Gray Hat Python: Python Programming for Hackers and Reverse Engineers (Paperback)

by Justin Seitz (Author)
Key Phrases: soft breakpoints, mutated buffer, ctypes import, Immunity Debugger, Windows Debugger, Scriptable Emulator (more...)

Editorial Reviews

Product Description

Python is fast becoming the programming language of choice for hackers, reverse engineers, and software testers because it's easy to write quickly, and it has the low-level support and libraries that make hackers happy. But until now, there has been no real manual on how to use Python for a variety of hacking tasks. You had to dig through forum posts and man pages, endlessly tweaking your own code to get everything working. Not anymore.

Gray Hat Python explains the concepts behind hacking tools and techniques like debuggers, trojans, fuzzers, and emulators. But author Justin Seitz goes beyond theory, showing you how to harness existing Python-based security tools - and how to build your own when the pre-built ones won't cut it.

You'll learn how to:

• Automate tedious reversing and security tasks
• Design and program your own debugger
• Learn how to fuzz Windows drivers and create powerful fuzzers from scratch
• Have fun with code and library injection, soft and hard hooking techniques, and other software trickery
• Sniff secure traffic out of an encrypted web browser session
• Use PyDBG, Immunity Debugger, Sulley, IDAPython, PyEMU, and more

The world's best hackers are using Python to do their handiwork. Shouldn't you?

About the Author
Justin Seitz is a Senior Security Researcher for Immunity, Inc., where he spends a great deal of time bughunting, reverse engineering, doing Python development, and malware analysis.

Product Details

• Paperback: 232 pages
• Publisher: No Starch Press (April 23, 2009)
• Language: English
• ISBN-10: 1593271921
• ISBN-13: 978-1593271923
• Product Dimensions: 9.2 x 6.9 x 0.7 inches
• Shipping Weight: 14.4 ounces (View shipping rates and policies)
• Average Customer Review: 4.0 out of 5 stars See all reviews (6 customer reviews)
• Amazon.com Sales Rank: #13,672 in Books (See Bestsellers in Books)

  Popular in these categories: (What's this?)

  #5 in	Books > Computers & Internet > Programming > Languages & Tools > Python
  #7 in	Books > Computers & Internet > Web Development > Security & Encryption > Encryption
  #9 in	Books > Computers & Internet > Business & Culture > Security

Customer Reviews

Most Helpful Customer Reviews

15 of 15 people found the following review helpful:

4.0 out of 5 stars GHPython Review, May 3, 2009

By	E. Hulse (SA, TX) - See all my reviews (REAL NAME)

I have to start off by saying that I've been looking forward to this book being published for months now. Since it initially popped up on the No Starch website I've been following it and nagging the publishers about it's release. I was fortunate enough to get a copy last Friday and I dove into it full force, even my final exam suffered because I was a little too focused on this book. I have mixed feelings about the book overall, there was definitely a few things I gained from it. On the other hand, there were many more things that could have been added. If you are new to Reverse Engineering then you will most likely obtain a leap of knowledge from the book. Packed with code examples on various open source tools and concepts to create your own, you'll be waste deep in python for a while. If you've been around for the last few years and have already checked out many of the open source tools discussed in the book you may only get a few things out of it.


Justin does a great job elaborating through the the code examples used throughout the book. The sheer scope of this book makes it difficult to cover everything but Justin definitely attempts to give you a taste for the more common scenarios you may find yourself in. Below I highlight a few chapters that I found interesting and useful. Overall the entire book is useful but a large portion covers open source tools that have a plethora of documentation and examples in existence.

Chapter 3 is just downright awesome. This chapter walks you through creating your own python based debugger that is similar to pydbg. Between the concepts and actual implementation you obtain a solid understanding of what is going on in a Windows based debugger.

Chapter 6 goes over Hooking in 5 pages. This topic could easily fill a few chapters by itself but Justin sums everything up quite nicely with plenty of examples.

Chapter 7 discusses DLL and Code injection which was a pretty interesting topic. The chapter even gets a little "Evil" by showing you how to hide files on a filesystem using python. It goes one step deeper into evilness by demonstrating how to code a back door into files.

Chapter 8 goes into fuzzing concepts and the demonstration is very practical for anyone doing exploitation. Justin shows us how to create a file format fuzzer which I thought was pretty slick.

The last chapter I found pretty interesting was chapter 10 titled "Fuzzing Windows Drivers." This chapter outlines methods of identifying Device names and IOCTL codes using Immunity Debugger. It continues to show examples of an IOCTL Fuzzer that can be used in conjunction with the rest of the scripts outlined in the chapter. Definately some cool stuff. Personally, I'm not quite up to a Drive level fuzzing level but I still found the knowledge very useful and was able to translate some of the immunity scripts into IDAPython scripts for static analysis to find the device names and IOCTL Codes.


