Episode 114: Getting Started in Python Cybersecurity and Forensics

The Real Python Podcast

Jun 17, 2022 1h 1m

Are you interested in a career in security using Python? Would you like to stay ahead of potential vulnerabilities in your Python applications? This week on the show, James Pleger talks about Python information security, incident response, and forensics.

James has been doing information security for over fifteen years, working at some of the biggest companies, government agencies, and startups. He shares numerous Python resources to dive into detecting threats and improving your projects.

We discuss how to learn about security topics and get involved in the community. Make sure you check out the massive collection of links in the show notes this week.

Topics:

• 00:00:00 – Introduction
• 00:01:28 – How did you find the show?
• 00:02:00 – Evolution of roles in security
• 00:04:09 – Why is Python leveraged in security?
• 00:07:51 – Red team vs blue team
• 00:10:16 – Application security and bug bounties
• 00:13:31 – What’s your background?
• 00:14:07 – Company focus between regulations vs engineering
• 00:18:09 – Ways to get involved and keep learning
• 00:21:56 – Different perspective from computer science
• 00:23:35 – Red vs blue reprise
• 00:25:07 – Shifting landscape of vulnerabilities
• 00:30:06 – How do you approach tests?
• 00:32:30 – Incident response
• 00:35:54 – Video Course Spotlight
• 00:37:19 – Where does Python come in during an incident?
• 00:43:08 – Crossing into forensic research
• 00:48:43 – Where to practice security research and learn more?
• 00:51:41 – What’s the security community like?
• 00:56:05 – What are you excited about in the world of Python?
• 00:57:53 – What do you want to learn next?
• 01:00:17 – Where can people learn more about what you do?
• 01:00:39 – Thanks and goodbye

Security Specific Tools Written in Python:

• binwalk: Firmware Analysis Tool | ReFirmLabs
• binaryalert: BinaryAlert: Serverless, Real-time & Retroactive Malware Detection | airbnb
• Cuckoo Sandbox - Automated Malware Analysis
• YARA - The pattern matching Swiss knife for malware researchers
• Scapy: Python-based interactive packet manipulation program & library
• radare2-bindings: Bindings of the r2 api for Valabind and friends
• python-iocextract: Defanged Indicator of Compromise (IOC) Extractor | InQuest
• yeti: Your Everyday Threat Intelligence
• capa: The FLARE team’s open-source tool to identify capabilities in executable files
• PDF Tools | Didier Stevens

Incident Response and Memory Forensics:

• volatility: An advanced memory forensics framework | Volatility Foundation
• FIR: Fast Incident Response | CERT Societe Generale (Computer Emergency Response Team)
• GRR Rapid Response: Remote live forensics for incident response | Google

Honeypot Resources:

• What is a Honeypot? How It Can Trap Cyberattackers | CrowdStrike
• awesome-honeypots: An awesome list of honeypot resources

Bug Bounty Programs:

• Bug Bounty Program List - All Active Programs in 2022 | Bugcrowd
• Bug Bounty Program - Complete List | HackerOne
• TOP Bug Bounty Programs & Websites (Jun 2022 Updated List)

Security and Hacking Conferences:

• Black Hat USA 2022
• DEF CON® Hacking Conference Home
• Chaos Communication Congress - Wikipedia
• CactusCon

Additional Links:

• Blue team (computer security) - Wikipedia
• Open Source Projects for Software Security | OWASP Foundation
• HackerOne | #1 Trusted Security Platform and Hacker Program
• Bugcrowd | Platform Overview
• pyinstaller · PyPI
• Wireshark · Go Deep.
• Python security best practices cheat sheet | Snyk
• PyCharm Python Security Scanner · Actions · GitHub Marketplace
• Security scanners for Python and Docker: from code to dependencies
• Bandit — Designed to find common security issues in Python code
• black · PyPI
• Build a Site Connectivity Checker in Python – Real Python
• Kali Linux | Penetration Testing and Ethical Hacking Linux Distribution