[Article]-Book Review: Gray Hat Python

Viewing 18 reply threads
  • Author
    Posts
    • #3946
      Don Donzal
      Keymaster

      Thanks again to Ryan for some great insights into a book many have been asking about on the site. Keep up the good work.

      Permanent link: [Article]-Review: Gray Hat Python

      Review by Ryan Linn, CISSP, MCSE, GPEN

      “Gray Hat Python” by Justin Seitz, one of the latest releases from publisher, No Starch Press, focuses on using the Python programming language for reverse engineering.  This book is subtitled Python Programming for Hackers and Reverse Engineers which is fitting as Justin is a member of Immunity Security, makers of the Canvas penetration testing platform and the Immunity Debugger.  The foreword by Dave Aitel, Immunity’s CEO, is an excellent introduction to why the content of this book is important.  It focuses on the short time span that is required from discovery of a bug to exploit, and the necessity for flexible, fast, and collaborative vulnerability discovery and exploit development.  Dave does an excellent job in setting the tone for why the information in the book is relevant and what the drive is for these types of tools in the industry.

      Add your thoughts on Ryan’s review or on the book itself.

      Don

    • #25222
      RoleReversal
      Participant

      Thanks for the review Ryan,

      I’d been waiting to see if it lived up to billing. Looks like I’ll be adding this to my ever growing pile of things to study.

      (p.s. Don, couldn’t find a link to the book via the EH-Net Amazon store…)

    • #25223
      BillV
      Participant

      Really nice write-up and review, Ryan. Certainly appreciate the feedback on this book.

    • #25224
      Don Donzal
      Keymaster

      You’re too fast Andrew. It’s now there on the EH-Net Amazon Book Store.

      Thanks for keeping me on my toes,
      Don

    • #25225
      RoleReversal
      Participant

      Sorry, didn’t mean to nag :). Slow day in very warm office means enough time to catch up on articles so I’m running quicker than usual

    • #25226
      Don Donzal
      Keymaster
    • #25227
      n3r
      Participant

      Hi !
      do you think i can start learning Python with this book or i should go for another one ?

    • #25228
      Don Donzal
      Keymaster

      Have you done any programming at all? If so, then go for it, as this is a book geared more towards reverse engineering and less on general python programming.

      If it’s the basics you want try:

      Hello World
      http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,3978.0/

      And then try Coding for Pen Testers by EH-Net’s own Ryan Linn with Jason Andress:
      http://www.syngress.com/hacking-and-penetration-testing/Coding-for-Penetration-Testers/

      Welcome to EH-Net and hope this helps,
      Don

    • #25229
      rance
      Participant

      @n3r wrote:

      Hi !
      do you think i can start learning Python with this book or i should go for another one ?

      Having briefly thumbed through this book, I’d certainly say it’s not a book for learning the language.  I’d say at least a “moderate” level of python would be needed to work successfully though it, as it doesn’t hold your hand through learning the basics of the language.  It won’t hurt you by just jumping in, but you may become frustrated with lack of understanding of some of the advanced functions, and it may have the unintended side effect of thinking python sucks (the primary reason I detest perl… i never really learned the language, but had to maintain code written by others, and without a proper understanding, i just eventually said “man, this crap sucks… give me something that makes sense!”)  I’d recommend the good `ol O’Reilly “Learning Python” book if you’re just starting with the language.

      2 cents, mileage may vary, etc.

    • #25230
      rance
      Participant

      @don wrote:

      And then try Coding for Pen Testers by EH-Net’s own Ryan Linn with Jason Andress:
      http://www.syngress.com/hacking-and-penetration-testing/Coding-for-Penetration-Testers/

      Oh wow, that’s cool… didn’t know a member here was involved in that!  I almost know someone famous!  ;D  (Got my copy on pre-order…)

    • #25231
      rattis
      Participant

      @rance wrote:

      Oh wow, that’s cool… didn’t know a member here was involved in that!  I almost know someone famous!  ;D  (Got my copy on pre-order…)

      Both authors are members here.

    • #25232
      jason
      Participant

      The first print copies will be available at DerbyCon this weekend and both Ryan and I will be there as well  8)

    • #25233
      n3r
      Participant

      @don wrote:

      Have you done any programming at all? If so, then go for it, as this is a book geared more towards reverse engineering and less on general python programming.

      If it’s the basics you want try:

      Hello World
      http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,3978.0/

      And then try Coding for Pen Testers by EH-Net’s own Ryan Linn with Jason Andress:
      http://www.syngress.com/hacking-and-penetration-testing/Coding-for-Penetration-Testers/

      Welcome to EH-Net and hope this helps,
      Don

      Thanks for your answer ! I only know C language and would like to learn Python.

    • #25234
      alucian
      Participant

      Nice. I have Coding for Pen Testers in my list.

      I saw that the book covers a lot of languages. Is it more a theoretical book or it is practical, full of examples?

      Also, I am not familiar with some of the languages in the book. Is this a problem?

      Congratulations for the book.

    • #25235
      jason
      Participant

      The first half of the book is intro for several languages with practical examples. The second half is all application of the first half. The intro pieces are all quick and dirty introductions to the various languages and I think should be enough to get most folks going on them.

    • #25236
      hayabusa
      Participant

      Been less than ‘aware’ of some if the threads this week, as I was out of town on business, and have been catching up on things at home.  Almost missed the topic switch to Jason and Ryan’s book.  Looks like I’ll be placing another book order.  (Thanks gents!  ;D )

    • #25237
      jason
      Participant

      Thanks for the support  8) The book did really well at DerbyCon this weekend as well.

    • #25238
      Tseug
      Participant

      Don’t take this as criticism of your book, because it isn’t. I haven’t read it, but I’m sure it’s really good.

      I find it really frustrating though, when I go to a publishers site to potentially buy a book and I find that they want to charge me twice if I want the hard copy and the ebook version.

      For some reason the publishing industry doesn’t seem to be taking that step of saying, if you buy the hard copy of the book, you also get the ebook.

      Nostarch, which is the publisher of the Gray Hat Python book does give you both copies without you having to buy the book twice….but I’m in the boat of not being an experienced programmer in Python (or any language). Other than a few introductory programming courses in college, no real experience…..

      I have also been going through the free HTML-based Python “book” that is called “learn python the hard way”, but it is really really basic.

    • #25239
      Gromic
      Participant

      I have bought the book before christmas and read through it within 4 days.  I liked it very much.

      While this book doesn’t make you a programming “pro” in all the various languages (this is not the intention of the book) it gives you quite some ideas (and examples!) on how to apply different programming languages  within a pentest context.  For me as a programming noob who worked through different basic tutorials in all the mentioned languages (python, perl, ruby, php, …) it was a real benefit. It gives you various new ideas for own projects. 

      Here some more brief notes:
      (please be aware, someone with a different background might see it totally different … so you have to buy a copy of the book and judge for yourself. I at least recommend it to people who want to learn more about scripting in pentest context.

      * I felt the beginning of the python part was pretty basic, would have loved to read more about scapy at the end .
      * I kinda found the chapter on “exploitation scripting” quite hard.  But I guess this is due to the fact that I haven’t had much contact with assembler…yet (it’s on my toDo list …). 
      *liked the perl, bash part

      Anyways, a big thanks to the authors!  I also wasn’t aware that the authors are here on EH-net.

      conclusion = buy !  🙂

Viewing 18 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?