S3SS10N Wednesday – Python Implants

Join Cybrary

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here
< Back to S3SS10NS

S3SS10N Wednesday – Python Implants

Published: February 8, 2017 | By: John Foster | Views: 11184
save
This post has been saved to your profile

This Weeks S3SS10N Wednesday


This lesson teaches participants how to create a simple Python implant. An implant is a program on a computer which connects back to a command or control. There are many types of implants and numbers of methods to writing them. Knowledge of implants is crucial as hackers often utilize them to invade and cause damage on a system. Implants can do different things but tend to use some variety of remote code execution. Given step by step instructions, participants learn how to write a simple Python implant which connects to a remote server, pulls down a payload and executes it. The payload will be executed out of memory; which is done via a data serialization method called Pickle. This method minimizes the on-disk footprint of the implant since a small amount of code is involved, so the implant does not take up much space. The payload also never touches the disk, which means it is infinitely more difficult for the implant to be discovered. Since it does not contain the payload, it makes it hard for responders to determine what happened. At the conclusion of this lesson, participants will have learned how to create three simple Python scripts:

  • Payload generator
  • Web server
  • Implant

The SME also talks about a variety of Python libraries and white papers participants can utilize to discover additional information about creating Python implants.

Whiteboard Notes

Click Image to View a Larger Version
< Back to S3SS10NS

About This S3SS10N Wednesday's Contributor

John Foster
John Foster is a security researcher and do-er of things for Point3 Security. . He has a degree in Information Systems from Shippensburg University and an MBA from Texas A&M - Commerce. He worked previously at the United States Navy and the Pentagon, doing cyber-y things. He currently teaches cyber operations and reverse engineering for the DoD.
Enjoy this S3SS10N Wednesday? Want more Cybytes?
Invite a Friend
and share now
Facebook Twitter LinkedIn Email
Join Cybrary
16 Comments
  1. Where and how to download python for beginners

  2. Too Fast to understand

  3. Can you provide a copy of .py files

Page 3 of 3«123
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel