SlideShare a Scribd company logo

Py jail talk

UTD Computer Security Group
UTD Computer Security Group

The document discusses Python jails (PyJails), which are CTF problems that provide a limited Python interpreter. The goal is typically to call restricted functions like os.system() or open() to access files. Common solutions leverage attributes of Python objects like __class__, __globals__, and __builtins__ to access the open() function despite restrictions. The document then provides an in-depth explanation of these Python object attributes and how they allow constructing a solution to bypass the restrictions in a PyJail.

Engineering
1 of 45
Download to read offline
Prison Snake A broad dive into the object structure of Python and the functionality behind PyJail solutions Charles Averill Computer Security Group The University of Texas at Dallas February 2022 Charles Averill (UTD) Prison Snake February 2022
What is a PyJail? A common CTF problem in which a Python interpreter with limited functionality is provided to the user Charles Averill (UTD) Prison Snake February 2022
What is a PyJail? A common CTF problem in which a Python interpreter with limited functionality is provided to the user Goal is typically to call os.system(), open(), or another similar function that provides access to file-reading abilities Charles Averill (UTD) Prison Snake February 2022
What is a PyJail? A common CTF problem in which a Python interpreter with limited functionality is provided to the user Goal is typically to call os.system(), open(), or another similar function that provides access to file-reading abilities Common restrictions involve removing keywords such as import, blocking any input containing the text open, preventing any function calls outside of print, etc. Charles Averill (UTD) Prison Snake February 2022
What is a PyJail? A common CTF problem in which a Python interpreter with limited functionality is provided to the user Goal is typically to call os.system(), open(), or another similar function that provides access to file-reading abilities Common restrictions involve removing keywords such as import, blocking any input containing the text open, preventing any function calls outside of print, etc. As a result of these limitations, solutions usually look something like ().__class__.__base__.__subclasses__()[134].__init__.__globals__[”__builtins__”][”open”](”./key”, ”r”).read() Charles Averill (UTD) Prison Snake February 2022
What is a PyJail? A common CTF problem in which a Python interpreter with limited functionality is provided to the user Goal is typically to call os.system(), open(), or another similar function that provides access to file-reading abilities Common restrictions involve removing keywords such as import, blocking any input containing the text open, preventing any function calls outside of print, etc. As a result of these limitations, solutions usually look something like ().__class__.__base__.__subclasses__()[134].__init__.__globals__[”__builtins__”][”open”](”./key”, ”r”).read() This is crazy! The solution seems arbitrary but there is logic behind each attribute chosen in this solution. We will discover why solutions like this work, and why this functionality exists. Charles Averill (UTD) Prison Snake February 2022
What is CPython? The official reference implementation of the Python programming language Charles Averill (UTD) Prison Snake February 2022
What is CPython? The official reference implementation of the Python programming language Written in a combo of C and Python Charles Averill (UTD) Prison Snake February 2022
What is CPython? The official reference implementation of the Python programming language Written in a combo of C and Python Compiles Python to bytecode (.pyc files) to be interpreted later, so technically a compiler and interpreter Charles Averill (UTD) Prison Snake February 2022
What is CPython? The official reference implementation of the Python programming language Written in a combo of C and Python Compiles Python to bytecode (.pyc files) to be interpreted later, so technically a compiler and interpreter .pyc files are (mostly) CPython-specific. Other Python compilers generate other formats (Jython generates .class files, Cython generates C files that are compiled to binaries, etc) Charles Averill (UTD) Prison Snake February 2022
What is CPython? The official reference implementation of the Python programming language Written in a combo of C and Python Compiles Python to bytecode (.pyc files) to be interpreted later, so technically a compiler and interpreter .pyc files are (mostly) CPython-specific. Other Python compilers generate other formats (Jython generates .class files, Cython generates C files that are compiled to binaries, etc) Defines lots of hooks and handles available from the Python interpreter to access CPython types and structs and such Charles Averill (UTD) Prison Snake February 2022
What is CPython? The official reference implementation of the Python programming language Written in a combo of C and Python Compiles Python to bytecode (.pyc files) to be interpreted later, so technically a compiler and interpreter .pyc files are (mostly) CPython-specific. Other Python compilers generate other formats (Jython generates .class files, Cython generates C files that are compiled to binaries, etc) Defines lots of hooks and handles available from the Python interpreter to access CPython types and structs and such Contains implementations of builtin functions, mostly written in C for speed Charles Averill (UTD) Prison Snake February 2022
Python Object Characteristics Files : Linux :: Objects : Python (Everything in Python is an Object) Charles Averill (UTD) Prison Snake February 2022
Python Object Characteristics Files : Linux :: Objects : Python (Everything in Python is an Object) Objects, Instances, and Classes have the following attributes: Charles Averill (UTD) Prison Snake February 2022
Python Object Characteristics Files : Linux :: Objects : Python (Everything in Python is an Object) Objects, Instances, and Classes have the following attributes: object.__dict__: Dictionary containing writable attributes of an Object definition Charles Averill (UTD) Prison Snake February 2022
Python Object Characteristics Files : Linux :: Objects : Python (Everything in Python is an Object) Objects, Instances, and Classes have the following attributes: object.__dict__: Dictionary containing writable attributes of an Object definition instance.__class__: The Class an instance belongs to Charles Averill (UTD) Prison Snake February 2022
Python Object Characteristics Files : Linux :: Objects : Python (Everything in Python is an Object) Objects, Instances, and Classes have the following attributes: object.__dict__: Dictionary containing writable attributes of an Object definition instance.__class__: The Class an instance belongs to class.__bases__: Tuple containing base classes of an object Charles Averill (UTD) Prison Snake February 2022
Python Object Characteristics Files : Linux :: Objects : Python (Everything in Python is an Object) Objects, Instances, and Classes have the following attributes: object.__dict__: Dictionary containing writable attributes of an Object definition instance.__class__: The Class an instance belongs to class.__bases__: Tuple containing base classes of an object class.__mro__: Tuple containing possible base Classes (usually contains base Classes and the Class itself) Charles Averill (UTD) Prison Snake February 2022
Python Object Characteristics Files : Linux :: Objects : Python (Everything in Python is an Object) Objects, Instances, and Classes have the following attributes: object.__dict__: Dictionary containing writable attributes of an Object definition instance.__class__: The Class an instance belongs to class.__bases__: Tuple containing base classes of an object class.__mro__: Tuple containing possible base Classes (usually contains base Classes and the Class itself) class.__subclasses__(): List containing any subclasses derived from the Class Charles Averill (UTD) Prison Snake February 2022
Python Object Characteristics Files : Linux :: Objects : Python (Everything in Python is an Object) Objects, Instances, and Classes have the following attributes: object.__dict__: Dictionary containing writable attributes of an Object definition instance.__class__: The Class an instance belongs to class.__bases__: Tuple containing base classes of an object class.__mro__: Tuple containing possible base Classes (usually contains base Classes and the Class itself) class.__subclasses__(): List containing any subclasses derived from the Class Why should anyone care? Charles Averill (UTD) Prison Snake February 2022
Python Object Characteristics Files : Linux :: Objects : Python (Everything in Python is an Object) Objects, Instances, and Classes have the following attributes: object.__dict__: Dictionary containing writable attributes of an Object definition instance.__class__: The Class an instance belongs to class.__bases__: Tuple containing base classes of an object class.__mro__: Tuple containing possible base Classes (usually contains base Classes and the Class itself) class.__subclasses__(): List containing any subclasses derived from the Class Why should anyone care? These are the building blocks of a PyJail solution, and the architecture of the language itself. Having a deep understanding of these attributes will always guide you to the solution. Charles Averill (UTD) Prison Snake February 2022
