Infosec Snake Wrangling: Intro to Python
Key Takeaways
The SANS Institute provides an introduction to Python for information security professionals, focusing on proper management of Python environments and applications for installing and running free tools written in Python.
Full Transcript
i have the very very distinct pleasure of introducing you to your next speaker mark baguette who i've had the privilege of working with in a variety of capacities over the years um as soon as we were putting this talk together this summit together we said oh well you know we need to have some folks talking about different command line things and what about what about coding or programming what do we do for that um i think it probably took us maybe a tenth of a second collectively between the group before like now we need march talk python because we know that mark's just got this absolute passion for it this ability to uh to bring content to folks of all levels especially folks that may not be as familiar with python and to really make that sing and make it really exciting so um this has become my programming language of choice even though i am but a uh ant of a padawan to uh to mark's abilities here and uh certainly always appreciate the chance to to learn from him so mark is one of our instructors at sands and is the course author for as you see here our security 573 course which is all about doing python stuff and he's going to share some wisdom with you today so mark thank you so much for taking the time to join us at the new to cyber summit and uh looking forward to the talk so i will happily turn this over to you and everybody uh buckle up it's gonna be a fun ride all right thank you phil and your your ever so humble introduction i have seen python code written by phil hagen it is it is no slouch there so um good good afternoon everyone so uh thank you i'm very excited to um to have this opportunity to speak to you today um i'm looking to hope to see my slides appear on the screen or do i need to bring up the slides on my system um uh as as i was coming together thinking of all right what what can i do oh thank you very much i appreciate it oh i can i can click and advance the slides so that's my fault um as i was coming together thinking all right what can we do in 50 minutes that's really going to be of value to you as someone who's who's new to cyber when it comes to python right um i could give you maybe an introduction into python um at a very high level but it really takes some time and some investment in building the skills in python before you really get a significant amount out of it i should show you some really cool things that we can do but instead i thought you know what let's talk about running python programs and how we gonna how we what kind of programs we're gonna see in information security and what is really the proper way to install these programs and interact with python programs because well as i think you'll see python is just very pervasive in information security right phil mentioned is one of his favorites i see python programs being used in all facets of information security from forensics to defense to offense it doesn't matter what you're doing really you're going to come across python programs and another thing i see is a lot of people doing it incorrectly so let's talk about kind of the right way to install python programs and how to use them very quickly about myself uh phil gave me a great introduction so i've been doing pen testing and instant response for a long time i've seen senior sands instructor uh i got my master's in information security um i was the 15th person to get the gse this thing at the bottom is is uh um something i'm uh secretly kind of proud of it's my if you grep for my name in the source code of the meta split framework it actually appears seven times in the metaplay framework now i shouldn't be really too proud of it it's really more of um a testimony to the information security community as a whole that i'm in there because i have written zero lines of code and contributed nothing to the medisplay framework but um some other people have written some modules and things like that based upon other tools that i had written in python or things like that and then written them into the metasploit framework and then well they they uh included my names in that so we have a very rich community and they're often very generous with giving credit to people and things like that as as phil was in my introduction so um that's kind of cool to at least tell my mom i'm in metasploit right so a little bit about the course i've written the course is a six day course it's broken down the first two days are really an introduction to python level setting telling you how to code in python and then we look at developing python programs in different uh vertical market spaces within information security so there's a day of writing tools that we would look at in defense and offense and then forensics and there's a capstone with the glarus as well but i'm not going to tell you too much about the course because i want to jump straight into the material and talk about python applications and how you can install them and run them in your linux systems windows systems and macintoshes there's lots of popular websites out there and applications that are developed in python if you just looked at some of the most popular websites at google youtube reddit right they're all developed in python i just noticed i have i have pin test right it should probably be pinterest but i bet you that there's still a website out there called pintest and it tests your pins for atms and i bet you they'd write that in python no i i don't know i wouldn't go to that website um but there's lots of frameworks out there that have been written in python like openstack ansible django salt home assistant is an awesome framework for doing automation of things within your house these are all written in python and then within information security many of the tools that we use in information security are developed in python things like scapy which we use for packet crafting building tcp or udp packets or ripping them apart in order to dig in and try and find attackers the recall and volatility frameworks which are used for memory forensics so capture the memory in your computer and see the commands that have been typed by attackers on your on on your systems google's rapid response incident response tool grr is written in python recall ng which we can use to do reconnaissance on the internet to go out and look and see where a company's presence is the names of their employees names of phone numbers email addresses names of servers things like that is written in python spider foot which is an open source intelligence gathering tool responder impact and these are just the ones that i could come up with in the 30 seconds that i was sitting there thinking about python project there's there are literally thousands of python pro projects that we use in information security all of the time so i want to talk about how to install these okay and how we can use them now oftentimes these python programs may not even look like python programs