EH-Net

I was hunting a new Python book when I came across this , it's not out until November but figured I would let you guys know...

Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers


http://www.amazon.com/gp/product/1597499579/ref=ox_sc_act_title_1?ie=UTF8&smid=ATVPDKIKX0DER

Thanks for the heads up, wasn't aware of this one but looks like an interesting read, and just in time to make a good stocking filler :)

Show's one of the standard bug-bears with being this side of the pond the though, choice between 20USD (http://www.amazon.com/gp/product/1597499579/ref=ox_sc_act_title_1?ie=UTF8&smid=ATVPDKIKX0DER) or 20GBP (http://www.amazon.co.uk/Violent-Python-TJ-OConnor/dp/1597499579/). I might have missed something in the world of FX, but the exchange rate isn't 1:1.....

Thanks for the info looks a good read will be one to add to my wish list :P

Looks good. Will check it out when it's released.

I know TJ. I believe he is donating the proceeds to the wounded warrior fund as well. Good cause.

I was thinking about canceling my pre-order for this book since I have no problem reading Python and assume I could learn the same stuff by just reading the source of open source projects.  However, I was googling for the detailed contents of the book and found this page about the author:

http://www.linkedin.com/pub/tj-oconnor/43/37/81b

Am I reading that correctly?  This guy really has all of those certifications?  Is that even humanly possible?  I might just keep the pre-order.

Yep, I know him, it's legit.

Man that's impressive...  I'll give the book a try then, but do you have any idea if there is a detailed ToC somewhere?  It's not on the publisher's site or amazon, and google has failed me.  The book is due out soon, so I would think there would be a detailed ToC by now.

I will go directly to the source... stand by.

 :o Thanks!

Hah, with all those GIAC certs, he'd be a masochist if he wasn't a GSE. Trying to maintain all of those individually would be a nightmare.

Very nice collection regardless. That's a great bonus of getting an STI master's. I just wish they were accredited.

Source: http://store.elsevier.com/Violent-Python/TJ-OConnor/isbn-9781597499576/

aweSEC, I said detailed ToC...  I want to know what the subsections are in the chapters.  ;)

He's gone WAY beyond the GSE requirements. ;)

No, that wasn't what I was getting at. Passing the GSE written every four years will renew ALL of your GIAC certs. Otherwise, he'd have to renew each one individually, which would be insane with that many.

Oh, I thought you might refer to the general table of contents. I just noticed that they are not available at e.g. amazon.

As the book seems to have ~280 pages, I don't think there would be many subsections listed though.

You can lookup GIAC certification holders.

Author: http://www.giac.org/certified-professional/terrence-oconnor/121884

Definitely a lot but not quite as many as Dr. Wright:
http://www.giac.org/certified-professional/craig-wright/107335

I would think it would renew all the certs you took to pass the GSE.  Renewing all GIAC certs doesn't seem to make much sense, unless the GSE exam is customized to include questions from every GIAC cert you have.  ???

Chapter 1: Introduction
If you have not programmed in Python before, Chapter One provides background information about the language, variables, data types, functions, iteration, selection, and working with modules, and methodically walks through writing a few simple programs. Feel free to skip it if you are already comfortable with the Python programming language. After the first chapter, the following six chapters are fairly independent from one another; feel free to read them in whichever order you please, according to what strikes your curiosity.

Chapter 2: Penetration Testing with Python
Chapter Two introduces the idea of using the Python programming language to script attacks for penetration testing. The examples in the chapter include building a port scanner, constructing an SSH botnet, mass-compromising via FTP, replicating Conficker, and writing an exploit.

 Chapter 3: Forensic Investigations with Python
Chapter Three utilizes Python for digital forensic investigations. This chapter provides examples for geo-locating individuals, recovering deleted items, extracting artifacts from the Windows registry, examining metadata in documents and images, and investigating application and mobile device artifacts.