The Object Class, __globals__ The base Class of all Classes excluding itself (Object has no base Class) Charles Averill (UTD) Prison Snake February 2022
The Object Class, __globals__ The base Class of all Classes excluding itself (Object has no base Class) The Object class has a few defined functions, but they are special method-wrappers Charles Averill (UTD) Prison Snake February 2022
The Object Class, __globals__ The base Class of all Classes excluding itself (Object has no base Class) The Object class has a few defined functions, but they are special method-wrappers method-wrapper is a type used by CPython to denote a function that is compiled with C. This makes sense for a base component of Python such as Object. Charles Averill (UTD) Prison Snake February 2022
The Object Class, __globals__ The base Class of all Classes excluding itself (Object has no base Class) The Object class has a few defined functions, but they are special method-wrappers method-wrapper is a type used by CPython to denote a function that is compiled with C. This makes sense for a base component of Python such as Object. Conclusion? We can’t use Object on its own to help us call other functions Charles Averill (UTD) Prison Snake February 2022
The Object Class, __globals__ Recall that Classes can utilize __subclasses__() to get a list of Classes derived from them. Charles Averill (UTD) Prison Snake February 2022
The Object Class, __globals__ Recall that Classes can utilize __subclasses__() to get a list of Classes derived from them. Object class has all Classes as subclasses Charles Averill (UTD) Prison Snake February 2022
The Object Class, __globals__ Recall that Classes can utilize __subclasses__() to get a list of Classes derived from them. Object class has all Classes as subclasses (This terminology makes my head hurt) __globals__: Global attributes accessible within any valid Python scope (hint: methods of classes are valid Python scopes) Charles Averill (UTD) Prison Snake February 2022
The Object Class, __globals__ Recall that Classes can utilize __subclasses__() to get a list of Classes derived from them. Object class has all Classes as subclasses (This terminology makes my head hurt) __globals__: Global attributes accessible within any valid Python scope (hint: methods of classes are valid Python scopes) __builtins__: Functions written in either C or Python that are built-in to the language, and accessible through the global scope Charles Averill (UTD) Prison Snake February 2022
The Object Class, __globals__ Recall that Classes can utilize __subclasses__() to get a list of Classes derived from them. Object class has all Classes as subclasses (This terminology makes my head hurt) __globals__: Global attributes accessible within any valid Python scope (hint: methods of classes are valid Python scopes) __builtins__: Functions written in either C or Python that are built-in to the language, and accessible through the global scope These builtin functions include open() (the simplest way to open a file) Charles Averill (UTD) Prison Snake February 2022
The Object Class, __globals__ Recall that Classes can utilize __subclasses__() to get a list of Classes derived from them. Object class has all Classes as subclasses (This terminology makes my head hurt) __globals__: Global attributes accessible within any valid Python scope (hint: methods of classes are valid Python scopes) __builtins__: Functions written in either C or Python that are built-in to the language, and accessible through the global scope These builtin functions include open() (the simplest way to open a file) They also include other useful things like __import__() which are good for PyJails with other restrictions Charles Averill (UTD) Prison Snake February 2022
The Object Class, __globals__ Recall that Classes can utilize __subclasses__() to get a list of Classes derived from them. Object class has all Classes as subclasses (This terminology makes my head hurt) __globals__: Global attributes accessible within any valid Python scope (hint: methods of classes are valid Python scopes) __builtins__: Functions written in either C or Python that are built-in to the language, and accessible through the global scope These builtin functions include open() (the simplest way to open a file) They also include other useful things like __import__() which are good for PyJails with other restrictions In my installation of Python 3.10, there are 544 classes with Python-implemented methods (so they have __globals__ as a derived attribute) Charles Averill (UTD) Prison Snake February 2022
Graphical Review Charles Averill (UTD) Prison Snake February 2022
Solving our PyJail We looked at this PyJail solution at the beginning: ().__class__.__base__.__subclasses__()[134].__init__.__globals__[”__builtins__”][”open”](”./key”, ”r”).read() Charles Averill (UTD) Prison Snake February 2022
Solving our PyJail We looked at this PyJail solution at the beginning: ().__class__.__base__.__subclasses__()[134].__init__.__globals__[”__builtins__”][”open”](”./key”, ”r”).read() Let’s decode this solution Charles Averill (UTD) Prison Snake February 2022
Solving our PyJail We looked at this PyJail solution at the beginning: ().__class__.__base__.__subclasses__()[134].__init__.__globals__[”__builtins__”][”open”](”./key”, ”r”).read() Let’s decode this solution ().__class__.__base__: Creates a blank Tuple object, accesses its class (Tuple) and then Tuple’s sole base class (Object) Charles Averill (UTD) Prison Snake February 2022
Solving our PyJail We looked at this PyJail solution at the beginning: ().__class__.__base__.__subclasses__()[134].__init__.__globals__[”__builtins__”][”open”](”./key”, ”r”).read() Let’s decode this solution ().__class__.__base__: Creates a blank Tuple object, accesses its class (Tuple) and then Tuple’s sole base class (Object) __subclasses__()[134].__init__.__globals__: Accesses the 134th subclass of the Object class (in my installation, this is the Printer class), uses its Python-defined __init__ function to access the global scope Charles Averill (UTD) Prison Snake February 2022
Solving our PyJail We looked at this PyJail solution at the beginning: ().__class__.__base__.__subclasses__()[134].__init__.__globals__[”__builtins__”][”open”](”./key”, ”r”).read() Let’s decode this solution ().__class__.__base__: Creates a blank Tuple object, accesses its class (Tuple) and then Tuple’s sole base class (Object) __subclasses__()[134].__init__.__globals__: Accesses the 134th subclass of the Object class (in my installation, this is the Printer class), uses its Python-defined __init__ function to access the global scope ["__builtins__"]["open"]("./key", "r").read(): Accesses Python’s list of builtin function headers, calls the open function on a file called ”key” with the read permissions, and reads its contents Charles Averill (UTD) Prison Snake February 2022
Why does Python work like this? OOP Junk Charles Averill (UTD) Prison Snake February 2022
Why does Python work like this? OOP Junk If you’re calling __subclasses__() or directly referencing __globals__ your code is probably hard to read and/or vulnerable to issues with scaling Charles Averill (UTD) Prison Snake February 2022
Why does Python work like this? OOP Junk If you’re calling __subclasses__() or directly referencing __globals__ your code is probably hard to read and/or vulnerable to issues with scaling Reflective programming - the ability of objects to modify their behavior or structure under different contexts (last resort) Charles Averill (UTD) Prison Snake February 2022
Why does Python work like this? OOP Junk If you’re calling __subclasses__() or directly referencing __globals__ your code is probably hard to read and/or vulnerable to issues with scaling Reflective programming - the ability of objects to modify their behavior or structure under different contexts (last resort) Look at this list of reflection use-cases to see why it shouldn’t be used very often Charles Averill (UTD) Prison Snake February 2022
Why does Python work like this? OOP Junk If you’re calling __subclasses__() or directly referencing __globals__ your code is probably hard to read and/or vulnerable to issues with scaling Reflective programming - the ability of objects to modify their behavior or structure under different contexts (last resort) Look at this list of reflection use-cases to see why it shouldn’t be used very often Debugging OOP Junk Charles Averill (UTD) Prison Snake February 2022
Sources Your Guide to the CPython Source Code CPython Source Code Common Python Structures Python Data Model Python’s Innards Charles Averill (UTD) Prison Snake February 2022
Challenge https://gist.github.com/CharlesAverill/e7fef5a6e078f14b7ac7b3d318e3e24f Charles Averill (UTD) Prison Snake February 2022

Recommended

Google V8 engine
Google V8 engineGoogle V8 engine
Google V8 engine
Xuân Thu Nguyễn
 
