Mark Baggett on Python for InfoSec

Read all of our show notes and find more information about us at Beautiful Soup Brief Introduction Date of recording – May 28th, 2015 Hosts – Tobias Macey and Chris Patti Overview – Interview with Mark Bagett Follow us on iTunes, Stitcher or TuneIn Give us feedback! (iTunes, Twitter, email, Disqus comments) You can donate (if you want)! Interview with Mark Bagett Introductions How were you first introduced to Python? – Chris Started using it for automating tasks while working as a sysadmin Found code that launched an attack on FTP server – in Python What are some of the tasks in your job that you use Python for? -Tobias Trusted command & control backdoor for Windows Mostly not used by malware authors – thus far (at least Mark hasn’t seen it used that way) Flame virus – 5MB payload – incredibly advanced Lua interpreter bundled along with the scripts Vale framework – Python framework that takes payloads out of penetration testing executables What is it about Python that makes it useful for penetration testing and other information security tasks? Same thing that makes it useful for anything else mpacket from core security What are some of the more useful Python penetration testing tools? OFFENSE Beautiful Soup scapy Volatility DEFENSE Counter dictionary from collections Pandas iPython matplotlib We’ve noticed that a lot of the literature around information security and penetration testing focuses on targeting Windows. Can you enlighten us as to why that is? Windows event tracing logman event trace providers – implement packet sniffing (Can turn every browser into a key logger) Primary attack surface – Where most attacks are targeted Fewer purely Linux systems Very few ports open – maybe 80, 22 Very likely no user just sitting there waiting to run an executable you send More freedom on Linux – less formalized patching process, more variable tools = more exploits Will write code to only use built in modules for Python that will run in customer target environments What are some of the legal considerations that you have to deal with on a regular basis as a penetration tester? There have recently been a number of attacks based on hijacking the TCP/IP stack. Is Python being used for any of these exploits or tools to defend against them? Data analytics Detect repeated sequence numbers – Man in the Middle Attack As simple as 5 lines of Python code import scapy, start sniffing packets, pull together all packets – make list of associated packets Can pull together all packets inside of stream Time spefic source communicates with specific destination Bro – intrusion detection suite Built into Security Onion – Doug Berks FLOSS Weekly episode 296 with Bro developers What are some activities that you do on a regular basis for which you would turn to another language or toolchain, rather than using Python? Powershell – The Python of windows Whitelisted and ubiquitous Password cracking – compiled language like C or assembly For anyone who is interested in getting involved in the security industry, and penetration testing in particular, what resources or tools would you recommend? Developers make the best InfoSec professionals Lots of jobs and opportunities Developer -> Systems Administration -> Information Security Security conferences – BSides, Defcon, Black Hat Online capture the flag challenges (google it) – good practice for critical thinking and using code for security exercises Get involved in the industry – Meetups, etc. SANS institute course, Python for Penetration Testers, SEC573 by Mark Baggett – sans.org Lots of free online resources Violent Python PicoCTF Counter Hack Challenges Picks Tobias Authy OpenWRT TP-Link Archer C7 Schemas For The Real World by Carina C. Zona The Soul of Software by Avdi Grimm China Mieville Chris Rapscallion Munich Dark Write Marginal Way Frankie and Johnny’s pyenv Mark Bagett Corelabs impacket Google Labs – Rekall Adams peanut butter cup fudge ripple cheesecake BSides security conference Keep in Touch Twitter: @markbaggett In Depth Defense The intro and outro music is from Requiem for a Fish The Freak Fandango Orchestra / CC BY-SA