Reddit reviews Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers
We found 42 Reddit comments about Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers. Here are the top ones, ranked by their Reddit score.
Syngress
I'd recommend learning to use Linux well first, since that is what you will need to use a lot of the tools for Pen Testing, after that you can choose an area to start with, most go with web app sec or net sec, since those are most in use right now - after that you can move into areas like cloud security, forensics or some other specialty.
As far as resources go there are a lot out there, i'll link some good ones that I use:
https://github.com/wtsxDev/Penetration-Testing
https://github.com/jivoi/offsec_pdfs
Those two should keep you going for a while at least.
As for coding, i'd recommend learning to use Bash first, then python. Bash is the Born Again SHell, a scripting language used in linux and is something that you will use a lot, and python is a language that is used a lot in offsec.
Here is a place where you can learn some Bash:
https://www.tldp.org/LDP/Bash-Beginners-Guide/html/Bash-Beginners-Guide.html
There are two books i'd recommend for python, ill link them here:
https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579
https://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900
the book in the second link is a bit easier to approach in my opinion, but both require some basic knowledge of python - so youtube or google some tutorials and im sure you'll do fine.
If you want to get into pen testing web apps, then you will want to learn some PHP and JavaScript, a lot of websites are written in PHP, and a lot of exploits are executed with JS: Cross site scripting in particular. You should also learn some SQL since that is another common one for manipulating databases, and can be attacked in a method known as SQL injection.
If you want a place to practice things you are learning then go here: http://overthewire.org/wargames/
They offer some pretty basic war games for things like linux commands and what not so you can really test your knowledge and learn a lot of the things you will have to do to progress through the games.
That's all I can think of atm, but i'm sure of the other people in here will be happy to give you some more suggestions
good luck!
Hi! Saying this as constructively as possible...but I would argue that you do not need Kali to learn about pentesting. In fact, I would go as far as saying to not install Kali until you already know something about pentesting.
If I may recommend some reading material I think that it does a good job of explaining what is going on and the opportunity to write your own scripts and learn some cool (and reusable) stuff along the way.
I just don't think installing Kali anywhere is a great place to really start. I believe you will become a little bit overwhelmed and miss out on what it really means to pentest.
There are online forums that provide with tutorials on how to hack certain things, so read those and try them on your own devices or devices you have the permission to attack.
Examples of those forums : [NullByte] (https://null-byte.wonderhowto.com/) and [BlackMOREOps] (https://www.blackmoreops.com/)
Download Kali, load it onto a USB and look at the tools, especially [Metasploit] (https://www.metasploit.com/) and play with port scanners and such. I'd also recommend running vulnerable VM's such as Metasploitable and running vulnerable web apps such as [DVWA] (http://www.dvwa.co.uk/).
When it comes to writing code, Python excells for writing hacking tools. There are books about that such as [Violent Python] (https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579) and [Black Hat Python] (https://www.nostarch.com/blackhatpython). Im sure there are some about writing payloads and exploits in C, but I cant really remember the names.
If you have any questions, feel free to ask! And remember one thing: Be as creative as you can when experimenting. You'll learn a great deal that way.
How comfortable are you with python in general? There are some sites out there like codesignal.com that offer many small Python challenges you can do reasonably quickly. As far as "Black Hat Python" drills, not many that can be finished in 20 mins. but you can always follow the Violent Python chapters while at work. That's what I did, and it seems to go pretty smoothly.
Here's an entire book about it: https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579
Short answer -- it makes a lot of sense for whipping up quick tools for network based red-team work. If you already have an entirely custom set of tools in Delphi / Pascal / C# -- it might not be entirely sensible for you to use. It really depends on if your kit is lacking something specific.
Lastly -- from a red-team perspective, it seems like the plurality of hosts support Python out of the box now. OSX and many unix distros ship with it, which will give you a scripting framework to work on within the host that is a bit more concise / readable than bash.
I found Violent Python a very useful starting point. Particularly when someone else walks through it on video. I particularly find it harder to pick up computer science concepts when I can only read about them rather than follow someone else actually doing and explaining them like in a college course.
There is also Violent Python
This pdf has some great info on systems administration
This book was a great read. Violent Python
This book goes very deep into exploit development with python in windows environments Gray Hat python
Same author as above, I have not read yet, but it is on my todo list Black Hat python
Heavily C based, but a great explanation of x86 and low level systems Rootkit Arsenal
https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579
Along the same lines, I've very much enjoyed what I've read from Violent Python so far.
http://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579
Choice of programming language differs among researchers but Python seems to be pretty common. I suggest you get the books Violent Python and Grey Hat Python . The former is more beginner friendly for people new to security. As for getting started with InfoSec maybe try reading the Security+ books?