right the linux operating system has lots of python programs in it that are core parts of the operating system like ubuntu mac these operating systems that have python already installed on them that python is there because well the operating system needs it in order to operate you might also have python programs that you're running that have nice graphical user interfaces and things like that that are actually written as dot exes right you just download an exe from the internet double click on it and then you're running it and you may not even know you're running python programs because python is an interpreted language which means i usually have to have a python interpreter there to feed it a script to but there's also utilities that'll take a python interpreter and script and turn it into a nice executable like pi installer and oxidizer and others so it's very possible that you're running executables without even knowing it i mean for years actually in um the the dropbox synchronization utility the little icon that was in your tray that was synchronizing things to dropbox that was written in python they've they've moved it off to another language in recent years but lots and lots of python programs you may be using without even knowing it now those programs they're simple to install they're easy to run you just download the executable maybe it's downloading a single dot py and you click on it and you run it those aren't the problem it's usually when you have to download a python program and there's a setup program that's associated with it or something that things can start to go wrong okay and by that well let me introduce if this is the new to cyber right so if no one else has done this let me introduce you to xkcd right if you're not looking at this website then you're not living right it's got a comic relief for the geek inside of all of us right so it'll give some type of technical concept and it'll present it to you in the form of a comic strip or some funny comical way so this is a comic from xkcd that's related to python and how well python behaves and you see all these complex lines that are actually an accurate representation of all of these different directories and structures and places that python can put its components on a macintosh on a linux if you install it with anaconda if you install it with pip if you run setup.py how the operating system has its path it's binary it's it gets to be a complete mess so much to the point that the authors of xkcd said you know my python environment has become so degraded that my laptop has um has been declared a super sun fund site right so yeah some of the the best uh many truths have been told or have many a truth has been spoken in jest right is the original quote that um says that you know people will say in jokes things that are very true and it is true that python's installation process is a mess it didn't start out as what it is today it started out as all of these different little standards that people have developed and built over time but today there is a nice easy way to install python packages and have them work consistently and we're going to talk about that and we're going to talk about how you can install python apps get them maintained correctly and avoid all the frustration that can come from well installing them in these multiple ways so let's talk about what people do and the right way to do it so we're going to talk about infosec snake wrangling right the python is our snake we're going to wrangle that snake and we're going to go through a couple of different levels of being an infosec snake wrangler so the first level of being an info snack sex snake it's it's not intimidating really it's very easy to do anybody can do this unless you've got a phobia right and that is just we're just going to run setup.exe to install things on windows and we're just going to use the default linux installation that already exists on my linux and macintosh apps and so we're just going to use the built-in python or install python on windows now python is excuse me an interpreted language i've got stuff on my classes python is an interpreted language which means i have to have some type of an interpreter there to read these scripts and then we'll execute the code that's inside the script this is much different than like a c program where you will create source code and then you run through some compiler and the compiler creates an executable that you can just run on any windows system so the computer has to have the python interpreter and the script installed before you can run these python scripts now there are utilities as i mentioned like pi installer nueta and others that can take both the interpreter and the script and turn them into a dot exe that makes these things distribute distributable but most of the time that we're going to be running pythons we're going to have to have that interpreter installed on our system so it's not installed already for you on windows systems it is installed on many linux systems but we'll talk about that in um in just a moment but on python you're going to have to install it yourself now python does have what we call an application alias set up on it this has been in microsoft for the last couple years where if you type python on a windows system it'll actually will take you to the microsoft app store and have you download a copy of python from microsoft and this gives us some insight as to how important python is to microsoft if you were to look at the list of application aliases that they've created they've created an alias for spotify so if you type spotify it'll take you to the app store if you type edge it'll take you to the or microsoft edge it'll take you to the um app store and if you type python it'll take you to the app store i'm not aware of a whole lot of other application aliases things that if you just type the command instead of just saying command not found that they redirect you to the app store right but python is one of those things what's more if you've installed one of those linux subsystems for windows so in on your windows system you can say install kali linux or install ubuntu on my windows system and then you can actually get a bash prompt if you've done that then you already have python installed and you can run it from a command prompt so at a command prompt i could create a little script that's on my system and then i could just say by bash minus c and then in quotes python and then path to my script and i can run that script so if you've installed that you have linux installed already but if not okay fine so i i open up a terminal window i type python and it takes me out to microsoft's app store and it has me install python now you can do this but i i don't recommend that you install it this way because one is it's just going to put it into your user profile if you're the only one using your laptop that's fine but in you know corporate environments we have shared infrastructure and things like that every user profile gets its own unique copy of python with all of the libraries just duplicated into all of those directories and it doesn't work exactly the same way that well i'm used to using