Gray Hat Python: Python Programming for Hackers and Reverse Engineers [Paperback]

This book was a joy to read, but take notice of the reverse engineer part in the title.

Contents
The content of this book is a presentation of tools that use Python as part of their automation. The tools selected range from debuggers, fuzzers and onto emulators which can be driven using python. The book is laid out in 12 chapters which progress from setting up the environment to more advanced exercises.

The selection of tools is very good and the content fits together with lots of cross references.

Target audience
Focus for this book is running debugging tools automatically using python to do work for you. These features will allow you the reader the opportunity to go hunting for bugs more efficiently and with less manual work. With this in mind the target audience is not python beginners, though the programs shown are not very hard to follow. The real target audience are bug hunters and the ones that understand the issues, but are spending to much of their own time doing it.

If you are an absolute beginner in debugging I would recommend that you buy this book as a bundle with The Art of Hacking by Jon Erickson or perhaps The Shellcoders Handbook. If you have not experienced assembler ever you would probably also need an introduction to assembly programming.

Practical book
The structure of this book is very workbook-like and encourages you to run the many examples and experiment while doing them. Each one of the labs can also be performed in a short while allowing you to make use of short breaks from other stuff and do these.

The books does not have a lot of pages, but a lot of insight and the author clearly has great knowledge and experience in the reverse engineering arena. He also brings you up to speed by allowing you to start running the programs immediately, and while they run you can read the manuals how to do more advanced stuff by yourself later :-)

The techniques and methods described will also allow you to dive into programs that are not meant for debugging, because the author describes how to attack programs - while manuals typically tell you what options you have, but not the situations you should use those options.

To summarize the Good stuff:
Short - this book is short, so you can actually finish it
Practical - using the tools described you will be able to get started quickly, even if you really haven't learned about debuggers before
Very workbook like - making sure that you are always interested in trying out the examples
Cross references and references to material found on the internet makes this book indispensable

The Bad stuff about this book
I use mostly Unix and this book is mostly about hacking Windows, from applications down to Windows drivers. While I might not be the target audience, this focus has allowed the book to stay on track. I would have liked more about Unix systems, since Python is of course also used a lot in Unix.

Conclusion
This book has brought me through a lot of exercises, even if I didn't finish each and every one of them the first time. I will keep returning to this book to do more of the exercises and experiment more with Sulley and the other programs presented.

The book has persuaded me that I need to use more python and especially it has allowed be to go further with the debuggers I already know of. The level might not be suitable for the most advanced reverse engineers but for the rest of us it is a treasure of good information!

The matter is presented clearly and can be understood by almost anyone, even if they haven't really looked into debuggers before. The reason this book is so successful is partly because it does not repeat material from manuals for the tools, but require you to use existing tools with manuals and show you how to run them.

This book should be bundled with the Art of Hacking, showing you what hacking software is about and
this book show how to automate the hacking with python. I can highly recommend it for people that need to do reverse engineering and running of code through debuggers and emulators.

First of all, it's not 232 pages, but 180 real pages. So be aware that the real content isn't that much.

The book presents some very easy examples, and totally lacks of explanations for the really interesting stuff. Many dumb examples are explained, but the hard tricks you download from the book's website you have to read them and try to understand them on your own.

12 pages dedicated to hooking, which is the reason I bought the book for but 16 pages dedicated to immunity debugger which you can download along with its manual. What's the point? I would have preferred 30 pages dedicated on hooking and a link to the debugger man which already explains how to work with it.

The code you download is buggy. After you correct the errors it works as expected, but it would have been nice to get a working code, since the book is based on that.

To sum up, I wouldn't recommend this book. Too much space wasted talking about easy things and only some pointers to the real interesting stuff. It's not worth it.

I'm very disappointed

This is the best book I have bought so far this year.

You need to have a fairly good understanding of Python to be able to follow it - a sprinkling of knowledge about ctypes will help too - but once you finsih it you wil be using Python in ways you didnt think possible.

The book covers all sorts of advanced 'windows hacking' (for want of a better phrase) and general exploit development methods - DLL injection, code injection, debugging, fuzzing etc are all covered in a fairly decent amount of detail.

If you are looking to get familiar with ctyes and a few of the useful Windows API functions then via practical examples, this book servers as a great reference. I learnt more about ctypes with this book than I did reading the official tutorial.

Although the author works for immunity and mentiones immunity's debugger a lot, it does not come across as plugging the product (which is free anyway) and really helps the reader to use the debugger in a very effective way - the same for PyDBG too.

I'm very very pleased with the book - my only gripe is that it is quite a small book (180 pages) and it could explain some of the topics in slightly more detail - but this is only a very small gripe.

I would recommend this to anyone who has a decent knowledge of Python, Windows functions, buffer overflows etc and the general process of exploit development. If you are beginner in this area you will probably struggle to understand all the content.

I hope the author decides to write a similar book with a slightly broarder scope and more detail.