Python Arsenal For RE 1.1

Download as pdf or txt
Download as pdf or txt
You are on page 1of 65
At a glance
Powered by AI
The document discusses various Python tools that can be used for reverse engineering tasks.

Tools like BeaEnginePython, bochs-python-instrumentation, Buggery, Ctypes, dislib, diStorm, IDAPython, ImmLIB, libdisassemble, lldb, macholib, Miasm, OllyPython, pefile, PIDA, ProcessTap, pyasm, PyBox, PyCodin, etc. are discussed.

DSecRG is the research center of ERPScan company and deals with vulnerability research and analysis in business critical applications like SAP. It publishes whitepapers about security research.

DSecRG Research Center of ERPScan Company

Python arsenal for RE [v. 1.1]

Dmitriy D1g1 Evdokimov DSecRG Email: d.evdokimov@dsecrg.com Twitter: @evdokimovds

www.erpscan.com www.dsecrg.com

Content
Introduction...................................................................................................................................................................................... 4 Considered projects ...................................................................................................................................................................... 6 BeaEnginePython ...................................................................................................................................................................... 7 bochs-python-instrumentation ........................................................................................................................................... 8 Buggery.......................................................................................................................................................................................... 9 Ctypes .......................................................................................................................................................................................... 10 dislib ............................................................................................................................................................................................ 11 diStorm ....................................................................................................................................................................................... 12 IDAPython ................................................................................................................................................................................. 13 ImmLIB ....................................................................................................................................................................................... 15 libdisassemble ......................................................................................................................................................................... 16 lldb ................................................................................................................................................................................................ 17 macholib ..................................................................................................................................................................................... 18 Miasm .......................................................................................................................................................................................... 19 OllyPython ................................................................................................................................................................................. 20 pefile ............................................................................................................................................................................................ 21 PIDA ............................................................................................................................................................................................. 22 ProcessTap ................................................................................................................................................................................ 23 pyasm .......................................................................................................................................................................................... 24 PyBox ........................................................................................................................................................................................... 25 PyCodin....................................................................................................................................................................................... 26 pydasm........................................................................................................................................................................................ 27 Pydb ............................................................................................................................................................................................. 28 PyDBG.......................................................................................................................................................................................... 29 PyDbgEng................................................................................................................................................................................... 31 pydbgr ......................................................................................................................................................................................... 32 pydot ............................................................................................................................................................................................ 33 pydusa ......................................................................................................................................................................................... 34 PyEA ............................................................................................................................................................................................. 35 Pyelftools ................................................................................................................................................................................... 36 www.erpscan.com www.dsecrg.com 2

PyEMU ......................................................................................................................................................................................... 37 pyew............................................................................................................................................................................................. 38 pygdb ........................................................................................................................................................................................... 39 pyHIEW....................................................................................................................................................................................... 40 pykd.............................................................................................................................................................................................. 41 Pylibemu .................................................................................................................................................................................... 42 pylibscizzle ................................................................................................................................................................................ 43 pyMem ........................................................................................................................................................................................ 44 pymsasid .................................................................................................................................................................................... 45 pyREtic ........................................................................................................................................................................................ 46 PySTP........................................................................................................................................................................................... 47 PythonGdb ................................................................................................................................................................................. 48 python-haystack ..................................................................................................................................................................... 50 python-ptrace .......................................................................................................................................................................... 51 pytracer ...................................................................................................................................................................................... 52 radapy ......................................................................................................................................................................................... 53 ramooflax ................................................................................................................................................................................... 54 uhooker....................................................................................................................................................................................... 55 Vivisect........................................................................................................................................................................................ 56 vtrace ........................................................................................................................................................................................... 57 WinAppDbg ............................................................................................................................................................................... 58 Z3-python .................................................................................................................................................................................. 59 Note ................................................................................................................................................................................................... 60 History of changes....................................................................................................................................................................... 61 About Author................................................................................................................................................................................. 62 About ERPScan ............................................................................................................................................................................. 63 About DSecRG Research center of ERPScan ............................................................................................................... 64 Our Contacts .................................................................................................................................................................................. 65

www.erpscan.com www.dsecrg.com

Introduction
PRAEMONITUS PRAEMUNITUS This whitepaper is a collection of various python engines, extensions, libraries, shells, that aids in the job code for understanding, analyzing and sometimes breaking. Quite ordinary, but the Python programming language has become a language of hackers. And it is not surprising, because it has all the necessary qualities: Free Developer productivity Portable Powerful Automatic memory management Built-in object types Built-in tools Dynamic typing Library utilities Programming-in-the-large support Third-party utilities OOP Mixable Easy to learn A great role in this were played by such projects as IDA Pro, WinDBG, OllyDebug, gdb, which, being a de-facto standard among disassemblers and debuggers, eventually began to support the scripting engines in Python. Of course, they had maintained their own API for plug-in developing, and it was not a small number of them, but exactly with the appearance of the Python support they received a strong push in the development: increased the number of plug-in, increased community, and of course their flexibility also increased, which allowed them to interact both with each other and with other applications, using the best aspects of each other. But in the beginning of the path there was naturally only hacker spirit and idea. But everything step by step went to this: with the increasing of technologies complexity the software complexity is growing too, and specialists in information security need to keep pace with this development (and sometimes even be ahead). It is almost impossible to qualitatively examine the application for an adequate time by hand with a disassembler or a debugger. And automation can help in this situation (XXI century after all).

