Customer Reviews

Gray Hat Python: Python Programming for Hackers and Reverse Engineers

5 star:		(5)
4 star:		(6)
3 star:		(5)
2 star:		(2)
1 star:		(0)

 

 

I have to start off by saying that I've been looking forward to this book being published for months now. Since it initially popped up on the No Starch website I've been following it and nagging the publishers about it's release. I was fortunate enough to get a copy last Friday and I dove into it full force, even my final exam suffered because I was a little too focused on this book. I have mixed feelings about the book overall, there was definitely a few things I gained from it. On the other hand, there were many more things that could have been added. If you are new to Reverse Engineering then you will most likely obtain a leap of knowledge from the book. Packed with code examples on various open source tools and concepts to create your own, you'll be waste deep in python for a while. If you've been around for the last few years and have already checked out many of the open source tools discussed in the book you may only get a few things out of it.


Justin does a great job elaborating through the the code examples used throughout the book. The sheer scope of this book makes it difficult to cover everything but Justin definitely attempts to give you a taste for the more common scenarios you may find yourself in. Below I highlight a few chapters that I found interesting and useful. Overall the entire book is useful but a large portion covers open source tools that have a plethora of documentation and examples in existence.

Chapter 3 is just downright awesome. This chapter walks you through creating your own python based debugger that is similar to pydbg. Between the concepts and actual implementation you obtain a solid understanding of what is going on in a Windows based debugger.

Chapter 6 goes over Hooking in 5 pages. This topic could easily fill a few chapters by itself but Justin sums everything up quite nicely with plenty of examples.

Chapter 7 discusses DLL and Code injection which was a pretty interesting topic. The chapter even gets a little "Evil" by showing you how to hide files on a filesystem using python. It goes one step deeper into evilness by demonstrating how to code a back door into files.

Chapter 8 goes into fuzzing concepts and the demonstration is very practical for anyone doing exploitation. Justin shows us how to create a file format fuzzer which I thought was pretty slick.

The last chapter I found pretty interesting was chapter 10 titled "Fuzzing Windows Drivers." This chapter outlines methods of identifying Device names and IOCTL codes using Immunity Debugger. It continues to show examples of an IOCTL Fuzzer that can be used in conjunction with the rest of the scripts outlined in the chapter. Definately some cool stuff. Personally, I'm not quite up to a Drive level fuzzing level but I still found the knowledge very useful and was able to translate some of the immunity scripts into IDAPython scripts for static analysis to find the device names and IOCTL Codes.


The Cons

The entire book was based off Dynamic analysis. This is great for those out there doing RE through execution, but it really sucks for people like me who only does dynamic analysis 10% of the time.

The entire book is windows specific. Yes, most RE work is done on windows, for windows binaries. However, there are closed source applications and even embedded stuff that is Linux based. Would have definitely been useful to have some examples for these types of cases.

At times I found the book drifting into the direction of exploitation. Granted, RE and exploitation go hand in hand but I feel those of us who perform RE for the purpose of compatibility, protocol analysis, and other crap were left out a bit.

The chapter on debugger design did not have all that much to say about designing a debugger. In fact, it was probably more inline with a quick introduction to x86 architecture, specifically registers and stacks. It was not until chapter 3 that you really understand the elements involved.

Overall, I equate this book to Hacking the art of exploitation first edition but for Reverse Engineering. The book is packed with useful information for both the novice to the professional but I hope a second edition comes out with more information, that covers both static and dynamic analysis.

I was extremely disappointed in this book. I had been waiting almost a year for the book to be released and in that time had spent time looking at the different applications that were currently written in Python that could possible be included. With the time spent in writing this book and bringing it into publication the poor quality of the book does not compare to the higher standards that most No Starch Press books have achieved.

While there were a few merits in the book the majority of the book was a futile attempt to put outdated or useless information to paper. Many of my coworkers were very interested in the publication, but having read it and having spoken with my collegues that have read it we can all agree that it falls well short of anticipation.

The first five chapters were about Immunity Debugger. While reading them it seemed as if it were a sales pitch and then after reading that the author was employed by the same company that produces Immunity it was plainly obvious that he was influenced.

The author spent a chapter on hooking(6), DLL and code injection(7), fuzzing(8), Sulley(9), Fuzzing Windows Drivers(10), IDAPython(11), PyEMU(12) and obviously the Immunity Debugger chapters that were 1 through 5. But where was the rest? It was obviously lacking in many areas. There was very little mentioned on networks, packet reassembly or capture (pynids). No mention was made of Scapy, Pcapy, Impacket, Inguma, Volatility and so many more. Libraries that would be extremely helpful were never even brushed. IronPython, Win32, CryptoPy,

The examples given were poor to say the least. The author never mentioned which versions of python that the examples worked with and they were built using the older releases. The author goes through the installation of Python 2.5, but that version had issues with a few of the examples that I managed to get to work on 2.4. No mention was made for the the Python 3 version and version 2.6 had issues with most of the examples.

