I’ve been eagerly awaiting the release of “Grey Hat Python” by Justin Seitz of Immunity. I think Python is a great language and it’s used extensively in the security industry so I’ve been quite curious about the book. Overall, I’m happy with it. The book gives insight into some of the tips and tricks one of the best exploit development companies uses to quickly find and exploit bugs. I think most security professionals will find the book a useful addition to their shelves.
If the book has a fault, it’s Justin’s concise focus on using python as a tool to rapidly find and exploit bugs. As such the book is in a niche category. It doesn’t really fulfill the subtitle “Python Programming for Hackers…” A more accurate subtitle might be “Python programming for expedited bug finding and exploitation”. As such it lacks some things I would have expected from a more general book such as:
- Using scapy or impacket for network tricks
- Using python for phishing (this is a potential hot topic — the Metasploit guys are working on a phishing addition for the framework so seeing something similar in python would be a plus).
- Using python for generic security applications: web scraping, social network enumeration, gluing security tools, etc
All the above would have been nice additions to make the book more complete. As-is the book is very good, but you need to understand that it’s not a general purpose python for hacking book. It is a great resource for debugging and automating dynamic analysis of executables.
Now for the super-hardcore exploit guys out there I would have liked to see more depth. I understand why the book didn’t go into too much more detail — the number of interested parties likely decreases exponentially. But I’d have liked to see a few things:
- Some code that Nico uses to manipulate the heap for use in heap overflows. I do a lot of trial and error with little automated analysis. I assume Immunity does something better and I’d like to see it. In fairness, they do review the !hippie function that’s in ID.
- I’d like to see an easier intro to fuzzing RPC with python. RPC has always been a barrier for me and the Immunity folks have a lot of tools to do this. I’d like to see some more approachable examples than having the source and digging into spike.py
- MOSDEF is one of things that makes CANVAS special. I’d have loved to see the book build a simpler win32MosdefShellServer
I’m a hardcore security geek and there are probably only a handful of people that would want to see the three items immediately above. So I’m not surprised they’re not in the book, and can’t fault anyone for that.
Overall, I recommend the book. Look at is a first iteration. It’s a good book to help security engineers use python to begin analyzing software vulnerabilities. Primarily it’s a book about using python to debug and to a lesser degree fuzz. It’s a good insight into how Immunity does things and will help you look at CANVAS code a little easier. For that alone it’s definitely worth buying.