Reddit reviews Black Hat Python: Python Programming for Hackers and Pentesters
We found 19 Reddit comments about Black Hat Python: Python Programming for Hackers and Pentesters. Here are the top ones, ranked by their Reddit score.
No Starch Press
We found 19 Reddit comments about Black Hat Python: Python Programming for Hackers and Pentesters. Here are the top ones, ranked by their Reddit score.
Buy a book on penetration testing like https://www.amazon.com/d/Books/Black-Hat-Python-Programming-Pentesters/1593275900
Come on man at least credit the author Justin Seitz and give him a chance to sell his works: Black Hat Python: Python Programming for Hackers and Pentesters https://www.amazon.com/dp/1593275900/ref=cm_sw_r_cp_api_WNwIAbYTWGWZH
Edit: seitz not Switzerland
I'd recommend learning to use Linux well first, since that is what you will need to use a lot of the tools for Pen Testing, after that you can choose an area to start with, most go with web app sec or net sec, since those are most in use right now - after that you can move into areas like cloud security, forensics or some other specialty.
As far as resources go there are a lot out there, i'll link some good ones that I use:
https://github.com/wtsxDev/Penetration-Testing
https://github.com/jivoi/offsec_pdfs
Those two should keep you going for a while at least.
As for coding, i'd recommend learning to use Bash first, then python. Bash is the Born Again SHell, a scripting language used in linux and is something that you will use a lot, and python is a language that is used a lot in offsec.
Here is a place where you can learn some Bash:
https://www.tldp.org/LDP/Bash-Beginners-Guide/html/Bash-Beginners-Guide.html
There are two books i'd recommend for python, ill link them here:
https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579
https://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900
the book in the second link is a bit easier to approach in my opinion, but both require some basic knowledge of python - so youtube or google some tutorials and im sure you'll do fine.
If you want to get into pen testing web apps, then you will want to learn some PHP and JavaScript, a lot of websites are written in PHP, and a lot of exploits are executed with JS: Cross site scripting in particular. You should also learn some SQL since that is another common one for manipulating databases, and can be attacked in a method known as SQL injection.
If you want a place to practice things you are learning then go here: http://overthewire.org/wargames/
They offer some pretty basic war games for things like linux commands and what not so you can really test your knowledge and learn a lot of the things you will have to do to progress through the games.
That's all I can think of atm, but i'm sure of the other people in here will be happy to give you some more suggestions
good luck!
I'm taking it right now. The books I read through or started before the OSCP in no particular order:
Honestly, if I could go back and prepare for the course again, I would have just learned the basics of python and then really focused on bash scripting. You're going to learn a metric fuck ton in the course. Remember, you're not paying just for the cert - you're paying for a course to get you to the cert.
Hey man! I work as Security Analyst - about a year away from graduating with my Bachelors.
I suggest you pick up the CompTIA Security+ Certification, as well as start learning the basics of Networks and how they function. Learn ports and protocols, as well as how IDS/IPS/Firewalls function. This will get you an entry level role as a Jr Analyst. I suggest you use [http://www.professormesser.com/security-plus/sy0-401/sy0-401-course-index/](Professor Messers Security+ Videos) This will teach you the basics of security work, networking concepts, threats, etc.
At the same time start listening to podcasts like Paul's Security Weekly, Down the Security Rabbit Hole, etc. As well as start reading blogs on hacking to get a feel for whats done.
Get a home lab and learn a few tools like Wireshark and Nmap for basic Security Analyst work - to learn how packets work, how they are structured, and how to scan pc's for ports and services. At the same time, focus on learning about threats and vulnerabilities (which are covered in security+).
If you want to get into PenTesting then you need a wide range of knowledge. Pick up and learn a few languages (master the basics and understand what the code does and how to read/interpret it). You need to know: PHP, HTML, SQL, Python (or Ruby), and a basic language like C, or Java.
If you want to dig deeper into PenTesting then start reading: https://www.offensive-security.com/metasploit-unleashed/
Good way to get into the Kali Distro and learn how to run Metasploit against vulnerable VM's.
