Date: Wed, 03 Jun 2015 11:00:00 -0400
<p>Read all of our show notes and find more information about us at <a href="http://www.pythonpodcast.com?utm_source=rss&utm_medium=rss">Beautiful Soup</a></p> <h3>Brief Introduction</h3> <ul> <li>Date of recording – May 28th, 2015</li> <li>Hosts – Tobias Macey and Chris Patti</li> <li>Overview – Interview with Mark Bagett</li> <li>Follow us on iTunes, Stitcher or TuneIn</li> <li>Give us feedback! (iTunes, Twitter, email, Disqus comments)</li> <li>You can donate (if you want)!</li> </ul> <h3>Interview with Mark Bagett</h3> <ul> <li>Introductions</li> <li>How were you first introduced to Python? – Chris <ul> <li>Started using it for automating tasks while working as a sysadmin</li> <li>Found code that launched an attack on FTP server – in Python</li> </ul> </li> <li>What are some of the tasks in your job that you use Python for? -Tobias <ul> <li>Trusted command & control backdoor for Windows <ul> <li>Mostly not used by malware authors – thus far (at least Mark hasn’t seen it used that way)</li> <li>Flame virus – 5MB payload – incredibly advanced <ul> <li>Lua interpreter bundled along with the scripts</li> </ul> </li> <li>Vale framework – Python framework that takes payloads out of penetration testing executables</li> </ul> </li> </ul> </li> <li>What is it about Python that makes it useful for penetration testing and other information security tasks? <ul> <li>Same thing that makes it useful for anything else</li> <li>mpacket from core security</li> </ul> </li> <li>What are some of the more useful Python penetration testing tools? <ul> <li>OFFENSE <ul> <li><a href="http://www.crummy.com/software/BeautifulSoup/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Beautiful Soup</a></li> <li><a href="http://www.secdev.org/projects/scapy/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">scapy</a></li> <li><a href="https://code.google.com/p/volatility/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Volatility</a></li> </ul> </li> <li>DEFENSE <ul> <li><a href="https://docs.python.org/2/library/collections.html#collections.Counter?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Counter dictionary from collections</a></li> <li>Pandas</li> <li>iPython</li> <li>matplotlib</li> </ul> </li> </ul> </li> <li>We’ve noticed that a lot of the literature around information security and penetration testing focuses on targeting Windows. Can you enlighten us as to why that is? <ul> <li>Windows event tracing <ul> <li>logman</li> <li>event trace providers – implement packet sniffing (Can turn every browser into a key logger)</li> </ul> </li> <li>Primary attack surface – Where most attacks are targeted</li> <li>Fewer purely Linux systems <ul> <li>Very few ports open – maybe 80, 22</li> <li>Very likely no user just sitting there waiting to run an executable you send</li> </ul> </li> <li>More freedom on Linux – less formalized patching process, more variable tools = more exploits</li> <li>Will write code to only use built in modules for Python that will run in customer target environments</li> </ul> </li> <li>What are some of the legal considerations that you have to deal with on a regular basis as a penetration tester?</li> <li>There have recently been a number of attacks based on hijacking the TCP/IP stack. Is Python being used for any of these exploits or tools to defend against them? <ul> <li>Data analytics</li> <li>Detect repeated sequence numbers – Man in the Middle Attack <ul> <li>As simple as 5 lines of Python code</li> <li>import scapy, start sniffing packets, pull together all packets – make list of associated packets</li> <li>Can pull together all packets inside of stream</li> <li>Time spefic source communicates with specific destination</li> <li>Bro – intrusion detection suite <ul> <li>Built into Security Onion – Doug Berks</li> <li>FLOSS Weekly episode 296 with <a href="http://twit.tv/show/floss-weekly/296?