2026-03-22 –, Yuchengco Hall 5th Flr. Y507 (Workshop Room 1)
In an age where vulnerabilities are discovered daily and exploited faster than patches can be released, Python stands as the ultimate ally for defenders. This session takes you behind the scenes of building Toolshell, a next-generation SharePoint CVE scanner powered by Python that automates detection, analysis, and reporting of real-world vulnerabilities like CVE-2025-53770.
Attendees will learn how to:
1. Engineer an AI-assisted vulnerability scanner using modern Python libraries.
Build a config-driven detection engine with regex pattern matching, adaptive scoring, and SSL certificate analysis.
2. Transform raw scan results into beautiful HTML reports and structured datasets for security dashboards.
Apply defensive Python automation techniques to identify exposure safely before attackers do.
This talk blends cybersecurity and software craftsmanship, showing how Python empowers defenders to automate vulnerability discovery, accelerate incident response, and make threat detection transparent and reproducible. Whether you're a security analyst, developer, or DevSecOps enthusiast, you’ll walk away inspired to turn your scripts into battle-ready python security tool that protect real infrastructure.
In a world where vulnerabilities emerge daily and attackers move faster than defenders can patch, Python has become one of the most powerful tools for proactive cybersecurity.
This talk unveils Toolshell, a next-generation SharePoint CVE scanner built entirely in Python, designed to simulate real-world attack detection and automate defensive scanning for vulnerabilities like CVE-2025-53770. Through the journey of building this tool, we’ll explore how Python’s modularity, concurrency, and simplicity can transform a traditional script into a cyber-defense framework capable of intelligent, large-scale scanning and reporting.
You’ll learn how to:
Architect a config-driven vulnerability scanner using Python’s standard library and dataclasses.
Implement adaptive detection logic with pre-compiled regex patterns, dynamic scoring, and error resilience.
Apply asynchronous and multithreaded scanning for performance at scale.
Build secure retry mehanisms with session persistence, timeouts, and SSL/TLS validation.
Generate rich output reports (HTML, CSV, JSON) that visualize vulnerability intelligence for analysts.
Safely simulate exploit detection — without performing real-world attacks.
Beyond the code, this session demonstrates how Python empowers cybersecurity professionals to detect weaknesses before adversaries exploit them. It’s a blend of ethical hacking, automation, and defensive engineering, proving that the most impactful security tools don’t come from billion-dollar companies, but from inspired developers who use Python creatively and responsibly.
By the end of this talk, participants will walk away with a blueprint to build their own intelligent vulnerability scanners, a deeper understanding of Python’s power in real-world security, and the inspiration to use code not just to automate tasks but to protect systems and people.
Christopher Dio Chavez brings over 25 years of expertise in both offensive and defensive cybersecurity practices, establishing himself as a distinguished figure in the field. With multiple certifications from leading cybersecurity vendors, Chris is not only an EC-Council Instructor (CEI) but also a PECB Certified Trainer, demonstrating his commitment to both professional excellence and teaching.
Chris has made invaluable contributions as a consultant, partnering with a wide array of private and government entities across the Philippines. His work spans information security, digital forensics, and incident response, with a proven track record of enhancing the security posture of organizations. As Chief Hacking and Defense Officer in the IT sector, he has played a pivotal role in defending and securing digital ecosystems.
A dedicated educator, Chris collaborates with EC-Council and PECB training centers in the Philippines to shape the next generation of cybersecurity professionals. His influence extends globally, as evidenced by his inclusion in the prestigious TryHackMe Worldwide Hall of Fame, where he ranks as the #1 cybersecurity professional in the Philippines and among the top 20 globally out of over 4 million members.
Chris’s diverse career spans industries such as gaming, technology, telecommunications, oil and gas, military defense, and intelligence. His international contributions also include co-developing a cybersecurity examination in collaboration with subject matter experts, sponsored by Prometric in London.
In 2025, Chris further solidified his local and international standing by speaking at the Australian Information Security Association (AISA), DEFCON, C0C0N, DICT CERTCON, BLACKHAT MEA 2025 Hacking Conference, sharing insights on advanced cyber defense strategies and threat intelligence.
With a passion for continuous innovation and a relentless commitment to securing digital ecosystems, Christopher Dio Chavez remains a driving force in cybersecurity, protecting critical infrastructures across multiple sectors.