Black Hat Python

Black Hat Python: ‘Python Programming for Hackers and Pentesters’ by Justin Seitz

This is a great follow-up to ‘Gray Hat Python’ from the same author. If you aren’t a Black Hat or Grey Hat don’t let the titles put you off as these books are for all hues of hatted security researchers. While the examples may espouse grey/black uses they are tools that can be set to defense as well as offense.

Knowing how to slice and dice network packets with Python has universal usage and seeing how to do it well will give you ideas to slice and dice other objects. A main theme of the book is that when you setup a quick and dirty environment then you may fine your favourite tools missing. Having the skill set to improvise with Python will be useful and for both attackers and defending point-of-views the Python scripts will have different hashes/identifiers. Malware checking for an VM will not know your scripts and similar for scanning software.

I find that though there are plenty of resources for finding examples: Stackoverflow, ActiveState etc. but having example scripts to:

  • replace Netcat
  • to SSH
  • sniff packets
  • hack HTML
  • create a keylogger
  • do privilege escalation

at your finger tips is useful too. More useful than the scripts is the methodology and explanations.

Write a script, harden it and test it. Repeat the process adding more parts until you have a finished program or stop when you have a good enough solution. Every section has a paragraph or two called ‘Kicking the tyres’ that explains the process.

I have never really been taught programming and hacking others code is how I learn. So for me and other like me having well written, well documented code like this in a easily digestible form is a godsend.