python instead it kind of works like one little virtual environment that's just been installed in your system but what's nice about this is it's installing in the user profile it doesn't require admin access it just installs and in some networks and some organizations businesses they might have things that prevent you from installing things that you download from the internet but quite often they allow the things that are coming from microsoft's app store so as an offensive person right having the ability to install python on lots of machines is useful to me so the fact that they've added this to the app store makes it very nice now by what i'm going to do instead is if it's an option for me i'm going to go to python.org and i'm going to download python from there to put it on my windows system myself now when you run the python program i'm just going to show you a little bit of the things that you probably want to check when you're going through and installing python right you can tell it you want to add python to your path you want to install it for all users i will almost always use do a custom installation and not use this install now and when i go into my custom installation i come up with this thing where it says which options do you want to install well if i'm installing it for me as a user like i'm not going to be writing programs i just want to be running programs i need all the lines that start with a lowercase p right so this line here that says pip i need that one and the line that says pi launcher and for all users i want those check boxes checked but if i'm going to be writing software code then i really need the documentation that that tcl and the test suites those are the other ones that i need if i'm going to be developing applications so which one you install is really up to you after you've done that it's going to then ask you for these other advanced options really i always click install for all users that way it'll allow me to run things as an administrator and have it run or run it as a normal user and have things in different users profiles and and it's not going to be limited to one user and i will usually check all of these boxes when i install it onto my system just so that i have it on there sometimes if you don't check all those boxes you'll download some packages and it's looking for certain libraries and then it doesn't work and then you think that package is broken when in fact it was your python installation so there's you've got you usually have plenty of hard drive space i will install all those debugger symbols and other things that we don't most the time we don't need but on occasions when you do it's important to have them there and once you're done with that you've successfully installed it it'll have a little thing that says hey do you want to disable path length on that system which um you can or um can do or you don't have to do it it's really up to you um it never hurts to disable that path link as far as i know okay then once you've got it installed well now on your windows system if you create a dot py program and you double click on it it will run it but here's the thing is many of our python programs that we use in information security are actually intended to be run at the command line not through the graphical user interface and so they might do something and produce some output but if i click on into the graphical user interface what happens is it launches it it runs it and then it closes the window down so you'll see here a little video in the bottom right hand corner where i'm clicking on this executable and you might see momentarily this black window come up on the screen and then it goes away and then i click on it again and it comes up and it goes away right so if you've installed python and you've downloaded python scripts you probably aren't going to be clicking on on them on your desktop instead you're going to want to open up a command prompt and then run the programs from there now when you run them at the command prompt you can run them in the command prompt we've got powershell which is another um thing that we can install on windows and we can use it in both of those but using powershell and command prompt they'll work but it doesn't have all the features that you really want to run a python program microsoft's got this new app called the microsoft terminal that you can install from the microsoft app store and if you're going to be running python programs on windows i highly recommend that you do that here you can see the difference between running this python program named hello which just prints a bunch of characters to the screen i'll add a command prompt and then a powershell versus doing it in a same powershell but now inside of microsoft's terminal program and there you can see that that third option i get all of those emojis and other things which in the other languages are just displayed as square brackets right so microsoft terminal has full support for all these different characters i would if you're going to be running on a windows system i'd highly recommend that you use microsoft terminal to install and run those applications now if you're going to be running on windows systems then the way that we launch python programs is not by typing python space the name of our script it's actually supposed to be pi dot name of the script pi.exe is the name of the windows launcher program and what its job is its job is to find the python interpreter for you and then run the script all right so it's it's roughly equivalent to this python pro the command python that we have on a linux system which launches scripts now in reality if you've only got one version of python installed and you're not using any virtual environments python and pi they're going to do the exact same thing you've only got one so if pi's job is to find it and run it well python is going to do the exact same thing but i'm going to now switch over and show you how we can run programs on windows on linux but just know that if you're actually using windows terminal and pi.exe then everything i'm about to say about linux works virtually the same as it would on a windows system so on your mac and on your linux system the way we run python is we say python space and then the name of the program and it runs the program so python on linux or mac and links is roughly equivalent to pi.exe on windows now you can instead of letting python find your interpreter and run it you can be specific and say i want this to run inside of a specific version of python so here you can see two examples say run it in python 3.9 or run it in python 3.8 and each of these different versions of python have new features and functionality that's in there so it's important that my pro that i run my program in an interpreter that's compatible with it for the most part it's it's not really tightly coupled i can download most programs off the internet and run them through a python 3.8 3.9 3.7 and they will well for the most part work now if i downloaded a program that somebody just wrote yesterday then they might have written it in the very latest version of python that was just released yesterday which means i'd