Reddit reviews Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers

I'd recommend learning to use Linux well first, since that is what you will need to use a lot of the tools for Pen Testing, after that you can choose an area to start with, most go with web app sec or net sec, since those are most in use right now - after that you can move into areas like cloud security, forensics or some other specialty.

As far as resources go there are a lot out there, i'll link some good ones that I use:

https://github.com/wtsxDev/Penetration-Testing

https://github.com/jivoi/offsec_pdfs

Those two should keep you going for a while at least.

As for coding, i'd recommend learning to use Bash first, then python. Bash is the Born Again SHell, a scripting language used in linux and is something that you will use a lot, and python is a language that is used a lot in offsec.

Here is a place where you can learn some Bash:
https://www.tldp.org/LDP/Bash-Beginners-Guide/html/Bash-Beginners-Guide.html

There are two books i'd recommend for python, ill link them here:
https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579

https://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900

the book in the second link is a bit easier to approach in my opinion, but both require some basic knowledge of python - so youtube or google some tutorials and im sure you'll do fine.

If you want to get into pen testing web apps, then you will want to learn some PHP and JavaScript, a lot of websites are written in PHP, and a lot of exploits are executed with JS: Cross site scripting in particular. You should also learn some SQL since that is another common one for manipulating databases, and can be attacked in a method known as SQL injection.

If you want a place to practice things you are learning then go here: http://overthewire.org/wargames/
They offer some pretty basic war games for things like linux commands and what not so you can really test your knowledge and learn a lot of the things you will have to do to progress through the games.

That's all I can think of atm, but i'm sure of the other people in here will be happy to give you some more suggestions

good luck!

Hi! Saying this as constructively as possible...but I would argue that you do not need Kali to learn about pentesting. In fact, I would go as far as saying to not install Kali until you already know something about pentesting.

If I may recommend some reading material I think that it does a good job of explaining what is going on and the opportunity to write your own scripts and learn some cool (and reusable) stuff along the way.

I just don't think installing Kali anywhere is a great place to really start. I believe you will become a little bit overwhelmed and miss out on what it really means to pentest.

There are online forums that provide with tutorials on how to hack certain things, so read those and try them on your own devices or devices you have the permission to attack.

Examples of those forums : [NullByte] (https://null-byte.wonderhowto.com/) and [BlackMOREOps] (https://www.blackmoreops.com/)

Download Kali, load it onto a USB and look at the tools, especially [Metasploit] (https://www.metasploit.com/) and play with port scanners and such. I'd also recommend running vulnerable VM's such as Metasploitable and running vulnerable web apps such as [DVWA] (http://www.dvwa.co.uk/).

When it comes to writing code, Python excells for writing hacking tools. There are books about that such as [Violent Python] (https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579) and [Black Hat Python] (https://www.nostarch.com/blackhatpython). Im sure there are some about writing payloads and exploits in C, but I cant really remember the names.

If you have any questions, feel free to ask! And remember one thing: Be as creative as you can when experimenting. You'll learn a great deal that way.

How comfortable are you with python in general? There are some sites out there like codesignal.com that offer many small Python challenges you can do reasonably quickly. As far as "Black Hat Python" drills, not many that can be finished in 20 mins. but you can always follow the Violent Python chapters while at work. That's what I did, and it seems to go pretty smoothly.

Here's an entire book about it: https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579

Short answer -- it makes a lot of sense for whipping up quick tools for network based red-team work. If you already have an entirely custom set of tools in Delphi / Pascal / C# -- it might not be entirely sensible for you to use. It really depends on if your kit is lacking something specific.

Lastly -- from a red-team perspective, it seems like the plurality of hosts support Python out of the box now. OSX and many unix distros ship with it, which will give you a scripting framework to work on within the host that is a bit more concise / readable than bash.

I found Violent Python a very useful starting point. Particularly when someone else walks through it on video. I particularly find it harder to pick up computer science concepts when I can only read about them rather than follow someone else actually doing and explaining them like in a college course.

There is also Violent Python

• Python Essential Reference (4th edition): David Beazley
  
  
• Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers
  
  
• Grey Hat Python: Python Programming for Hackers and Reverse Engineers
  
  
• Python in a Nutshell, 2nd edition
  
  
• Python 3 Object Oriented Programming
  
  
• Invent Your Own Computer Games with Python, 2nd edition
  
  
• Core Python Applications Programming (3rd edition) (core series)
  
  
• Making Games with Python & PyGame
  
  
  
  
  
  
  
  
  
  
  
  
  

This pdf has some great info on systems administration

This book was a great read. Violent Python

This book goes very deep into exploit development with python in windows environments Gray Hat python

Same author as above, I have not read yet, but it is on my todo list Black Hat python

Heavily C based, but a great explanation of x86 and low level systems Rootkit Arsenal

https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579

Along the same lines, I've very much enjoyed what I've read from Violent Python so far.

http://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579

Choice of programming language differs among researchers but Python seems to be pretty common. I suggest you get the books Violent Python and Grey Hat Python . The former is more beginner friendly for people new to security. As for getting started with InfoSec maybe try reading the Security+ books?

