Author: Justin Seitz, Tim Arnold
Publisher: No Starch Press
Pages: ‎ 216
ISBN:  978-1718501126
Print: 1718501129
Kindle: B08CTGR1XC
Audience: Experienced Pythonistas
Rating: 4
Reviewer: Alex Armstrong

The second edition of a book that explains how to use Python to gain control and otherwise cause mischief isn't a good idea - is it?

There are three possible reasons you might want to read this book. The first is that you are a wannabe Black Hat, i.e. a malicious hacker; the second is that you want to learn enough to protect against a Black Hat and the third is that you are just interested in some advanced programming. If you want a book for the first two reasons you are almost certain to be disappointed or at least fooled into thinking that you have acquired superpowers. At best a book of this sort can only tell you about things that are very well known. In practice finding and exploiting some weakness in a system is much more a matter of inventing new things and gaining access though social manipulation than it is about using a standard toolkit. Of course. you do need to know the standard toolkit to get into the subject. This book does give you some of the tools. but at the end of the day you are going to need much more to graduate in either profession. 

What this sort of book is often good for is presenting very technical. and often low-level. coding techniques. The sort of things that you don't find in books that major on designing a database or creating a website. It is a shame that such low-level information can't find an outlet without being wrapped up in the glamour of a cloak and dagger sort of world. For me programming is glamorous enough!

The book starts off with setting up Python and Kali Linux in a VM so that you can experiment. It also suggests using VS Code, Pycharm or WingIDE. This is all the help you get with Python, however, as the rest of the book assumes you have a fair bit of Python skill. In other words, this is not a book you want if you are really trying to learn Python. It probably isn't even the book you need if you are trying to improve your Python. 

From here the book goes on to examine Python networking in Chapters 2 and 3. This not much more than a tutorial on using TCP and UDP clients followed up with a look a raw sockets - nothing really difficult. It is worth knowing that the book doesn't really explain the inner workings of networking. You really do need to understand things like TCP and UDP and even lower level things like ICMP.  IT also covers SSH using Paramiko. The main task of the book is to get you to extend what you do to include custom Python code. Chapter 3 is about using these basic

Chapter 4 is about using the Scapy library to do interesting things such as stealing email credentials by intercepting packets and ARP Cache poisoning. You don't get much of an explanation of what ARP or the ARP Cache is all about and if you don't realize that most networks are IP over Ethernet and use mac addresses not IP addresses this isn't going to be easy to understand. In addition most of the techniques are explained by presenting the code and making a few comments.

From here we move on to using an HTTP library - urlib2 - to do things like bruteforcing password pages and finding out about files that aren't correctly protected. Next we have a chapter on extending the Burp proxy. Again it is assumed that you have used Burp and know all about it.

Chapter 7 is about using GitHub and building a GitHub aware Trojan. Chapter 8 focuses on a sort of toolkit for Trojans on Windows - keystroke logging, taking screenshots and so on.

Chapter 9 is all new and replaces the original on IE which is outdated with a chapter on exfiltration, i.e. getting files out of the system. It deals with decryption and using various methods to transfer files.

Chapter 10 deals with Windows privilege escalation and the final chapter is on automating offensive forensics. 

Conclusion

Overall there are lots of details missing from these accounts. For example, it is often assumed that you have managed to get into a network and then it discusses what to do next. It also tends to assume that you are going to run your creations as Python code when in practice converting them to an exe would be a much better idea. In other words, many of the exploits are not complete but could be made so.

This is not a book that will please everyone. It really isn't about real world routine penetration testing, for example. It does present a collection of technical projects and ideas that might please you if you want to use Python in this way. You might, however, be annoyed by the very idea of a book that deals with technical ideas in the same context as Trojans, stealing credentials and so on. 

This is a good book if you want some fairly technical projects in Python and aren't put off, or better if you are attracted to, the black hat aspect of the presentation. The second edition represents a slight bringing up-to-date and a bit of polish but things change slowly in this area of the black hat world.