www.erpscan.com www.dsecrg.com

We live in a very rapidly developing world, in which it is very difficult to keep track of everything happening therefore it is very difficult to be always aware of all. Sometimes even in a specific area (in our case, in the field of reverse engineering) for an experienced specialist, not to mention the beginners, who make their first steps. So here I tried to collect and review the most interesting and useful Python projects for reverse engineering. In my opinion today there is very few structured knowledge about hacking, reversing engineering, software exploitation techniques. If many of the older sciences are very well structured and well oriented in, in our field it is very difficult to make the first steps. By means of this whitepaper I will try to make a small step in the direction of awareness and systematization. I hope that you will learn something new or remember the forgotten and possibly breathe new life into one of these projects, because some of them are unfortunately do not develop for quite a long time. Here 50 python projects will be considered. And python tools for disassembling, debugging, visualization will be reviewed, without which today it is quite difficult and so on. Unfortunately, not all of the above projects are actively developed in the case of certain circumstances, and they were presented here, to show the original idea and bring them to the attention. For description of each of the projects 11 characteristics were allocated: Project Author Site project Tags License Python versions Platforms Processors (Architecture) Base project Description Tools Useful links this is the name of the program for which it is intended (depends) short description of the project here are the most famous and interesting tools which use this project references to the manuals, documentation or simply interesting blog entries concerning this project name of the engine, expansion, library, shell and etc author(s) of the project (many thanks to these guys) site of the project, from which you can download it a list of tags, which on my mind characterize the project more common the type of license under which this project is spread a set of python versions with which this project compatible (may work and on other versions if you know, please let me know) the list of platforms supported by the project the list of processor architecture supported by the project

If there is the ??? sign in the line, then this information is not known to me and I would be glad to get it. This article is by no means exhaustive. If there is anything that I may have missed or have misstated, please email me at d.evdokimov@dsecrg.com and I will edit this post accordingly. I hope for your help in its correction, updating and improvement. www.erpscan.com www.dsecrg.com 5

Considered projects
The list of considered projects:

1. BeaEnginePython 2. bochs-python-instrumentation 3. Buggery 4. Ctypes 5. Dislib 6. diStorm 7. IDAPython 8. ImmLIB 9. libdisassemble 10. lldb 11. macholib 12. Miasm 13. OllyPython 14. Pefile 15. PIDA 16. ProcessTap 17. Pyasm 18. PyBox 19. PyCodin 20. Pydasm 21. Pydb 22. PyDBG 23. PyDbgEng 24. Pydbgr 25. Pydot 26. pydusa

27. PyEA 28. Pyelftools 29. PyEMU 30. Pyew 31. Pygdb 32. pyHIEW 33. Pykd 34. Pylibemu 35. pylibscizzle 36. pyMem 37. pymsasid 38. pyREtic 39. PySTP 40. PythonGdb 41. python-haystack 42. python-ptrace 43. pytracer 44. radapy 45. ramooflax 46. Uhooker 47. vivisect 48. vtrace 49. WinAppDbg 50. Z3-python

Let's start consideration of projects.

www.erpscan.com www.dsecrg.com

BeaEnginePython
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: Tools: Useful links: BeaEnginePython Mario Vilas (@Mario_Vilas) http://pypi.python.org/pypi/BeaEnginePython/ wrapper, disassembler GNU GPL v3 2.5, 2.6, 2.7 win x86/x64 BeaEngine (http://www.beaengine.org/) BeaEngine disassembler bindings for Python. ??? ???

www.erpscan.com www.dsecrg.com

bochs-python-instrumentation
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: bochs-python-instrumentation Ero Carrera (@erocarrera) https://github.com/zynamics/bochs-python-instrumentation debugger, emulator ??? 2.5 win/lin x86/x64 Bochs (2.4.5 and 2.4.6) This patch for Bochs provides a Python interpreter instead of Bochs' own debugger, yet still providing the debugger functionality. It also allows to interact with the instrumentation interface on-demand, by dynamically associating Python methods to handle instrumentation events. Tools: Useful links: ??? https://github.com/zynamics/bochs-python-instrumentation/wiki wiki http://blog.zynamics.com/2010/07/16/recon-slides-packer-genetics-theselfish-code-bochspython/ presentation

www.erpscan.com www.dsecrg.com

Buggery
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: Tools: Useful links: Buggery Grugq (@thegrugq) https://github.com/grugq/Buggery scripting engine, debugger ??? 2.7 win x86/x64 WinDbg Python wrapper for DbgEng. SWFRETools (https://github.com/sporst/SWFREtools) http://pastebin.com/HB4H2gPu example

www.erpscan.com www.dsecrg.com

Ctypes
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: Ctypes Thomas Heller http://sourceforge.net/projects/ctypes/ (In Python 2.5 it is already included) wrapper MIT License more than 2.3 win/lin/mac x86/x64 ctypes is a Python module allowing to create and manipulate C data types in Python. These can then be passed to C-functions loaded from dynamic link libraries. Tools: Useful links: PyMem, WinAppDBG http://docs.python.org/library/ctypes.html official documentation http://www.mso.anu.edu.au/~tiago/talks_papers/Cython.pdf presentation Using Cython to optimize Python and interface with C http://www.rohitab.com/discuss/topic/37018-api-hooking-in-python/ API Hooking in Python

www.erpscan.com www.dsecrg.com

10

dislib
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: Tools: Useful links: dislib distorm, Gil Dabah (arkon@ragestorm.net) http://code.google.com/p/distorm/ PE+ reader GNU GPL v3 2.5 win x86/x64 A Fast Python Library for Reading PE+ Files. ??? ???

www.erpscan.com www.dsecrg.com

11

diStorm
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: Tools: Useful links: diStorm distorm, Gil Dabah (arkon@ragestorm.net) http://code.google.com/p/distorm/ disassembler GNU GPL v3 and commercial license 2.x, 3.x win/lin/mac x86/x64/PowerPC diStorm3 binary stream disassembler library project. ??? ???