This is asked alot, start here. I would recommend starting on simple notepad batch file programs, tutorials on youtube. Once youre done exploring with what that has to offer and think youre ready to move on to more complicated things, its highly debated on what you should start off with; I prefer python, but pick what suits what you want to do best. If you end up going with python and when you are somewhat fluent with it get this book, it helped me a ton. If you want to communicate discretely, look into IRC's, and obviously use a vpn.

There is books on the subject, Violent Python comes to mind.

With that being said, you don't just write a script to hack a system. You're exploiting a vulnerability in the system.

For example a lot of exploits are Buffer Overflows the quick and dirty explanation on this is a program accepts a parameter and as assigned space in memory for that parameter, a buffer overflow attack uses more space than the parameter was allocated and overflows into the stack causing the code in the overflow to be executed.

I would argue that in the long run, you should probably have a good understanding of all of those languages, and more -- security is the sort of thing where having a comprehensive and deep understanding of the entire system, and how different pieces interact is valuable.

That said, as a beginner, your instinct is right: you should pick just a single language, and stick with it for a while (maybe a year or so?). Since you're going to end up learning all of those languages at one point or another, it doesn't matter so much which particular one you start with, since you'll need to continuously be learning throughout your career. If you decide not to learn something today, you'll probably end up learning it a few months from now.

I would personally recommend Python as a good starting point, mainly because I happen to know one or two security-oriented introductions to Python, and am less familiar with what tutorials are available in other languages. In particular, there's a book named Violent Python which introduces Python from a security context to beginners. It does skim over some of the intro material, so you may want to supplement this with a more in-depth introductory tutorial to Python.

I think C, then C++ would then make decent second and third languages to learn, respectively. You can probably fit in Ruby and Java anywhere in between or after, as necessary -- I suspect they'll be easier to pick up.

https://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900/ref=sr_1_1?ie=UTF8&qid=1468724554&sr=8-1&keywords=black+hat+python

https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579/ref=sr_1_1?ie=UTF8&qid=1468724562&sr=8-1&keywords=violent+python

Two good books that will answer what you need. They go over making different tools that can help you in a penetration test.

I think python should be used more to automate things you'd normally do with other tools, not exactly use it to make "hacks".

You'd probably be better off using Ruby with the metasploit framework to actually make exploits, if thats what you mean.

Yeah, it can get very boring. The best thing I can recommend is to just try it out on your "personal" network.

I don't know how much you know about programming but learn to program, learn Python, C/C++, Java. after this you should be able to pick up any language.

look at this for injecting cookies
http://dustint.com/post/12/cookie-injection-using-greasemonkey

and for learning more hacking try violent python:
https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579

as with everything find the pdf of it. Its out there.

Google is your friend. So you want to look up tutorials for things like sql injection, XSS, Cross-Site Request Forgery (CSRF).

Here are some attacks you can read:

https://www.owasp.org/index.php/Category:Attack

Get Violent Python this will show you everything that you need in Python for PenTesting.

You will definitely want to learn Python.

Something like this book would give you a solid foundation.

http://www.amazon.ca/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579/ref=sr_1_1?ie=UTF8&qid=1452120799&sr=8-1&keywords=violent+python

You might want to look into CISM and CISSP for certifications.

http://www.tomsitpro.com/articles/information-security-certifications,2-205.html


You can also look into a CyberSecurity meetup group in your area, or you could start your own and learn off of other people.

I personally love Python and try to get a lot of my college classmates to try it. Python is very simple, but powerful and in my opinion intuitive. While it is type-less, some few this as a plus or a negative, I could really care less. The biggest reason why I'll recommend Python to somebody new and interested in programming is how it enforces styles, so later on down the road when coding in other languages it just feels natural and your code will generally make more sense. If you're also interested in security/pentesting look into Violent Python. I wish you the best of luck getting into programming, its frustrating at times, but very rewarding in the long run.

Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers https://www.amazon.com/dp/1597499579/ref=cm_sw_r_cp_api_nZOMAbWE1K8Y9

Learn Python The Hard Way

Violent Python

I recently came across the book Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers for when it is no longer mister nice snake.

