Violent Python

Viewing 29 reply threads
  • Author
    Posts
    • #7918
      S3curityM0nkey
      Participant

      I was hunting a new Python book when I came across this , it’s not out until November but figured I would let you guys know…

      Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers

      Violent Python shows you how to move from a theoretical understanding of offensive computing concepts to a practical implementation. Instead of relying on another attacker’s tools, this book will teach you to forge your own weapons using the Python programming language. This book demonstrates how to write Python scripts to automate large-scale network attacks, extract metadata, and investigate forensic artifacts. It also shows how to write code to intercept and analyze network traffic using Python, craft and spoof wireless frames to attack wireless and Bluetooth devices, and how to data-mine popular social media websites and evade modern anti-virus.

      – Demonstrates how to write Python scripts to automate large-scale network attacks, extract metadata, and investigate forensic artifacts.

      – Write code to intercept and analyze network traffic using Python. Craft and spoof wireless frames to attack wireless and Bluetooth devices.

      – Data-mine popular social media websites and evade modern anti-virus.

    • #50081
      RoleReversal
      Participant

      Thanks for the heads up, wasn’t aware of this one but looks like an interesting read, and just in time to make a good stocking filler 🙂

      Show’s one of the standard bug-bears with being this side of the pond the though, choice between 20USD or 20GBP. I might have missed something in the world of FX, but the exchange rate isn’t 1:1…..

    • #50082
      Jamie.R
      Participant

      Thanks for the info looks a good read will be one to add to my wish list 😛

    • #50083
      superkojiman
      Participant

      Looks good. Will check it out when it’s released.

    • #50084
      cd1zz
      Participant

      I know TJ. I believe he is donating the proceeds to the wounded warrior fund as well. Good cause.

    • #50085
      Eleven
      Participant

      I was thinking about canceling my pre-order for this book since I have no problem reading Python and assume I could learn the same stuff by just reading the source of open source projects.  However, I was googling for the detailed contents of the book and found this page about the author:

      http://www.linkedin.com/pub/tj-oconnor/43/37/81b

      Am I reading that correctly?  This guy really has all of those certifications?  Is that even humanly possible?  I might just keep the pre-order.

    • #50086
      cd1zz
      Participant

      Yep, I know him, it’s legit.

    • #50087
      Eleven
      Participant

      Man that’s impressive…  I’ll give the book a try then, but do you have any idea if there is a detailed ToC somewhere?  It’s not on the publisher’s site or amazon, and google has failed me.  The book is due out soon, so I would think there would be a detailed ToC by now.

    • #50088
      cd1zz
      Participant

      I will go directly to the source… stand by.

    • #50089
      Eleven
      Participant

      😮 Thanks!

    • #50090
      dynamik
      Participant

      Hah, with all those GIAC certs, he’d be a masochist if he wasn’t a GSE. Trying to maintain all of those individually would be a nightmare.

      Very nice collection regardless. That’s a great bonus of getting an STI master’s. I just wish they were accredited.

    • #50091
      UNIX
      Participant
        @Eleven wrote:

        I’ll give the book a try then, but do you have any idea if there is a detailed ToC somewhere?

        • Chapter 1. An introduction to the Python programming language
        • Chapter 2. A Penetration test with Python
        • Chapter 3. A Web of Python
        • Chapter 4. Forensics meets Python
        • Chapter 5. Network Analysis with Python
        • Chapter 6. Wireless Mayhem
        • Chapter 7. Exciting third party Python projects
        • Chapter 8. Python what the future holds

      Source: http://store.elsevier.com/Violent-Python/TJ-OConnor/isbn-9781597499576/

    • #50092
      Eleven
      Participant

      aweSEC, I said detailed ToC…  I want to know what the subsections are in the chapters.  😉

    • #50093
      Eleven
      Participant

      @ajohnson wrote:

      Hah, with all those GIAC certs, he’d be a masochist if he wasn’t a GSE. Trying to maintain all of those individually would be a nightmare.

