Gray Hat Python et plus d'un million d'autres livres sont disponibles pour le Kindle d'Amazon. En savoir plus
EUR 33,83
  • Tous les prix incluent la TVA.
Il ne reste plus que 3 exemplaire(s) en stock (d'autres exemplaires sont en cours d'acheminement).
Expédié et vendu par Amazon.
Emballage cadeau disponible.
Quantité :1
Amazon rachète votre
article EUR 9,94 en chèque-cadeau.
Vous l'avez déjà ?
Repliez vers l'arrière Repliez vers l'avant
Ecoutez Lecture en cours... Interrompu   Vous écoutez un extrait de l'édition audio Audible
En savoir plus
Voir les 2 images

Gray Hat Python - Python Programming for Hackers and Reverse Engineers (Anglais) Broché – 23 avril 2009


Voir les 2 formats et éditions Masquer les autres formats et éditions
Prix Amazon Neuf à partir de Occasion à partir de
Format Kindle
"Veuillez réessayer"
Broché
"Veuillez réessayer"
EUR 33,83
EUR 15,50 EUR 12,75

A court d'idées pour Noël ?

Offres spéciales et liens associés


Produits fréquemment achetés ensemble

Gray Hat Python - Python Programming for Hackers and Reverse Engineers + Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation
Prix pour les deux : EUR 76,33

Acheter les articles sélectionnés ensemble


Descriptions du produit

Python is fast becoming the programming language of choice for hackers, reverse engineers, and software testers because it's easy to write quickly, and it has the low-level support and libraries that make hackers happy. But until now, there has been no real manual on how to use Python for a variety of hacking tasks. You had to dig through forum posts and man pages, endlessly tweaking your own code to get everything working. Not anymore. Gray Hat Python explains the concepts behind hacking tools and techniques like debuggers, trojans, fuzzers, and emulators. But author Justin Seitz goes beyond theory, showing you how to harness existing Python-based security tools - and how to build your own when the pre-built ones won't cut it. You'll learn how to: * Automate tedious reversing and security tasks * Design and program your own debugger * Learn how to fuzz Windows drivers and create powerful fuzzers from scratch * Have fun with code and library injection, soft and hard hooking techniques, and other software trickery * Sniff secure traffic out of an encrypted web browser session * Use PyDBG, Immunity Debugger, Sulley, IDAPython, PyEMU, and more The world's best hackers are using Python to do their handiwork. Shouldn't you?


Vendez cet article - Prix de rachat jusqu'à EUR 9,94
Vendez Gray Hat Python - Python Programming for Hackers and Reverse Engineers contre un chèque-cadeau d'une valeur pouvant aller jusqu'à EUR 9,94, que vous pourrez ensuite utiliser sur tout le site Amazon.fr. Les valeurs de rachat peuvent varier (voir les critères d'éligibilité des produits). En savoir plus sur notre programme de reprise Amazon Rachète.

Détails sur le produit


En savoir plus sur l'auteur

Découvrez des livres, informez-vous sur les écrivains, lisez des blogs d'auteurs et bien plus encore.

Dans ce livre (En savoir plus)
Parcourir les pages échantillon
Couverture | Copyright | Table des matières | Extrait | Index | Quatrième de couverture
Rechercher dans ce livre:

Commentaires en ligne

Il n'y a pas encore de commentaires clients sur Amazon.fr
5 étoiles
4 étoiles
3 étoiles
2 étoiles
1 étoiles

Commentaires client les plus utiles sur Amazon.com (beta)

Amazon.com: 29 commentaires
68 internautes sur 73 ont trouvé ce commentaire utile 
Much Anticipation falls well short of expectations 7 juillet 2009
Par Jesse G. Lands - Publié sur Amazon.com
Format: Broché Achat vérifié
I was extremely disappointed in this book. I had been waiting almost a year for the book to be released and in that time had spent time looking at the different applications that were currently written in Python that could possible be included. With the time spent in writing this book and bringing it into publication the poor quality of the book does not compare to the higher standards that most No Starch Press books have achieved.

While there were a few merits in the book the majority of the book was a futile attempt to put outdated or useless information to paper. Many of my coworkers were very interested in the publication, but having read it and having spoken with my collegues that have read it we can all agree that it falls well short of anticipation.

The first five chapters were about Immunity Debugger. While reading them it seemed as if it were a sales pitch and then after reading that the author was employed by the same company that produces Immunity it was plainly obvious that he was influenced.

The author spent a chapter on hooking(6), DLL and code injection(7), fuzzing(8), Sulley(9), Fuzzing Windows Drivers(10), IDAPython(11), PyEMU(12) and obviously the Immunity Debugger chapters that were 1 through 5. But where was the rest? It was obviously lacking in many areas. There was very little mentioned on networks, packet reassembly or capture (pynids). No mention was made of Scapy, Pcapy, Impacket, Inguma, Volatility and so many more. Libraries that would be extremely helpful were never even brushed. IronPython, Win32, CryptoPy,

The examples given were poor to say the least. The author never mentioned which versions of python that the examples worked with and they were built using the older releases. The author goes through the installation of Python 2.5, but that version had issues with a few of the examples that I managed to get to work on 2.4. No mention was made for the the Python 3 version and version 2.6 had issues with most of the examples.