www.erpscan.com www.dsecrg.com

12

IDAPython
Project: Author: IDAPython Gergely Erdelyi (http://gergelyerdelyi.com/) Elias Bachaalany (@0xeb) Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: http://code.google.com/p/idapython/ scripting engine, disassemble, debugger New BSD License 2.4-2.7 win/mac x86 IDA Pro (from 5.1) IDAPython is an IDA Pro plugin that integrates the Python programming language, allowing scripts to run in IDA Pro. These programs have access to IDA Plugin API, IDC and all modules available for Python. The power of IDA Pro and Python provides a platform for easy prototyping of reverse engineering and other research tools. Tools: mynav http://code.google.com/p/mynav/ Dr. Gadget http://www.openrce.org/blog/view/1570/Dr._Gadget_IDAPython_plugin rtti-helper-scripts https://github.com/zynamics/rtti-helper-scripts msdn-plugin-ida https://github.com/zynamics/msdn-plugin-ida ida2sql-plugin-ida https://github.com/zynamics/ida2sql-plugin-ida IDA file Patcher http://code.google.com/p/reverse-engineering-scripts/ Idagrapher https://code.google.com/p/idagrapher/ py-com-tools http://code.google.com/p/py-com-tools/

www.erpscan.com www.dsecrg.com

13

IDAPython
Useful links: http://www.hex-rays.com/idapro/idapython_docs/ official documentation http://gergelyerdelyi.com/publication/IDAPython.pdf IDAPython: User Scripting for a Complex Application http://defcon.org/images/defcon-18/dc-18-presentations/PridgenWollenweber/DEFCON-18-Pridgen-Wollenweber-IDA-Bridge.pdf TOOLSMITHING AN IDA BRIDGE: A TOOL BUILDING CASE STUDY http://magiclantern.wikia.com/wiki/IDAPython blog entries about IDAPython http://dvlabs.tippingpoint.com/pub/chotchkies/SeattleToorcon2008_RECook book.pdf Reverse Engineer's Cookbook presentation http://www.openrce.org/articles/full_view/11 Introduction to IDAPython from OpenRCE

www.erpscan.com www.dsecrg.com

14

ImmLIB
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: ImmLIB Immunity, Inc. http://www.immunityinc.com/products-immdbg.shtml scripting engine, disassemble, debugger Immunity Debugger License 2.5 and 2.7.1 win x86 ImmunityDebugger Immunity Debugger's Python API includes many useful utilities and functions. Your scripts can be as integrated into the debugger as the native code. This means your code can create custom tables, graphs, and interfaces of all sorts that remain within the Immunity Debugger user experience. Tools: pvefindaddr http://redmine.corelan.be:8800/projects/pvefindaddr mona http://redmine.corelan.be/projects/mona Useful links: http://debugger.immunityinc.com/Documentation/ official documentation http://beist.org/research/public/immunity1/imm_present_jff.pdf presentation http://www.corelan.be/index.php/2010/01/26/starting-to-write-immunitydebugger-pycommands-my-cheatsheet/ cheatsheet by Corelan https://forum.immunityinc.com/board/ forum

www.erpscan.com www.dsecrg.com

15

libdisassemble
Project: Author: libdisassemble Immunity Inc. , atlas (atlas@r4780y.com) Matthew Carpenter (mcarpenter@intelguardians.com) Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: http://www.immunitysec.com/resources-freesoftware.shtml disassembler GNU GPL v2 2.5 win/lin x86 Libdisassembly is simply a python library for disassembling x86 opcodes. It has been made for Immunity's PDB Project (a vulnerability development focused debugger), and is partially based on mammon libdisasm opcode list. There is still a lot of work to do with the Metadata, but the library tries to return as much information it can get off of an opcode. Tools: Useful links: ??? ???

www.erpscan.com www.dsecrg.com

16

lldb
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: lldb University of Illinois/NCSA http://lldb.llvm.org/ scripting engine, debugger, disassembler University of Illinois/NCSA Open Source License 2.6 mac/lin x86/x64/ARM LLDB lldb also has a built-in Python interpreter, which is accessible by the "script" command. All the functionality of the debugger is available as classes in the Python interpreter, so the more complex commands that in gdb you would introduce with the "define" command can be done by writing Python functions using the lldb-Python library, then loading the scripts into your running session and accessing them with the "script" command. Tools: Example http://llvm.org/svn/llvmproject/lldb/trunk/examples/python/disasm.py Useful links: http://llvm.org/svn/llvm-project/lldb/trunk/test/python_api/ API http://llvm.org/devmtg/2010-11/Clayton-LLDB.pdf LLDB Modular Debugging Infrastructure presentation

www.erpscan.com www.dsecrg.com

17

macholib
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: Macholib Ronald Oussoren http://pypi.python.org/pypi/macholib/ Mach-O header reader MIT License 2.x, 3.x mac x86/x64 macholib can be used to analyze and edit Mach-O headers, the executable format used by Mac OS X. Tools: Useful links: ??? http://packages.python.org/macholib/ Package Documentation

www.erpscan.com www.dsecrg.com

18

Miasm
Project: Author: Site project: Miasm Serpilliere (serpilliere@droids-corp.org) http://code.google.com/p/miasm/ http://code.google.com/p/smiasm/ Tags: License: Python versions: Platforms: Processors: Base project: Description: framework, disassembler, emulator, intermediate language GNU GPL v2 2.5 win/lin x86/PowerPC/ARM Miasm is a a free and open source reverse engineering framework. Miasm aims at analyzing/modifying/generating binary programs. Miasm embed its own disassembler, intermediate language and instruction semantic. To emulate code, it uses libtcc to jit C code generate from intermediate representation. It can emulate shellcodes, parts of binaries. Python callback can be executed to emulate library functions. Tools: Useful links: ??? http://miasm.googlecode.com/hg/doc/slides.pdf - Miasm (incomprehensible documentation)

www.erpscan.com www.dsecrg.com

19

OllyPython
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: OllyPython Scott Knight (knightsc@gmail.com) http://code.google.com/p/ollypython/ scripting engine, debugger New BSD License 2.4 win x86 OllyDbg OllyPython is an OllyDbg plugin that integrates the Python programming language, allowing scripts to run in OllyDbg. Tools: Useful links: ??? http://www.team509.com/modules.php?name=News&file=article&sid=48 sample of use in entry blog

www.erpscan.com www.dsecrg.com

20

pefile
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: pefile Ero Carrera (@erocarrera) http://code.google.com/p/pefile/ PE+ reader MIT License 2.x win/lin/mac x86/x64 pefile is a multi-platform Python module to read and work with Portable Executable (aka PE) files. Most of the information in the PE Header is accessible, as well as all the sections, section's information and data. pefile requires some basic understanding of the layout of a PE file. Armed with it it's possible to explore nearly every single feature of the file. Tools: Useful links: IDA PEiD http://code.google.com/p/reverse-engineering-scripts/ http://code.google.com/p/pefile/wiki/UsageExamples usage examples http://www.gerryeisenhaur.com/2011/01/04/using-python-and-pefile-toextract-embedded-code/ usage examples http://www.recon.cx/en/f/lightning-ecarrera-win32-static-analysis-inpython.pdf Win32 Static Analysis in Python presentation https://www.blackhat.com/presentations/bh-usa07/Carrera/Presentation/bh-usa-07-carrera.pdf 4 x 5: Reverse Engineering Automation with Python presentation

