Book Review: "Black Hat Python: Python Programming for Hackers and Pentesters"
Justin Seitz, the same author of the popular Grey Hat Python, has followed it up with a broader, and in my opinion better, title: Black Hat Python. It's cheaper than Grey Hat Python, has better reviews, and is a little more practical for general hacking (covering a wider verity of python libraries in various domains). For only ~$25 I actually recommend getting the physical book, as it's one of the few programming books I've seen that reads really well, even with python's funny way of detonating new lines and scope. I think the reason it reads so well is because the code is both well commented and also described with reference markers in a paragraphic format that is very descriptive and fun to follow. The code is well structured with object oriented design and exception handling.
I'de recommend it for intermediate programmers as the code may be a little too involved for beginners and the descriptions may be a little too superfluous for experts. There are also a number sloppy 'mistakes' that beginners will fall victim too if they run with the code verbatim. One such example is in Chapter 7, where the author unassumingly has imitators post their GitHub credentials to GitHub in a function called 'connect_to_github', which is used by a GitHub propagating botnet concept. It's funny, the reason I actually decided to review this book is because a friend showed me a recreation of that code where they had actually posted their GitHub credentials to a public repo. FYI, don't ever post anything 'credential related' to GitHub, it will be abused. So after reading this whole book through, I really do caution the user to think critically about the code they are running, it's intended purpose, and any potential security vulnerabilities within your own code. That said, this book provides an excellent cookbook for offensive python code and I highly encourage people to checkout the code. My overviews usually list each chapter and the sub-topics covered in each chapter, but the Table of Contents takes care of that for me in this situation. Again, the code from each chapter covers the same topics and is the main focus of each chapter, so I highly recommend spending a lot of time with the code first and grabbing the book if you want a better / deeper explanation. Some of my favorite chapters include extending the Burp proxy with python in Chapter 6 and manipulating memory images with Volatility and shellcode in Chapter 11. Another must read is Chapter 4, which deals with Scapy, a powerful python library for manipulating networking protocols. Overall, I give this book 7 out of 10 stars, as it's a well implemented read with lots of good ideas for fun offensive python projects. So enjoy, and don't forget it's all about the code!!
I'de recommend it for intermediate programmers as the code may be a little too involved for beginners and the descriptions may be a little too superfluous for experts. There are also a number sloppy 'mistakes' that beginners will fall victim too if they run with the code verbatim. One such example is in Chapter 7, where the author unassumingly has imitators post their GitHub credentials to GitHub in a function called 'connect_to_github', which is used by a GitHub propagating botnet concept. It's funny, the reason I actually decided to review this book is because a friend showed me a recreation of that code where they had actually posted their GitHub credentials to a public repo. FYI, don't ever post anything 'credential related' to GitHub, it will be abused. So after reading this whole book through, I really do caution the user to think critically about the code they are running, it's intended purpose, and any potential security vulnerabilities within your own code. That said, this book provides an excellent cookbook for offensive python code and I highly encourage people to checkout the code. My overviews usually list each chapter and the sub-topics covered in each chapter, but the Table of Contents takes care of that for me in this situation. Again, the code from each chapter covers the same topics and is the main focus of each chapter, so I highly recommend spending a lot of time with the code first and grabbing the book if you want a better / deeper explanation. Some of my favorite chapters include extending the Burp proxy with python in Chapter 6 and manipulating memory images with Volatility and shellcode in Chapter 11. Another must read is Chapter 4, which deals with Scapy, a powerful python library for manipulating networking protocols. Overall, I give this book 7 out of 10 stars, as it's a well implemented read with lots of good ideas for fun offensive python projects. So enjoy, and don't forget it's all about the code!!