Commencez à lire Violent Python sur votre Kindle dans moins d'une minute. Vous n'avez pas encore de Kindle ? Achetez-le ici Ou commencez à lire dès maintenant avec l'une de nos applications de lecture Kindle gratuites.

Envoyer sur votre Kindle ou un autre appareil

 
 
 

Essai gratuit

Découvrez gratuitement un extrait de ce titre

Envoyer sur votre Kindle ou un autre appareil

Désolé, cet article n'est pas disponible en
Image non disponible pour la
couleur :
Image non disponible
 

Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers [Format Kindle]

TJ O'Connor

Prix conseillé : EUR 37,93 De quoi s'agit-il ?
Prix éditeur - format imprimé : EUR 35,95
Prix Kindle : EUR 24,65 TTC & envoi gratuit via réseau sans fil par Amazon Whispernet
Économisez : EUR 11,30 (31%)

App de lecture Kindle gratuite Tout le monde peut lire les livres Kindle, même sans un appareil Kindle, grâce à l'appli Kindle GRATUITE pour les smartphones, les tablettes et les ordinateurs.

Pour obtenir l'appli gratuite, saisissez votre adresse e-mail ou numéro de téléphone mobile.

Formats

Prix Amazon Neuf à partir de Occasion à partir de
Format Kindle EUR 24,65  
Broché EUR 35,95  


Descriptions du produit

Revue de presse

"An information security specialist with the US Army, O'Connor introduces the hacker's programming language Python to new users, and describes some advanced features to those who already know it."--Reference and Research Book News, August 2013 "A quick glance at [the authors] collective credentials and experience undoubtedly creates high expectations for this title… The end result is that the book demonstrates how powerful just a few dozen lines of Python code can be… useful tips and tricks will surely be acquired simply by working through the exercises."--The Ethical Hacker Network, February 27, 2013 "Violent Python is an excellent resource that develops and enhances a diverse set of security-related Python skills. The book also serves as a great reference, where recipes could be quickly implemented to address specific issues as they arise. Readers who are actively working in an InfoSec position will likely be able to put their newly acquired skills to use immediately, and those looking to break into the field will acquire skills that differentiate themselves from others who are dependent on prebuilt tools. This title is highly recommended for anyone who wants to improve his or her Python skills within the InfoSec realm."--The Ethical Hacker Network, February 27, 2013 "When it comes to Python and penetration testing, TJ O'Connor is the grand Python master. This is the book that keeps on giving. From building penetration testing Python scripts, to antivirus-evading penetration testing malware, to interrogating the Windows Registry and investigating other forensic artifacts...O'Connor masterfully walks the reader from basic to advanced penetration testing techniques with sample code throughout."--Ove Carroll, SANS Certified Instructor, Co-Author of SANS Forensics 408 - Windows In Depth "Violent Python is chalked full of practical examples and is for all security professionals. It covers the spectrum - knowledge for pen testers to forensic analysts, beginner to advanced and offensive to defensive tasks. If you are involved in information security and are looking for a Python book, this is an excellent source."--James Shewmaker, Security Analyst, Bluenotch Corporation "The best hackers know when to write their own tools. Violent Python is a very relevant collection of examples to seed your personal hacking toolbox. From offensive actions to digital forensics, this book has useful bits for everyone."--Raphael Mudge, Creator of Armitage

Présentation de l'éditeur

Violent Python shows you how to move from a theoretical understanding of offensive computing concepts to a practical implementation. Instead of relying on another attacker’s tools, this book will teach you to forge your own weapons using the Python programming language. This book demonstrates how to write Python scripts to automate large-scale network attacks, extract metadata, and investigate forensic artifacts. It also shows how to write code to intercept and analyze network traffic using Python, craft and spoof wireless frames to attack wireless and Bluetooth devices, and how to data-mine popular social media websites and evade modern anti-virus.



- Demonstrates how to write Python scripts to automate large-scale network attacks, extract metadata, and investigate forensic artifacts.

- Write code to intercept and analyze network traffic using Python. Craft and spoof wireless frames to attack wireless and Bluetooth devices.