need to get that version almost always the person that's distributing those programs will have some type of documentation that that says if you got to run in a specific version then they'll tell you that but i think most python developers tend to write programs with the intention of i'm writing this program i really want people to use this and i want to write a program that's going to be flexible and work on lots of different versions so they will make their programs work for many different versions of python now as i said linux is already installed on mac and linux and you can use that right and this is what we've been talking about at level one is we're just going to use the python and the linux the python installation that already comes with the operating system but there's some problems that come with that right and that is that that python really wasn't put there as a convenience to you the people who wrote ubuntu and the people at apple's didn't say you know we're just gonna go ahead and install python for everybody because we think it's awesome and we know that people are gonna wanna they're gonna be glad that that python interpreter is there python is there because the operating system itself has tools that run python and what that means is when i download updates for my operating system i update my linux system or i update my macintosh well they're gonna if they want up new modules inside of their python installation they update those modules and they just re install and change that python installation as the operating system sees fit so it's not really there for us and if i write a or i install a program and it requires version one of the module and it works for a while and then i update my operating system and all the pro sudden my program stops working that's going to cause me frustration and i'm going to think what happened to my program why did this thing work yesterday and now it doesn't work today and the answer is well because the operating system updated those patches so this can lead to some frustration and we can avoid some of that frustration by going with a well slightly different version of this let's talk about level two snake wrangling with level snoo 2 snake wrangling it's a little bit more intimidating but it's much more beautiful okay and isn't that real you know i'm not a big snake guy right i love python but actual pythons not a big fan but i look at that i'm like wow that is such a pretty snake anyway um level two snake wranglers we're going to actually install apps the right way instead of just downloading these dot pys and running them or um or downloading the executables we're going to actually use python's official package manager to find download and install python programs on our system so a level two snake wrangler we're going to use this program called pip to install things now most people just download things from there and they'll do python setup install and you can do that but there's a better way than doing python setup install and that is to use pip now there's a pip command that you can run on many systems you just say pip and it will let you install things but the way that i usually run pip is i'll say python minus m pip and what this says is it says hey python run pip i'm asking python to run it on my behalf that there's an advantage to that and that i am sure that i'm running the pip that's associated with my python environment right if i have many different python environments i'm not exactly sure where the pip command is pointing to is it pointing to the one that i'm using or somewhere else so it might install it in the wrong place so i actually prefer to run commands with python minus m pip but if you just do that it will show you all right here's my command line arguments i can install things i can download things i can uninstall things it's got all of these different options that are available to me that i can use with pip now that minus m option as i said that set tells python hey python go find pip that's inside of your directory structure right keep in mind i could have three or four different versions of python installed if i've only got one it's not a problem but if i have multiple versions python minus m says go find the pip that's associated with your installation and run that whereas if i run pip i might be running one that i wasn't expecting it to run now python has its own path right so the operating system has a path so when i'm at a command prompt and i type um winword on a windows system it has a series of directory structures that it goes through trying to find winword.exe which is microsoft word and when it finds it it launches it but it has a series of directory structures that it goes through to try and find that executable so the operating system has a path python also has a path python has a list of places where it looks for different python programs and so when you look at python you can see that the path is made up of some standard things so it's going to be the current directory and then a series of standard modules but then it's also got these custom modules that can be different for every different python installation and this last set of directories here that you see in that second row there these can be customized based for each and every instance of the python interpreter that i've got on my system now normally in order to find a program on uh on that's in python's package repository and install it i could just run the command python minus m pip search and then tell it to search for something like search for um search for m packet and it'll go out to python's package repo which you can think of it like as the iphone itunes apple or the app store right i go to the apple store i can search around for commands i want and then i can say install on that application and installs it on my phone with python's pip i can also tell it to go out and search the wealth of python packages that are available find what's out there and then i can install it so normally i could do that by just saying python minus m pip search and search for something but if you were to do that today you'd get a nasty error message that says sorry pip has been under an extended denial of service attack for uh since november of last year um and you can't do pip searches at the moment and actually the message says and so we're going to deprecate this feature we're no longer going to support search moving forward so the way that we have to find packages today and i think this is unfortunately is probably going to be the way that we're going to have to do it moving forward is we're going to have to go out to this website this website called pipe.org if i go out to pipe i and i put in a search term it'll go through a list of all of these different python programs that are available that match the term the name i give give it and then i'll get back a list of all these different packages that i can install so here you can see i search for impact and then in the results down the bottom you can see it says impact 0.922 that's the name of a package that i could install inside of my python environment and when i'm ready to do that i would just say pi if i'm on windows system pi