www.erpscan.com www.dsecrg.com

21

PIDA
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: PIDA Pedram Amini (@pedramamini) http://code.google.com/p/paimei/ (part of PaiMei) visualization GNU GPL v2 or later 2.? win/mac x86 IDAPython, pGRAPH Built on top of pGRAPH, PIDA aims to provide an abstract and persistent interface over binaries (DLLs and EXEs) with separate classes for representing functions, basic blocks and instructions. The end result is the creation of a portable file that when loaded allows you to arbitrarily navigate throughout the entire original binary. Tools: Useful links: PaiMei (http://code.google.com/p/paimei/) http://pedram.redhive.com/PyDbg/docs/ official overview

www.erpscan.com www.dsecrg.com

22

ProcessTap
Project: Author: ProcessTap Roberto Paleari (@rpaleari) Lorenzo Martignoni (@martignlo) Lorenzo Cavallaro (http://www.few.vu.nl/~sullivan/) Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: http://code.google.com/p/processtap/ scripting engine, DBI GNU GPL v3 2.5, 2.6 lin x86/x64 PinTool, (Valgrind, QEMU, DinamoRIO) ProcessTap is a dynamic tracing framework for analyzing closed sourceapplications. ProcessTap is inspired by DTrace and SystemTap, but it is specific for analyzing closed-source user-space applications. ProcessTap leverages dynamic binary instrumentation to intercept the events of interest (e.g., function calls, system call, memory accesses, and conditional control transfers). Although the current implementation relies on PinTool, alternative back-ends for instrumentation (e.g., Valgrind, Qemu, or DynamoRIO) can be used. The language used in ProcessTap for writing scripts to instrument applications is Python. Tools: Useful links: ??? http://code.google.com/p/processtap/source/browse/#svn%2Ftrunk%2Fexa mples examples

www.erpscan.com www.dsecrg.com

23

pyasm
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: pyasm Grant Olson (kgo@grant-olson.net) http://www.grant-olson.net/python/pyasm dynamic assembler GNU AGPL v3 2.4 and 2.6 win/lin x86 Pyasm is a full-featured dynamic assembler written entirely in Python. By dynamic, I mean that it can be used to generate and execute machine code in python at runtime without requiring the generation of object files and linkage. It essentially allow 'inline' assembly in python modules on x86 platforms. Pyasm can also generate object files (for windows) like a traditional standalone assembler, although you're probably better off using one of the many freely available assemblers if this is you primary goal. Tools: Useful links: ??? http://codeflow.org/entries/2009/jul/31/pyasm-python-x86-assembler/ example http://www.docstoc.com/docs/29701848/PyASM-Users-Guide-V-03 PyASM User's Guide

www.erpscan.com www.dsecrg.com

24

PyBox
Project: Author: PyBox Felix Leder (felix.leder@googlemail.com) Daniel Plohmann (daniel.plohmann@googlemail.com) Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: http://code.google.com/p/pyboxed/ monitoring of processes, sandbox GNU GPL v3 2.6 or above win x86 PyBox (short for "Python Sandbox") is a flexible and light-weight process and system analysis framework. A user-level framework for rootkit-like monitoring of processes. Tools: Useful links: ??? https://eldorado.tudortmund.de/bitstream/2003/27336/1/BookOfAbstracts_Spring5_2010.pdf PyBox A Python approach to sandboxing http://code.google.com/p/pyboxed/wiki/WikiStart wiki http://www.troopers.de/wpcontent/uploads/2011/04/TR11_Leder_What_is_happening_in_your.pdf Do you know whats happening in your <put app title here>? presentation

www.erpscan.com www.dsecrg.com

25

PyCodin
Project: Author: PyCodin Adrin Manrique (@n0km, adrian@coresecurity.com), Andrs Lpez Luksenberg (aluksenberg@coresecurity.com) Site project: http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type =tool&name=PyCodin Tags: License: Python versions: Platforms: Processors: Base project: Description: DBI GNU GPL v2 2.5 win x86/x64 QEMU PyCodin is an open source Python library that allows instrumentation of lowlevel code for different architectures. It came out from the necessity of developing a testing environment for low-level code that exploits vulnerabilities (a.k.a. shellcode). The library provides a virtual CPU front-end, allowing the manipulation of a virtualized memory space and creating different scenarios, giving the developer new tools to control the execution. PyCodin also allows runtime inspection and modification of the execution context of the instrumented program. The first version of the tool uses Qemu as the virtualization back-end. Tools: Useful links: ??? http://corelabs.coresecurity.com/index.php?module=Wiki&action=attachmen t&type=researcher&page=Adrian_Manrique&file=publication%2FPyCodin__Instrumentando_codigo_sin_dolor%2Fpycodin-ManriqueLuksenbergPyconArgentina2010.pdf Pycodin: Instrumentando cdigo sin dolor presentation (spanish)

www.erpscan.com www.dsecrg.com

26

pydasm
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: pydasm Ero Carrera (@erocarrera) http://dkbza.org/pydasm.html disassembler ??? 2.6, 2.7 win/lin x86 libdasm pydasm is a python wrapper for libdasm. It attempts to capture all the functionality of libdasm and bring its versatility to Python. Tools: Useful links: PaiMei (http://code.google.com/p/paimei/) http://winappdbg.sourceforge.net/blog/PyDasm-1.5-precompiled.zip precompiled Windows binaries http://www.recon.cx/en/f/lightning-ecarrera-win32-static-analysis-inpython.pdf Win32 Static Analysis in Python presentation https://www.blackhat.com/presentations/bh-usa07/Carrera/Presentation/bh-usa-07-carrera.pdf 4 x 5: Reverse Engineering Automation with Python presentation

