PyDev of the Week: Christopher Truncer

This week we welcome Christopher Truncer (@ChrisTruncer) as our PyDev of the Week! He is a co-founder and current developer of the Veil-Framework. Christopher basically develops pen-testing utilities in Python. You can see some of what he’s up to over on Github or his website. Let’s take a few moments to get to know him better!

Can you tell us a little about yourself (hobbies, education, etc):

I grew up as a kid loving video games and playing with computers. For some reason I never thought I would have the chance to take that passion and translate it into a career, so I started off going to school for criminal justice. Soon after, I switched to major in Information Technology once I realized I could actually make a career out of playing with computers (to my happy realization). I always wanted to work in computer security, and I was hooked the very first time my roommate let me hack his computer.

After graduating, I started in a Systems Administrator role, and have since moved into computer security where I conduct Penetration Tests and Red Team assessments. I’ve (unfortunately) never had any formal development training. Everything I’ve learned from a development perspective has been self-taught or mentored through others willing to help.

I also love to train in Brazilian Jiu-Jitsu, I enjoy video games, and really enjoy developing tools which help aid the computer security/hacking work I do.

Why did you start using Python?

I wanted a language that I thought would be somewhat easy to pick up, and a lot of other tools I use daily were developed in Python, so I figured it was a good language to start with. I also really wanted to dive in with Python, or any language, because there were a lot of tasks I do which could be automated, and wanted to figure out how to automate them.

After I started my first few projects, they became quite large and forced me to really begin to learn the ins and outs of Python. Maintaining a variety of projects has helped to ensure that I keep up to date.

What other programming languages do you know and which is your favorite?

Outside of Python, I have also developed a few scripts in PowerShell and C#. I’m not a full time developer, I’m a computer hacker, so I tend to find the language that works best for the situation I am in and attempt to write code that will do what I need. Python or PowerShell would have to be my favorite language, depending on the day and how many bugs I have in my code at the time 🙂

What projects are you working on now?

I work on a bunch of different projects. EyeWitness is a python tool (https://github.com/ChrisTruncer/EyeWitness) that automates screenshots of websites, and more. I wrote this because when testing a company’s security, we at times are given a range of computers which may contain hundreds, or more, websites. Rather than go through them all manually, EyeWitness will take a list of URLs navigate to each website and take a screenshot. EyeWitness will also check to see if it knows the default credentials that may be associated with the web application, amongst other things. After gathering all the information it can, EyeWitness will output a HTML based report containing all the gathered information which allows me to quickly scroll through websites.
I also work on a project called the Veil Framework (https://github.com/Veil-Framework/Veil). At times, Pen Testers need to write malicious programs, essentially viruses, that allow us to compromise a computer. However, we also have to battle anti-virus programs which attempt to detect the malicious programs that we develop. Rather than spend a large amount of time attempting to defeat anti-virus (which is relatively easily done), myself the other authors wanted to create a tool which helped to automate the “virus creation process”. Veil is designed to generate malicious programs which ideally evade anti-virus detection using a variety of techniques.
I also work on a bunch of other projects, all of which are available on my Github – https://github.com/ChrisTruncer

 

Which Python libraries are your favorite (core or 3rd party)?

I enjoy using ArgParse because it really has helped me to make command-line interfaces for the tool/scripts that I write. It helps build out logically grouped options and is one of the libraries I consistently use in all of my projects.

Another library that I think is great is RDPY (https://github.com/citronneur/rdpy). This is a python implementation of the RDP and VNC protocol which allows me to take screenshots of Windows systems with remote desktop enabled, or with any computer that has VNC enabled.

Is there anything else you’d like to say?

If looking for a way to get started with Python, try to be lazy :). Look for ways to automate tasks that you always perform manually, whether it be at work or at home. Also, just dig in and start writing code. For me personally, I am able to learn some from tutorials, but I learn best by just trying to write the code and googling errors along the way. Forcing yourself to get started writing code will do just that, get you started.

Finally, find a mentor. I would not be where I am today without the help and patience of the many individuals who have shared their knowledge and patiently teach me along the way. Once you have the opportunity, take the time to help mentor someone as well.

Thanks for doing the interview!

Print Friendly, PDF & Email