      Very nice collection regardless. That’s a great bonus of getting an STI master’s. I just wish they were accredited.

      He’s gone WAY beyond the GSE requirements. 😉

    • #50094
      dynamik
      Participant

      @Eleven wrote:

      He’s gone WAY beyond the GSE requirements. 😉

      No, that wasn’t what I was getting at. Passing the GSE written every four years will renew ALL of your GIAC certs. Otherwise, he’d have to renew each one individually, which would be insane with that many.

    • #50095
      UNIX
      Participant

      @Eleven wrote:

      aweSEC, I said detailed ToC…  I want to know what the subsections are in the chapters.  😉

      Oh, I thought you might refer to the general table of contents. I just noticed that they are not available at e.g. amazon.

      As the book seems to have ~280 pages, I don’t think there would be many subsections listed though.

    • #50096
      BillV
      Participant

      You can lookup GIAC certification holders.

      Author: http://www.giac.org/certified-professional/terrence-oconnor/121884

      Definitely a lot but not quite as many as Dr. Wright:
      http://www.giac.org/certified-professional/craig-wright/107335

    • #50097
      Eleven
      Participant

      @ajohnson wrote:

      No, that wasn’t what I was getting at. Passing the GSE written every four years will renew ALL of your GIAC certs. Otherwise, he’d have to renew each one individually, which would be insane with that many.

      I would think it would renew all the certs you took to pass the GSE.  Renewing all GIAC certs doesn’t seem to make much sense, unless the GSE exam is customized to include questions from every GIAC cert you have.  ???

    • #50098
      cd1zz
      Participant

      Chapter 1: Introduction
      If you have not programmed in Python before, Chapter One provides background information about the language, variables, data types, functions, iteration, selection, and working with modules, and methodically walks through writing a few simple programs. Feel free to skip it if you are already comfortable with the Python programming language. After the first chapter, the following six chapters are fairly independent from one another; feel free to read them in whichever order you please, according to what strikes your curiosity.

      Chapter 2: Penetration Testing with Python
      Chapter Two introduces the idea of using the Python programming language to script attacks for penetration testing. The examples in the chapter include building a port scanner, constructing an SSH botnet, mass-compromising via FTP, replicating Conficker, and writing an exploit.

      Chapter 3: Forensic Investigations with Python
      Chapter Three utilizes Python for digital forensic investigations. This chapter provides examples for geo-locating individuals, recovering deleted items, extracting artifacts from the Windows registry, examining metadata in documents and images, and investigating application and mobile device artifacts.

      Chapter 4: Network Traffic Analysis with Python
      Chapter Four uses Python to analyze network traffic. The scripts in this chapter geo-locate IP addresses from packet captures, investigate popular DDoS toolkits, discover decoy scans, analyze botnet traffic, and foil intrusion detection systems.

      Chapter 5: Wireless Mayhem with Python
      Chapter Five creates mayhem for wireless and Bluetooth devices. The examples in this chapter show how to sniff and parse wireless traffic, build a wireless keylogger, identify hidden wireless networks, remotely command UAVs, identify malicious wireless toolkits in use, stalk Bluetooth radios, and exploit Bluetooth vulnerabilities.

      Chapter 6: Web Recon With Python
      Chapter Six examines using Python to scrape the web for information. The examples in this chapter include anonymously browsing the web via Python, working with developer APIs, scraping popular social media sites, and creating a spear-phishing email.

      Chapter 7: Antivirus Evasion with Python
      In the Final chapter, Chapter Seven, we build a piece of malware that evades antivirus systems. Additionally, we build a script for uploading our malware against an online antivirus scanner.

    • #50099
      Eleven
      Participant

      @cd1zz  Looks good, thanks!  A book like this is great since Python has become the scripting language to know if you’re into security.