Exploring Next Generation Buildpacks - Anand Rao & Scott Deeg
Exploring Next Generation Buildpacks - Anand Rao & Scott DeegExploring Next Generation Buildpacks - Anand Rao & Scott Deeg
Exploring Next Generation Buildpacks - Anand Rao & Scott Deeg
VMware Tanzu
 
Université du soir - TDD
Université du soir - TDDUniversité du soir - TDD
Université du soir - TDD
Jean-Baptiste Vigneron
 
DEVOPS
DEVOPSDEVOPS
DEVOPS
TayssirLimem
 
Android-Tp4: stockage
Android-Tp4: stockageAndroid-Tp4: stockage
Android-Tp4: stockage
Lilia Sfaxi
 
Docker
DockerDocker
Docker
Mokhless Hachicha
 
Linux Package Management.pptx
Linux Package Management.pptxLinux Package Management.pptx
Linux Package Management.pptx
HussienEndris1
 
BigData_TP1: Initiation à Hadoop et Map-Reduce
BigData_TP1: Initiation à Hadoop et Map-ReduceBigData_TP1: Initiation à Hadoop et Map-Reduce
BigData_TP1: Initiation à Hadoop et Map-Reduce
Lilia Sfaxi
 

Recommended

Google V8 engine
Google V8 engineGoogle V8 engine
Google V8 engine
Xuân Thu Nguyễn
 
Exploring Next Generation Buildpacks - Anand Rao & Scott Deeg
Exploring Next Generation Buildpacks - Anand Rao & Scott DeegExploring Next Generation Buildpacks - Anand Rao & Scott Deeg
Exploring Next Generation Buildpacks - Anand Rao & Scott Deeg
VMware Tanzu
 
Université du soir - TDD
Université du soir - TDDUniversité du soir - TDD
Université du soir - TDD
Jean-Baptiste Vigneron
 
DEVOPS
DEVOPSDEVOPS
DEVOPS
TayssirLimem
 
Android-Tp4: stockage
Android-Tp4: stockageAndroid-Tp4: stockage
Android-Tp4: stockage
Lilia Sfaxi
 
Docker
DockerDocker
Docker
Mokhless Hachicha
 
Linux Package Management.pptx
Linux Package Management.pptxLinux Package Management.pptx
Linux Package Management.pptx
HussienEndris1
 
BigData_TP1: Initiation à Hadoop et Map-Reduce
BigData_TP1: Initiation à Hadoop et Map-ReduceBigData_TP1: Initiation à Hadoop et Map-Reduce
BigData_TP1: Initiation à Hadoop et Map-Reduce
Lilia Sfaxi
 
"Using TensorFlow Lite to Deploy Deep Learning on Cortex-M Microcontrollers,"...
"Using TensorFlow Lite to Deploy Deep Learning on Cortex-M Microcontrollers,"..."Using TensorFlow Lite to Deploy Deep Learning on Cortex-M Microcontrollers,"...
"Using TensorFlow Lite to Deploy Deep Learning on Cortex-M Microcontrollers,"...
Edge AI and Vision Alliance
 
Modélisation de données pour MongoDB
Modélisation de données pour MongoDBModélisation de données pour MongoDB
Modélisation de données pour MongoDB
MongoDB
 
Chapitre 5 classes abstraites et interfaces
Chapitre 5 classes abstraites et interfacesChapitre 5 classes abstraites et interfaces
Chapitre 5 classes abstraites et interfaces
Amir Souissi
 
Domain Name Server
Domain Name ServerDomain Name Server
Domain Name Server
vipulvaid
 
Device tree
Device treeDevice tree
Device tree
Rouyun Pan
 
CMake best practices
CMake best practicesCMake best practices
CMake best practices
Henry Schreiner
 
Les collections en Java
Les collections en JavaLes collections en Java
Les collections en Java
Papa Cheikh Cisse
 
Containerization and Docker
Containerization and DockerContainerization and Docker
Containerization and Docker
Megha Bansal
 
Docker Containers Deep Dive
Docker Containers Deep DiveDocker Containers Deep Dive
Docker Containers Deep Dive
Will Kinard
 
TDD (Test Driven Developement) et refactoring
TDD (Test Driven Developement) et refactoringTDD (Test Driven Developement) et refactoring
TDD (Test Driven Developement) et refactoring
neuros
 
Arm device tree and linux device drivers
Arm device tree and linux device driversArm device tree and linux device drivers
Arm device tree and linux device drivers
Houcheng Lin
 
Dockerfile
Dockerfile Dockerfile
Dockerfile
Jeffrey Ellin
 
Writing Metasploit Plugins
Writing Metasploit PluginsWriting Metasploit Plugins
Writing Metasploit Plugins
amiable_indian
 
Linux introduction
Linux introductionLinux introduction
Linux introduction
Md. Zahid Hossain Shoeb
 
Présentation Docker
Présentation DockerPrésentation Docker
Présentation Docker
Colin LEVERGER
 
A practical guide to buildroot
A practical guide to buildrootA practical guide to buildroot
A practical guide to buildroot
Emertxe Information Technologies Pvt Ltd
 
Présentation DEVOPS.pptx
Présentation DEVOPS.pptxPrésentation DEVOPS.pptx
Présentation DEVOPS.pptx
boulonvert
 
Gerenciamento de Backups PostgreSQL com pgbarman
Gerenciamento de Backups PostgreSQL com pgbarmanGerenciamento de Backups PostgreSQL com pgbarman
Gerenciamento de Backups PostgreSQL com pgbarman
Juliano Atanazio
 
Architecture-of-Linux-operating-system.docx
Architecture-of-Linux-operating-system.docxArchitecture-of-Linux-operating-system.docx
Architecture-of-Linux-operating-system.docx
VivekGupta920049
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old Secrets
Brendan Gregg
 
From Java to Python: beating the Stockholm syndrome
From Java to Python: beating the Stockholm syndromeFrom Java to Python: beating the Stockholm syndrome
From Java to Python: beating the Stockholm syndrome
Javier Arias Losada
 
Software Bertillonage: Finding the Provenance of an Entity
Software Bertillonage: Finding the Provenance of an EntitySoftware Bertillonage: Finding the Provenance of an Entity
Software Bertillonage: Finding the Provenance of an Entity
migod
 

More Related Content

What's hot

"Using TensorFlow Lite to Deploy Deep Learning on Cortex-M Microcontrollers,"...
"Using TensorFlow Lite to Deploy Deep Learning on Cortex-M Microcontrollers,"..."Using TensorFlow Lite to Deploy Deep Learning on Cortex-M Microcontrollers,"...
"Using TensorFlow Lite to Deploy Deep Learning on Cortex-M Microcontrollers,"...
Edge AI and Vision Alliance
 
Modélisation de données pour MongoDB
Modélisation de données pour MongoDBModélisation de données pour MongoDB
Modélisation de données pour MongoDB
MongoDB
 
Chapitre 5 classes abstraites et interfaces
Chapitre 5 classes abstraites et interfacesChapitre 5 classes abstraites et interfaces
Chapitre 5 classes abstraites et interfaces
Amir Souissi
 
Domain Name Server
Domain Name ServerDomain Name Server
Domain Name Server
vipulvaid
 
Device tree
Device treeDevice tree
Device tree
Rouyun Pan
 
CMake best practices
CMake best practicesCMake best practices
CMake best practices
Henry Schreiner
 
Les collections en Java
Les collections en JavaLes collections en Java
Les collections en Java
Papa Cheikh Cisse
 
Containerization and Docker
Containerization and DockerContainerization and Docker
Containerization and Docker
Megha Bansal
 
