Episode 114: Getting Started in Python Cybersecurity and Forensics
The Real Python Podcast
Jun 17, 2022 1h 1m
Are you interested in a career in security using Python? Would you like to stay ahead of potential vulnerabilities in your Python applications? This week on the show, James Pleger talks about Python information security, incident response, and forensics.
James has been doing information security for over fifteen years, working at some of the biggest companies, government agencies, and startups. He shares numerous Python resources to dive into detecting threats and improving your projects.
We discuss how to learn about security topics and get involved in the community. Make sure you check out the massive collection of links in the show notes this week.
Course Spotlight: Exploring HTTPS and Cryptography in Python
In this course, you’ll gain a working knowledge of the various factors that combine to keep communications over the Internet safe. You’ll see concrete examples of how to keep information secure and use cryptography to build your own Python HTTPS application.
Topics:
- 00:00:00 – Introduction
- 00:01:28 – How did you find the show?
- 00:02:00 – Evolution of roles in security
- 00:04:09 – Why is Python leveraged in security?
- 00:07:51 – Red team vs blue team
- 00:10:16 – Application security and bug bounties
- 00:13:31 – What’s your background?
- 00:14:07 – Company focus between regulations vs engineering
- 00:18:09 – Ways to get involved and keep learning
- 00:21:56 – Different perspective from computer science
- 00:23:35 – Red vs blue reprise
- 00:25:07 – Shifting landscape of vulnerabilities
- 00:30:06 – How do you approach tests?
- 00:32:30 – Incident response
- 00:35:54 – Video Course Spotlight
- 00:37:19 – Where does Python come in during an incident?
- 00:43:08 – Crossing into forensic research
- 00:48:43 – Where to practice security research and learn more?
- 00:51:41 – What’s the security community like?
- 00:56:05 – What are you excited about in the world of Python?
- 00:57:53 – What do you want to learn next?
- 01:00:17 – Where can people learn more about what you do?
- 01:00:39 – Thanks and goodbye
Security Specific Tools Written in Python:
- binwalk: Firmware Analysis Tool | ReFirmLabs
- binaryalert: BinaryAlert: Serverless, Real-time & Retroactive Malware Detection | airbnb
- Cuckoo Sandbox - Automated Malware Analysis
- YARA - The pattern matching Swiss knife for malware researchers
- Scapy: Python-based interactive packet manipulation program & library
- radare2-bindings: Bindings of the r2 api for Valabind and friends
- python-iocextract: Defanged Indicator of Compromise (IOC) Extractor | InQuest
- yeti: Your Everyday Threat Intelligence
- capa: The FLARE team’s open-source tool to identify capabilities in executable files
- PDF Tools | Didier Stevens
Incident Response and Memory Forensics:
- volatility: An advanced memory forensics framework | Volatility Foundation
- FIR: Fast Incident Response | CERT Societe Generale (Computer Emergency Response Team)
- GRR Rapid Response: Remote live forensics for incident response | Google
Honeypot Resources:
- What is a Honeypot? How It Can Trap Cyberattackers | CrowdStrike
- awesome-honeypots: An awesome list of honeypot resources
Bug Bounty Programs:
- Bug Bounty Program List - All Active Programs in 2022 | Bugcrowd
- Bug Bounty Program - Complete List | HackerOne
- TOP Bug Bounty Programs & Websites (Jun 2022 Updated List)
Security and Hacking Conferences:
- Black Hat USA 2022
- DEF CON® Hacking Conference Home
- Chaos Communication Congress - Wikipedia
- CactusCon
Additional Links:
- Blue team (computer security) - Wikipedia
- Open Source Projects for Software Security | OWASP Foundation
- HackerOne | #1 Trusted Security Platform and Hacker Program
- Bugcrowd | Platform Overview
- pyinstaller · PyPI
- Wireshark · Go Deep.
- Python security best practices cheat sheet | Snyk
- PyCharm Python Security Scanner · Actions · GitHub Marketplace
- Security scanners for Python and Docker: from code to dependencies
- Bandit — Designed to find common security issues in Python code
- black · PyPI
- Build a Site Connectivity Checker in Python – Real Python
- Kali Linux | Penetration Testing and Ethical Hacking Linux Distribution