    • #50100
      dynamik
      Participant

      @Eleven wrote:

      @ajohnson wrote:

      No, that wasn’t what I was getting at. Passing the GSE written every four years will renew ALL of your GIAC certs. Otherwise, he’d have to renew each one individually, which would be insane with that many.

      I would think it would renew all the certs you took to pass the GSE.  Renewing all GIAC certs doesn’t seem to make much sense, unless the GSE exam is customized to include questions from every GIAC cert you have.  ???

      I believe the continuing education component is a requirement of ANSI acceedidation. http://www.giac.org/about/ansi

      It’s the same type of deal with the CISSP. My OSCP didn’t refresh that material, but I was still able to apply the CPEs towards maintaining that certification. The renewal process usually just requires relevant continuing education, and if you’re keeping up with GSE-level material, you’re clearly doing so.

      And honestly, they needed a practical way to maintain certifications for people who have a higher number. Otherwise, they’ll end up in a position where they’re having to pay a fee, take an exam, and/or write a paper every few months. That’s just not feasible.

    • #50101
      Eleven
      Participant

      I just got the book and read a little of it.  The AV Evasion chapter was disappointing.  The only thing that was done to evade AV was to run msfpayload, paste the shellcode into a basic template python script, and compile it.  No encoding, obfuscating, or anything what so ever.  Just compiling shellcode msfpayload generated… not even msfencode was used.

      The little bit of the forensics chapter I read was decent for a beginner.  An entire book could probably be written on most, if not each chapter, so I guess it has to be somewhat general.

    • #50102
      dynamik
      Participant

      @Eleven wrote:

      I just got the book and read a little of it.  The AV Evasion chapter was disappointing.  The only thing that was done to evade AV was to run msfpayload, paste the shellcode into a basic template python script, and compile it.  No encoding, obfuscating, or anything what so ever.  Just compiling shellcode msfpayload generated… not even msfencode was used.

      I figured it’d be something like that. Dave used that trick at DefCon 20 (see the first video — also the PXE boot trick is pretty slick): https://www.trustedsec.com/downloads/social-engineer-toolkit/

      Still, if you weren’t aware you could do that before, it’s certainly a nice piece of info to pick up. Attacks don’t always have to be sexy or complicated.

      @Eleven wrote:

      The little bit of the forensics chapter I read was decent for a beginner.  An entire book could probably be written on most, if not each chapter, so I guess it has to be somewhat general.

      Right, you’ll find SecurityTube’s SPSE is like that too. What I’ve found to be important is that a resource provides you with a solid foundation and direction for future growth. Once you have the building blocks, you can usually get where you want to go on your own.

    • #50103
      Eleven
      Participant

      @ajohnson Yeah, it’s like creating a chapter on NIDS evasion and just running fragrouter and calling it a day…  I didn’t learn anything on AV evasion other than AV sucks even more than I thought.  I mean jeez, he went from being detected by 10/14 AV vendors, to 0 just by compiling it as an .exe using Python?  Are other people that successful with this technique?  I’m watching the video now, thanks.

    • #50104
      dynamik
      Participant

      @Eleven wrote:

      I mean jeez, he went from being detected by 10/14 AV vendors, to 0 just by compiling it as an .exe using Python?  Are other people that successful with this technique?

      Yup…

    • #50105
      ziggy_567
      Participant

      Yup…

    • #50106
      m0wgli
      Participant

      Another yup…

      I learnt about AV evasion earlier in the year, and I’d have to say it was a real eye opener! I was surprised how many AV’s can be bypassed with relatively little effort.

    • #50107
      Eleven
      Participant

      Man I had no idea…

      @m0wgli, do you know of any good links you’ve found on evading AV?  Anything on python and encoding, obfuscating, slicing a program into pieces to find the signature, etc.?

    • #50108
      cd1zz
      Participant
    • #50109
      Don Donzal
      Keymaster

      ajohnson’s review of this book is now live:

      http://www.ethicalhacker.net/content/view/464/2/

      Don

Viewing 29 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?