Docker Containers Deep Dive
Docker Containers Deep DiveDocker Containers Deep Dive
Docker Containers Deep Dive
Will Kinard
 
TDD (Test Driven Developement) et refactoring
TDD (Test Driven Developement) et refactoringTDD (Test Driven Developement) et refactoring
TDD (Test Driven Developement) et refactoring
neuros
 
Arm device tree and linux device drivers
Arm device tree and linux device driversArm device tree and linux device drivers
Arm device tree and linux device drivers
Houcheng Lin
 
Dockerfile
Dockerfile Dockerfile
Dockerfile
Jeffrey Ellin
 
Writing Metasploit Plugins
Writing Metasploit PluginsWriting Metasploit Plugins
Writing Metasploit Plugins
amiable_indian
 
Linux introduction
Linux introductionLinux introduction
Linux introduction
Md. Zahid Hossain Shoeb
 
Présentation Docker
Présentation DockerPrésentation Docker
Présentation Docker
Colin LEVERGER
 
A practical guide to buildroot
A practical guide to buildrootA practical guide to buildroot
A practical guide to buildroot
Emertxe Information Technologies Pvt Ltd
 
Présentation DEVOPS.pptx
Présentation DEVOPS.pptxPrésentation DEVOPS.pptx
Présentation DEVOPS.pptx
boulonvert
 
Gerenciamento de Backups PostgreSQL com pgbarman
Gerenciamento de Backups PostgreSQL com pgbarmanGerenciamento de Backups PostgreSQL com pgbarman
Gerenciamento de Backups PostgreSQL com pgbarman
Juliano Atanazio
 
Architecture-of-Linux-operating-system.docx
Architecture-of-Linux-operating-system.docxArchitecture-of-Linux-operating-system.docx
Architecture-of-Linux-operating-system.docx
VivekGupta920049
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old Secrets
Brendan Gregg
 

What's hot (20)

"Using TensorFlow Lite to Deploy Deep Learning on Cortex-M Microcontrollers,"...
"Using TensorFlow Lite to Deploy Deep Learning on Cortex-M Microcontrollers,"..."Using TensorFlow Lite to Deploy Deep Learning on Cortex-M Microcontrollers,"...
"Using TensorFlow Lite to Deploy Deep Learning on Cortex-M Microcontrollers,"...
 
Modélisation de données pour MongoDB
Modélisation de données pour MongoDBModélisation de données pour MongoDB
Modélisation de données pour MongoDB
 
Chapitre 5 classes abstraites et interfaces
Chapitre 5 classes abstraites et interfacesChapitre 5 classes abstraites et interfaces
Chapitre 5 classes abstraites et interfaces
 
Domain Name Server
Domain Name ServerDomain Name Server
Domain Name Server
 
Device tree
Device treeDevice tree
Device tree
 
CMake best practices
CMake best practicesCMake best practices
CMake best practices
 
Les collections en Java
Les collections en JavaLes collections en Java
Les collections en Java
 
Containerization and Docker
Containerization and DockerContainerization and Docker
Containerization and Docker
 
Docker Containers Deep Dive
Docker Containers Deep DiveDocker Containers Deep Dive
Docker Containers Deep Dive
 
TDD (Test Driven Developement) et refactoring
TDD (Test Driven Developement) et refactoringTDD (Test Driven Developement) et refactoring
TDD (Test Driven Developement) et refactoring
 
Arm device tree and linux device drivers
Arm device tree and linux device driversArm device tree and linux device drivers
Arm device tree and linux device drivers
 
Dockerfile
Dockerfile Dockerfile
Dockerfile
 
Writing Metasploit Plugins
Writing Metasploit PluginsWriting Metasploit Plugins
Writing Metasploit Plugins
 
Linux introduction
Linux introductionLinux introduction
Linux introduction
 
Présentation Docker
Présentation DockerPrésentation Docker
Présentation Docker
 
A practical guide to buildroot
A practical guide to buildrootA practical guide to buildroot
A practical guide to buildroot
 
Présentation DEVOPS.pptx
Présentation DEVOPS.pptxPrésentation DEVOPS.pptx
Présentation DEVOPS.pptx
 
Gerenciamento de Backups PostgreSQL com pgbarman
Gerenciamento de Backups PostgreSQL com pgbarmanGerenciamento de Backups PostgreSQL com pgbarman
Gerenciamento de Backups PostgreSQL com pgbarman
 
Architecture-of-Linux-operating-system.docx
Architecture-of-Linux-operating-system.docxArchitecture-of-Linux-operating-system.docx
Architecture-of-Linux-operating-system.docx
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old Secrets
 

Similar to Py jail talk

From Java to Python: beating the Stockholm syndrome
From Java to Python: beating the Stockholm syndromeFrom Java to Python: beating the Stockholm syndrome
From Java to Python: beating the Stockholm syndrome
Javier Arias Losada
 
Software Bertillonage: Finding the Provenance of an Entity
Software Bertillonage: Finding the Provenance of an EntitySoftware Bertillonage: Finding the Provenance of an Entity
Software Bertillonage: Finding the Provenance of an Entity
migod
 
Introduction To Programming with Python-5
Introduction To Programming with Python-5Introduction To Programming with Python-5
Introduction To Programming with Python-5
Syed Farjad Zia Zaidi
 
Biopython: Overview, State of the Art and Outlook
Biopython: Overview, State of the Art and OutlookBiopython: Overview, State of the Art and Outlook
Biopython: Overview, State of the Art and Outlook
Asociación Argentina de Bioinformática y Biología Computacional
 
Computer programming(C++): Structures
Computer programming(C++): StructuresComputer programming(C++): Structures
Computer programming(C++): Structures
JishnuNath7
 
These questions will be a bit advanced level 2
These questions will be a bit advanced level 2These questions will be a bit advanced level 2
These questions will be a bit advanced level 2
sadhana312471
 
CSE3146-ADV JAVA M2.pdf
CSE3146-ADV JAVA M2.pdfCSE3146-ADV JAVA M2.pdf
CSE3146-ADV JAVA M2.pdf
VithalReddy3
 
[E-Dev-Day 2014][4/16] Review of Eolian, Eo, Bindings, Interfaces and What's ...
[E-Dev-Day 2014][4/16] Review of Eolian, Eo, Bindings, Interfaces and What's ...[E-Dev-Day 2014][4/16] Review of Eolian, Eo, Bindings, Interfaces and What's ...
[E-Dev-Day 2014][4/16] Review of Eolian, Eo, Bindings, Interfaces and What's ...
EnlightenmentProject
 
Answer ado.net pre-exam2018
Answer ado.net pre-exam2018Answer ado.net pre-exam2018
Answer ado.net pre-exam2018
than sare
 
OOP, Networking, Linux/Unix
OOP, Networking, Linux/UnixOOP, Networking, Linux/Unix
OOP, Networking, Linux/Unix
Novita Sari
 
PYTHON PPT.pptx
PYTHON PPT.pptxPYTHON PPT.pptx
PYTHON PPT.pptx
AbhishekMourya36
 
My c++
My c++My c++
My c++
snathick
 
Java - File Input Output Concepts
Java - File Input Output ConceptsJava - File Input Output Concepts
Java - File Input Output Concepts
Victer Paul
 
Python Foundation – A programmer's introduction to Python concepts & style
Python Foundation – A programmer's introduction to Python concepts & stylePython Foundation – A programmer's introduction to Python concepts & style
Python Foundation – A programmer's introduction to Python concepts & style
Kevlin Henney
 
Java Unit 2(Part 1)
Java Unit 2(Part 1)Java Unit 2(Part 1)
Java Unit 2(Part 1)
SURBHI SAROHA
 
C++ classes
C++ classesC++ classes
C++ classes
imhammadali
 
Python and You Series
Python and You SeriesPython and You Series
Python and You Series
Karthik Prakash
 