minus m pip install and then the name of the package so in this case it's going out to the package store it finds the package that's named reassembler and it downloads the reassembler package to my local system and it installs it on a linux or mac this would be python minus m and on a windows system it's pi minus m and this downloads installs the package and now i can begin executing that package in most cases right well what if my app isn't in the app store right i went out to pipe.org and i couldn't find anything that does what i want but i do do a google search and it takes me to a github page and this github page has python applications that i can install and use well that's typically where people would download it and run python setup install but you don't have to do that there either i could download it and then i could say python minus m pip install and then point it at the directory that i just downloaded from the website but i don't even have to install download it from the website if it's on github most of the time you can install python packages on your system directly from github so i could say something like python minus m pip install git plus http and then just give it the url that that package is installed on so for example here you can see i'm installing git hdp github.com mark baggett reassembler it's going to go out it's going to grab the reassembler package download that and install it on my system now the beauty of using pip is well it also has the ability to upgrade packages so i can pip install upgrade and it can look for new versions download new updates and things like that and it maintains everything for me allows me to also clean um remove things with using pip uninstall and other things so pip is the way to go now when you run these installations and you download these packages and install it most the time it will work but there's still some situations that can we can run into problems here with even using pip to install these things there's lots of programs like scapy impact reassembler all these things that we use in information security where not only does it download the package but it wants to add new executables to your operating system path right after i install scapy i can just type scapy and it launches a scapy prompt or after i install reassembler i just type reassembler and it launches the reassembler back door well it adds these programs to my operating system path and here you can see i'm using the which command in linux which command will tell you where a specific file is installed so when i say which scapy you can see that it's got this home student python environment it it's trying to put scapy in a directory but the problem is that many cases that's not part of my path so let me show you an error message or two that you might end up seeing if i was to just do pip install reassembler and i was it's going to go out it's going to download this package and then it's going to try and add that package to my path but pip doesn't have permissions to add this to the path um to your operating system path in most cases so here you can see an error message in this window that says hey um warning the script reassembler installed this program into your user profile under the scripts directory and that is not in your path so it just tells you hey you might want to add this thing to your path so that you can run the reassembler command on linux it does the same thing really on linux here i'm trying to install it see the same warning down there hey um in scripts were installed in home student local slash bin which is not in your path you might want to add this thing to your path now you could go and add those things to your operating system path so it can find the programs and run them that's one option but i think a better option is instead to use what we call python virtual environments python virtual environments are a little more complex but it's really a look inside the belly of the beast right this is if you're doing virtual environments this gives you the way to isolate all your applications things keep everything in nice clean containers and then run your applications really most of the programs just all the problems that we run into with other python installation techniques go away you don't have to worry about the linux operating system installing new libraries into the um installing updated libraries and it breaking your directories anymore none of that's gonna happen you don't have to worry about the case where you're running awesome ids program one and that requires some version 1.8 of some crypto library and then you've got this other forensics library and it requires version 1.9 of that same crypto library if you only have one python sys.path one place where it looks for all these folders you can only have one version of that library and so when one overwrites the other everything seems to break so virtual environments in python solve this now when i think of virtual environments when i think of something amazing like vmware or dockers and containers right where it's it's got all of this underlying technology that's really doing all kinds of complex things because i said the word virtual but python virtual environments are not that python virtual environments are super super simple there's there's no operating system technology there's no magic that's going on inside of them it's really just a it's just a directory and a copy of a file now when you create a virtual environment we'll talk about the way these work in just a second but when you create a virtual environment what you're typically going to do is you're going to use the command python minus m v and v e n v for virtual environment and then you give it the name of a directory and that directory is going to be established as a base of operations right it's going to go into that directory and it's going to put a copy of python in that directory it's going to put a copy of the libraries that you need inside that directory and it's going to put an activation script in that directory and when you activate the virtual environment what it does is it changes all of your operating system settings so that everything will run out of that base of operations out of that unique directory which has its own libraries its own copy of python and everything else so i can run this little activate script and when i run the activate script it reconfigures my operating system so that now i'm using this new environment so here you can see in the middle of the screen i run python or on a windows system i run pi minus m v e and v and i give it a path it creates that new v env directory and inside of it it puts this activate script and so i'll just run the activate script you can see it changes my prompt so that my prompt has this my new venv direct um prompt at the beginning and it's reconfigured my path so at this point if i then well run anything i'm going to be running it from the python that's in that directory on the linux it's the same thing but on linux instead of just having a script that we run like activate we have to use the source command and have the source command run the activate and what source tells it is don't open up