At 188 pages with 80+ pages used for debuggers that book was sorely lacking in any amount of substance. Most of my notes have more content then this book. To think that a book written regarding security minded use of python could only yield this little bit of information is absured.

I had preordered the book well in advance of publication. Each time the book was delayed for a few months I was extremely disappointed, but continued to hold onto the preorder. Once I received the book the writing and content were so poor that I spent much of my time reading a few pages only to put it down to find something of more interest or better content.

As I had said previously, No Starch Press is known for their quality products and excellent material, but this book falls well short of expectations. If someone would ask if I recommend this book I would whole heartedly tell them they are better off buying seperate books and piecing together that with internet content.

With all the uses Python has in security today I feel the community needs a better resource for Python tools in pentesting, forensics, incident response, intrusion detection, and so on. The potential content could fill volumes. A book about Python and Security would benefit the community greatly if it was a quality product, but this is not it.
38 internautes sur 40 ont trouvé ce commentaire utile 
GHPython Review 4 mai 2009
Par E. Hulse - Publié sur Amazon.com
Format: Broché
I have to start off by saying that I've been looking forward to this book being published for months now. Since it initially popped up on the No Starch website I've been following it and nagging the publishers about it's release. I was fortunate enough to get a copy last Friday and I dove into it full force, even my final exam suffered because I was a little too focused on this book. I have mixed feelings about the book overall, there was definitely a few things I gained from it. On the other hand, there were many more things that could have been added. If you are new to Reverse Engineering then you will most likely obtain a leap of knowledge from the book. Packed with code examples on various open source tools and concepts to create your own, you'll be waste deep in python for a while. If you've been around for the last few years and have already checked out many of the open source tools discussed in the book you may only get a few things out of it.

Justin does a great job elaborating through the the code examples used throughout the book. The sheer scope of this book makes it difficult to cover everything but Justin definitely attempts to give you a taste for the more common scenarios you may find yourself in. Below I highlight a few chapters that I found interesting and useful. Overall the entire book is useful but a large portion covers open source tools that have a plethora of documentation and examples in existence.

Chapter 3 is just downright awesome. This chapter walks you through creating your own python based debugger that is similar to pydbg. Between the concepts and actual implementation you obtain a solid understanding of what is going on in a Windows based debugger.

Chapter 6 goes over Hooking in 5 pages. This topic could easily fill a few chapters by itself but Justin sums everything up quite nicely with plenty of examples.

Chapter 7 discusses DLL and Code injection which was a pretty interesting topic. The chapter even gets a little "Evil" by showing you how to hide files on a filesystem using python. It goes one step deeper into evilness by demonstrating how to code a back door into files.

Chapter 8 goes into fuzzing concepts and the demonstration is very practical for anyone doing exploitation. Justin shows us how to create a file format fuzzer which I thought was pretty slick.

The last chapter I found pretty interesting was chapter 10 titled "Fuzzing Windows Drivers." This chapter outlines methods of identifying Device names and IOCTL codes using Immunity Debugger. It continues to show examples of an IOCTL Fuzzer that can be used in conjunction with the rest of the scripts outlined in the chapter. Definately some cool stuff. Personally, I'm not quite up to a Drive level fuzzing level but I still found the knowledge very useful and was able to translate some of the immunity scripts into IDAPython scripts for static analysis to find the device names and IOCTL Codes.

The Cons

The entire book was based off Dynamic analysis. This is great for those out there doing RE through execution, but it really sucks for people like me who only does dynamic analysis 10% of the time.

The entire book is windows specific. Yes, most RE work is done on windows, for windows binaries. However, there are closed source applications and even embedded stuff that is Linux based. Would have definitely been useful to have some examples for these types of cases.

At times I found the book drifting into the direction of exploitation. Granted, RE and exploitation go hand in hand but I feel those of us who perform RE for the purpose of compatibility, protocol analysis, and other crap were left out a bit.

The chapter on debugger design did not have all that much to say about designing a debugger. In fact, it was probably more inline with a quick introduction to x86 architecture, specifically registers and stacks. It was not until chapter 3 that you really understand the elements involved.

Overall, I equate this book to Hacking the art of exploitation first edition but for Reverse Engineering. The book is packed with useful information for both the novice to the professional but I hope a second edition comes out with more information, that covers both static and dynamic analysis.
14 internautes sur 14 ont trouvé ce commentaire utile 
Excellent book for rapid vulnerability testing 7 mai 2009
Par mjw - Publié sur Amazon.com
Format: Broché
I've been eagerly awaiting the release of "Grey Hat Python" by Justin Seitz of Immunity. I think Python is a great language and it's used extensively in the security industry so I've been quite curious about the book. Overall, I'm happy with it. The book gives insight into some of the tips and tricks one of the best exploit development companies uses to quickly find and exploit bugs. I think most security professionals will find the book a useful addition to their shelves.

