+1 -1 +16
Vote on this proposal

Security Toolsmithing: Writing security tools in Python

by Yashin Mehaboobe (speaking)

Section
Workshops
Technical level
Intermediate

Objective

This talk will be a hands on session that will cover how to create new security tools using Python. We'll go over the basics of python, how to utilize various modules and mainly on how Python can be utilized in various different security domains.

Description

Automated tools make up a large part of a penetration test or a forensic investigation. There are a large amount of tools available for almost every security related job, but sometimes the available tools just won't do for a particular scenario. This is when you need to start coding your new tool or improve upon an existing tool. Python is one of the tools widely used for this purpose. Its ease of use along with the availability of a large amount of modules have made it the language of choice for many penetration testers.

This talk will be divided into 4 domains:
1. Network penetration testing:
Introduction to modules such as socket, scapy !@# for network based attacks and defences. After that attendees will learn how to create a sniffer, a packet crafter and more in Python utilizing the information learned.
2. Malware Analysis:
pefile,yara,volatility and other malware analysis modules are introduced. Then a sample demonstration of how to create a yara based malware detection platform.
3. Web app testing:
Introduction to modules such as requests,mechanize and BeautifulSoup and how it can help in a webapp pentest.
4. Exploit and payload generation:
This section will mainly focus on memory based attacks and how to call various system API from within Python. Attendees will also learn how to inject payload into memory and create custom payloads using Python.

Requirements

Ubuntu/Windows with Python2.7
Following libraries:
scapy:http://www.secdev.org/projects/scapy/
impacket:http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=tool&name=Impacket
requests:http://docs.python-requests.org/en/latest/user/install/#install
BeautifulSoup:http://www.crummy.com/software/BeautifulSoup/bs4/doc/
Keyczar:http://www.keyczar.org/
pefile:https://code.google.com/p/pefile/
yara:https://plusvic.github.io/yara/

Speaker bio

Yashin Mehaboobe is a security researcher with the OpenSecurity and a Student Partner with Microsoft. His areas of interest in this field span hardware security,network security, malware analysis and reverse engineering. He had discovered a denial of service vulnerability in Android that he reported to Google and presented at Defcon Kerala. His work includes creating a static file based web application fingerprinting script for nmap, automated malware detection system for the Raspberry Pi, a network proxy in Python and a malware analysis framework in Python. He's been also invited to speak at HITB Asmterdam, Defcon Bangalore,Nullcon, c0c0n and Toorcon San Diego.

Comments

Login with Twitter or Google to leave a comment →