Red Team Village - Y'all Tryna Bypass Python 3.8 Audit Hooks or Nah? - TIB AV-Portal

Red Team Village - Y'all Tryna Bypass Python 3.8 Audit Hooks or Nah?

37

Formal Metadata

Title

Red Team Village - Y'all Tryna Bypass Python 3.8 Audit Hooks or Nah?

Title of Series

DEF CON Safe Mode

Number of Parts

374

Author

License

CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/49162 (DOI)

Publisher

Release Date

Language

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

Python 3.8, released October 2019, boasts a new security feature called “audit hooks”. According to PEP 578 and PEP 551, the purpose of audit hooking is to allow transparency into Python’s runtime so that events can be monitored and logged just like any other process. While additional insight is great for defenders, it's likely to become another hurdle for attackers to overcome in the same vein as PowerShell. Y'all tryna bypass these audit hooks or nah? Come through.