So this is aimed at people in a cyber security degree? What kind of knowledge do they have?

> using all the tools of kali

Pleaseeee no. There are hundreds of programs and scripts in Kali, it would not be feasible to learn and remember them all. Off the top of my head what I would do is:

• Have people do some of the starter wargames at overthewire so they are familiar with the linux command line. Maybe even make this a requirement to participate so you know that people are committed and have a base level of knowledge.
  
  
• Read write-ups on attacks and attackers, here is a good one by Mandiant<--(PDF link)
  
  
• Culture. I feel like this is one of the most neglected fields in cyber security. Read some phrack.
  
  
• Split people into teams to work on projects so that they have experience working together.
  
  
• Find some old CTFs or images on Vulnhub. See if you can register for some CTFs, looks great on a resume.
  
  
• Learn about sql and sql injection.
  
  
• Learn python, take a look at violent python or Grey Hat Python and Black Hat Python for more advanced stuff. There is also Hacking Secret Ciphers with Python for more of a crypto angle.
  
  
• linux, linux, linux. feel at home in the terminal and be able to script bash.
  
  
• Going over basic tools like nmap, aircrack-ng (airmon-ng, etc.), sqlmap, hydra, hashcat, metasploit, etc. Make whole day labs that use just one tool, You could maybe find an easy Vulnhub image or use Metasploitable to practice these.
  
  
• Make sure everyone has a github and populates it with stuff they create in this class. Incorporate it into your class so you got people forking and contributing to other members/teams projects.
  
  
• Look over books like The Hacker Playbook, Hacking, the Art of Exploitation, and so on for more ideas.
  
  
• Maybe most importantly, have the students teach. I'm sure there are people in there who specialize in one tool or subject. Have them design and lead a lesson/lab/activity. The best way to solidify and expand on what you know is to teach it.
  

OP mentioned books or tutorials, so I wasn't limiting it to only things that there are books about, but re: just books:

• Pro Python System Administration covers some network admin topics
  
• Violent Python covers a lot of network security aspects
  
• Twisted Network Programming Essentials covers … network programming with Twisted
  
• The latest Python Cookbook covers a lot of networking topics
  
  Also on PyVideo there are plenty of talks:
  
  
• Networking Libraries in Python
  
• Extreme network programming with Python and Linux
  
• diesel: Simple and Scalable Network Applications
  
• and so on...
  

Try Violent Python

In that case, Violent Python may be helpful--not a tutorial on kali/netsec, but it'll help you learn about netsec aspects through coding your own "exploits"...

This book might be a good start.

>I am learning Python


>I want to write a code

https://www.nostarch.com/blackhatpython


https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579

Anche in inglese van bene, non ho problemi. Questo è quello a cui ti riferisci? Sembra un libro più mirato alla sicurezza informatica dalla descrizione. Cercavo qualche libro giusto per riprendere i concetti della sintassi e quant'altro, dato che non uso Python da un po' e data la mia altissima disponibilità economica /s stavo decidendo tra quei due.

PM me your paypal address - My shout.

http://www.amazon.com/gp/offer-listing/1597499579/ref=dp_olp_used?ie=UTF8&condition=used

Hmm, why don't you do both? I mean think python is free
and I did both too.
I'm sure you saw the link but you can read the HTML here http://www.greenteapress.com/thinkpython/html/index.html
and just donate.
I found this very good too, it's the first I read http://beastie.cs.ua.edu/cs150/book/index.html
but it's probably to basic for you already.

if you want to go into security

read violent python one of the best http://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579

Violent Python:

https://www.amazon.ca/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579/ref=sr_1_1?ie=UTF8&qid=1505460411&sr=8-1&keywords=violent+python

At UVic, I think there are security specializations for degrees such as the MTIS or the Computer Science Options (such as Network Security -- although I did the Software Engineering option for C.Sc. in my undergrad)

I focused on taking classes, but I did a LOT of my own (legal) research/projects. That "legal" caveat is IMPORTANT. Don't get arrested for a hobby, it doesn't achieve your goal, and it's not worth it. Do things the right way, don't trespass or break the law.

Most of the government cyber defense jobs are in Ontario -- so expect to have to move there if you want to work with them. I hear there are ... "sites" ... elsewhere, but realistically you would have to "do your time" there before anything like that became available.

Business and Finance classes are always a good idea -- not just for business but personal benefit. My wife is an accountant and those skills are really helpful to have for our daily/monthly/etc finances.