www.erpscan.com www.dsecrg.com

27

Pydb
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: Pydb Rocky Bernstein http://bashdb.sourceforge.net/pydb/ scripting engine , debugger GNU GPL less than 2.5 lin x86 gdb pydb is an expanded version of the Python debugger loosely based on the gdb command set and the stock Python debugger. It also has all of the features found in an earlier version of pydb.py that was distributed with the debugger GUI ddd. Tools: Useful links: ??? http://bashdb.sourceforge.net/pydb/pydb/lib/index.html official documentation

www.erpscan.com www.dsecrg.com

28

PyDBG
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: PyDBG Pedram Amini (@pedramamini) http://code.google.com/p/paimei/ (part of PaiMei) debugger GNU GPL v2 2.4-2.5 win/mac x86 PyDbg exposes most of the expected debugger functionality and then some. Hardware / software / memory breakpoints, process / module / thread enumeration and instrumentation, system DLL tracking, memory reading/writing and intelligent dereferencing, stack and SEH unwinding, exception and event handling, endian manipulation routines, memory snapshot and restore functionality, disassembly (libdasm) engine. The abstracted interface allows for painless development of custom debugger scripts. Tools: PaiMei http://code.google.com/p/paimei/ In Memory Fuzzing http://www.corelan.be/index.php/2010/10/20/inmemory-fuzzing/ Blocks http://nsense.dk/tools/ Pydbg64 https://github.com/gdbinit/pydbg64 Useful links: http://pedram.redhive.com/PaiMei/docs/PyDbg/ official documentation https://www.blackhat.com/presentations/bh-usa-07/Miller/Whitepaper/bhusa-07-miller-WP.pdf Hacking Leopard: Tools and Techniques for Attacking http://www.piemontewireless.net/Install_PaiMei_on_Snow_Leopard Install PaiMei on Snow Leopard http://www.securitytube.net/video/1630 PaiMei on python25 (video)

www.erpscan.com www.dsecrg.com

29

PyDBG
http://www.securitytube.net/video/1638 Paimei From Svn, Idapython 0.8.0/Ida4.9Free, And Python 2.7.1 (video)

www.erpscan.com www.dsecrg.com

30

PyDbgEng
Project: Author: PyDbgEng Botten, Michael Eddington (http://phed.org/) Peter Silberman (@petersilberman) Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: http://sourceforge.net/projects/pydbgeng/ scripting engine, debugger GNU GPL 2.5 win x86/x64 WinDdg PyDbgEng is a Python Wrapper For Microsoft Debug Engine. Its features include: user mode debugging, kernel mode debugging, soft and hw breakpoints, symbol server and etc. Tools: PyDbgExt http://sourceforge.net/projects/pydbgext/ KStalker http://pydbgeng.sourceforge.net/kstalker.htm Useful links: http://pydbgeng.sourceforge.net/examples.htm usage examples http://flierlu.blogspot.com/search?q=PyDbgEng series of records in blog

www.erpscan.com www.dsecrg.com

31

pydbgr
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: Tools: Useful links: pydbgr Rocky Bernstein http://code.google.com/p/pydbgr/ debugger GNU GPL v3 2.6-2.7 lin x86 gdb A rewrite of pydb from the ground up. ??? http://code.google.com/p/pydbgr/wiki/Tutorial Installing and Using pydbgr

www.erpscan.com www.dsecrg.com

32

pydot
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: pydot Ero Carrera (@erocarrera) http://code.google.com/p/pydot/ visualization MIT License 2.5 win/lin/mac up to Graphviz 2.26.3 Python interface to Graphviz's Dot language. pydot allows to easily create both directed and non directed graphs from Python. Tools: Useful links: ??? http://pythonhaven.wordpress.com/2009/12/09/generating_graphs_with_py dot/ Generating Graph Visualizations with pydot and Graphviz (blog post) http://www.graphviz.org/Documentation.php graphviz documentation https://www.ohloh.net/p/pydot homepage of pydot

www.erpscan.com www.dsecrg.com

33

pydusa
Project: Author: pydusa Francois Lalande, Francois-Xavier Oxeda, Edouard Fajnzilberg, Kevin Szkudlapski Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: https://github.com/wisk/medusa wrapper, disassembler GNU GPL v3 2.x win/lin/bsd x86 Medusa (http://eip.epitech.eu/2012/medusa/) Medusa is an interractive disassembler available on multiple operating systems (MS Windows, GNU/Linux, *BSD, etc). It is a free software. Medusa permit to convert machine code into human readable entities, to apply heuristics in order to improve code clearness and to handle these heuristics to apply its own code analysis. Its modular design permit to handle different executable file formats (PE, ELF, RAW, etc) and different architectures (Intel, ARM, etc) by the means of plugins. Differents views are usable in the graphical user interface. The views permit to see the character strings in the executable file, the list of imported and exported functions, etc. One example of a view, the control flow graph, allows for better viewing of the different parts of the execution flow and therefore to undertand more quickly the internal mechanism of the executable file. Tools: Useful links: ??? ???

www.erpscan.com www.dsecrg.com

34

PyEA
Project: Author: PyEA Roberto Paleari (@rpaleari) Lorenzo Martignoni (@martignlo) Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: http://roberto.greyhats.it/projects.html static/dynamic code analyser GNU GPL v2 or later 2.5, 2.6 win x86/x64 PyEA (Python Executable Analyser) is a hybrid static/dynamic code analyser written in Python. The analyser was originally developed to statically analyse IA-32 malicious programs, but has soon evolved into a generic analyser for compiled programs. PyEA currently supports PE and ELF executables, disassembles executables using a recursive disassembler, and translates each machine instruction into an intermediate form, that makes side effects explicit. Tools: Useful links: ??? ???

