Python's Pickle module provides a known capability for running arbitrary Python functions and, by extension, permitting remote code execution. However there is no public Pickle exploitation guide and published exploits are toy examples only.
This talk is a deep dive into Pickle exploitation, and is useful post vulnerability discovery; our focus is on steps to be taken once a bug has been found, not on finding new bugs. We describe the Pickle environment, outline numerous hurdles facing the discerning shellcoder and provide guidelines for writing Pickle shellcode. A survey of public Python code was undertaken to establish the prevalence of the vulnerability and templates for shellcode writing as well as a shellcode library will be released.
In the presentation we will demonstrate a new set of tools used to generate exploits for insertion into a wide range of hapless pickles, including generic exploits as well as framework-specific exploits for Django and AppEngine.