Gray Hat Python - Python Programming for Hackers and Reverse Engineers (Anglais) Broché – 23 avril 2009
|Neuf à partir de||Occasion à partir de|
Produits fréquemment achetés ensemble
Les clients ayant acheté cet article ont également acheté
Descriptions du produit
Aucun appareil Kindle n'est requis. Téléchargez l'une des applis Kindle gratuites et commencez à lire les livres Kindle sur votre smartphone, tablette ou ordinateur.
Pour obtenir l'appli gratuite, saisissez votre adresse e-mail ou numéro de téléphone mobile.
Détails sur le produit
En savoir plus sur l'auteur
Dans ce livre(En savoir plus)
Quels sont les autres articles que les clients achètent après avoir regardé cet article?
Commentaires en ligne
Commentaires client les plus utiles sur Amazon.com (beta)
While there were a few merits in the book the majority of the book was a futile attempt to put outdated or useless information to paper. Many of my coworkers were very interested in the publication, but having read it and having spoken with my collegues that have read it we can all agree that it falls well short of anticipation.
The first five chapters were about Immunity Debugger. While reading them it seemed as if it were a sales pitch and then after reading that the author was employed by the same company that produces Immunity it was plainly obvious that he was influenced.
The author spent a chapter on hooking(6), DLL and code injection(7), fuzzing(8), Sulley(9), Fuzzing Windows Drivers(10), IDAPython(11), PyEMU(12) and obviously the Immunity Debugger chapters that were 1 through 5. But where was the rest? It was obviously lacking in many areas. There was very little mentioned on networks, packet reassembly or capture (pynids). No mention was made of Scapy, Pcapy, Impacket, Inguma, Volatility and so many more. Libraries that would be extremely helpful were never even brushed. IronPython, Win32, CryptoPy,
The examples given were poor to say the least. The author never mentioned which versions of python that the examples worked with and they were built using the older releases. The author goes through the installation of Python 2.5, but that version had issues with a few of the examples that I managed to get to work on 2.4. No mention was made for the the Python 3 version and version 2.6 had issues with most of the examples.
At 188 pages with 80+ pages used for debuggers that book was sorely lacking in any amount of substance. Most of my notes have more content then this book. To think that a book written regarding security minded use of python could only yield this little bit of information is absured.
I had preordered the book well in advance of publication. Each time the book was delayed for a few months I was extremely disappointed, but continued to hold onto the preorder. Once I received the book the writing and content were so poor that I spent much of my time reading a few pages only to put it down to find something of more interest or better content.
As I had said previously, No Starch Press is known for their quality products and excellent material, but this book falls well short of expectations. If someone would ask if I recommend this book I would whole heartedly tell them they are better off buying seperate books and piecing together that with internet content.
With all the uses Python has in security today I feel the community needs a better resource for Python tools in pentesting, forensics, incident response, intrusion detection, and so on. The potential content could fill volumes. A book about Python and Security would benefit the community greatly if it was a quality product, but this is not it.
Justin does a great job elaborating through the the code examples used throughout the book. The sheer scope of this book makes it difficult to cover everything but Justin definitely attempts to give you a taste for the more common scenarios you may find yourself in. Below I highlight a few chapters that I found interesting and useful. Overall the entire book is useful but a large portion covers open source tools that have a plethora of documentation and examples in existence.
Chapter 3 is just downright awesome. This chapter walks you through creating your own python based debugger that is similar to pydbg. Between the concepts and actual implementation you obtain a solid understanding of what is going on in a Windows based debugger.
Chapter 6 goes over Hooking in 5 pages. This topic could easily fill a few chapters by itself but Justin sums everything up quite nicely with plenty of examples.
Chapter 7 discusses DLL and Code injection which was a pretty interesting topic. The chapter even gets a little "Evil" by showing you how to hide files on a filesystem using python. It goes one step deeper into evilness by demonstrating how to code a back door into files.
Chapter 8 goes into fuzzing concepts and the demonstration is very practical for anyone doing exploitation. Justin shows us how to create a file format fuzzer which I thought was pretty slick.
The last chapter I found pretty interesting was chapter 10 titled "Fuzzing Windows Drivers." This chapter outlines methods of identifying Device names and IOCTL codes using Immunity Debugger. It continues to show examples of an IOCTL Fuzzer that can be used in conjunction with the rest of the scripts outlined in the chapter. Definately some cool stuff. Personally, I'm not quite up to a Drive level fuzzing level but I still found the knowledge very useful and was able to translate some of the immunity scripts into IDAPython scripts for static analysis to find the device names and IOCTL Codes.
The entire book was based off Dynamic analysis. This is great for those out there doing RE through execution, but it really sucks for people like me who only does dynamic analysis 10% of the time.
The entire book is windows specific. Yes, most RE work is done on windows, for windows binaries. However, there are closed source applications and even embedded stuff that is Linux based. Would have definitely been useful to have some examples for these types of cases.
