Description
The days of "software vulnerability" being a synonym for "buffer overflow" are over. Modern vulnerabilities are those that enable attackers to get into your network and stay in your network. Beyond simple bugs, any tool that can execute arbitrary code becomes a vulnerability - _especially_ if you don't know when it is doing that.
Python is a popular tool with attackers, in large part because it can download encrypted code, decrypt and execute it with a single line of code. And once that entire payload is running, nobody knows exactly what it is doing.
PEP 551 adds a range of auditing hooks to the Python runtime, enabling system administrators to see into how it is being used. You can inspect every piece of code that is compiled and executed, intercept calls that modify trace, and collect information on code that uses native through ctypes.
This session will look at why we need security transparency in Python. We will look at actual examples of malware written in Python, and see how the hooks provided by PEP 551 enable administrators to detect and prevent attacks on their systems.