.

Violent Python

<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Thu Oct 18, 2012 8:11 am

Re: Violent Python

Eleven wrote:aweSEC, I said detailed ToC...  I want to know what the subsections are in the chapters.  ;)


Oh, I thought you might refer to the general table of contents. I just noticed that they are not available at e.g. amazon.

As the book seems to have ~280 pages, I don't think there would be many subsections listed though.
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Thu Oct 18, 2012 8:44 am

Re: Violent Python

You can lookup GIAC certification holders.

Author: http://www.giac.org/certified-professio ... nor/121884

Definitely a lot but not quite as many as Dr. Wright:
http://www.giac.org/certified-professio ... ght/107335
<<

Eleven

User avatar

Full Member
Full Member

Posts: 121

Joined: Thu Nov 10, 2011 6:47 pm

Post Thu Oct 18, 2012 9:07 am

Re: Violent Python

ajohnson wrote:
No, that wasn't what I was getting at. Passing the GSE written every four years will renew ALL of your GIAC certs. Otherwise, he'd have to renew each one individually, which would be insane with that many.


I would think it would renew all the certs you took to pass the GSE.  Renewing all GIAC certs doesn't seem to make much sense, unless the GSE exam is customized to include questions from every GIAC cert you have.  ???
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Thu Oct 18, 2012 9:55 am

Re: Violent Python

Chapter 1: Introduction
If you have not programmed in Python before, Chapter One provides background information about the language, variables, data types, functions, iteration, selection, and working with modules, and methodically walks through writing a few simple programs. Feel free to skip it if you are already comfortable with the Python programming language. After the first chapter, the following six chapters are fairly independent from one another; feel free to read them in whichever order you please, according to what strikes your curiosity.

Chapter 2: Penetration Testing with Python
Chapter Two introduces the idea of using the Python programming language to script attacks for penetration testing. The examples in the chapter include building a port scanner, constructing an SSH botnet, mass-compromising via FTP, replicating Conficker, and writing an exploit.

Chapter 3: Forensic Investigations with Python
Chapter Three utilizes Python for digital forensic investigations. This chapter provides examples for geo-locating individuals, recovering deleted items, extracting artifacts from the Windows registry, examining metadata in documents and images, and investigating application and mobile device artifacts.

Chapter 4: Network Traffic Analysis with Python
Chapter Four uses Python to analyze network traffic. The scripts in this chapter geo-locate IP addresses from packet captures, investigate popular DDoS toolkits, discover decoy scans, analyze botnet traffic, and foil intrusion detection systems.

Chapter 5: Wireless Mayhem with Python
Chapter Five creates mayhem for wireless and Bluetooth devices. The examples in this chapter show how to sniff and parse wireless traffic, build a wireless keylogger, identify hidden wireless networks, remotely command UAVs, identify malicious wireless toolkits in use, stalk Bluetooth radios, and exploit Bluetooth vulnerabilities.

Chapter 6: Web Recon With Python
Chapter Six examines using Python to scrape the web for information. The examples in this chapter include anonymously browsing the web via Python, working with developer APIs, scraping popular social media sites, and creating a spear-phishing email.

Chapter 7: Antivirus Evasion with Python
In the Final chapter, Chapter Seven, we build a piece of malware that evades antivirus systems. Additionally, we build a script for uploading our malware against an online antivirus scanner.
<<

Eleven

User avatar

Full Member
Full Member

Posts: 121

Joined: Thu Nov 10, 2011 6:47 pm

Post Thu Oct 18, 2012 10:05 am

Re: Violent Python

@cd1zz  Looks good, thanks!  A book like this is great since Python has become the scripting language to know if you're into security.
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Thu Oct 18, 2012 1:52 pm

Re: Violent Python

Eleven wrote:
ajohnson wrote:
No, that wasn't what I was getting at. Passing the GSE written every four years will renew ALL of your GIAC certs. Otherwise, he'd have to renew each one individually, which would be insane with that many.


I would think it would renew all the certs you took to pass the GSE.  Renewing all GIAC certs doesn't seem to make much sense, unless the GSE exam is customized to include questions from every GIAC cert you have.  ???


I believe the continuing education component is a requirement of ANSI acceedidation. http://www.giac.org/about/ansi

It's the same type of deal with the CISSP. My OSCP didn't refresh that material, but I was still able to apply the CPEs towards maintaining that certification. The renewal process usually just requires relevant continuing education, and if you're keeping up with GSE-level material, you're clearly doing so.

