Help Irongeek.com pay for bandwidth and research equipment:
Offensive Python for Pentesters - Joff Thyer and Michael Felch (BSides Tampa 2020) (Hacking Illustrated Series InfoSec Tutorial Videos)
Offensive Python for Pentesters
Joff Thyer and Michael Felch
BSides Tampa 2020
Abstract: This talk will focus on the many different ways that a penetration tester, or Red Teamer can leverage the Python programming language during offensive operations. Python is a rich and powerful programming language which above all else allows a competent developer to very quickly write new tools that might start as a Proof of Concept, but soon become an invaluable addition to the Red Teamer's tool-belt. Having the skills to both generate new tools, and modify existing tools on the fly is critically important to agility during testing engagement. Everything from utility processing of data, network protocol, API interaction, and exploit development can be rapidly developed due to the high functionality level and intuitive nature of Python.
Joff Thyer has been a penetration tester and security analyst with Black Hills Information
Security since 2013. Prior to joining the InfoSec world, he had a long career in the IT
industry as a systems administrator and an enterprise network architect. He has an
Associate?s in Computer Science, a B.S. in Mathematics, and an M.S. in Computer Science, as
well as several certifications (listed below). The best part of a penetration test for Joff is
developing sophisticated malware that tackles defensive solutions, ultimately delivering
exciting wins for company engagements. He has extensive experience covering intrusion
prevention/detection systems, infrastructure defense, vulnerability analysis, defense
bypass, source code analysis, and exploit research. When Joff isn?t working or co-hosting the
Security Weekly podcast, he enjoys making music and woodworking.
Michael Felch joined Black Hills Information Security in 2017 and is a Senior Penetration Tester and Red Team Leader. Since beginning his career in IT as a Linux Administrator he has evolved along with the technology to hold offensive security, software development, and hardware/software security research roles.