a new window and run it in the script instead import the settings in that activate script into my current environment now really this virtual environment there's nothing special about it it's just a copy of the interpreter and it's got a copy of the site packages the the things that are unique to python are also put into that folder so when you do this python minus mvnv it just creates a copy of the folders it creates a copy of python and then it puts a couple of scripts in this bin or if you're on a windows in a scripts directory and then gives you that activate command that lets you well tell the operating system to use all that stuff but it's really just a directory and that's it so you can see here in this the black box at the top here in my powershell if i ask powershell hey when i type python what program does it run in order to do that i'm using a powershell applet called get command which looks at the python command and then well gives me some information about it and then i'm asking for its dot source so tell me where the python command finds its executable this is the equivalent of the which command on linux so this will tell me that i'm running python from sql and backslash program files python.exe but when i activate my virtual environment you can see that after i say hey now where is it running now it's running from sql and backslash users users document my new venv scripts python so really the activate script there is no virtual environment there's no um there's no vmware there's no dockers there's no containers it's just well it changed my operating system so that when i type python i run a different copy of python and that different copy of python will have different sets of libraries and directories that are around it so that it can have a completely unique installation with its with and i don't have to worry about conflicts i don't have to worry about the operating system updating it it's just going to work now the other thing this fixes is when i run those package installations and it tries to create an exe that's part of my path these virtual environments already add things to your operating system path so that scapy.exe that i had those warnings about that says hey this isn't in your path now it's in the path so scapy.exe will be found and i'll be able to execute it i find this to be a very common frustration for people who are brand new to python or not experience what is they they downloaded this awesome package off of the app off the internet like scapy and then it says on the instructions on the website now type scapy and you'll get the scapy prompt and when they do it's not there right i type scapy the website says typescapey and it's not doing anything well it's because it couldn't add scapy to your path and virtual environments will fix this okay so here's the rules here's the takeaways always use a virtual environment anytime you're going to be creating an app or installing an app with python it'll just create a new unique directory that'll have its own python interpreter its own set of libraries and it'll keep everything contained in that nice little application you don't have to worry about operating system conflicts conflicts with other applications it'll just keep your environment nice and clean so always create a virtual environment for each app once you activate the environment then install the applications using pip don't download them with setup or anything else just use pip to install them and always use the dash m pip command instead of using the pip command use python minus m pip because this makes sure that it finds the pip that's associated with your python installation and not well a pip pip command that's associated with some other installation this is important never use sudo to install any python applications and i'll show you why this is but sudo is a program that lets you run things as the root user on your operating system and usually on linux systems when i want to install an application i have to do sudo apt install because well you have to be you have to be root or an administrator to install applications on most applications but this is not we do not want to do this in python in python sudo will usually result in some unexpected results and i'll i'll show you what i mean by that in just a minute last if you're on a windows system use pi.exe as your launcher instead of python and pi.exe will find which python interpreters you're supposed to be using and it'll solve many of the problems that you would typically have on a windows system by using the python command let's just talk about a few other odds and ends and then then you will know what you'll be ready to launch your own python applications and set off on your own python adventures a few other odds and ends the operating system is going to update its own packages but if you're using these few simple steps of like virtual environments and using pip you're not going to have to worry about the operating system breaking your tools anymore you're not going to have to worry about incompatible versions but this sudo thing is kind of is kind of weird let's talk about that so what sudo does is it lets you run a command as the root user so here i am inside of my virtual environment reassembler you'll notice that the prompt is changed telling me that i'm inside a reassembler if i say which python am i using linux says you're running the python that is inside of my virtual environment named reassembler so i'm running this python here if i say which pip am i using it tells me you're using the pip that's inside of your virtual environment notice both of these are in a directory called python envs reassembler which is where i created this virtual environment so which says you're running the python in your virtual environment but as soon as i say sudo which python well now it's no longer using the python that's in my virtual environment it's now back to using the operating system's default python so if i'm in my virtual environment and i say sudo in sudo pip install this program i don't install it in my virtual environment instead i install it in the operating systems environment and then i try to run the application and it doesn't work okay because this is actually a security feature and this is something you might want to think about is why did sudo do this right what sudo does is it has a fixed set of directories or a fixed set of places that it'll search for programs and it doesn't look for things outside of those programs by default and this is actually a security feature right um it would be an interesting attack if um i could set things in my personal path that um like i don't know an administrative tool right i in the the path in my in my environment for my login i set it up so that if you run some common administrative tool instead of running the administrative tool you run some malicious program and then an administrator does a sudo to run that program sudo is trying to protect them from that so it goes back to a fixed set of directories that it's going to launch so sudo which python is going to put you in the wrong python environment see sudo do not do is what this title this slide is right we're not going