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Bro developers</a></li> </ul> </li> </ul> </li> </ul> </li> <li>What are some activities that you do on a regular basis for which you would turn to another language or toolchain, rather than using Python? <ul> <li>Powershell – The Python of windows <ul> <li>Whitelisted and ubiquitous</li> </ul> </li> <li>Password cracking – compiled language like C or assembly</li> </ul> </li> <li>For anyone who is interested in getting involved in the security industry, and penetration testing in particular, what resources or tools would you recommend? <ul> <li>Developers make the best InfoSec professionals <ul> <li>Lots of jobs and opportunities</li> </ul> </li> <li>Developer -> Systems Administration -> Information Security</li> <li>Security conferences – BSides, Defcon, Black Hat</li> <li>Online capture the flag challenges (google it) – good practice for critical thinking and using code for security exercises</li> <li>Get involved in the industry – Meetups, etc.</li> <li>SANS institute course, Python for Penetration Testers, SEC573 by Mark Baggett – sans.org</li> <li>Lots of free online resources</li> <li><a href="http://shop.oreilly.com/product/978159749957*do?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Violent Python</a></li> <li><a href="https://picoctf.com/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">PicoCTF</a></li> <li><a href="https://www.counterhackchallenges.com/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Counter Hack Challenges</a></li> </ul> </li> </ul> <h3>Picks</h3> <ul> <li>Tobias <ul> <li><a href="https://www.authy.com/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Authy</a></li> <li><a href="https://openwrt.org/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">OpenWRT</a></li> <li><a href="http://amzn.to/1FR46Ac?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">TP-Link Archer C7</a></li> <li><a href="https://www.youtube.com/watch?v=PYYfVqtcWQY&utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Schemas For The Real World by Carina C. Zona</a></li> <li><a href="https://youtu.be/IgbHzFb1hGw?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">The Soul of Software by Avdi Grimm</a></li> <li><a href="http://en.wikipedia.org/wiki/China_Mi%C3%A9ville?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">China Mieville</a></li> </ul> </li> <li>Chris <ul> <li><a href="http://www.beeradvocate.com/beer/profile/18639/121363/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Rapscallion Munich Dark</a></li> <li><a href="http://writeapp.net/mac/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Write</a></li> <li><a href="http://marginalwayfund.org/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Marginal Way</a></li> <li><a href="http://frankie-johnnys.com/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Frankie and Johnny’s</a></li> <li><a href="https://github.com/yyuu/pyenv?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">pyenv</a></li> </ul> </li> <li>Mark Bagett <ul> <li><a href="http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=tool&name=Impacket&utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Corelabs impacket</a></li> <li><a href="http://www.rekall-forensic.com/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Google Labs – Rekall</a></li> <li><a href="http://www.thecheesecakefactory.com/menu/desserts/cheesecakes/adams-peanut-butter-cup-fudge-ripple-cheesecake/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Adams peanut butter cup fudge ripple cheesecake</a></li> <li><a href="http://www.securitybsides.com/w/page/12194156/FrontPage?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">BSides security conference</a></li> </ul> </li> </ul> <h3>Keep in Touch</h3> <ul> <li>Twitter: <a href="https://twitter.com/markbaggett?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">@markbaggett</a></li> <li><a href="http://www.indepthdefense.com/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">In Depth Defense</a></li> </ul> <p>The intro and outro music is from Requiem for a Fish <a href="http://freemusicarchive.org/music/The_Freak_Fandango_Orchestra/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">The Freak Fandango Orchestra</a> / <a href="http://creativecommons.org/licenses/by-sa/3.0/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">CC BY-SA</a><img alt="" height="0" src="https://analytics.boundlessnotions.com/piwik.php?idsite=1&rec=1&url=https%3A%2F%2Fwww.pythonpodcast.com%2Fepisode-8-mark-baggett-on-python-for-infosec%2F&action_name=Mark+Baggett+on+Python+for+InfoSec+-+Episode+8&urlref=https%3A%2F%2Fwww.pythonpodcast.com%2Ffeed%2F&utm_source=rss&utm_medium=rss" style="border: 0; width: 0; height: 0;" width="0" /></p>