Dr. Dobb's is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Channels ▼

Mike Riley

Dr. Dobb's Bloggers

Gray Hat Python Book Review

May 26, 2009

Being a fan of the Python programming language, I immediately gravitate toward any new book title with Python in the title.  Gray Hat Python explores the relatively easy security penetration testing and, in particular, Windows-centric hacking using Python and several free security testing libraries.  Does it deliver the goods?  Read on to find out.

Author Justin Seitz, a senior security researcher for Immunity, Inc., clearly enjoys his job and the freedom to use the Python language to achieve his company's security testing objectives.  The techniques described in his book are real-world exploits covering a wide array of Windows OS-centric hacks. 

The book starts off with setting up the necessary test bench tools including various debugging tools (such as the popular PyDbg and the author's contributed Immunity debugger) and learning how to leverage the ctypes library to call upon DLL's and manipulate stacks, breakpoints and event handlers.  The third chapter delivers a walkthrough construction of a home-made Python-based debugger that helps readers understand how more sophisticated debuggers work.  The next chapter focuses on using the PyDbg tool with examples of extending breakpoints, handling access violations and and generating buffer overflows and obtaining process snapshots.  The Immunity debugger is introduced in Chapter 5 as a smarter replacement for the PyDbg tool, and after seeing how easy it is to use compared to PyDbg, the free Immunity Debugger, available at http://debugger.immunityinc.com, is demonstrated.  The chapter opens with a tour of setting up and using the tool, activating its functions with the PyCommands library and the 13 debugging hooks that include BpHook/LogBpHook, AllExceptHook, PostAnalysisHook, AccessViolationHook, LoadDLLHook/UnloadDLLHook, CreateThreadHook/ExitThreadHook, CreateProcessHook/ExitProcessHook and FastLogHook/STDCALLFastLogHook.

Once the Immunity Debugger is configured, the hack attacks begin.  Bad character filtering, Data Execution Prevention (DEP) bypass, malware anti-debug routines, and a chapter devoted to soft hooking (using PyDbg) and hard hooking (via Immunity Debugger) are discussed (incidentally, hooking is the term used for attaching to a target process and intercepting its flow of execution).

Chapter 7 covers remote thread creation, DLL injection, file hiding and backdoor coding.  Chapter 8 is all about fuzzing (creating and sending malformed data to an application, making that application fail), and Chapter 9 discloses the Sulley (named after the Monsters, Inc character) python-based fuzzing framework.  Chapter 10 is about fuzzing Windows drivers via the Immunity Debugger with the help of DriverLib, a Python-based driver static analysis tool.  Chapter 11 covers scripting Ida Pro (a professional-grade disassembly tool) via the Idapython library.  The book concludes with a chapter on PyEmu, a scriptable, pure Python IA32 emulator, allowing Python developers the ability to emulate CPU tasks.

Overall, Gray Hat Python achieves its objective, albeit primarily for Windows security researchers versed in the Python language.  While it certainly makes sense for the author to focus the discussion around the dominant Windows platform, I hoped he would share a bit more hacking knowledge leveraging (or penetration testing) the Linux and Mac OSX platforms.  At the very least, show how these non-Windows platforms can be used in forensics, diagnostics and hacking the Windows platform.  However, even without such demonstrations, each chapter is packed with Python code, clear disections, and a serious education in taking control of what was previously considered untouchable OS territory.  The book succeeded in showing me with relative ease how a trained security researcher or determined hacker could use relatively straightforward Python scripts to infiltrate the most prevalent consumer operating system today.


Title:  Gray Hat Python: Python Programming for Hackers and Reverse Engineers
Authors: Justin Seitz
Publisher: No Starch Press
ISBN: 978-1-59327-192-3
Price: $39.95
Page Count: 216


Related Reading

More Insights

Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.