- Data-mine popular social media websites and evade modern anti-virus.


Détails sur le produit

  • Format : Format Kindle
  • Taille du fichier : 2033 KB
  • Nombre de pages de l'édition imprimée : 289 pages
  • Editeur : Syngress; Édition : 1 (28 décembre 2012)
  • Vendu par : Amazon Media EU S.à r.l.
  • Langue : Anglais
  • ASIN: B00ABY67JS
  • Synthèse vocale : Activée
  • X-Ray :
  • Word Wise: Non activé
  • Classement des meilleures ventes d'Amazon: n°59.931 dans la Boutique Kindle (Voir le Top 100 dans la Boutique Kindle)
  •  Souhaitez-vous faire modifier les images ?


En savoir plus sur l'auteur

Découvrez des livres, informez-vous sur les écrivains, lisez des blogs d'auteurs et bien plus encore.

Quels sont les autres articles que les clients achètent après avoir regardé cet article?


Commentaires en ligne

Il n'y a pas encore de commentaires clients sur Amazon.fr
5 étoiles
4 étoiles
3 étoiles
2 étoiles
1 étoiles
Commentaires client les plus utiles sur Amazon.com (beta)
Amazon.com: 4.3 étoiles sur 5  74 commentaires
145 internautes sur 158 ont trouvé ce commentaire utile 
3.0 étoiles sur 5 Violent Python Libraries 4 décembre 2012
Par TurboBorland - Publié sur Amazon.com
Format:Broché
Violent python is an introductory level book on python with a introductory look at security concepts in general. It is great for those who are new to the language and would like example use cases of simplistic security tools, but not for those who want to understand Python, deeply understand the security concepts covered, or using python for reliable tools.

Problems I had:

1.) This book is about python libraries and interacting with them and other programs. It is not about understanding the attack and implementing them in Python. Sure, some may be required for ease to the beginner when it comes to forensics, communicating with ssh, or integrating with other tools for complex protocols like SMB, but anything else is really not fair to those who may not be able to use the library, who have problems and need to understand why, or those who want to understand what is happening on a lower level. Examples:

1a.) Use ftplib for your ftp bruteforcer.
1b.) Use zipfile to crack zip archives.
1c.) Use os to send metasploit exploit code (your own 'conficker')/os to use msfpayload to bypass a/v.
1d.) Use smtplib to communicate with smtp (regardless of the functions being ironically similiar to the real commands).

The problem with this is it doesn't teach you how these libraries work. For example, one should show the person how to interact with FTP with the sockets library, what to send, what to look for, and then show them the easy libraries. As previosly stated, it also doesn't prepare them for issues (like programs that don't like complying with rfc standards).

2.) More exception handling. The socket code is not helpfully handled on all stages of attempted connection. Debugging why something isn't working for a beginner is going to be a nightmare especially later on for point 3. He talks about exception handling, but integrates it very loosely. This plays into many people's issues on other sites with the author's script quality. Good exception handling or even print statements should be covered if you're going to be teaching a new person and something breaks on them.

3.) Thread safety doesn't seem to be an issue that's handled. Because of the GIL (global interpreter lock) threads can not expand cores when using cython (the default python interpreter). This means that you have a thread limit on the process/core and this causes problems for speed and for thread handling when you start really using it. When doing a portscan or communicating to a server with threads, the host or port may go down, you may get blocked, etc. and the thread can die. It becomes a huge problem especially because it doesn't maintain state and doesn't resend a failed attempt. But violent python libraries strike again and you'll just integrate nmap scans for your portscans anyway.

------------------

Well, with the issues out of the way, let's talk about what this book does well. I do believe that the forensics sections of this book are good. The descriptions are more in-depth and I've always seen forensics as "what do I have in my toolbag", which makes sense when bringing in all of the thirdparty libraries for the forensics sections. Then it gets down to using scapy. Once he starts using scapy, everything is much more informative due to the level and quality of information. No longer are you using a library for....logging into an ftp server, but you start crafting and analyzing packets raw packets. This allows a much needed understanding of what is happening in the script and with the packets/network at the same time.
70 internautes sur 79 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 My Python is Getting Violent 26 novembre 2012
Par Matthew - Publié sur Amazon.com
Format:Broché
I'd been looking forward to this book for over a month so when it arrived last week I tented my hands like Mr. Burns. I finally finished chapter 1 and can officially declare this book to be awesome.