At 188 pages with 80+ pages used for debuggers that book was sorely lacking in any amount of substance. Most of my notes have more content then this book. To think that a book written regarding security minded use of python could only yield this little bit of information is absured.

I had preordered the book well in advance of publication. Each time the book was delayed for a few months I was extremely disappointed, but continued to hold onto the preorder. Once I received the book the writing and content were so poor that I spent much of my time reading a few pages only to put it down to find something of more interest or better content.

As I had said previously, No Starch Press is known for their quality products and excellent material, but this book falls well short of expectations. If someone would ask if I recommend this book I would whole heartedly tell them they are better off buying seperate books and piecing together that with internet content.

With all the uses Python has in security today I feel the community needs a better resource for Python tools in pentesting, forensics, incident response, intrusion detection, and so on. The potential content could fill volumes. A book about Python and Security would benefit the community greatly if it was a quality product, but this is not it.

I've been eagerly awaiting the release of "Grey Hat Python" by Justin Seitz of Immunity. I think Python is a great language and it's used extensively in the security industry so I've been quite curious about the book. Overall, I'm happy with it. The book gives insight into some of the tips and tricks one of the best exploit development companies uses to quickly find and exploit bugs. I think most security professionals will find the book a useful addition to their shelves.

If the book has a fault, it's Justin's concise focus on using python as a tool to rapidly find and exploit bugs. As such the book is in a niche category. It doesn't really fulfill the subtitle "Python Programming for Hackers..." A more accurate subtitle might be "Python programming for expedited bug finding and exploitation". As such it lacks some things I would have expected from a more general book such as:

1. Using scapy or impacket for network tricks
2. Using python for phishing (this is a potential hot topic -- the Metasploit guys are working on a phishing addition for the framework so seeing something similar in python would be a plus).
3. Using python for generic security applications: web scraping, social network enumeration, gluing security tools, etc

All the above would have been nice additions to make the book more complete. As-is the book is very good, but you need to understand that it's not a general purpose python for hacking book. It is a great resource for debugging and automating dynamic analysis of executables.

Now for the super-hardcore exploit guys out there I would have liked to see more depth. I understand why the book didn't go into too much more detail -- the number of interested parties likely decreases exponentially. But I'd have liked to see a few things:

1. Some code that Nico uses to manipulate the heap for use in heap overflows. I do a lot of trial and error with little automated analysis. I assume Immunity does something better and I'd like to see it. In fairness, they do review the !hippie function that's in ID.
2. I'd like to see an easier intro to fuzzing RPC with python. RPC has always been a barrier for me and the Immunity folks have a lot of tools to do this. I'd like to see some more approachable examples than having the source and digging into spike.py
3. MOSDEF is one of things that makes CANVAS special. I'd have loved to see the book build a simpler win32MosdefShellServer

I'm a hardcore security geek and there are probably only a handful of people that would want to see the three items immediately above. So I'm not surprised they're not in the book, and can't fault anyone for that.

Overall, I recommend the book. Look at is a first iteration. It's a good book to help security engineers use python to begin analyzing software vulnerabilities. Primarily it's a book about using python to debug and to a lesser degree fuzz. It's a good insight into how Immunity does things and will help you look at CANVAS code a little easier. For that alone it's definitely worth buying.

The book dives right into ctypes and dynamic libraries, from then on end your up for an interesting ride.

The debugger chapters are clearly the nitty gritty of this book. It was worth reading for the sheer amount of knowledge in those 3 or 4 chapters, even though the first time I skimmed the book I thought those were the chapters I was going to skip. Glad I didn't.

Personally I found the chapter on Fuzzing and Sulley to be immensely useful, regardless of both being very brief and the subject could very well be a book itself.

It's not a beginners book even though the author mentions that if you are new to python you should read the book front to back, I seriously doubt anyone new to python would get much out of this book. If you are looking for a book with a few recipes for quick deployment and use, this is not it. This book is much more about sharing knowledge than it is about giving you pre-fabricated code.

I would certainly love to see at least one or two network chapters in a book like this. There is just so much you need to automate during an enumeration or assessment phase and python is a wonderful tool for that. The first reviewer wanted a few chapters on static analysis, which I understand because when you pick a title like "gray hat python" we all have our own expectations, no doubt based on our previous use of python in a security scenario.

So bottom line: for sheer compact knowledge and finding out what is under the hood I would certainly recommend this book, but I'd make it clear it's all about software vulnerabilities. :)

This book has some interesting insights for someone just starting out with python. For the newcomer to python learning how to call c code easily within python is always exciting and using c types is presented well in the start of this book. However on the whole, it is often sufficient to read through the code in this book and say 'aha'. Actually sitting down at a computer shows the flaws in this book. For one, there are several hangups if your operating system is 64 bit windows and even more if you are on any variant of Linux. Additionally some of the code is just wrong and requires reading the list of updates at the books website. However simply reading it as a book, it generally explains how a debugger works and convinces the user that python is a good language for doing this. Finally as a tutorial for using the existing upper tier python debuggers would at least merit this book useful to some.

I purchased this book as an attempt to learn more about debugging and hacking using Python.