www.erpscan.com www.dsecrg.com

35

Pyelftools
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: Pyelftools Eli Bendersky (eliben@gmail.com) https://bitbucket.org/eliben/pyelftools ELF reader, DWARF reader Public domain 2.6, 2.7, 3.2 lin x86/x64 pyelftools is a pure-Python library for parsing and analyzing ELF files and DWARF debugging information. It provides both low-level and high-level APIs for querying ELF and DWARF, and is mostly feature-complete. Tools: Useful links: ??? https://bitbucket.org/eliben/pyelftools/wiki/Userguide user guide

www.erpscan.com www.dsecrg.com

36

PyEMU
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: PyEMU Cody Pierce (@codypierce) http://code.google.com/p/pyemu/ emulator New BSD License 2.5 win x86 PyEmu tries to provide a fully scriptable IA-32 emulator in python. The aim is for security researchers and malware analysis. By having a flexible community driven emulator in a high level language one can roll their own purpose driven scripts to solve common problems. Tools: Useful links: ??? https://www.blackhat.com/presentations/bh-usa-07/Pierce/Whitepaper/bhusa-07-pierce-WP.pdf whitepaper from BH USA 07 http://www.youtube.com/watch?v=nkTb6m96cio video from BH USA 07 http://www.inreverse.net/?p=223 entry in blog about usage PyEMU

www.erpscan.com www.dsecrg.com

37

pyew
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: pyew Joxean Piti http://code.google.com/p/pyew/ scripting engine , analyze malware GNU GPL v2 ??? win/lin x86/x64 Pyew is a (command line) python tool like radare and *iew oriented, mainly, to analyze malware. It does have support for hexadecimal viewing, disassembly (Intel 16, 32 and 64 bits), PE and ELF file formats (it does code analysis the right way), following direct call/jmp instructions, OLE2 format, PDF format (limited) and more. It also supports plugins to add more features to the tool. Tools: Useful links: ??? http://joxeankoret.com/blog/?s=pyew entries in blog about usage pyew

www.erpscan.com www.dsecrg.com

38

pygdb
Project: Author: pygdb Michael Eddington (mike@phed.org) Frank Laub (frank.laub@gmail.com) Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: http://code.google.com/p/pygdb/ scripting engine , debugger MIT License 2.5 lin/mac x86 gdb This is a simple python wrapper around GDB. pygdb is a pygtk interface to gdb. It offers two terminal windows, one for gdb, one for the process to be debugged. On the top it has standard buttons like run, continue, step in, step over, step out and quit. On a second window you can add watches and breakpoints. Furthermore, you can inspect the backtrace and launch gvim on the current executed line by pressing a button. pygdb stays synchronized with gvim (by using gvim --servername calls). Tools: Useful links: ??? ???

www.erpscan.com www.dsecrg.com

39

pyHIEW
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: pyHIEW Elias Bachaalany (@0xeb) http://code.google.com/p/pyhiew/ scripting engine, disassembler Artistic License/GPL 2.5 and 2.7 win x86/x64 HIEW PyHiew is a Hiew External Module that allows users to write Python scripts that interface with Hiew. Tools: Useful links: ??? https://0xeb.wordpress.com/?s=pyHiew entries in blog about usage pyHIEW

www.erpscan.com www.dsecrg.com

40

pykd
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: pykd Team (http://pykd.codeplex.com/team/view) http://pykd.codeplex.com/ scripting engine, debugger Microsoft Public License 2.6.5 win x86/x64 WinDdg Python extension for WinDbg. pykd not repeat functional from Debug Engine, and implements the API, convenient for daily work in WinDbg. Tools: Useful links: ??? http://pykd.codeplex.com/documentation official documentation http://pykd.blogspot.com/ blog about pykd (RU)

www.erpscan.com www.dsecrg.com

41

Pylibemu
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: Tools: Useful links: Pylibemu Angelo Dell'Aera (buffer@antifork.org, @angelodellaera) https://github.com/buffer/pylibemu emulator GNU Lesser General Public License, version 3 or later 2.5 or later win/lin x86 Libemu Pylibemu is a wrapper for the Libemu library. ??? http://dvlabs.tippingpoint.com/blog/2011/12/05/shellcode-detectionpython - Shellcode Detection Using Python

www.erpscan.com www.dsecrg.com

42

pylibscizzle
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: pylibscizzle Georg Wicherski (@ochsff) http://code.mwcollect.org/projects/pylibscizzle wrapper, emulator ??? ??? ??? ??? libscizzle Identification of possible getpc sequences, bruteforce possible starting location around sequence, use efficient sandbox. Disassemble guest code, execute one basic blocks, emulate all other instructions, exception. Tools: Useful links: ??? https://www.honeynet.org/files/shellcode_detection.pdf Efficient Bytecode Analysis: Linespeed Shellcode Detection http://dvlabs.tippingpoint.com/blog/2011/12/05/shellcode-detectionpython Shellcode Detection Using Python

www.erpscan.com www.dsecrg.com

43

pyMem
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: pyMem Fabien Reboia (srounet@gmail.com) https://github.com/srounet/Pymem wrapper THE POSTCARD LICENSE more than 2.5 win x86/x64 Pymem is a memory wrapper built on top of python ctypes and windll imports to facilitate process memory access in Read or Write. It has functionalities such as Opening a process in debug mode, hijacking threads, listing process modules and much more. Tools: Useful links: ??? http://www.mmowned.com/forums/world-of-warcraft/botsprograms/memory-editing/285120-pymem-python-process-memoryediting.html code example

www.erpscan.com www.dsecrg.com

44

pymsasid
Project: Author: pymsasid Matthieu Kaczmarek (tecamac@gmail.com), Daniel Reynaud