to use sudo because it's not usually going to result in us putting things where we don't want them so let's go ahead and try and put these things into practice here i create a brand new virtual environment called my new env i activate my virtual environment and then i pip install this amazing offensive utility or suite of utilities called impact and it goes out and it downloads all of those and it installs um pip in or installs uh impact it into my virtual environment exactly the way i've done it it's gonna have it in a separate library all things are good right but then when i try and run some of the programs in there like the ntlm relay which um this command will actually do an smb relay attack if you want some information about that you could google smb relay attacks you'll find some interesting articles out there but when i try to run the program it's it gives me this crash condition and if i look at the bottom down here i can see permission denied well this utility itself requires that i run it as an admin it requires that you be root it requires that you use sudo to run that program well now i'm in in a bit of a situation right because i have to use sudo to run that program but when i use sudo it exits out of my virtual environment so how do i do this well there is an option to sudo that i can use so when i type which python you can see i'm in my virtual environment if i say sudo which python i'm not in my environment but when i run sudo if i add this argument sudo dash s path equals path which python well now it's using the python that's inside of my virtual environment so new rule i said don't ever use sudo in your virtual environments it's okay to use sudo if you use the dash s path equals path argument when you're setting up your virtual environments okay but otherwise you want to steer clear of using that sudo virtual environment here let me i'm looking in my slack channel i think i just heard a question see yes okay not a question all right so let's put this together now let's run our ntlm relay but this time i'm going to do sudo minus s path equals path and here you can see everything works it's running and everything is fine okay all right so python there's all kinds of python that we're going to use all over the place in information security whether you're in forensics whether in offense whether you're in defense whatever career you choose for yourself in information security you are definitely going to come across some python programs out there and understanding how to run those python programs is is a critical skill right you you've got to be able to use these python programs when they come in there and unfortunately just because of the way python has grown up it's just not as as straightforward as it should be now in recent years they've made some standards so that makes it so you can run python programs if you follow the rules that i talk here and run them consistently in many environments and avoid problems okay so with this i hope that you'll feel empowered to download install and begin building or begin running python programs but as you go into your career i think what you're going to find is there's a lot more about python to learn including how to develop python programs you know i i don't think for many organizations who are serious about information security it's no longer really an option when you have an attacker on your box or you've got some forensics artifact that you need to analyze it really is no longer an option for most organizations that are serious about security to wait until some vendor develops an application to suit your business needs right yeah okay i can wait till the next version of excel comes out that has some cool feature that's going to make my life easier but when it comes to things like i need to um a tool today that will find the attackers on my network or will either implicate or exonerate a person in a forensics investigation or you know what this vulnerability just came out yesterday and as an attacker as a penetration tester i need a tool that can exploit it today if you're going to wait around for somebody to write that tool it's going to be irrelevant by the time you get there so it's really no longer an option to wait for somebody else to write these tools having the ski the the skill set in-house of somebody that can develop these tools is critical to many organizations and it's not an easy skill to develop well it's it's not a hard skill to develop but i find that many people are afraid of learning to code there's there's some there's some mysticism to it that makes it difficult that people are afraid to take on this challenge but so let me just encourage you and say that if you are willing to take the time to be that person on the team that can not only develop the strong skills in being the best forensics person and the best incident response person but can also be the person that takes your skills and turns them into a tool that the other people on your team can use to automate their day and to be more efficient at what they're going to do you're going to find that there are no limits in your career moving forward so if you're interested when you're ready at the point where you're ready to start building your own applications come check out scc573 love to have you in the class and teach you python all right the old proverb give a man to fish uh give a man a fish and you teach you feed them for a day but you show them how to catch fish and you feed them for a lifetime okay all right phil that's all i got all right cool hey thank you very much mark we've got a couple of minutes and there are a few questions in here that i kind of pulled out um ben have asked specifically about when you are not using uh when you're when you're running these commands and not using sudo which which it i will admit it pains me to say it that way but i'm gonna i'm gonna follow your lead there um what about when you're running utility let's say promiscuous access to the network when you're doing capture is there something that handles that uh i'm sorry i asked the question one more time and we'll we'll no problems with your run yes you do come in yeah when you're running these commands with non-administrative privileges how's that okay what about when you need to access the network interface for capture or other other elevated uh requirements promiscuous mode or whatnot right so that's where that um s you do dash s option comes in where you can do s u dash s and then you can say path equals path if you pass that argument um to sudo then it will use your virtual environment and and and use that and then you can that that's where you can use it um is if you pass that additional argument that was that great question yeah i think so i think that answer
Original Description
The information security community has developed a wealth of amazingly useful and free tools written in Python. The ability to install and run these tools is an essential skill for everyone in this profession. However, most people are doing it wrong. In this talk, we will discuss how to properly manage your Python environment and applications.
SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center.