Java I/o streams
Java I/o streamsJava I/o streams
Java I/o streams
Hamid Ghorbani
 
About Python
About PythonAbout Python
About Python
Shao-Chuan Wang
 
Java Day-6
Java Day-6Java Day-6
Java Day-6
People Strategists
 

Similar to Py jail talk (20)

From Java to Python: beating the Stockholm syndrome
From Java to Python: beating the Stockholm syndromeFrom Java to Python: beating the Stockholm syndrome
From Java to Python: beating the Stockholm syndrome
 
Software Bertillonage: Finding the Provenance of an Entity
Software Bertillonage: Finding the Provenance of an EntitySoftware Bertillonage: Finding the Provenance of an Entity
Software Bertillonage: Finding the Provenance of an Entity
 
Introduction To Programming with Python-5
Introduction To Programming with Python-5Introduction To Programming with Python-5
Introduction To Programming with Python-5
 
Biopython: Overview, State of the Art and Outlook
Biopython: Overview, State of the Art and OutlookBiopython: Overview, State of the Art and Outlook
Biopython: Overview, State of the Art and Outlook
 
Computer programming(C++): Structures
Computer programming(C++): StructuresComputer programming(C++): Structures
Computer programming(C++): Structures
 
These questions will be a bit advanced level 2
These questions will be a bit advanced level 2These questions will be a bit advanced level 2
These questions will be a bit advanced level 2
 
CSE3146-ADV JAVA M2.pdf
CSE3146-ADV JAVA M2.pdfCSE3146-ADV JAVA M2.pdf
CSE3146-ADV JAVA M2.pdf
 
[E-Dev-Day 2014][4/16] Review of Eolian, Eo, Bindings, Interfaces and What's ...
[E-Dev-Day 2014][4/16] Review of Eolian, Eo, Bindings, Interfaces and What's ...[E-Dev-Day 2014][4/16] Review of Eolian, Eo, Bindings, Interfaces and What's ...
[E-Dev-Day 2014][4/16] Review of Eolian, Eo, Bindings, Interfaces and What's ...
 
Answer ado.net pre-exam2018
Answer ado.net pre-exam2018Answer ado.net pre-exam2018
Answer ado.net pre-exam2018
 
OOP, Networking, Linux/Unix
OOP, Networking, Linux/UnixOOP, Networking, Linux/Unix
OOP, Networking, Linux/Unix
 
PYTHON PPT.pptx
PYTHON PPT.pptxPYTHON PPT.pptx
PYTHON PPT.pptx
 
My c++
My c++My c++
My c++
 
Java - File Input Output Concepts
Java - File Input Output ConceptsJava - File Input Output Concepts
Java - File Input Output Concepts
 
Python Foundation – A programmer's introduction to Python concepts & style
Python Foundation – A programmer's introduction to Python concepts & stylePython Foundation – A programmer's introduction to Python concepts & style
Python Foundation – A programmer's introduction to Python concepts & style
 
Java Unit 2(Part 1)
Java Unit 2(Part 1)Java Unit 2(Part 1)
Java Unit 2(Part 1)
 
C++ classes
C++ classesC++ classes
C++ classes
 
Python and You Series
Python and You SeriesPython and You Series
Python and You Series
 
Java I/o streams
Java I/o streamsJava I/o streams
Java I/o streams
 
About Python
About PythonAbout Python
About Python
 
Java Day-6
Java Day-6Java Day-6
Java Day-6
 

More from UTD Computer Security Group

22S kickoff 2.0 (kickoff + anonymity talk)
22S kickoff 2.0 (kickoff + anonymity talk)22S kickoff 2.0 (kickoff + anonymity talk)
22S kickoff 2.0 (kickoff + anonymity talk)
UTD Computer Security Group
 
Cloud talk
Cloud talkCloud talk
Cloud talk
UTD Computer Security Group
 
UTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domainUTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domain
UTD Computer Security Group
 
Forensics audio and video
Forensics audio and videoForensics audio and video
Forensics audio and video
UTD Computer Security Group
 
Computer networks and network security
Computer networks and network securityComputer networks and network security
Computer networks and network security
UTD Computer Security Group
 
Intro to python
Intro to pythonIntro to python
Intro to python
UTD Computer Security Group
 
Powershell crash course
Powershell crash coursePowershell crash course
Powershell crash course
UTD Computer Security Group
 
Intro to cybersecurity
Intro to cybersecurityIntro to cybersecurity
Intro to cybersecurity
UTD Computer Security Group
 
Intro to Bash
Intro to BashIntro to Bash
Intro to Bash
UTD Computer Security Group
 
Web Exploitation
Web ExploitationWeb Exploitation
Web Exploitation
UTD Computer Security Group
 
Network Exploitation
Network ExploitationNetwork Exploitation
Network Exploitation
UTD Computer Security Group
 
Penetration Testing: Celestial
Penetration Testing: CelestialPenetration Testing: Celestial
Penetration Testing: Celestial
UTD Computer Security Group
 
Introduction to Exploitation
Introduction to ExploitationIntroduction to Exploitation
Introduction to Exploitation
UTD Computer Security Group
 
Cryptography Crash Course
Cryptography Crash CourseCryptography Crash Course
Cryptography Crash Course
UTD Computer Security Group
 
Fuzzing - Part 2
Fuzzing - Part 2Fuzzing - Part 2
Fuzzing - Part 2
UTD Computer Security Group
 
Exploitation Crash Course
Exploitation Crash CourseExploitation Crash Course
Exploitation Crash Course
UTD Computer Security Group
 
Fuzzing - Part 1
Fuzzing - Part 1Fuzzing - Part 1
Fuzzing - Part 1
UTD Computer Security Group
 
Protostar VM - Heap3
Protostar VM - Heap3Protostar VM - Heap3
Protostar VM - Heap3
UTD Computer Security Group
 
Heap Base Exploitation
Heap Base ExploitationHeap Base Exploitation
Heap Base Exploitation
UTD Computer Security Group
 
Return Oriented Programming
Return Oriented ProgrammingReturn Oriented Programming
Return Oriented Programming
UTD Computer Security Group
 

More from UTD Computer Security Group (20)

22S kickoff 2.0 (kickoff + anonymity talk)
22S kickoff 2.0 (kickoff + anonymity talk)22S kickoff 2.0 (kickoff + anonymity talk)
22S kickoff 2.0 (kickoff + anonymity talk)
 
Cloud talk
Cloud talkCloud talk
Cloud talk
 
UTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domainUTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domain
 
Forensics audio and video
Forensics audio and videoForensics audio and video
Forensics audio and video
 
Computer networks and network security
Computer networks and network securityComputer networks and network security
Computer networks and network security
 
Intro to python
Intro to pythonIntro to python
Intro to python
 
Powershell crash course
Powershell crash coursePowershell crash course
Powershell crash course
 
Intro to cybersecurity
Intro to cybersecurityIntro to cybersecurity
Intro to cybersecurity
 
Intro to Bash
Intro to BashIntro to Bash
Intro to Bash
 
Web Exploitation
Web ExploitationWeb Exploitation
Web Exploitation
 
Network Exploitation
Network ExploitationNetwork Exploitation
Network Exploitation
 
Penetration Testing: Celestial
Penetration Testing: CelestialPenetration Testing: Celestial
Penetration Testing: Celestial
 
Introduction to Exploitation
Introduction to ExploitationIntroduction to Exploitation
Introduction to Exploitation
 
Cryptography Crash Course
Cryptography Crash CourseCryptography Crash Course
Cryptography Crash Course
 