And honestly, they needed a practical way to maintain certifications for people who have a higher number. Otherwise, they'll end up in a position where they're having to pay a fee, take an exam, and/or write a paper every few months. That's just not feasible.
Last edited by dynamik on Thu Oct 18, 2012 1:54 pm, edited 1 time in total.
The day you stop learning is the day you start becoming obsolete.
<<

Eleven

User avatar

Full Member
Full Member

Posts: 121

Joined: Thu Nov 10, 2011 6:47 pm

Post Fri Nov 16, 2012 11:42 am

Re: Violent Python

I just got the book and read a little of it.  The AV Evasion chapter was disappointing.  The only thing that was done to evade AV was to run msfpayload, paste the shellcode into a basic template python script, and compile it.  No encoding, obfuscating, or anything what so ever.  Just compiling shellcode msfpayload generated... not even msfencode was used.

The little bit of the forensics chapter I read was decent for a beginner.  An entire book could probably be written on most, if not each chapter, so I guess it has to be somewhat general.
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Fri Nov 16, 2012 12:39 pm

Re: Violent Python

Eleven wrote:I just got the book and read a little of it.  The AV Evasion chapter was disappointing.  The only thing that was done to evade AV was to run msfpayload, paste the shellcode into a basic template python script, and compile it.  No encoding, obfuscating, or anything what so ever.  Just compiling shellcode msfpayload generated... not even msfencode was used.


I figured it'd be something like that. Dave used that trick at DefCon 20 (see the first video -- also the PXE boot trick is pretty slick): https://www.trustedsec.com/downloads/so ... r-toolkit/

Still, if you weren't aware you could do that before, it's certainly a nice piece of info to pick up. Attacks don't always have to be sexy or complicated.

Eleven wrote:The little bit of the forensics chapter I read was decent for a beginner.  An entire book could probably be written on most, if not each chapter, so I guess it has to be somewhat general.


Right, you'll find SecurityTube's SPSE is like that too. What I've found to be important is that a resource provides you with a solid foundation and direction for future growth. Once you have the building blocks, you can usually get where you want to go on your own.
The day you stop learning is the day you start becoming obsolete.
<<

Eleven

User avatar

Full Member
Full Member

Posts: 121

Joined: Thu Nov 10, 2011 6:47 pm

Post Fri Nov 16, 2012 12:51 pm

Re: Violent Python

@ajohnson Yeah, it's like creating a chapter on NIDS evasion and just running fragrouter and calling it a day...  I didn't learn anything on AV evasion other than AV sucks even more than I thought.  I mean jeez, he went from being detected by 10/14 AV vendors, to 0 just by compiling it as an .exe using Python?  Are other people that successful with this technique?  I'm watching the video now, thanks.
Last edited by Eleven on Fri Nov 16, 2012 12:53 pm, edited 1 time in total.
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Fri Nov 16, 2012 2:53 pm

Re: Violent Python

Eleven wrote:I mean jeez, he went from being detected by 10/14 AV vendors, to 0 just by compiling it as an .exe using Python?  Are other people that successful with this technique?


Yup...
The day you stop learning is the day you start becoming obsolete.
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Fri Nov 16, 2012 3:51 pm

Re: Violent Python

Yup...
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Fri Nov 16, 2012 4:27 pm

Re: Violent Python

Another yup...

I learnt about AV evasion earlier in the year, and I'd have to say it was a real eye opener! I was surprised how many AV's can be bypassed with relatively little effort.
Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

Eleven

User avatar

Full Member
Full Member

Posts: 121

Joined: Thu Nov 10, 2011 6:47 pm

Post Fri Nov 16, 2012 10:10 pm

Re: Violent Python

Man I had no idea...

@m0wgli, do you know of any good links you've found on evading AV?  Anything on python and encoding, obfuscating, slicing a program into pieces to find the signature, etc.?
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Fri Nov 16, 2012 10:18 pm

Re: Violent Python

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu Feb 28, 2013 11:09 am

Re: Violent Python

ajohnson's review of this book is now live:

http://www.ethicalhacker.net/content/view/464/2/

Don
CISSP, MCSE, CSTA, Security+ SME
Previous

Return to Book Reviews

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software