I'm In Your $PYTHONPATH, Backdooring Your Python Programs

THOTCON 0x8

Presented by: Itzik Kotler
Date: Friday May 05, 2017
Time: 12:00 - 12:50
Location: Track 1
Track: Talk

Does the flap of a butterfly's wings in Brazil set off a tornado in Texas? I don't know, but a change of a shell variable can lead to a malicious Python code injected into any Python program running afterwards. In this talk, I'll release pyekaboo and demo how it can be used to hijack Python module(s) and then steal passwords/sensitive data, tamper with security tools, and turn any Python program that uses sockets into an interactive backdoor. In other words, a rootkit for Python. Last but not least, I'll discuss how to detect and mitigation this attack. Come, it will be fun!

Itzik Kotler

I'm a father, husband, hacker, and the Co-Founder & CTO of SafeBreach. What more can I say? `perl -e 'print q|A| x 1024'`


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats