The Python Security Pickle
13In this presentation, Mark Baggett dives into the world of Python and its tool called pickle, which helps save and load data easily. First, he explores how pickle makes it simple to store information and share it between different parts of a program. But here's the exciting (and a bit scary) part: pickle has a big security flaw because it can run any code when loading data, which can be dangerous. He shows some eye-opening examples of how hackers can use this flaw to run harmful code on your computer. By seeing these real-life demos, you'll understand the risks and tricks hackers use. At the end, he shares some cool tips and tricks to keep your programs safe, making sure you use the best tools and practices to avoid these sneaky threats. Get ready for a thrilling journey into the world of Python security!
Learn more about SEC673 Advanced Information Security Automation with Python: https://www.sans.org/u/1vuR
About the Speaker
Mark Baggett’s first foray into information security was on the receiving end of hacking, and he was amazed by the experience. “The hackers made my computer do stuff that I didn't think was possible,” he says. “It was like magic and I had to know how the trick was done.” He immediately became obsessed with understanding all the tricks, how they worked, and how to prevent them from happening again.
Fast forward to today and Mark’s infosec career spans nearly 30 years with 15 of those years spent teaching for SANS. Mark is currently a senior instructor for SANS and an independent consultant through his company Indepth Defense providing forensics, incident response, and penetration testing services. Mark has also served as the technical advisor to the DoD for SANS since 2011, where he assists various government organizations in the development of information security capabilities.