Fuzzing - Part 2
Fuzzing - Part 2Fuzzing - Part 2
Fuzzing - Part 2
 
Exploitation Crash Course
Exploitation Crash CourseExploitation Crash Course
Exploitation Crash Course
 
Fuzzing - Part 1
Fuzzing - Part 1Fuzzing - Part 1
Fuzzing - Part 1
 
Protostar VM - Heap3
Protostar VM - Heap3Protostar VM - Heap3
Protostar VM - Heap3
 
Heap Base Exploitation
Heap Base ExploitationHeap Base Exploitation
Heap Base Exploitation
 
Return Oriented Programming
Return Oriented ProgrammingReturn Oriented Programming
Return Oriented Programming
 

Recently uploaded

Eric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball play
Eric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball playEric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball play
Eric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball play
enizeyimana36
 
The Python for beginners. This is an advance computer language.
The Python for beginners. This is an advance computer language.The Python for beginners. This is an advance computer language.
The Python for beginners. This is an advance computer language.
sachin chaurasia
 
132/33KV substation case study Presentation
132/33KV substation case study Presentation132/33KV substation case study Presentation
132/33KV substation case study Presentation
kandramariana6
 
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELDEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
gerogepatton
 
学校原版美国波士顿大学毕业证学历学位证书原版一模一样
学校原版美国波士顿大学毕业证学历学位证书原版一模一样学校原版美国波士顿大学毕业证学历学位证书原版一模一样
学校原版美国波士顿大学毕业证学历学位证书原版一模一样
171ticu
 
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.pptUnit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
KrishnaveniKrishnara1
 
basic-wireline-operations-course-mahmoud-f-radwan.pdf
basic-wireline-operations-course-mahmoud-f-radwan.pdfbasic-wireline-operations-course-mahmoud-f-radwan.pdf
basic-wireline-operations-course-mahmoud-f-radwan.pdf
NidhalKahouli2
 
22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt
KrishnaveniKrishnara1
 
New techniques for characterising damage in rock slopes.pdf
New techniques for characterising damage in rock slopes.pdfNew techniques for characterising damage in rock slopes.pdf
New techniques for characterising damage in rock slopes.pdf
wisnuprabawa3
 
CSM Cloud Service Management Presentarion
CSM Cloud Service Management PresentarionCSM Cloud Service Management Presentarion
CSM Cloud Service Management Presentarion
rpskprasana
 
Literature Review Basics and Understanding Reference Management.pptx
Literature Review Basics and Understanding Reference Management.pptxLiterature Review Basics and Understanding Reference Management.pptx
Literature Review Basics and Understanding Reference Management.pptx
Dr Ramhari Poudyal
 
Embedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoringEmbedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoring
IJECEIAES
 
A review on techniques and modelling methodologies used for checking electrom...
A review on techniques and modelling methodologies used for checking electrom...A review on techniques and modelling methodologies used for checking electrom...
A review on techniques and modelling methodologies used for checking electrom...
nooriasukmaningtyas
 
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsKuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
Victor Morales
 
TIME DIVISION MULTIPLEXING TECHNIQUE FOR COMMUNICATION SYSTEM
TIME DIVISION MULTIPLEXING TECHNIQUE FOR COMMUNICATION SYSTEMTIME DIVISION MULTIPLEXING TECHNIQUE FOR COMMUNICATION SYSTEM
TIME DIVISION MULTIPLEXING TECHNIQUE FOR COMMUNICATION SYSTEM
HODECEDSIET
 
ISPM 15 Heat Treated Wood Stamps and why your shipping must have one
ISPM 15 Heat Treated Wood Stamps and why your shipping must have oneISPM 15 Heat Treated Wood Stamps and why your shipping must have one
ISPM 15 Heat Treated Wood Stamps and why your shipping must have one
Las Vegas Warehouse
 
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
IJECEIAES
 
ML Based Model for NIDS MSc Updated Presentation.v2.pptx
ML Based Model for NIDS MSc Updated Presentation.v2.pptxML Based Model for NIDS MSc Updated Presentation.v2.pptx
ML Based Model for NIDS MSc Updated Presentation.v2.pptx
JamalHussainArman
 
Computational Engineering IITH Presentation
Computational Engineering IITH PresentationComputational Engineering IITH Presentation
Computational Engineering IITH Presentation
co23btech11018
 
Engineering Drawings Lecture Detail Drawings 2014.pdf
Engineering Drawings Lecture Detail Drawings 2014.pdfEngineering Drawings Lecture Detail Drawings 2014.pdf
Engineering Drawings Lecture Detail Drawings 2014.pdf
abbyasa1014
 

Recently uploaded (20)

Eric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball play
Eric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball playEric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball play
Eric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball play
 
The Python for beginners. This is an advance computer language.
The Python for beginners. This is an advance computer language.The Python for beginners. This is an advance computer language.
The Python for beginners. This is an advance computer language.
 
132/33KV substation case study Presentation
132/33KV substation case study Presentation132/33KV substation case study Presentation
132/33KV substation case study Presentation
 
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELDEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
 
学校原版美国波士顿大学毕业证学历学位证书原版一模一样
学校原版美国波士顿大学毕业证学历学位证书原版一模一样学校原版美国波士顿大学毕业证学历学位证书原版一模一样
学校原版美国波士顿大学毕业证学历学位证书原版一模一样
 
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.pptUnit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
 
basic-wireline-operations-course-mahmoud-f-radwan.pdf
basic-wireline-operations-course-mahmoud-f-radwan.pdfbasic-wireline-operations-course-mahmoud-f-radwan.pdf
basic-wireline-operations-course-mahmoud-f-radwan.pdf
 
22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt
 
New techniques for characterising damage in rock slopes.pdf
New techniques for characterising damage in rock slopes.pdfNew techniques for characterising damage in rock slopes.pdf
New techniques for characterising damage in rock slopes.pdf
 
CSM Cloud Service Management Presentarion
CSM Cloud Service Management PresentarionCSM Cloud Service Management Presentarion
CSM Cloud Service Management Presentarion
 
Literature Review Basics and Understanding Reference Management.pptx
Literature Review Basics and Understanding Reference Management.pptxLiterature Review Basics and Understanding Reference Management.pptx
Literature Review Basics and Understanding Reference Management.pptx
 
Embedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoringEmbedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoring
 
A review on techniques and modelling methodologies used for checking electrom...
A review on techniques and modelling methodologies used for checking electrom...A review on techniques and modelling methodologies used for checking electrom...
A review on techniques and modelling methodologies used for checking electrom...
 
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsKuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
 
TIME DIVISION MULTIPLEXING TECHNIQUE FOR COMMUNICATION SYSTEM
TIME DIVISION MULTIPLEXING TECHNIQUE FOR COMMUNICATION SYSTEMTIME DIVISION MULTIPLEXING TECHNIQUE FOR COMMUNICATION SYSTEM
TIME DIVISION MULTIPLEXING TECHNIQUE FOR COMMUNICATION SYSTEM
 
ISPM 15 Heat Treated Wood Stamps and why your shipping must have one
ISPM 15 Heat Treated Wood Stamps and why your shipping must have oneISPM 15 Heat Treated Wood Stamps and why your shipping must have one
ISPM 15 Heat Treated Wood Stamps and why your shipping must have one
 
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
 
ML Based Model for NIDS MSc Updated Presentation.v2.pptx
ML Based Model for NIDS MSc Updated Presentation.v2.pptxML Based Model for NIDS MSc Updated Presentation.v2.pptx
ML Based Model for NIDS MSc Updated Presentation.v2.pptx
 
Computational Engineering IITH Presentation
Computational Engineering IITH PresentationComputational Engineering IITH Presentation
Computational Engineering IITH Presentation
 