I was recommending it to a friend yesterday morning when he said "you didn't need the introduction to python chapter did you?" I started laughing and told him that in the "introduction" chapter you:

[+]Set up your development environment.
[+]Write and subsequently make several modifications to a vulnerability scanner.
[+]Write a password hash cracker and are then asked to go, on your own, to modify it to crack SHA512 hashes as well.
[+]Write a .zip file password cracker and then modify it so that it's multithreaded.

Any of those could have been final projects in a lot of books so that should give you an idea of how packed full of information this book is.

If you're python is limited (like mine) you'll be doing a decent amount of Google searches to look further into certain commands. If you're brand new to python I would zip through a free online course to get the basics of the language structure before you tackle this book.

While Violent Python is in the "We're going to do some cool stuff, keep up" style, I never once felt confused or frustrated. The code is clear, easy to understand and a quick trip to Google always filled in any gaps.

I usually wait until I'm finished with a book to review it but with this one that could take a while. I've found myself using the code in this book as building blocks for other similar ideas I have in my head so I've been building those before I move on. These modifications have helped me truly understand the topics presented rather than trying to knock out the book ASAP.

Check out the table of contents. If that looks like something you're interested in, do yourself a favor and grab the book.
29 internautes sur 32 ont trouvé ce commentaire utile 
2.0 étoiles sur 5 Not for an expert, not for a beginner 31 mars 2013
Par insomniac - Publié sur Amazon.com
Format:Format Kindle|Achat vérifié
TL;DR - go directly to the conclusion.

This book is really weird. It shows since the beginning its nature, as stated by the book itself: a cookbook. A set of recipes to do something effectively, one would expect. It is, instead, a series of examples of how replicating some pretty old attack in a pretty bad manner. The reasons why I say this?

- the code is bad:
- it looks like "the Python antipattern cookbook", that is "how not to code in Python" (too long list of examples here, but some: exception handling generally absent and when present it's a "catch-all", namespace pollution, old-style classes)
- it completely ignores best practices, code reuse, multithreading, isolation, synchronization, good design
- the attacks are very old:
- everything you learn in this book is pointless nowadays
- the rationale and explanations are generally absent:
- it doesn't explain why something is done in that way: it just goes "we do this, and this, and this, et voilà!". The consequence is that it's useless for a beginner since he can't learn anything new, and it's useless for an expert, since it's too basic to be useful
- there's no troubleshooting at all: what if something doesn't work out of the box? Users reported non-working scripts from the book
- it doesn't explain why we're choosing a library instead of another, a single statement "it's faster", "it's more reliable", "I like it" is better than nothing
- it doesn't explain how those libraries work, what can be really done, how to exploit their potential for our use
- every example is self-contained and can't be easily reused: it doesn't help building an arsenal
- it does poor use of the plethora of Python-based security tools out there
- attacks are not optimized for parallelism: the Python has the GIL, that renders pretty useless the threading module. But also, it has the multiprocessing approach that can circumvent this problem. Unfortunately the author never uses or mention it

Someone may say that "security people" shouldn't waste time with programming practices, but that's wrong. Security researchers have always been good programmers by need, and still are. If the code is bad and the attacks are less than practical, what's the point?

On the other hand, a good point: the Forensics Investigation chapter is pretty good. Also, if I understood correctly, it has been written by a different contributing author.

== Conclusion:
I wouldn't buy it again, and, no, I am not happy of the money I spent. It wasn't even cheap.
25 internautes sur 28 ont trouvé ce commentaire utile 
4.0 étoiles sur 5 Cookbook for hackers, like it says 26 décembre 2012
Par Kyle Maxwell - Publié sur Amazon.com
Format:Broché|Achat vérifié
A lot of security folks have little to no development experience, complicating their jobs when they want to do something that's slightly different from what existing tools can do. Python provides a particularly useful tool for them because of its innate readability, support for multiple programming paradigms, and tremendous library of existing modules that can be adapted and connected to do new and interesting things. And for those of us with more extensive programming backgrounds in addition to our security skillsets, Python provides an excellent workbench for nearly any relevant task.

