Python Toolsmithing 101

Presented at BruCON 0x0A (2018), Oct. 4, 2018, 1:30 p.m. (120 minutes)

In this 2 hour workshop, the attendees will learn how to create (security) tools in Python. With more than 30 years experience in the development of tools, 12 years of publication, more than 100 tools and at least a couple of tools widely used by the security community, Didier Stevens will share his knowledge in this workshop and teach attendees how to develop their own tools in Python. To get a major boost when attendees start developing their first tool, Didier will share his private templates for the development of tools and explain all the features and how to develop with these templates. These private templates will become public after this workshop. These templates are actually used by Didier to develop and publish new tools. One template is for binary files. This template can not only read and process binary files, but also binary files stored in compressed files, binary files provided via stdin, generated files, here-documents, … Output can be generated in different formats: binary, hexadecimal, ASCII/Hexadecimal, custom, … Another template is for text files. Like the binary file template, this template too has several input methods and output methods. Attendees will learn about features that are common across Didier Stevens’ tools, and that they can use in their own tools developed with the templates. After completing several exercises to get familiar with Python toolsmithing and Didier’s templates, 2 new tools (one binary tool and one text tool) will be developed by the attendees under Didier’s guidance. After the workshop, attendees will have enough knowledge to get started as a Python toolsmith. Depending on the complexity of the tools they want to create, a new tool can be as simple as programming one new Python function, thanks to the features provided by the template.

Presenters:

• Didier Stevens
  Didier Stevens (Microsoft MVP Consumer Security, SANS ISC Handler, Wireshark Certified Network Analyst, ...) is a Senior Analyst working at NVISO (https://www.nviso.be). Didier has developed and published more than 100 tools, several of them popular in the security community. You can find his open source security tools on his IT security related blog http://blog.DidierStevens.com

Links:

• https://brucon0x0a.sched.com/event/FXID/python-toolsmithing-101
• https://brucon0x0a.sched.com/event/HHbV/python-toolsmithing-101

Similar Presentations:

• ToorCamp 2022 / ${talk.name}: An Introduction to Template Injection
• HOPE 2020 Virtual Rescheduled / Defend Your Own System Through Binary Recompilation
• Black Hat USA 2015 / Server-Side Template Injection: RCE for the Modern Web App