The Benefits of Python & Open Source · 2021. 3. 9. · How Python Can Help Time is your enemy when...
Transcript of The Benefits of Python & Open Source · 2021. 3. 9. · How Python Can Help Time is your enemy when...
![Page 1: The Benefits of Python & Open Source · 2021. 3. 9. · How Python Can Help Time is your enemy when handling an incident We need to eradicate the problem quickly Python can be leveraged](https://reader035.fdocuments.in/reader035/viewer/2022071509/612d18971ecc51586941f9ea/html5/thumbnails/1.jpg)
The Benefits of Python & Open Source
Simplifying the Life of an Incident Responder
![Page 2: The Benefits of Python & Open Source · 2021. 3. 9. · How Python Can Help Time is your enemy when handling an incident We need to eradicate the problem quickly Python can be leveraged](https://reader035.fdocuments.in/reader035/viewer/2022071509/612d18971ecc51586941f9ea/html5/thumbnails/2.jpg)
Introduction
• Why Python?
– How can it assist with IR and Forensics?
• A Practical Example
• Live Demo
![Page 4: The Benefits of Python & Open Source · 2021. 3. 9. · How Python Can Help Time is your enemy when handling an incident We need to eradicate the problem quickly Python can be leveraged](https://reader035.fdocuments.in/reader035/viewer/2022071509/612d18971ecc51586941f9ea/html5/thumbnails/4.jpg)
Why Python?
• Beautiful syntax
• Easy to learn and teach
• And:
Python + Incident Response + Open Source == A Good Time
Volatility – Open Source Memory Forensics
Example
![Page 5: The Benefits of Python & Open Source · 2021. 3. 9. · How Python Can Help Time is your enemy when handling an incident We need to eradicate the problem quickly Python can be leveraged](https://reader035.fdocuments.in/reader035/viewer/2022071509/612d18971ecc51586941f9ea/html5/thumbnails/5.jpg)
Let’s Si plif I ide t Respo se
• A reactive security measure through which
most proactive security measures are built
• Key Step: Lessons Learned
![Page 6: The Benefits of Python & Open Source · 2021. 3. 9. · How Python Can Help Time is your enemy when handling an incident We need to eradicate the problem quickly Python can be leveraged](https://reader035.fdocuments.in/reader035/viewer/2022071509/612d18971ecc51586941f9ea/html5/thumbnails/6.jpg)
How Python Can Help
• Time is your enemy when handling an incident
• We need to eradicate the problem quickly
• Python can be leveraged for automation
• Many security tools are written in Python
– Cuckoo Sandbox [Malware Analysis]
– GRR Rapid Response [IR Framework]
– Volatility [Memory Forensics Framework]
![Page 7: The Benefits of Python & Open Source · 2021. 3. 9. · How Python Can Help Time is your enemy when handling an incident We need to eradicate the problem quickly Python can be leveraged](https://reader035.fdocuments.in/reader035/viewer/2022071509/612d18971ecc51586941f9ea/html5/thumbnails/7.jpg)
A Practical Example
• Assumptions:
– You’re ei g targeted a group that uses PlugX
• APT! The ’re pro a l ased out of CN… just sa i g.
– You need to identify the extent of the compromise
– You need details now!
• TTPs, IOCs, <insert buzzword>, etc.
![Page 8: The Benefits of Python & Open Source · 2021. 3. 9. · How Python Can Help Time is your enemy when handling an incident We need to eradicate the problem quickly Python can be leveraged](https://reader035.fdocuments.in/reader035/viewer/2022071509/612d18971ecc51586941f9ea/html5/thumbnails/8.jpg)
A Practical Example
• What do we do?
– We first turn to OSINT
• Gather a list of Indicators to search for on our network
• What do we find?
– A fantastic article published here
– It has a lot of good information about PlugX
![Page 9: The Benefits of Python & Open Source · 2021. 3. 9. · How Python Can Help Time is your enemy when handling an incident We need to eradicate the problem quickly Python can be leveraged](https://reader035.fdocuments.in/reader035/viewer/2022071509/612d18971ecc51586941f9ea/html5/thumbnails/9.jpg)
Read the article and copy/paste the IOCs!
![Page 10: The Benefits of Python & Open Source · 2021. 3. 9. · How Python Can Help Time is your enemy when handling an incident We need to eradicate the problem quickly Python can be leveraged](https://reader035.fdocuments.in/reader035/viewer/2022071509/612d18971ecc51586941f9ea/html5/thumbnails/10.jpg)
A Practical Example
• A Decent Solution:
– Use Python to automate the gathering of IOCs
![Page 11: The Benefits of Python & Open Source · 2021. 3. 9. · How Python Can Help Time is your enemy when handling an incident We need to eradicate the problem quickly Python can be leveraged](https://reader035.fdocuments.in/reader035/viewer/2022071509/612d18971ecc51586941f9ea/html5/thumbnails/11.jpg)
A Practical Example
Output:
Re o e a fe thi gs…
![Page 12: The Benefits of Python & Open Source · 2021. 3. 9. · How Python Can Help Time is your enemy when handling an incident We need to eradicate the problem quickly Python can be leveraged](https://reader035.fdocuments.in/reader035/viewer/2022071509/612d18971ecc51586941f9ea/html5/thumbnails/12.jpg)
A Practical Example
• A Decent Solution:
– Use Python to automate the creation of IOCs
![Page 13: The Benefits of Python & Open Source · 2021. 3. 9. · How Python Can Help Time is your enemy when handling an incident We need to eradicate the problem quickly Python can be leveraged](https://reader035.fdocuments.in/reader035/viewer/2022071509/612d18971ecc51586941f9ea/html5/thumbnails/13.jpg)
A Practical Example
OpenIOC File
![Page 14: The Benefits of Python & Open Source · 2021. 3. 9. · How Python Can Help Time is your enemy when handling an incident We need to eradicate the problem quickly Python can be leveraged](https://reader035.fdocuments.in/reader035/viewer/2022071509/612d18971ecc51586941f9ea/html5/thumbnails/14.jpg)