This is asked alot, start here. I would recommend starting on simple notepad batch file programs, tutorials on youtube. Once youre done exploring with what that has to offer and think youre ready to move on to more complicated things, its highly debated on what you should start off with; I prefer python, but pick what suits what you want to do best. If you end up going with python and when you are somewhat fluent with it get this book, it helped me a ton. If you want to communicate discretely, look into IRC's, and obviously use a vpn.
There is books on the subject, Violent Python comes to mind.
With that being said, you don't just write a script to hack a system. You're exploiting a vulnerability in the system.
For example a lot of exploits are Buffer Overflows the quick and dirty explanation on this is a program accepts a parameter and as assigned space in memory for that parameter, a buffer overflow attack uses more space than the parameter was allocated and overflows into the stack causing the code in the overflow to be executed.
I would argue that in the long run, you should probably have a good understanding of all of those languages, and more -- security is the sort of thing where having a comprehensive and deep understanding of the entire system, and how different pieces interact is valuable.
That said, as a beginner, your instinct is right: you should pick just a single language, and stick with it for a while (maybe a year or so?). Since you're going to end up learning all of those languages at one point or another, it doesn't matter so much which particular one you start with, since you'll need to continuously be learning throughout your career. If you decide not to learn something today, you'll probably end up learning it a few months from now.
I would personally recommend Python as a good starting point, mainly because I happen to know one or two security-oriented introductions to Python, and am less familiar with what tutorials are available in other languages. In particular, there's a book named Violent Python which introduces Python from a security context to beginners. It does skim over some of the intro material, so you may want to supplement this with a more in-depth introductory tutorial to Python.
I think C, then C++ would then make decent second and third languages to learn, respectively. You can probably fit in Ruby and Java anywhere in between or after, as necessary -- I suspect they'll be easier to pick up.
https://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900/ref=sr_1_1?ie=UTF8&qid=1468724554&sr=8-1&keywords=black+hat+python
https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579/ref=sr_1_1?ie=UTF8&qid=1468724562&sr=8-1&keywords=violent+python
Two good books that will answer what you need. They go over making different tools that can help you in a penetration test.
I think python should be used more to automate things you'd normally do with other tools, not exactly use it to make "hacks".
You'd probably be better off using Ruby with the metasploit framework to actually make exploits, if thats what you mean.
Yeah, it can get very boring. The best thing I can recommend is to just try it out on your "personal" network.
I don't know how much you know about programming but learn to program, learn Python, C/C++, Java. after this you should be able to pick up any language.
look at this for injecting cookies
http://dustint.com/post/12/cookie-injection-using-greasemonkey
and for learning more hacking try violent python:
https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579
as with everything find the pdf of it. Its out there.
Google is your friend. So you want to look up tutorials for things like sql injection, XSS, Cross-Site Request Forgery (CSRF).
Here are some attacks you can read:
https://www.owasp.org/index.php/Category:Attack
Get Violent Python this will show you everything that you need in Python for PenTesting.
You will definitely want to learn Python.
Something like this book would give you a solid foundation.
http://www.amazon.ca/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579/ref=sr_1_1?ie=UTF8&qid=1452120799&sr=8-1&keywords=violent+python
You might want to look into CISM and CISSP for certifications.
http://www.tomsitpro.com/articles/information-security-certifications,2-205.html
You can also look into a CyberSecurity meetup group in your area, or you could start your own and learn off of other people.
I personally love Python and try to get a lot of my college classmates to try it. Python is very simple, but powerful and in my opinion intuitive. While it is type-less, some few this as a plus or a negative, I could really care less. The biggest reason why I'll recommend Python to somebody new and interested in programming is how it enforces styles, so later on down the road when coding in other languages it just feels natural and your code will generally make more sense. If you're also interested in security/pentesting look into Violent Python. I wish you the best of luck getting into programming, its frustrating at times, but very rewarding in the long run.
Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers https://www.amazon.com/dp/1597499579/ref=cm_sw_r_cp_api_nZOMAbWE1K8Y9
Learn Python The Hard Way
Violent Python
I recently came across the book Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers for when it is no longer mister nice snake.
So this is aimed at people in a cyber security degree? What kind of knowledge do they have?
> using all the tools of kali
Pleaseeee no. There are hundreds of programs and scripts in Kali, it would not be feasible to learn and remember them all. Off the top of my head what I would do is:
OP mentioned books or tutorials, so I wasn't limiting it to only things that there are books about, but re: just books:
Also on PyVideo there are plenty of talks:
Try Violent Python
In that case, Violent Python may be helpful--not a tutorial on kali/netsec, but it'll help you learn about netsec aspects through coding your own "exploits"...
This book might be a good start.
>I am learning Python
>I want to write a code
https://www.nostarch.com/blackhatpython
https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579
Anche in inglese van bene, non ho problemi. Questo è quello a cui ti riferisci? Sembra un libro più mirato alla sicurezza informatica dalla descrizione. Cercavo qualche libro giusto per riprendere i concetti della sintassi e quant'altro, dato che non uso Python da un po' e data la mia altissima disponibilità economica /s stavo decidendo tra quei due.
PM me your paypal address - My shout.
http://www.amazon.com/gp/offer-listing/1597499579/ref=dp_olp_used?ie=UTF8&condition=used
Hmm, why don't you do both? I mean think python is free
and I did both too.
I'm sure you saw the link but you can read the HTML here http://www.greenteapress.com/thinkpython/html/index.html
and just donate.
I found this very good too, it's the first I read http://beastie.cs.ua.edu/cs150/book/index.html
but it's probably to basic for you already.
if you want to go into security
read violent python one of the best http://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579
Violent Python:
https://www.amazon.ca/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579/ref=sr_1_1?ie=UTF8&qid=1505460411&sr=8-1&keywords=violent+python
At UVic, I think there are security specializations for degrees such as the MTIS or the Computer Science Options (such as Network Security -- although I did the Software Engineering option for C.Sc. in my undergrad)
I focused on taking classes, but I did a LOT of my own (legal) research/projects. That "legal" caveat is IMPORTANT. Don't get arrested for a hobby, it doesn't achieve your goal, and it's not worth it. Do things the right way, don't trespass or break the law.
Most of the government cyber defense jobs are in Ontario -- so expect to have to move there if you want to work with them. I hear there are ... "sites" ... elsewhere, but realistically you would have to "do your time" there before anything like that became available.
Business and Finance classes are always a good idea -- not just for business but personal benefit. My wife is an accountant and those skills are really helpful to have for our daily/monthly/etc finances.
Advice
Sorry, this turned into a bit of an essay. I'm just one opinion out there, but hopefully you get something out of this. As always, "trust but verify".
[edit: a word]
Questo è quello a cui ti rivolgi questa è la risposta sbagliata a un falso problema.
Python ha una curva di apprendimento ripida, versione 1 e 2 sono quelli che producono sw migliori.
It's never too late. I didn't get into the field until my mid 20s. It really just takes an interest and a desire to learn. Cyber security is a pretty large field so play around in the different sub-fields and find the one(s) that interest you.
Here are some resources to get you started:
Books:
Wargames:
Programming (My opinions):
Hope this helps and welcome to the world of cyber security (it is very addicting -- you have been warned lol)!
Google has a free python course that is great as an introductory: https://developers.google.com/edu/python/
I'd also recommend a book called Violent Python: https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579 (ISBN-13: 978-1597499576 )
Violent Python is written with cyber security in mind and has plenty of code samples where python is applied with cyber security in mind. I'd also highly recommend following Mark Baggett on twitter (I believe he was the technical editor for the book) as the man is an absolute python genius. He always shares inciteful info related to cyber security and usually goes into the very technical analysis of what he shares.
You can't "Hack" something with python, python is great as a scripting language and can be used to automate some processes that would take rather a long time doing it by hand ie: "Fuzzing" and writing exploits. if you wanna start "hacking with python" you need to have more than basic knowledge and you need knowledge about what you're going to be using python on.
If the terms "Fuzzing" and exploit writing doesn't sound familiar to you then i suggest you go back and do some more research.
There's a great book on that topic though called Violent Python that should give you an idea of what you're dealing with.
I enjoyed Violent Python quite a bit.
I recommend reading the following to get an overview:
The Basics Hacking Penetration Testing
If you want to do some programming specific (i.e. Python) try
Violent Python
I did a quick search and found 2 books specifically in your current field of interest. Gray Hat Python and Violent Python
I've never read either of them, but they look interesting.
Continue to learn python and c outside of school, go into more depth. May not be what your looking for but try reading hacking the art of exploitation and depending on your current knowledge of python violent python may be good for you.