Engineering Drawings Lecture Detail Drawings 2014.pdf
Engineering Drawings Lecture Detail Drawings 2014.pdfEngineering Drawings Lecture Detail Drawings 2014.pdf
Engineering Drawings Lecture Detail Drawings 2014.pdf
 

Py jail talk

  • 1. Prison Snake A broad dive into the object structure of Python and the functionality behind PyJail solutions Charles Averill Computer Security Group The University of Texas at Dallas February 2022 Charles Averill (UTD) Prison Snake February 2022
  • 2. What is a PyJail? A common CTF problem in which a Python interpreter with limited functionality is provided to the user Charles Averill (UTD) Prison Snake February 2022
  • 3. What is a PyJail? A common CTF problem in which a Python interpreter with limited functionality is provided to the user Goal is typically to call os.system(), open(), or another similar function that provides access to file-reading abilities Charles Averill (UTD) Prison Snake February 2022
  • 4. What is a PyJail? A common CTF problem in which a Python interpreter with limited functionality is provided to the user Goal is typically to call os.system(), open(), or another similar function that provides access to file-reading abilities Common restrictions involve removing keywords such as import, blocking any input containing the text open, preventing any function calls outside of print, etc. Charles Averill (UTD) Prison Snake February 2022
  • 5. What is a PyJail? A common CTF problem in which a Python interpreter with limited functionality is provided to the user Goal is typically to call os.system(), open(), or another similar function that provides access to file-reading abilities Common restrictions involve removing keywords such as import, blocking any input containing the text open, preventing any function calls outside of print, etc. As a result of these limitations, solutions usually look something like ().__class__.__base__.__subclasses__()[134].__init__.__globals__[”__builtins__”][”open”](”./key”, ”r”).read() Charles Averill (UTD) Prison Snake February 2022
  • 6. What is a PyJail? A common CTF problem in which a Python interpreter with limited functionality is provided to the user Goal is typically to call os.system(), open(), or another similar function that provides access to file-reading abilities Common restrictions involve removing keywords such as import, blocking any input containing the text open, preventing any function calls outside of print, etc. As a result of these limitations, solutions usually look something like ().__class__.__base__.__subclasses__()[134].__init__.__globals__[”__builtins__”][”open”](”./key”, ”r”).read() This is crazy! The solution seems arbitrary but there is logic behind each attribute chosen in this solution. We will discover why solutions like this work, and why this functionality exists. Charles Averill (UTD) Prison Snake February 2022
  • 7. What is CPython? The official reference implementation of the Python programming language Charles Averill (UTD) Prison Snake February 2022
  • 8. What is CPython? The official reference implementation of the Python programming language Written in a combo of C and Python Charles Averill (UTD) Prison Snake February 2022
  • 9. What is CPython? The official reference implementation of the Python programming language Written in a combo of C and Python Compiles Python to bytecode (.pyc files) to be interpreted later, so technically a compiler and interpreter Charles Averill (UTD) Prison Snake February 2022
  • 10. What is CPython? The official reference implementation of the Python programming language Written in a combo of C and Python Compiles Python to bytecode (.pyc files) to be interpreted later, so technically a compiler and interpreter .pyc files are (mostly) CPython-specific. Other Python compilers generate other formats (Jython generates .class files, Cython generates C files that are compiled to binaries, etc) Charles Averill (UTD) Prison Snake February 2022
  • 11. What is CPython? The official reference implementation of the Python programming language Written in a combo of C and Python Compiles Python to bytecode (.pyc files) to be interpreted later, so technically a compiler and interpreter .pyc files are (mostly) CPython-specific. Other Python compilers generate other formats (Jython generates .class files, Cython generates C files that are compiled to binaries, etc) Defines lots of hooks and handles available from the Python interpreter to access CPython types and structs and such Charles Averill (UTD) Prison Snake February 2022
  • 12. What is CPython? The official reference implementation of the Python programming language Written in a combo of C and Python Compiles Python to bytecode (.pyc files) to be interpreted later, so technically a compiler and interpreter .pyc files are (mostly) CPython-specific. Other Python compilers generate other formats (Jython generates .class files, Cython generates C files that are compiled to binaries, etc) Defines lots of hooks and handles available from the Python interpreter to access CPython types and structs and such Contains implementations of builtin functions, mostly written in C for speed Charles Averill (UTD) Prison Snake February 2022
  • 13. Python Object Characteristics Files : Linux :: Objects : Python (Everything in Python is an Object) Charles Averill (UTD) Prison Snake February 2022
  • 14. Python Object Characteristics Files : Linux :: Objects : Python (Everything in Python is an Object) Objects, Instances, and Classes have the following attributes: Charles Averill (UTD) Prison Snake February 2022
  • 15. Python Object Characteristics Files : Linux :: Objects : Python (Everything in Python is an Object) Objects, Instances, and Classes have the following attributes: object.__dict__: Dictionary containing writable attributes of an Object definition Charles Averill (UTD) Prison Snake February 2022
  • 16. Python Object Characteristics Files : Linux :: Objects : Python (Everything in Python is an Object) Objects, Instances, and Classes have the following attributes: object.__dict__: Dictionary containing writable attributes of an Object definition instance.__class__: The Class an instance belongs to Charles Averill (UTD) Prison Snake February 2022
  • 17. Python Object Characteristics Files : Linux :: Objects : Python (Everything in Python is an Object) Objects, Instances, and Classes have the following attributes: object.__dict__: Dictionary containing writable attributes of an Object definition instance.__class__: The Class an instance belongs to class.__bases__: Tuple containing base classes of an object Charles Averill (UTD) Prison Snake February 2022
  • 18. Python Object Characteristics Files : Linux :: Objects : Python (Everything in Python is an Object) Objects, Instances, and Classes have the following attributes: object.__dict__: Dictionary containing writable attributes of an Object definition instance.__class__: The Class an instance belongs to class.__bases__: Tuple containing base classes of an object class.__mro__: Tuple containing possible base Classes (usually contains base Classes and the Class itself) Charles Averill (UTD) Prison Snake February 2022
  • 19. Python Object Characteristics Files : Linux :: Objects : Python (Everything in Python is an Object) Objects, Instances, and Classes have the following attributes: object.__dict__: Dictionary containing writable attributes of an Object definition instance.__class__: The Class an instance belongs to class.__bases__: Tuple containing base classes of an object class.__mro__: Tuple containing possible base Classes (usually contains base Classes and the Class itself) class.__subclasses__(): List containing any subclasses derived from the Class Charles Averill (UTD) Prison Snake February 2022
  • 20. Python Object Characteristics Files : Linux :: Objects : Python (Everything in Python is an Object) Objects, Instances, and Classes have the following attributes: object.__dict__: Dictionary containing writable attributes of an Object definition instance.__class__: The Class an instance belongs to class.__bases__: Tuple containing base classes of an object class.__mro__: Tuple containing possible base Classes (usually contains base Classes and the Class itself) class.__subclasses__(): List containing any subclasses derived from the Class Why should anyone care? Charles Averill (UTD) Prison Snake February 2022
  • 21. Python Object Characteristics Files : Linux :: Objects : Python (Everything in Python is an Object) Objects, Instances, and Classes have the following attributes: object.__dict__: Dictionary containing writable attributes of an Object definition instance.__class__: The Class an instance belongs to class.__bases__: Tuple containing base classes of an object class.__mro__: Tuple containing possible base Classes (usually contains base Classes and the Class itself) class.__subclasses__(): List containing any subclasses derived from the Class Why should anyone care? These are the building blocks of a PyJail solution, and the architecture of the language itself. Having a deep understanding of these attributes will always guide you to the solution. Charles Averill (UTD) Prison Snake February 2022
