BSidesDFW 2022 - Python Code Reading

Python Code Reading

Authored and Facilitated by Count3rmeasure / @count3rmeasure

Sponsored by Count3rmeasure

Synopsis:

Your eyes feel gritty as the minutes cascade past. Time grants no favors. The dread collaboration software lacerates your concentration with demands for another status update. Is it sophisticated obfuscation, a new trivial technique, or are you simply not seeing it…

Reading computer languages, “code”, is different than reading traditional written languages and different from writing the code originally. Ask any developer to review their own work from a year before. This class attempts to empower the student to better find specific pieces of code, navigate large codebases, and enable then to contextualize the code they are reading in medium to large code bases.

This class will open with a brief overview of Python syntax and structure. It is assumed the student has some exposure to programming, not necessarily in Python.

Continuing on, the class will take an in-depth look at real world data structures and syntax. Case study examination will be include:

• specific important data structures from several real security focused projects

• reading protocols for more rapidly comprehending individual pieces and files
• regular expressions and unix command line tools for integration with python codebases

Finishing with several brief examples of real vulnerabilities in python codebases.

Join Count3rmeasure in developing a often overlooked skill, be it for a better understanding of code, improving efficiencies in reverse engineering, creating patches custom patches, stock piling CVE credits, or dropping 0-days.

Prerequisites:

• Familiarity with basic programming concepts

• Laptop needed for labs/exercises

Audience:

• Developers / Programmers
• Malware Researchers
• Vulnerability Analysts
• Penetration Testers
• SOC Analysts
• Threat Intelligence Analysts