The content itself is good. It's well organized and very clear, even for someone like me who is a self-taught programmer with ~1 year of Python experience. Perusing Chapters 2 and 3 should bring anyone up to speed on debuggers. The remaining chapters do a nice job of explaining various Python tools to use in hacking and reverse engineering.

Unfortunately, the code fragments in Chapter 3 (where you build your own debugger in Python) could best be described as a disaster. I expect a programming book's code to run without extensive tweaks. I don't need it to be the most Pythonic code in the world ... just generate the expected results. Given the importance of Chapter 3 to your understanding of a good portion of the book, these errors were a killer.

Given that the code required extensive fixes to run as intended, the errata (now on No Starch Press's website) was delayed by at least a year from publishing, and there was no forum on No Starch Press's website to pass errata around in the meantime, the book loses 2 stars.

The lesson: if you're going to publish a programming book, get the code right. Absent the ability to do so, at least support your book's readers in working around the issues.

Edit: Sorry, wanted to point out one more thing. For Chapter 3, the code on the website's source files don't always match the code walked through in the book, even on parts of the code that are fully functioning. Your best bet is to start with the code on the website and debug that.

I was also one of the people who was eagerly awaiting the release of this book, NOT so much because I am a "hacker by day trying to pentrate systems etc", but because Python is my language of choice and I love to play / hack / hobby around with it!!

The bottom line is the book is FUN to read, and opens up the minds of those programmers / hackers out their who have a PASSION this stuff ;-)

This book gave me some super insight into some of the lower level things "non hackers" have probably been missing all along. We all know the best programmers in the world are hackers and I think Justin has done a wonderful job showing just how cool, EASY and FUN hacking in Python can really be!

I must say I had numerous times in the book where I would smile and think "WOW, now that's cool" ;-)

I must also say I am well impressed with "Immunity Debugger", another superb product that unless I had read the book, I would have never heard about...

So keep up the great work Justin, and I really look forward to if you ever bring out a 2nd edition in years to come, that will be fun!

Rock on!

216 pages, a title of 'Gray Hat Python' and a table of contents with subjects such as 'design and program your own debugger', 'learn how to fuzz windows drivers', 'create powerfull fuzzers from scratch', DLL injection, hooking, malware analysis. My first impression was that it must be really niche, hardcore and not for me. I think lots of people might get those thoughts.

You would think that the book would appeal to only a subgroup of security professionals or software engineers given the subject matter. The small book also suggests that there would not be much space left to explain the matter to people who are not experts.

First impressions are often wrong.


In my opinion this book is a must for all people who deal with security on a technical level. The book is also interresting for programmers who want to learn more about debuggers and other low level aspects. People who want to learn some new tricks in Python will probably like the book as well. But all these people don't have to be experts to enjoy this book. There are a few ways you can read this book as it was clearly written with a few different levels of perspective in mind.

For example, you can learn about the inner workings of a debugger without actually understanding the Python code. All topics are first clearly explained on a conceptual level. After that Python code is used for implementation. You will get introduced to the Python code gradually, in the beginning each program is short and basic and the most important lines are highlighted and explained. After that more functionality gets added and further explainations follow.

Though the book deals with quite a wide variety of subjects, they all have a low-level debugging aspect. This makes that it is interresting for both security oriented people and developers. It's all about basic, low level techniques. And most of them can be used both for making and breaking and for good and bad.

Given the subject matter and size of the book, clearly some things had to be left out. One of the things this book left out was implementation of the debugger on operating systems other then Windows. I think it was a good choice since Windows is still the platform on which most debugging and reversing takes place. Also, Windows offers a few API functions that make it easier to do debugging. This abstraction was used well to keep things understandable and short while still offering a good picture of what makes a debugger tick.

The only drawback was that there seemed to be some errors in some code listings. Unfortunately, there is no errata section on this book's website yet. This can make getting the example code to run a challenge for non Pythonians.

All in all, this is a very cool and unique book for all people who want to take a deeper look.

I am always interested in Gray Hat or even Black Hat information. And, as with any of my reviews, my philosophy is this: I'll cut a book a lot of slack if I can learn something from it. That's the point of reading a book, after all. Yes, errors here and there, yada yada can be whined about and what have you, but it's the information we are really paying for.

That being said, I found this book to be a very interesting read. It took my mind to uses of Python that I had truly never considered before!

It is in my opinion not for someone learning Python. Also, if you already have an understanding of some of the internals of computing, you'll get more out of the book. Worst case, though, it will show you areas where you might want to partake of further study.

You are not going to learn anything "subversive" in this book. But, with what you learn in this book, and your imagination, you could certainly come up with something of that ilk.

If you're into hacking ( in the broad definition of the term: to really learn everything you can about the machine, etc. ), you'll enjoy this book. If you're just looking for recipes, or "script kiddie" stuff, you'll be disappointed.

I recommend the book.

Gray Hat Python was a book recommended to me by a friend that is pretty knowledgeable in the computer security field. After the first chapter I was hooked. The instructions are straightforward and easy to follow. I recommend this book to everyone, even those like myself that are just getting started with learning Python.