  • 22. The Object Class, __globals__ The base Class of all Classes excluding itself (Object has no base Class) Charles Averill (UTD) Prison Snake February 2022
  • 23. The Object Class, __globals__ The base Class of all Classes excluding itself (Object has no base Class) The Object class has a few defined functions, but they are special method-wrappers Charles Averill (UTD) Prison Snake February 2022
  • 24. The Object Class, __globals__ The base Class of all Classes excluding itself (Object has no base Class) The Object class has a few defined functions, but they are special method-wrappers method-wrapper is a type used by CPython to denote a function that is compiled with C. This makes sense for a base component of Python such as Object. Charles Averill (UTD) Prison Snake February 2022
  • 25. The Object Class, __globals__ The base Class of all Classes excluding itself (Object has no base Class) The Object class has a few defined functions, but they are special method-wrappers method-wrapper is a type used by CPython to denote a function that is compiled with C. This makes sense for a base component of Python such as Object. Conclusion? We can’t use Object on its own to help us call other functions Charles Averill (UTD) Prison Snake February 2022
  • 26. The Object Class, __globals__ Recall that Classes can utilize __subclasses__() to get a list of Classes derived from them. Charles Averill (UTD) Prison Snake February 2022
  • 27. The Object Class, __globals__ Recall that Classes can utilize __subclasses__() to get a list of Classes derived from them. Object class has all Classes as subclasses Charles Averill (UTD) Prison Snake February 2022
  • 28. The Object Class, __globals__ Recall that Classes can utilize __subclasses__() to get a list of Classes derived from them. Object class has all Classes as subclasses (This terminology makes my head hurt) __globals__: Global attributes accessible within any valid Python scope (hint: methods of classes are valid Python scopes) Charles Averill (UTD) Prison Snake February 2022
  • 29. The Object Class, __globals__ Recall that Classes can utilize __subclasses__() to get a list of Classes derived from them. Object class has all Classes as subclasses (This terminology makes my head hurt) __globals__: Global attributes accessible within any valid Python scope (hint: methods of classes are valid Python scopes) __builtins__: Functions written in either C or Python that are built-in to the language, and accessible through the global scope Charles Averill (UTD) Prison Snake February 2022
  • 30. The Object Class, __globals__ Recall that Classes can utilize __subclasses__() to get a list of Classes derived from them. Object class has all Classes as subclasses (This terminology makes my head hurt) __globals__: Global attributes accessible within any valid Python scope (hint: methods of classes are valid Python scopes) __builtins__: Functions written in either C or Python that are built-in to the language, and accessible through the global scope These builtin functions include open() (the simplest way to open a file) Charles Averill (UTD) Prison Snake February 2022
  • 31. The Object Class, __globals__ Recall that Classes can utilize __subclasses__() to get a list of Classes derived from them. Object class has all Classes as subclasses (This terminology makes my head hurt) __globals__: Global attributes accessible within any valid Python scope (hint: methods of classes are valid Python scopes) __builtins__: Functions written in either C or Python that are built-in to the language, and accessible through the global scope These builtin functions include open() (the simplest way to open a file) They also include other useful things like __import__() which are good for PyJails with other restrictions Charles Averill (UTD) Prison Snake February 2022
  • 32. The Object Class, __globals__ Recall that Classes can utilize __subclasses__() to get a list of Classes derived from them. Object class has all Classes as subclasses (This terminology makes my head hurt) __globals__: Global attributes accessible within any valid Python scope (hint: methods of classes are valid Python scopes) __builtins__: Functions written in either C or Python that are built-in to the language, and accessible through the global scope These builtin functions include open() (the simplest way to open a file) They also include other useful things like __import__() which are good for PyJails with other restrictions In my installation of Python 3.10, there are 544 classes with Python-implemented methods (so they have __globals__ as a derived attribute) Charles Averill (UTD) Prison Snake February 2022
  • 33. Graphical Review Charles Averill (UTD) Prison Snake February 2022
  • 34. Solving our PyJail We looked at this PyJail solution at the beginning: ().__class__.__base__.__subclasses__()[134].__init__.__globals__[”__builtins__”][”open”](”./key”, ”r”).read() Charles Averill (UTD) Prison Snake February 2022
  • 35. Solving our PyJail We looked at this PyJail solution at the beginning: ().__class__.__base__.__subclasses__()[134].__init__.__globals__[”__builtins__”][”open”](”./key”, ”r”).read() Let’s decode this solution Charles Averill (UTD) Prison Snake February 2022
  • 36. Solving our PyJail We looked at this PyJail solution at the beginning: ().__class__.__base__.__subclasses__()[134].__init__.__globals__[”__builtins__”][”open”](”./key”, ”r”).read() Let’s decode this solution ().__class__.__base__: Creates a blank Tuple object, accesses its class (Tuple) and then Tuple’s sole base class (Object) Charles Averill (UTD) Prison Snake February 2022
  • 37. Solving our PyJail We looked at this PyJail solution at the beginning: ().__class__.__base__.__subclasses__()[134].__init__.__globals__[”__builtins__”][”open”](”./key”, ”r”).read() Let’s decode this solution ().__class__.__base__: Creates a blank Tuple object, accesses its class (Tuple) and then Tuple’s sole base class (Object) __subclasses__()[134].__init__.__globals__: Accesses the 134th subclass of the Object class (in my installation, this is the Printer class), uses its Python-defined __init__ function to access the global scope Charles Averill (UTD) Prison Snake February 2022
  • 38. Solving our PyJail We looked at this PyJail solution at the beginning: ().__class__.__base__.__subclasses__()[134].__init__.__globals__[”__builtins__”][”open”](”./key”, ”r”).read() Let’s decode this solution ().__class__.__base__: Creates a blank Tuple object, accesses its class (Tuple) and then Tuple’s sole base class (Object) __subclasses__()[134].__init__.__globals__: Accesses the 134th subclass of the Object class (in my installation, this is the Printer class), uses its Python-defined __init__ function to access the global scope ["__builtins__"]["open"]("./key", "r").read(): Accesses Python’s list of builtin function headers, calls the open function on a file called ”key” with the read permissions, and reads its contents Charles Averill (UTD) Prison Snake February 2022
  • 39. Why does Python work like this? OOP Junk Charles Averill (UTD) Prison Snake February 2022
  • 40. Why does Python work like this? OOP Junk If you’re calling __subclasses__() or directly referencing __globals__ your code is probably hard to read and/or vulnerable to issues with scaling Charles Averill (UTD) Prison Snake February 2022
  • 41. Why does Python work like this? OOP Junk If you’re calling __subclasses__() or directly referencing __globals__ your code is probably hard to read and/or vulnerable to issues with scaling Reflective programming - the ability of objects to modify their behavior or structure under different contexts (last resort) Charles Averill (UTD) Prison Snake February 2022
  • 42. Why does Python work like this? OOP Junk If you’re calling __subclasses__() or directly referencing __globals__ your code is probably hard to read and/or vulnerable to issues with scaling Reflective programming - the ability of objects to modify their behavior or structure under different contexts (last resort) Look at this list of reflection use-cases to see why it shouldn’t be used very often Charles Averill (UTD) Prison Snake February 2022
  • 43. Why does Python work like this? OOP Junk If you’re calling __subclasses__() or directly referencing __globals__ your code is probably hard to read and/or vulnerable to issues with scaling Reflective programming - the ability of objects to modify their behavior or structure under different contexts (last resort) Look at this list of reflection use-cases to see why it shouldn’t be used very often Debugging OOP Junk Charles Averill (UTD) Prison Snake February 2022
  • 44. Sources Your Guide to the CPython Source Code CPython Source Code Common Python Structures Python Data Model Python’s Innards Charles Averill (UTD) Prison Snake February 2022