At times I found the book drifting into the direction of exploitation. Granted, RE and exploitation go hand in hand but I feel those of us who perform RE for the purpose of compatibility, protocol analysis, and other crap were left out a bit.
The chapter on debugger design did not have all that much to say about designing a debugger. In fact, it was probably more inline with a quick introduction to x86 architecture, specifically registers and stacks. It was not until chapter 3 that you really understand the elements involved.
Overall, I equate this book to Hacking the art of exploitation first edition but for Reverse Engineering. The book is packed with useful information for both the novice to the professional but I hope a second edition comes out with more information, that covers both static and dynamic analysis.
If the book has a fault, it's Justin's concise focus on using python as a tool to rapidly find and exploit bugs. As such the book is in a niche category. It doesn't really fulfill the subtitle "Python Programming for Hackers..." A more accurate subtitle might be "Python programming for expedited bug finding and exploitation". As such it lacks some things I would have expected from a more general book such as:
1. Using scapy or impacket for network tricks
2. Using python for phishing (this is a potential hot topic -- the Metasploit guys are working on a phishing addition for the framework so seeing something similar in python would be a plus).
3. Using python for generic security applications: web scraping, social network enumeration, gluing security tools, etc
All the above would have been nice additions to make the book more complete. As-is the book is very good, but you need to understand that it's not a general purpose python for hacking book. It is a great resource for debugging and automating dynamic analysis of executables.
Now for the super-hardcore exploit guys out there I would have liked to see more depth. I understand why the book didn't go into too much more detail -- the number of interested parties likely decreases exponentially. But I'd have liked to see a few things:
1. Some code that Nico uses to manipulate the heap for use in heap overflows. I do a lot of trial and error with little automated analysis. I assume Immunity does something better and I'd like to see it. In fairness, they do review the !hippie function that's in ID.
2. I'd like to see an easier intro to fuzzing RPC with python. RPC has always been a barrier for me and the Immunity folks have a lot of tools to do this. I'd like to see some more approachable examples than having the source and digging into spike.py
3. MOSDEF is one of things that makes CANVAS special. I'd have loved to see the book build a simpler win32MosdefShellServer
I'm a hardcore security geek and there are probably only a handful of people that would want to see the three items immediately above. So I'm not surprised they're not in the book, and can't fault anyone for that.
Overall, I recommend the book. Look at is a first iteration. It's a good book to help security engineers use python to begin analyzing software vulnerabilities. Primarily it's a book about using python to debug and to a lesser degree fuzz. It's a good insight into how Immunity does things and will help you look at CANVAS code a little easier. For that alone it's definitely worth buying.
The content itself is good. It's well organized and very clear, even for someone like me who is a self-taught programmer with ~1 year of Python experience. Perusing Chapters 2 and 3 should bring anyone up to speed on debuggers. The remaining chapters do a nice job of explaining various Python tools to use in hacking and reverse engineering.
Unfortunately, the code fragments in Chapter 3 (where you build your own debugger in Python) could best be described as a disaster. I expect a programming book's code to run without extensive tweaks. I don't need it to be the most Pythonic code in the world ... just generate the expected results. Given the importance of Chapter 3 to your understanding of a good portion of the book, these errors were a killer.
Given that the code required extensive fixes to run as intended, the errata (now on No Starch Press's website) was delayed by at least a year from publishing, and there was no forum on No Starch Press's website to pass errata around in the meantime, the book loses 2 stars.
The lesson: if you're going to publish a programming book, get the code right. Absent the ability to do so, at least support your book's readers in working around the issues.
Edit: Sorry, wanted to point out one more thing. For Chapter 3, the code on the website's source files don't always match the code walked through in the book, even on parts of the code that are fully functioning. Your best bet is to start with the code on the website and debug that.
The debugger chapters are clearly the nitty gritty of this book. It was worth reading for the sheer amount of knowledge in those 3 or 4 chapters, even though the first time I skimmed the book I thought those were the chapters I was going to skip. Glad I didn't.
Personally I found the chapter on Fuzzing and Sulley to be immensely useful, regardless of both being very brief and the subject could very well be a book itself.
It's not a beginners book even though the author mentions that if you are new to python you should read the book front to back, I seriously doubt anyone new to python would get much out of this book. If you are looking for a book with a few recipes for quick deployment and use, this is not it. This book is much more about sharing knowledge than it is about giving you pre-fabricated code.
I would certainly love to see at least one or two network chapters in a book like this. There is just so much you need to automate during an enumeration or assessment phase and python is a wonderful tool for that. The first reviewer wanted a few chapters on static analysis, which I understand because when you pick a title like "gray hat python" we all have our own expectations, no doubt based on our previous use of python in a security scenario.
So bottom line: for sheer compact knowledge and finding out what is under the hood I would certainly recommend this book, but I'd make it clear it's all about software vulnerabilities. :)