If the book has a fault, it's Justin's concise focus on using python as a tool to rapidly find and exploit bugs. As such the book is in a niche category. It doesn't really fulfill the subtitle "Python Programming for Hackers..." A more accurate subtitle might be "Python programming for expedited bug finding and exploitation". As such it lacks some things I would have expected from a more general book such as:

1. Using scapy or impacket for network tricks
2. Using python for phishing (this is a potential hot topic -- the Metasploit guys are working on a phishing addition for the framework so seeing something similar in python would be a plus).
3. Using python for generic security applications: web scraping, social network enumeration, gluing security tools, etc

All the above would have been nice additions to make the book more complete. As-is the book is very good, but you need to understand that it's not a general purpose python for hacking book. It is a great resource for debugging and automating dynamic analysis of executables.

Now for the super-hardcore exploit guys out there I would have liked to see more depth. I understand why the book didn't go into too much more detail -- the number of interested parties likely decreases exponentially. But I'd have liked to see a few things:

1. Some code that Nico uses to manipulate the heap for use in heap overflows. I do a lot of trial and error with little automated analysis. I assume Immunity does something better and I'd like to see it. In fairness, they do review the !hippie function that's in ID.
2. I'd like to see an easier intro to fuzzing RPC with python. RPC has always been a barrier for me and the Immunity folks have a lot of tools to do this. I'd like to see some more approachable examples than having the source and digging into spike.py
3. MOSDEF is one of things that makes CANVAS special. I'd have loved to see the book build a simpler win32MosdefShellServer

I'm a hardcore security geek and there are probably only a handful of people that would want to see the three items immediately above. So I'm not surprised they're not in the book, and can't fault anyone for that.

Overall, I recommend the book. Look at is a first iteration. It's a good book to help security engineers use python to begin analyzing software vulnerabilities. Primarily it's a book about using python to debug and to a lesser degree fuzz. It's a good insight into how Immunity does things and will help you look at CANVAS code a little easier. For that alone it's definitely worth buying.
5 internautes sur 5 ont trouvé ce commentaire utile 
Great content ... terrible code in Chapter 3 10 mars 2011
Par Michael Rand - Publié sur Amazon.com
Format: Broché Achat vérifié
I purchased this book as an attempt to learn more about debugging and hacking using Python.

The content itself is good. It's well organized and very clear, even for someone like me who is a self-taught programmer with ~1 year of Python experience. Perusing Chapters 2 and 3 should bring anyone up to speed on debuggers. The remaining chapters do a nice job of explaining various Python tools to use in hacking and reverse engineering.

Unfortunately, the code fragments in Chapter 3 (where you build your own debugger in Python) could best be described as a disaster. I expect a programming book's code to run without extensive tweaks. I don't need it to be the most Pythonic code in the world ... just generate the expected results. Given the importance of Chapter 3 to your understanding of a good portion of the book, these errors were a killer.

Given that the code required extensive fixes to run as intended, the errata (now on No Starch Press's website) was delayed by at least a year from publishing, and there was no forum on No Starch Press's website to pass errata around in the meantime, the book loses 2 stars.

The lesson: if you're going to publish a programming book, get the code right. Absent the ability to do so, at least support your book's readers in working around the issues.

Edit: Sorry, wanted to point out one more thing. For Chapter 3, the code on the website's source files don't always match the code walked through in the book, even on parts of the code that are fully functioning. Your best bet is to start with the code on the website and debug that.
4 internautes sur 4 ont trouvé ce commentaire utile 
Not for the faint of heart 11 juin 2009
Par N. Povoa - Publié sur Amazon.com
Format: Broché
The book dives right into ctypes and dynamic libraries, from then on end your up for an interesting ride.

The debugger chapters are clearly the nitty gritty of this book. It was worth reading for the sheer amount of knowledge in those 3 or 4 chapters, even though the first time I skimmed the book I thought those were the chapters I was going to skip. Glad I didn't.

Personally I found the chapter on Fuzzing and Sulley to be immensely useful, regardless of both being very brief and the subject could very well be a book itself.

It's not a beginners book even though the author mentions that if you are new to python you should read the book front to back, I seriously doubt anyone new to python would get much out of this book. If you are looking for a book with a few recipes for quick deployment and use, this is not it. This book is much more about sharing knowledge than it is about giving you pre-fabricated code.

I would certainly love to see at least one or two network chapters in a book like this. There is just so much you need to automate during an enumeration or assessment phase and python is a wonderful tool for that. The first reviewer wanted a few chapters on static analysis, which I understand because when you pick a title like "gray hat python" we all have our own expectations, no doubt based on our previous use of python in a security scenario.

So bottom line: for sheer compact knowledge and finding out what is under the hood I would certainly recommend this book, but I'd make it clear it's all about software vulnerabilities. :)
Ces commentaires ont-ils été utiles ? Dites-le-nous


Commentaires

Souhaitez-vous compléter ou améliorer les informations sur ce produit ? Ou faire modifier les images?