Chapter 4: Network Traffic Analysis with Python
Chapter Four uses Python to analyze network traffic. The scripts in this chapter geo-locate IP addresses from packet captures, investigate popular DDoS toolkits, discover decoy scans, analyze botnet traffic, and foil intrusion detection systems.

Chapter 5: Wireless Mayhem with Python
Chapter Five creates mayhem for wireless and Bluetooth devices. The examples in this chapter show how to sniff and parse wireless traffic, build a wireless keylogger, identify hidden wireless networks, remotely command UAVs, identify malicious wireless toolkits in use, stalk Bluetooth radios, and exploit Bluetooth vulnerabilities.

Chapter 6: Web Recon With Python
Chapter Six examines using Python to scrape the web for information. The examples in this chapter include anonymously browsing the web via Python, working with developer APIs, scraping popular social media sites, and creating a spear-phishing email.

Chapter 7: Antivirus Evasion with Python
In the Final chapter, Chapter Seven, we build a piece of malware that evades antivirus systems. Additionally, we build a script for uploading our malware against an online antivirus scanner.

@cd1zz  Looks good, thanks!  A book like this is great since Python has become the scripting language to know if you're into security.

I believe the continuing education component is a requirement of ANSI acceedidation. http://www.giac.org/about/ansi

It's the same type of deal with the CISSP. My OSCP didn't refresh that material, but I was still able to apply the CPEs towards maintaining that certification. The renewal process usually just requires relevant continuing education, and if you're keeping up with GSE-level material, you're clearly doing so.

And honestly, they needed a practical way to maintain certifications for people who have a higher number. Otherwise, they'll end up in a position where they're having to pay a fee, take an exam, and/or write a paper every few months. That's just not feasible.

I just got the book and read a little of it.  The AV Evasion chapter was disappointing.  The only thing that was done to evade AV was to run msfpayload, paste the shellcode into a basic template python script, and compile it.  No encoding, obfuscating, or anything what so ever.  Just compiling shellcode msfpayload generated... not even msfencode was used.

The little bit of the forensics chapter I read was decent for a beginner.  An entire book could probably be written on most, if not each chapter, so I guess it has to be somewhat general.

I figured it'd be something like that. Dave used that trick at DefCon 20 (see the first video -- also the PXE boot trick is pretty slick): https://www.trustedsec.com/downloads/social-engineer-toolkit/

Still, if you weren't aware you could do that before, it's certainly a nice piece of info to pick up. Attacks don't always have to be sexy or complicated.


Right, you'll find SecurityTube's SPSE is like that too. What I've found to be important is that a resource provides you with a solid foundation and direction for future growth. Once you have the building blocks, you can usually get where you want to go on your own.

@ajohnson Yeah, it's like creating a chapter on NIDS evasion and just running fragrouter and calling it a day...  I didn't learn anything on AV evasion other than AV sucks even more than I thought.  I mean jeez, he went from being detected by 10/14 AV vendors, to 0 just by compiling it as an .exe using Python?  Are other people that successful with this technique?  I'm watching the video now, thanks.

Yup...

Yup...

Another yup...

I learnt about AV evasion earlier in the year, and I'd have to say it was a real eye opener! I was surprised how many AV's can be bypassed with relatively little effort.

Man I had no idea...

@m0wgli, do you know of any good links you've found on evading AV?  Anything on python and encoding, obfuscating, slicing a program into pieces to find the signature, etc.?

There are a hundred ways to do it but here are a few to get the wheels turning:
http://www.scriptjunkie.us/2011/04/why-encoding-does-not-matter-and-how-metasploit-generates-exes/
http://schierlm.users.sourceforge.net/avevasion.html
http://intern0t.org/papers/BPAV%20-%20InterN0T.pdf
http://www.pentestgeek.com/2012/01/25/using-metasm-to-avoid-antivirus-detection-ghost-writing-asm/
http://pen-testing.sans.org/blog/2011/10/13/tips-for-evading-anti-virus-during-pen-testing

However, the best way is to write your own.

ajohnson's review of this book is now live:

http://www.ethicalhacker.net/content/view/464/2/

Don