Div0 x CREST Meetup — Red Team Operations & Python Decompilers

⚠️⚠️ To attend, please also fill up the following registration form: https://forms.gle/nZALNpntkZQnuRW7A ⚠️⚠️

AGENDA

• 6.30pm: Registration & Networking (30mins)
• 7.00pm: Introduction & Announcement (15mins)
• 7.15pm: "Scaling Red Team Operations" by Sunny Neo
• 8.00pm: "How to Get the Most Out of the Python Decompilers Uncompyle6 and Decompyle3" by Rocky Bernstein
• Till Late: Networking

SPONSORS

• MEETUP SPONSOR: CREST

ABSTRACT
Scaling Red Team Operations
In recent years, companies have been building internal red teams to continuously test their organisation's cybersecurity defence. However, red teaming is a laborious process that requires skilled technical testers to overcome evolving security controls and deliver fruitful results. Thus, scaling red team operations is a challenging issue exacerbated by the industry's need for more skilled talent.

Based on publicly available information, this talk aims to explore how threat actor groups such as FIN7 and CONTI overcame the talent shortage and how Mandiant is supporting ~200 proactive consultants globally in executing their operations effectively.

We will also address the pathways in Singapore that are available to advance your skillsets as a security tester.

How to Get the Most Out of the Python Decompilers Uncompyle6 and Decompyle3
Uncompyle6, and Decompyle3 are the most complete, popular, and accurate open-source Python bytecode decompilers available for the Python versions they support. The underlying cross-platform disassembler they use, xdis, is also unique.

The decompilers produce runnable Python source code for the Python version dialect that the code was written in. Furthermore, they produce the thought process used to recreate the source code. An abstract parse of the bytecode instructions can be used to understand how sequences of bytecode correspond to sequences of source code. The disassembler they use is also unique in a number of ways that I will describe. Finally, I will mention how some of these ideas might be useful in developing a machine-learning bytecode decompiler.

BIO
Sunny Neo is a Principal Red Team Consultant at Mandiant, specialising in leading and delivering adversary simulation services to his clients. He is also a CREST assessor supporting the invigilation of CREST examinations in Singapore.

Rocky Bernstein has been writing open-source software for 3 decades. He has written for a number of debuggers, such as ones for Python, Ruby, Perl, bash, zsh, and GNU make. He has worked at IBM Research, NASA (as a government contractor), a university, a large financial firm, a large news organization (Associated Press), a large survey firm, and many start-up companies. He has worked mostly in or near New York.

IMPORTANT NOTICES

• Code of Conduct: https://www.div0.sg/code-of-conduct
• Terms of Use & Disclaimer Notice: https://www.div0.sg/terms-of-use-disclaimer-notice