Violent Python does not pretend in any way to teach readers how to program. In fact, when kicking off the brief section introducing the language itself, it flat out refers to to the reader "as an experienced programmer" (p. 6). However, a motivated hacker with limited exposure to Python can still follow along and pick things up relatively quickly, as VP doesn't really use any particularly esoteric language features.

That said, it also does not necessarily require the reader to cover it linearly from page 1 to the end. The subtitle of the book, after all, calls it a "cookbook for hackers", and it handles its end of the bargain. VP does not go into great detail for these projects but illustrates how to accomplish them relatively simply, primarily as inspiration for the reader who can then use the ideas and code as building blocks for self-driven projects.

I rarely like getting technology books in electronic format, and so I have the paperback copy. Given the complete lack of diagrams in this book, however, it wouldn't matter as much in this case. The quality of the paper and printing seems relatively high; the papers have a smooth, creamy texture, and the book has wide margins that lend themselves very well to note taking and similar marginalia. While I'm not particularly a fan of the particular typeface used for code in the book, I didn't find it so distracting as to make it impossible to work. As has become sadly common these days, the book contains a number of typographical errors and I really wish the publisher had put it through one more review iteration to catch them.

Contents

Chapter 2, "Penetration Testing with Python", provides examples of how to perform a port scan (first using the socket API and then with nmap integration), brute forcing, using weaknesses in SSH key generation, injecting malicious IFRAMEs, interacting with Metasploit, and sending custom buffer overflow code over the network.

Chapter 3, "Forensic Investigations with Python", discusses analyzing the history of wireless access points in the Windows registry (including geolocation), investigation of the Recycle Bin, examining metadata in various document types, and using application artifacts like SQLite databases in Firefox and Skype or iTunes Mobile.

Chapter 4, "Network Traffic Analysis with Python", gets into better geolocation, packet parsing using dpkt and Scapy, KML generation, and analyzing various types of traffic like the LOIC DDOS tool, varying TTLs from spoofed port scans, and DNS fast-flux, and TCP sequence prediction. It also briefly covers generating packets to match IDS signatures.

Chapter 5, "Wireless Mayhem with Python", reviews mining WiFi traffic for personal information like payment cards and authentication credentials, analyzing 802.11 probes and beacons, intercepting and hijacking UAV command traffic, detecting Firesheep use, and manipulate Bluetooth networks.

Chapter 6, "Web Recon with Python", explains the Mechanize and BeautifulSoup libraries as well as using the Google and Twitter APIs, plus a small section on spear phishing.

Chapter 7, "Antivirus Evasion with Python", covers how to use Pyinstaller to obfuscate a Metasploit payload from antivirus as well as how to check your code automatically against AV scanners.
5 internautes sur 6 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Crisp and Clear 16 décembre 2012
Par rpv - Publié sur Amazon.com
Format:Broché|Achat vérifié
I like the book because
- it is short, not a 1000 page Learning to program book
- goes right into the point of learning python
- real world examples, crisp and well defined, unambiguous problems
- interesting forensics analysis, if you have a hacking mentality (in a good sense), this book will interest you very much
- all you need is a linux system, some free time, book and you will be elated
- companion site lets you download all source and necessary files
- chapters include variety of problems like password cracker, dictionary attack, nmap examples, and so on. No spoilers here!
Ces commentaires ont-ils été utiles ?   Dites-le-nous

Discussions entre clients

Le forum concernant ce produit
Discussion Réponses Message le plus récent
Pas de discussions pour l'instant

Posez des questions, partagez votre opinion, gagnez en compréhension
Démarrer une nouvelle discussion
Thème:
Première publication:
Aller s'identifier
 

Rechercher parmi les discussions des clients
Rechercher dans toutes les discussions Amazon
   


Rechercher des articles similaires par rubrique