YoVDO

Rehabilitating Pickle

Offered By: EuroPython Conference via YouTube

Tags

EuroPython Courses Cybersecurity Courses Python Courses Benchmarking Courses Remote Code Execution Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the security implications and potential rehabilitation of Python's Pickle serialization protocol in this 30-minute EuroPython 2018 conference talk. Dive deep into the vulnerabilities associated with Pickle, learn about common attacks and their defenses, and discover new research on potential threats and mitigations. Gain insights into implementing safe usage practices, understand the risks of arbitrary code execution, and explore less-known alternatives to Pickle. Examine benchmarks, self-referencing pickles, and use cases while considering the possibility of a more secure "Pickle Lite" implementation.

Syllabus

Intro
Backstory
Using mitogen with ansible
Running ansible with mitogen
What is Pickle
Advantages
Standard Advice
Documentation
Remote code execution
Ricks Pickle
Standard Mitigation
Other Attacks
Benchmarking
Selfreferencing pickles
Unpicking pickles
Use case
Pickle Lite


Taught by

EuroPython Conference

Related Courses

BurpSuite Extensions
YouTube Web Hacking - Técnicas de Invasão em Ambientes Web [Pentest]
Udemy JavaScript Security
Infosec via Coursera CVE Series: Log4J (CVE-2021-44228)
Cybrary CVE-2021-44228 - Log4j - Minecraft Vulnerable and So Much More
John Hammond via YouTube