuthyOpenWRTTP-Link Archer C7Schemas For The Real World by Carina C. ZonaThe Soul of Software by Avdi GrimmChina MievilleRapscallion Munich DarkWriteMarginal WayFrankie and Johnny’spyenvCorelabs impacketGoogle Labs – RekallAdams peanut butter cup fudge ripple cheesecakeBSides security conferenceKeep in Touch
Twitter: @markbaggettIn Depth DefenseThe intro and outro music is from Requiem for a Fish The Freak Fandango Orchestra / CC BY-SA
View all episodes