Advice

• You have to "shoot straight" when it comes to security. Gone are the days where someone hacks the FBI and they offer him a job. Now they just arrest you and you stay there. It makes sense, why incentivise it. Don't do something that might even be construed as illegal. (With that being said, there is an argument to be made for making security education too "academic" and forgetting that people actually have to work on practical aspects -- this is outside the scope of this conversation though)
  
• There are plenty of projects such as OWASP Broken Web App, classes like Elec 567 at UVic, or just learn how to make your own VMs and attack them locally (the best route -- then you can control what's installed, with a fine-tooth comb) -- this also helps test new patches, etc to see if the software is vulnerable.
  
• Read. Lots. Subscribe to blogs, order books (I am partial to books such as Hacking: The Art of Exploitation (Pretty low level, but helps you understand what is going on under the hood), and Violent Python (more of a cookbook / handbook)), and read up on security news. Rule of thumb: Read at least 2 new security books every year (at a minimum) -- It gets easy when you have a dedicated app for security podcasts, RSS feeds, and you keep a book or two with you all the time.
  
• When interviewing for government security jobs, don't lie to them. If they asked you if you have smoked pot, tell them if you did. They are looking for truthfulness.
  
• Look at open source projects where you can contribute (general coding advice, but it helps). It doesn't have to be the Linux kernel, just work on something that isn't an assignment/project from school.
  
• Learn who the big players are in security -- Like everything on the internet, there is lots of talk. Find the people who actually know what they are talking about and listen to them. Take EVERYTHING (including this post) with a grain of salt! The classic motto is "Trust but verify". This applies to everything. The security industry is ... interesting ... Think of it as a cross between the mafia (Pay us for protection ... or else), "tinfoil hattiness" (Comes with the territory -- you see a lot more than the average person, so it skews your view on certain subjects... not all of which you can even talk about), and the classic balance between privacy and security (ranges from surveillance state and anarchy) ... Politics play a HUGE part.
  
• Always be learning. Show this to prospective employers. Don't just talk, do.
  
  
  Sorry, this turned into a bit of an essay. I'm just one opinion out there, but hopefully you get something out of this. As always, "trust but verify".
  
  [edit: a word]
  

Questo è quello a cui ti rivolgi questa è la risposta sbagliata a un falso problema.
Python ha una curva di apprendimento ripida, versione 1 e 2 sono quelli che producono sw migliori.

It's never too late. I didn't get into the field until my mid 20s. It really just takes an interest and a desire to learn. Cyber security is a pretty large field so play around in the different sub-fields and find the one(s) that interest you.

Here are some resources to get you started:

Books:

• Some free eBooks from Packt Publishing
  
  
• A decent list from the infosec institue
  
  Wargames:
  
  
• OverTheWire
  
  
• WeChall -- scoring system and wargames
  
  
• HackMethod -- up-and-coming community that is very beginner friendly
  
  
• The "useful links" in the sidebar of /r/HowToHack
  
  Programming (My opinions):
  
  
• For interpreted languages: Python and Bash -- Violent Python and Black Hat Python
  
  
• For compiled languages: C and golang (because it's a pretty awesome language)
  
  
• If Android hacking interest you: Java, C, and C++
  
  Hope this helps and welcome to the world of cyber security (it is very addicting -- you have been warned lol)!

Google has a free python course that is great as an introductory: https://developers.google.com/edu/python/

I'd also recommend a book called Violent Python: https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579 (ISBN-13: 978-1597499576 )

Violent Python is written with cyber security in mind and has plenty of code samples where python is applied with cyber security in mind. I'd also highly recommend following Mark Baggett on twitter (I believe he was the technical editor for the book) as the man is an absolute python genius. He always shares inciteful info related to cyber security and usually goes into the very technical analysis of what he shares.

You can't "Hack" something with python, python is great as a scripting language and can be used to automate some processes that would take rather a long time doing it by hand ie: "Fuzzing" and writing exploits. if you wanna start "hacking with python" you need to have more than basic knowledge and you need knowledge about what you're going to be using python on.
If the terms "Fuzzing" and exploit writing doesn't sound familiar to you then i suggest you go back and do some more research.
There's a great book on that topic though called Violent Python that should give you an idea of what you're dealing with.

I enjoyed Violent Python quite a bit.

I recommend reading the following to get an overview:

The Basics Hacking Penetration Testing

If you want to do some programming specific (i.e. Python) try

Violent Python

I did a quick search and found 2 books specifically in your current field of interest. Gray Hat Python and Violent Python

I've never read either of them, but they look interesting.

Continue to learn python and c outside of school, go into more depth. May not be what your looking for but try reading hacking the art of exploitation and depending on your current knowledge of python violent python may be good for you.