Take a look at https://www.vulnhub.com/resources/ for books, and vulnerable VM's to practice on.
https://www.cybrary.it/ is also a good place with tons of videos on Ethical Hacking, Post Exploitation, Python for Security, Metasploit, etc.
Pick up some books such as
The Hacker Playbook 2: Practical Guide To Penetration Testing
Hacking: The Art of Exploitation
Black Hat Python: Python Programming for Hackers and Pentesters
Rtfm: Red Team Field Manual
The Hackers Playbook and The Art of Exploitation are great resources to get you started and take you step by step on pen testing that will allow you to alter explore the endless possibilities.
Also a good list of resources that you can learn more about security:
Getting Started in Information Security
Pentester Labs
Awesome InfoSec
Awesome Pentest
Overall experience and certification are what will get you into the door faster. Most employers will look for experience, but if they see you have motivation to learn and the drive to do so, then they might take you. Certifications also are big in the infosec field, as they get you past HR. And having a home lab and doing side projects in security also reflects well.
If you haven't read/heard of it yet, check out Black Hat Python. I'm reading it right now for projects to work on, and it will put you on the right path for Python and cyber security.
This pdf has some great info on systems administration
This book was a great read. Violent Python
This book goes very deep into exploit development with python in windows environments Gray Hat python
Same author as above, I have not read yet, but it is on my todo list Black Hat python
Heavily C based, but a great explanation of x86 and low level systems Rootkit Arsenal
Everyone writes their PoCs in python nowadays.
Here's an example of a really cool C2 toolkit using rpyc:
https://github.com/n1nj4sec/pupy
The rapid7 folks still use ruby for all their stuff (i.e. metasploit) but building your own tools is totally the way to go.
This book is a great intro to building security tools in Python: https://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900/ref=sr_1_1?ie=UTF8&qid=1526665441&sr=8-1&keywords=black+hat+python
Pick it up beforehand, and have fun.
Also you might enjoy this book:
http://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900
Read it if you have time its pretty good!
https://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900/ref=sr_1_1?ie=UTF8&qid=1468724554&sr=8-1&keywords=black+hat+python
https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579/ref=sr_1_1?ie=UTF8&qid=1468724562&sr=8-1&keywords=violent+python
Two good books that will answer what you need. They go over making different tools that can help you in a penetration test.
I think python should be used more to automate things you'd normally do with other tools, not exactly use it to make "hacks".
You'd probably be better off using Ruby with the metasploit framework to actually make exploits, if thats what you mean.
book BLACKHAT PYTHON https://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900/ref=sr_1_1/143-0084473-3328332?ie=UTF8&qid=1504234147&sr=8-1&keywords=blackhat+python
I really enjoyed Python Crash Coarse and Black hat Python for learning scripting
Also any ting from No Starch Press. They have some great books.
Hacking: The art of exploitation
The Web Application Hackers Handbook
The Tangled Web: A Guide To Securing modern Web Applications
The Hacker Playbook 2
The Hacker playbook 3
Black Hat Python: Python Programming for Hackers and Pentesters
Black Hat Python is a good one, since you know python https://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900
https://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900/ref=sr_1_2?ie=UTF8&qid=1499051272&sr=8-2
https://www.amazon.com/Learning-Penetration-Testing-Python-Christopher/dp/1785282328/ref=sr_1_1?ie=UTF8&qid=1499051419&sr=8-1
Black Hat Python (Amazon) is oft-recommended. So is Violent Python.
How useful do you think books like these to be?
https://www.amazon.com/d/Books/Black-Hat-Python-Programming-Pentesters/1593275900
https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441
I just finished up a mini project in python and am looking for something else to do (other than learning C and another text on data structures). These books seem to be more about pen testing so I'm not sure it's really relevant.
(edit, books are not for beginners and black hat has better reviews)
There are two books, not sure if they are too advanced and I think both are writen for python 2.7 but they are more or less on the subject, one is called 'Gray Hat Python' and another 'Black Hat Python'
https://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921
https://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900/
You could read reviews of these two books to see if this would be a good starting point. Othervise I would search youtube for keywords like 'python network security' and similar...
I like data analysis, but if that's not your thing then maybe you'd be more interested in hacking