(reynaud.daniel@gmail.com) Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: http://code.google.com/p/pymsasid/ disassembler New BSD License 2.x win/lin x86/x64 Pym's is a pure python disassembly library. It is merely a port of udis86 to python. Tools: Useful links: ??? http://pyms86.appspot.com/ online disassemble http://pypi.python.org/pypi/pymsasid/ project with setup

www.erpscan.com www.dsecrg.com

45

pyREtic
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: pyREtic Rich Smith (mynameismeerkat@gmail.com) http://code.google.com/p/pyretic/ debugger GNU GPL v3 ??? win/lin/mac x86/x64 pyREtic and the REpdb debugger allow easier access to obtaining source from closed source Python applications. In a nutshell it allows you to take a object in memory back to source code, without needing access to the bytecode directly on disk. This can be useful if the applictions pyc's on disk are obfuscated in one of many ways. Tools: Useful links: ??? http://pyretic.googlecode.com/files/pyREtic%20%20In%20memory%20reve rse%20engineering%20for%20obfuscated%20Python%20bytecode.pdf whitepaper http://prezi.com/kmyvgiobsl1d/pyretic-rich-smith-blackhatdefcon-2010/ slides from BlackHat/Defcon 2010

www.erpscan.com www.dsecrg.com

46

PySTP
Project: Author: PySTP Roberto Paleari (@rpaleari) Lorenzo Martignoni (@martignlo) Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: http://security.dico.unimi.it/~roberto/pystp/ STP, solver GNU GPL v2 2.5 win/lin STP PySTP is a Python extension module that interfaces with STP. STP is a decision procedure for the theory of fixed-width bitvectors and arrays, and PySTP enables Python scripts to use STP. Tools: Useful links: ??? ???

www.erpscan.com www.dsecrg.com

47

PythonGdb
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: Tools: PythonGdb ??? http://sourceware.org/gdb/wiki/PythonGdb (In gdb 7 it is already included) scripting engine, debugger GNU GPL 2.x lin x86/x64 Gdb Integrate Python scripting into Gdb. gdbx http://www.cinsk.org/wiki/En:_Debugging_with_GDB:_gdbx.py gdb-heap https://fedorahosted.org/gdb-heap/ runFuzzer http://www.groundworkstech.com/projects/dynamips-gdbmod tmalloc_gdb http://localhostr.com/download/wBNwUx1/tcmalloc_gdb.tar GDB-Python-Utils https://github.com/crossbowerbt/GDB-Python-Utils/ Useful links: http://sourceware.org/gdb/wiki/PythonGdbTutorial official tutorial http://sourceware.org/gdb/onlinedocs/gdb/Python-API.html API https://www.wzdftpd.net/blog/index.php?post/2010/12/20/Python-scriptsin-GDB entry in blog http://dmalcolm.fedorapeople.org/presentations/PyCon-US2011/GdbPythonPresentation/GdbPython.html#1 presentation from PyCON US 2011 http://securityadventures.wordpress.com/2011/10/17/in-memory-fuzzingin-linux-with-gdb-and-python/ In-memory-fuzzing in Linux (with GDB and Python) www.erpscan.com www.dsecrg.com 48

PythonGdb
http://misspent.wordpress.com/2012/03/24/debugging-cc-and-cpythonusing-gdb-7s-new-python-extension-support/ Debugging C/C++ and CPython using GDB 7?s new Python extension support

www.erpscan.com www.dsecrg.com

49

python-haystack
Project: Author: Site project: python-haystack Loc Jaquemet (loic.jaquemet@gmail.com) http://pypi.python.org/pypi/haystack https://github.com/trolldbois/python-haystack/ Tags: License: Python versions: Platforms: Processors: Base project: Description: search in memory GNU GPL 2.6-2.7 lin/win x86 ctypes, python-ptrace, WinAppDbg The basic functionality is to search in a process' memory maps for a specific C Structures. Tools: sslsnoop https://github.com/trolldbois/sslsnoop ctypes-kernel https://github.com/trolldbois/ctypes-kernel Useful links: ???

www.erpscan.com www.dsecrg.com

50

python-ptrace
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: python-ptrace Victor Stinner (@victor_stinner) http://pypi.python.org/pypi/python-ptrace debugger , wrapper GNU GPL v2 2.5,3.0 lin/bsd/darwin x86/x64 python-ptrace is a debugger using ptrace (Linux, BSD and Darwin system call to trace processes) written in Python. Tools: Useful links: Fuzil https://bitbucket.org/haypo/fusil/wiki/Home https://bitbucket.org/haypo/python-ptrace/wiki/Home wiki

www.erpscan.com www.dsecrg.com

51

pytracer
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: pytracer Rocky Bernstein (rocky@gnu.org) http://code.google.com/p/pytracer/ debugger GNU GPL v3 2.5-2.7 win/lin x86 A more flexible interface to sys.settrace allowing, for example, chained trace hooks. We allow several trace hooks to get registered and unregistered and allow tracing to be turned on and off temporarily without losing the trace hooks. You can also indicate filters on events for which trace hooks should fire and mark methods that should automatically be ignored. Tools: Useful links: ??? ???

www.erpscan.com www.dsecrg.com

52

radapy
Project: Author: radapy pancake (http://nopcode.org) nibble.ds earada (@earada) Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: http://radare.org/doc/html/Section10.6.html#python scripting GNU GPL v3 2.5 and 2.6 win/lin x86/x64 radare2 The second scripting language implemented in radare was 'python'. The python interface for C is not as nice as the LUA one, and it is obviously not as optimal as LUA, but it gives a very handy syntax and provides a full-featured list of libraries and modules to extend your script. Tools: Useful links: ??? http://radare.nopcode.org/y/ radare official site

www.erpscan.com www.dsecrg.com

53

ramooflax
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: ramooflax Stephane Duverger https://github.com/sduverger/ramooflax virtualization GNU GPL v2 2.6.x win/lin x86/x64 Ramooflax is a pre-boot virtualization tool. Ramooflax aims at analyzing/debugging/controlling modern operating systems and complex software pieces as well as real life BIOS running on a physical machine. Ramooflax provides a small hypervisor and a remote client allowing high-level access to the features implemented into the hypervisor. ??? ???

