.

[Article]-Book Review: Coding for Penetration Testers

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Tue May 29, 2012 2:54 pm

[Article]-Book Review: Coding for Penetration Testers

Here's a look into a book by 2 long-time friends & now both of them are EH-Net Columnists. How lucky am I?

The guy doing the review ain't no slouch either!

Let us know what you think of the reviews, the book itself if you've read it and any of the participants in this book review.

Permanent link:[Article]-Book Review: Coding for Penetration Testers


Image

Review by Andrew Johnson CISSP, GPEN, eCPPT, OSWP et al


With a title as ambitious as Coding for Penetration Testers, it's important to set expectations properly at the onset. In this context, coding is synonymous with scripting, and the content primarily focuses on Bash Scripting, Python, PERL, Ruby, PHP, SQL, PowerShell, and scripting related to various scanners such as Nmap and Nessus. Compiled languages such as Assembly, Java, and the C variants are not within the content’s scope.

This Syngress published book by EH-Net Columnists Jason Andress and Ryan Linn strives to remove the mystery surrounding the development of security tools and scripts by presenting dozens of easy-to-follow examples. The ultimate goal is to alleviate the reliance on pre-built security tools and create more versatile and effective penetration testers. With this resource, readers will gain the knowledge to start such a journey that will likely have numerous, “That’s all there is to it!?” epiphanies as they progress through the book.



Don
CISSP, MCSE, CSTA, Security+ SME
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Tue May 29, 2012 3:17 pm

Re: [Article]-Book Review: Coding for Penetration Testers

Thanks to Andrew and Don for the great review. Doing a coding book was a first for Ryan and I and it's definitely a different sort of animal. I really hope you all enjoy it and find it useful.

We're aware of the case problems in some of the code and there are definitely a couple places where this causes issues. These were introduced at the last minute by the person formatting the book (grrrrr). I'll get with Ryan and see if we can cook up an errata doc and get it online.

For anyone here that wants a soft copy of the code, let me know and we'll get a package put together and send it out. I'll put that up online also, but folks here will get the first crack at it. 
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Wed May 30, 2012 12:09 am

Re: [Article]-Book Review: Coding for Penetration Testers

I've still got to read that. I'm a little disappointed there was no C/C++ or Assembler primer. Since I need help on those for the ElearnSec class. But still happy I have a copy. Maybe I'll get to read it soon, like around October.
OSWP, Sec+
<<

apollo

Full Member
Full Member

Posts: 146

Joined: Fri Apr 04, 2008 7:44 pm

Post Wed May 30, 2012 7:18 am

Re: [Article]-Book Review: Coding for Penetration Testers

chrisj wrote:I've still got to read that. I'm a little disappointed there was no C/C++ or Assembler primer. Since I need help on those for the ElearnSec class. But still happy I have a copy. Maybe I'll get to read it soon, like around October.


What sort of things would you like to see with c/c++/asm ?  I'm pretty sure we can build a whole 'nother book out of that.  The only things that I've been using c/c++ for lately are for network tools that require serious speed (ettercap/skipfish).  For asm, I can see some of that for exploit dev and for some minor speed enhancements, but would be curious how deep for something like that you'd like to see.  Assembly is one that we'd have to really have targeted, as what you want to do with it is kind of important.  Especially if it's exploit dev, there would have to be coverage of ROP and some of the other more complex aspects. 

Hopefully when you get some time you can give the scripting a go, and let us know if theres other stuff that people would like to see in there.

Thanks,
Ryan
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Wed May 30, 2012 7:31 am

Re: [Article]-Book Review: Coding for Penetration Testers

apollo wrote:What sort of things would you like to see with c/c++/asm ?  I'm pretty sure we can build a whole 'nother book out of that.  The only things that I've been using c/c++ for lately are for network tools that require serious speed (ettercap/skipfish). 


Skipfish is a brute if I ever saw one. As for the book, haven't read it yet so I can't comment but judging from the review, I may pick it up some time. Now as for what I would want to see in these types of books, differs from what many would want to see.

Assembly as a whole is a huge monster to cover let alone getting into the dissection, disassembly and debugging of it. I would want a book that goes more in depth on the frameworking of exploitation. Not: "look at the cool NOP sledding!" Something that blankets protections (ASLR/DEP/SEH/etc) which again, would likely be three books.

Have you guys thought about doing something like an interactive eBook online? Think about that. Chapter based book, where via subscription, one learns and performs samples via the web. Perhaps with audio/video walkthroughs. Would be akin to a challenge in the sense that in order for someone to get to the next chapter, they'd have to finish and fully understand the chapter they're on. You could price it the cost of a book for 6mos of access while the reader not only goes through walkthroughs, but can watch a video/hear an audio description of what you're talking about. Something like this has not been done from all I have seen. Would be cool for ADHD/ADD driven security slackers such as myself.
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Wed May 30, 2012 9:32 am

Re: [Article]-Book Review: Coding for Penetration Testers

Interesting idea sil. I'll have to cogitate on that...
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Thu May 31, 2012 2:22 am

Re: [Article]-Book Review: Coding for Penetration Testers

Thanks its interesting i put it to my books list
ICS Academy Network Security Certified

Return to Book Reviews

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software