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from SANS Institute · SANS Institute · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
SANS FOR610: Reverse Engineering Malware: Malware Analysis Tools & Techniques
SANS Institute
SANS Institute Cybersecurity Training Customer Stories
SANS Institute
SANS Institute UK Cyber Academy
SANS Institute
SANS Institute UK Cyber Academy
SANS Institute
CISSP® Prep Exam, MGT414, by SANS Institute
SANS Institute
SANS Institute's Rob Lee Discusses The OPM.GOV Hack on CNN
SANS Institute
Information Security Training from SANS Institute - Student Testimonials
SANS Institute
SANS NetWars
SANS Institute
SANS DFIR NetWars
SANS Institute
Hack The Drone - SANS Cyber Academy UK
SANS Institute
SANS VetSuccess Immersion Academy
SANS Institute
SANS Cybersecurity Training, Certifications & Placement for Veterans
SANS Institute
The 2015 SANS Holiday Hack Challenge
SANS Institute
SANS VetSuccess Academy: Hands-on Skills
SANS Institute
SANS VetSuccess Academy Overview
SANS Institute
SANS ICS Security Summit & Training 2017
SANS Institute
Exploring the Unknown Industrial Control System Threat Landscape – SANS ICS Security Summit 2017
SANS Institute
WannaCry recap, patches, and analysis
SANS Institute
If We’re Doing So Well at Cyber Security, Why Are We Still Doing So Poorly?
SANS Institute
Graduation Day - SANS HM Gov Cyber Retraining Academy
SANS Institute
Incentivizing ICS Security: The Case for Cyber Insurance – SANS ICS Security Summit 2017
SANS Institute
SANS Data Breach Summit & Training 2017
SANS Institute
SANS Secure DevOps Summit & Training 2017
SANS Institute
How Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017
SANS Institute
SANS Webcast – Continuous Opportunity: DevOps & Security
SANS Institute
SANS Cybersecurity Programs for the Department of Defense
SANS Institute
SANS Pen Test HackFest Summit & Training 2017
SANS Institute
SANS SIEM & Tactical Analytics Summit & Training
SANS Institute
If We’re Doing So Well, Why Are We Still Doing So Poorly? – SANS ICS Security Summit 2017
SANS Institute
SANS Institute
SANS Institute
ICS515: ICS Active Defense and Incident Response
SANS Institute
SANS Institute
SANS Institute
Introducing the NEW SANS Pen Test Poster
SANS Institute
SANS Institute - An Inside Look at the Newly Updated ICS515 Course
SANS Institute
SANS ICS Security Training, Munich, Germany
SANS Institute
SANS Automotive Summit Webcast
SANS Institute
Privesc Playground - SANS Pen Test HackFest Summit 2017
SANS Institute
Introduction to Reverse Engineering for Penetration Testers – SANS Pen Test HackFest Summit 2017
SANS Institute
Honey, Please Don’t Burn Down Your Office: Fun with Smart Home Automation
SANS Institute
SANS Security Operations Summit & Training 2018
SANS Institute
Sh*t Happens! (But You Still Need to Drink the Water) – SANS ICS Summit 2018
SANS Institute
ICS Threat Intelligence: Moving from the Unknowns to a Defended Landscape – SANS ICS Summit 2018
SANS Institute
You’re Probably Not Red Teaming (And Usually I’m Not, Either) – SANS ICS Summit 2018
SANS Institute
A Sneak Peak at the New ICS410
SANS Institute
Jumping Air Gaps – SANS ICS Summit 2018
SANS Institute
Introduction to Linux
SANS Institute
Introduction to Malware Analysis
SANS Institute
You’re Probably Not Red Teaming (And Usually I’m Not, Either) Webcast by Deviant Ollam
SANS Institute
Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018
SANS Institute
Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
SANS Institute
Apples and Oranges?: A CompariSIEM – SANS Security Operations Summit 2018
SANS Institute
SANS Webcast - Perimeter Security and Why it is Obsolete
SANS Institute
SANS Webcast - Trust No One: Introducing SEC530: Defensible Security Architecture
SANS Institute
The Science of Security: The Psychological Impacts of Security Awareness Programs
SANS Institute
How I Pulled Off an Edgy Security Campaign – SANS Security Awareness Summit 2018
SANS Institute
Practical Advice for Submitting to Speak at a Cybersecurity Conference
SANS Institute
SANS Webcast - Consuming OSINT: Watching You Eat, Drink, and Sleep
SANS Institute
SANS Webcast - Zero Trust Architecture
SANS Institute
SANS STX Cyber Range
SANS Institute
Part 1 – SANS Institute and Tenable talk about cloud security
SANS Institute
More on: Python for Data
View skill →Related Reads
📰
📰
📰
📰
Why CitedEvidence Believes Great Researchers Read Less Than You Think
Medium · AI
How to Write a Literature Review That Actually Argues Something
Medium · Machine Learning
I Built a Personal Paper Engine to Stop Losing Research Papers
Dev.to · Ethan
First time ARR users - some questions [D]
Reddit r/MachineLearning
🎓
Tutor Explanation
DeepCamp AI