Tools: Useful links:

www.erpscan.com www.dsecrg.com

54

uhooker
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: uhooker Core Security Technologies http://oss.coresecurity.com/projects/uhooker.htm hooker Core Security Technologies (for non-commercial use) more than 2.3 win x86 OllyDBG 1.10 The Universal Hooker is a tool to intercept execution of programs. It enables the user to intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory. Tools: Useful links: ??? http://oss.coresecurity.com/uhooker/doc/index.html official documentation http://www.irmplc.com/downloads/whitepapers/HighLevel_Reverse_Engineering.pdf usage

www.erpscan.com www.dsecrg.com

55

Vivisect
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: Tools: Useful links: Vivisect invisigoth kenshoto (@invisig0th) https://www.kenshoto.com/wiki/index.php/Main_Page static analysis, emulator ??? ??? win/lin/mac x86/x64 Python based static analysis and emulation framework. ??? http://visi.kenshoto.com/wiki/index.php/VivisectExamples example

www.erpscan.com www.dsecrg.com

56

vtrace
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: vtrace invisigoth kenshoto (@invisig0th) http://code.google.com/p/vtrace-mirror/ debugger MIT License ??? win/lin/darwin/freebsd/solaris x86/x64 vtrace is a cross-platform debugging api written in python. Each supported platform has it's own support module. Tools: Useful links: vdebug http://code.google.com/p/vdebug/ http://www.morenops.com/blog/2011/02/24/fuzzing-engine-with-vtrace/ entry in blog https://github.com/pdasilva/vtrace_scripts vtrace script examples http://dvlabs.tippingpoint.com/blog/2012/04/02/mindshare-vtrace-inputtracking MindshaRE: Another Approach To Tracking ReadFile

www.erpscan.com www.dsecrg.com

57

WinAppDbg
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: WinAppDbg Mario Vilas (@Mario_Vilas) http://winappdbg.sourceforge.net/ debugger BSD license 2.4-2.7 , 3.x (experimental) win x86/x64 The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. Tools: Useful links: http://winappdbg.sourceforge.net/Tools.html http://winappdbg.sourceforge.net/ProgrammingGuide.html programming guide

www.erpscan.com www.dsecrg.com

58

Z3-python
Project: Author: Site project: Tags: License: Python versions: Platforms: Processors: Base project: Description: Z3-python Sascha Bhme http://www4.in.tum.de/~boehmes/z3-python.html solver, SMT, binding, interface ??? 2.5.1 and 2.5.2 win x86/x64 Z3 This is a Python binding to the SMT solver Z3. Since it is based on Python's dynamic foreign function interface ctypes, no compilation is required. Z3 is a high-performance theorem prover being developed at Microsoft Research. Z3 supports linear real and integer arithmetic, fixed-size bit-vectors, extensional arrays, uninterpreted functions, and quantifiers. Z3 is integrated with a number of program analysis, testing, and verification tools from Microsoft Research. These include: Spec#/Boogie, Pex, Yogi, Vigilante, SLAM, F7, SAGE, VS3, FORMULA, and HAVOC. It can read problems in SMT-LIB and Simplify formats. Tools: Useful links: ??? http://research.microsoft.com/en-us/um/redmond/projects/z3/ site Z3

www.erpscan.com www.dsecrg.com

59

Note
In addition, I would like to note the outstanding book GRAY HAT PYTHON (http://nostarch.com/ghpython.htm) by Justin Seits, which I recommend everyone to read. A lot of useful tips for using IDAPython and automation RE can be found at the laboratory TippingPoint (http://dvlabs.tippingpoint.com) in the section MindshaRE.

I would like to note, that it will be quite wrong to think that python is popular only for the purposes of RE because there is a large number of fuzzers (Peach, Sulley, PI) and web-utilities (http://www.gdssecurity.com/l/constricting_the_web_final.pdf), tools for penetration testers (http://dirk-loss.de/python-tools.htm) on python, designed to help security researchers. Unfortunately I still did not manage to use all of this, but if the need arises, then I will know what can help me for sure. Good luck with your research! P.S. Later I will try to arrange it as a website and promptly update.

www.erpscan.com www.dsecrg.com

60

History of changes
v1.1: Add: macholib, pyelftools, pylibscizzle, pymsasid, ramooflax, pydusa, BeaEnginePython + some useful links

www.erpscan.com www.dsecrg.com

61

About Author
Dmitriy Evdokimov Security Researcher. Research areas: SAP (ABAP) security, reverse engineering, and source code analysis. The student of St. Petersburg State Polytechnic University, computer science department, he focuses on SAP security, particularly on Kernel, BASIS and ABAP security. He has official acknowledgements from SAP and Oracle for the vulnerabilities found. His interests cover reverse engineering, software verification/program analysis (SMT, DBI, IL), vulnerability research and development of exploits, software for static and dynamic code analysis written in Python. He is a contributor to the OWASP-EAS project. "Security soft" section editor in Russian hacker magazine "XAKEP". One of the Defcon Russia (DCG #7812) and ZeroNights conferences organizers. Contacts Email: d.evdokimov@dsecrg.com Twitter: @evdokimovds

www.erpscan.com www.dsecrg.com

62

About ERPScan

ERPScan is an innovative company engaged in the research of ERP security particularly in SAP and develops products for SAP system security. Apart from this the company renders consulting services for secure configuration, development and implementation of SAP systems, and conducts comprehensive assessments and penetration testing of custom solutions. Our flagship product "ERPScan Security Scanner for SAP" is innovative product for automatic assessment of SAP platform security and standard compliance.

www.erpscan.com www.dsecrg.com

63

About DSecRG Research center of ERPScan

DSecRG Leading SAP AG partner in discovering and solving security vulnerabilities. ERPScan expertise is based on research conducted by the DSecRG research center - a subdivision of ERPScan company. It deals with vulnerability research and analysis in business critical applications particularly in SAP and publishes whitepapers about it. SAP AG gives acknowledgements for security researchers from DSecRG almost every month on their site. Now DSecRG experts are on the first place in SAP public acknowledgements chart. DSecRG experts are frequent speakers in prime International conferences held in USA, EUROPE, CEMEA and ASIA such as BlackHat, HITB, SourceBarcelona, DeepSEC, Confidence, Troopers, T2, InfoSecurity. DSecRG researchers gain multiple acknowledgements from biggest software vendors like SAP, Oracle, IBM, VMware, Adobe, HP, Kasperskiy, Apache, Alcatel and others for finding vulnerabilities in their solutions. DSecRG has high-qualified experts in staff who have experience in different fields of security, from Web applications and reverse engineering to SCADA systems, accumulating their experience to conduct research in SAP system security.

www.erpscan.com www.dsecrg.com

64

Our Contacts
E-mail: info@dsecrg.com Web: www.dsecrg.com

www.erpscan.com www.dsecrg.com

65

You might also like