The Cons

The entire book was based off Dynamic analysis. This is great for those out there doing RE through execution, but it really sucks for people like me who only does dynamic analysis 10% of the time.

The entire book is windows specific. Yes, most RE work is done on windows, for windows binaries. However, there are closed source applications and even embedded stuff that is Linux based. Would have definitely been useful to have some examples for these types of cases.

At times I found the book drifting into the direction of exploitation. Granted, RE and exploitation go hand in hand but I feel those of us who perform RE for the purpose of compatibility, protocol analysis, and other crap were left out a bit.

The chapter on debugger design did not have all that much to say about designing a debugger. In fact, it was probably more inline with a quick introduction to x86 architecture, specifically registers and stacks. It was not until chapter 3 that you really understand the elements involved.

Overall, I equate this book to Hacking the art of exploitation first edition but for Reverse Engineering. The book is packed with useful information for both the novice to the professional but I hope a second edition comes out with more information, that covers both static and dynamic analysis.

8 of 8 people found the following review helpful:

4.0 out of 5 stars Excellent book for rapid vulnerability testing, May 7, 2009

By	mjw - See all my reviews

I've been eagerly awaiting the release of "Grey Hat Python" by Justin Seitz of Immunity. I think Python is a great language and it's used extensively in the security industry so I've been quite curious about the book. Overall, I'm happy with it. The book gives insight into some of the tips and tricks one of the best exploit development companies uses to quickly find and exploit bugs. I think most security professionals will find the book a useful addition to their shelves.

If the book has a fault, it's Justin's concise focus on using python as a tool to rapidly find and exploit bugs. As such the book is in a niche category. It doesn't really fulfill the subtitle "Python Programming for Hackers..." A more accurate subtitle might be "Python programming for expedited bug finding and exploitation". As such it lacks some things I would have expected from a more general book such as:

1. Using scapy or impacket for network tricks
2. Using python for phishing (this is a potential hot topic -- the Metasploit guys are working on a phishing addition for the framework so seeing something similar in python would be a plus).
3. Using python for generic security applications: web scraping, social network enumeration, gluing security tools, etc

All the above would have been nice additions to make the book more complete. As-is the book is very good, but you need to understand that it's not a general purpose python for hacking book. It is a great resource for debugging and automating dynamic analysis of executables.

Now for the super-hardcore exploit guys out there I would have liked to see more depth. I understand why the book didn't go into too much more detail -- the number of interested parties likely decreases exponentially. But I'd have liked to see a few things:

1. Some code that Nico uses to manipulate the heap for use in heap overflows. I do a lot of trial and error with little automated analysis. I assume Immunity does something better and I'd like to see it. In fairness, they do review the !hippie function that's in ID.
2. I'd like to see an easier intro to fuzzing RPC with python. RPC has always been a barrier for me and the Immunity folks have a lot of tools to do this. I'd like to see some more approachable examples than having the source and digging into spike.py
3. MOSDEF is one of things that makes CANVAS special. I'd have loved to see the book build a simpler win32MosdefShellServer

I'm a hardcore security geek and there are probably only a handful of people that would want to see the three items immediately above. So I'm not surprised they're not in the book, and can't fault anyone for that.

Overall, I recommend the book. Look at is a first iteration. It's a good book to help security engineers use python to begin analyzing software vulnerabilities. Primarily it's a book about using python to debug and to a lesser degree fuzz. It's a good insight into how Immunity does things and will help you look at CANVAS code a little easier. For that alone it's definitely worth buying.

3 of 3 people found the following review helpful:

5.0 out of 5 stars Not for the faint of heart, June 11, 2009

By	Nuno Povoa (Lisbon, Portugal) - See all my reviews (REAL NAME)

The book dives right into ctypes and dynamic libraries, from then on end your up for an interesting ride.

The debugger chapters are clearly the nitty gritty of this book. It was worth reading for the sheer amount of knowledge in those 3 or 4 chapters, even though the first time I skimmed the book I thought those were the chapters I was going to skip. Glad I didn't.

Personally I found the chapter on Fuzzing and Sulley to be immensely useful, regardless of both being very brief and the subject could very well be a book itself.

It's not a beginners book even though the author mentions that if you are new to python you should read the book front to back, I seriously doubt anyone new to python would get much out of this book. If you are looking for a book with a few recipes for quick deployment and use, this is not it. This book is much more about sharing knowledge than it is about giving you pre-fabricated code.

I would certainly love to see at least one or two network chapters in a book like this. There is just so much you need to automate during an enumeration or assessment phase and python is a wonderful tool for that. The first reviewer wanted a few chapters on static analysis, which I understand because when you pick a title like "gray hat python" we all have our own expectations, no doubt based on our previous use of python in a security scenario.

So bottom line: for sheer compact knowledge and finding out what is under the hood I would certainly recommend this book, but I'd make it clear it's all about software vulnerabilities. :)