Sunday 1:10 p.m.–1:40 p.m.
Where in your RAM is "python san_diego.py"?
Ying Li
- Audience level:
- Intermediate
- Category:
- Security
Description
Gumshoes, the rogue program `san_diego.py` is threatening to cause havok! What is it doing to hide itself? What kind of things is it doing? Who might it be communicating with? RAM is a big place - how can we even find it, much less any of this information? Stay tuned and find out!
Abstract
Low level operating system functions such as memory management, shared memory, and how the linux kernel keeps track of process information can seem intimidating to high level Python application developers. This talk will provide a gentle, high level overview of how memory works, and introduce some tools, scriptable in Python, to introspect and play with system memory.
This talk will demonstrate that such a tool can be easily used to search process memory and kernel memory for interesting patterns and data.