I'm In Your $PYTHONPATH, Backdooring Your Python Programs

Presented at THOTCON 0x8 (2017), May 5, 2017, noon (50 minutes).

Does the flap of a butterfly's wings in Brazil set off a tornado in Texas? I don't know, but a change of a shell variable can lead to a malicious Python code injected into any Python program running afterwards. In this talk, I'll release pyekaboo and demo how it can be used to hijack Python module(s) and then steal passwords/sensitive data, tamper with security tools, and turn any Python program that uses sockets into an interactive backdoor. In other words, a rootkit for Python. Last but not least, I'll discuss how to detect and mitigation this attack. Come, it will be fun!


Presenters:

  • Itzik Kotler
    I'm a father, husband, hacker, and the Co-Founder & CTO of SafeBreach. What more can I say? `perl -e 'print q|A| x 1024'`

Similar Presentations: