In this third installment of #TripwireBookClub, we look at “Gray Hat Python,” written by Justin Seitz and published by No Starch Press. I had the opportunity to briefly meet Justin at CanSecWest the year this book was published, which only increased my interest in the book and ensured my preorder. I read it back then (2009), and now, nine years later, I could definitely stand to read it again.
However, having read it in the past, I presented it for a book club but did not reread it. Seeing the reviews from members of VERT, I feel that I did myself a disservice, but I also feel like I want to hold out hope that we might see a second edition that modernizes the book before I delve into it again.
I remember that I looked forward to days when I could open IDA Pro or Immunity Debugger at work, and I found reasons to open them at night when I got home. Python was my primary programming language for both personal and professional development, and this book was everything I wanted in new reading material. I think one of the reasons I did not read the book is because looking back through rose-colored glasses, this was the perfect book.
I suspect in many ways it still is, as dated as it may be, but here’s what others within VERT had to say.
Reading Justin Seitz’s book “Gray Hat Python” was an absolute pleasure. The book is a bit old, as it was published in 2009. However, most of the tools and techniques illustrated in the book are still very relevant for reverse engineers and pentesters.
Justin does a great job at providing just enough background information for each topic, and the scope of the writing is spot-on in terms of the book’s objective. Anyone in information security, from newcomers to seasoned hackers, can glean new ideas and experience by reading this book, but the book is especially useful for those who are just starting out in the field. My favorite parts of the book are chapters six, seven, and eight. In chapter six, Justin introduces the reader to the idea of ‘hooking.’ He describes the aspects of soft and hard hooking and illustrates how hooking can be used to read sensitive data. Particularly, he provides code examples for how one might hook into the firefox.exe application to read sensitive data like usernames and passwords before Firefox encrypts the data when browsing to a site using HTTPS.
In chapter seven, Justin does a great job of introducing the reader to DLL and Code injection. He describes how DLL and code injection works in the Windows OS by utilizing various Win32 API functionalities such as with remote thread creation. In chapter eight, Justin provides cool code examples for fuzzing, which is a very neat way to find bugs and vulnerabilities in code. His example of using notepad.exe in windows to show his fuzzing data during code development while the fuzzing is happening in real time was a great takeaway.
Overall, I highly recommend this book.
– Lane Thames, Senior Security Researcher, Tripwire
“Gray Hat Python” by Justin Seitz uses a straightforward approach to introduce and explore the basics of hacking executables and libraries using Python-based resources. It is primarily focused on Windows environments and topics include debugging, hooking, injection and fuzzing. Python resources used in a variety of examples include the pydbg and PyEmu libraries, the Sully fuzzing framework, and PyCommand scripts for the Immunity Debugger.
Gray Hat Python moves quickly through each topic, exploring them just long enough to introduce you to the idea and give you a taste of it in action as you work through basic examples. Suggestions are usually given for how to continue exploring independently before moving on to the next topic.
The book starts to show its age in many of the examples which were written for now obsolete versions of operating systems and software, making them a challenge to work through. Some examples still worked seamlessly with modern systems and software, but many required searches for older versions of applications or adapting to updated implementations of software, libraries and tools. As someone who prefers learning through examples, this sometimes left me feeling frustrated as I worked my way through the book.
Examples that didn’t work as expected left me unsure if it was due to a mistake by me or to my newer environment. It left me wishing I had read this book years ago when my test environment would have more closely matched what was expected by the book to minimize these variants. However, since the goal of the book seems to be to introduce concepts and give a starting point for experimentation and independent learning, these challenges don’t take away from it achieving its goal. “Gray Hat Python” is a valuable resource for anyone looking to get into hacking with Python.
– Darlene Hibbs, Senior Security Researcher, Tripwire
Justin Seitz’s “Gray Hat Python” is a dive into the world of reverse engineering with a heavy emphasis on the how-it-works of debugging. Seitz walks you through implementing your own debugger in Python, fuzzing, code injection, and various debuggers and related tools.
Even though “Gray Hat Python” is clearly written and relatively comprehensive, you will need at least a novice-level understanding of C, intermediate Python, and some basic knowledge about CPU architecture and how processes work in Windows and Linux environments. Seitz does a good job holding your hand with practical exercises and examples, and he is clearly targeting readers who are new to reverse engineering in general, but it would be inaccurate to call “Gray Hat Python” an entry-level text.
Something to note is that “Gray Hat Python” is nearly 10 years old at this point, and some of the material shows its age. You should be prepared to follow the examples on an environment with some older applications installed; some of the code snippets in the text may require modification to run without errors. If you’re learning a lot of the subject matter for the first time as you go, broken code could be frustrating.
Despite some of those flaws, I appreciate the approach of “Gray Hat Python.” Reverse engineering is something that is most fun to learn when you get your hands dirty and indulge your curiosity. This kind of hands-on approach was missing from my time in school and other similar readings, but “Gray Hat Python” manages to stay lean and practical despite the density of the subject matter.
– Ed Bull, Security Researcher, Tripwire
“Gray Hat Python” by Justin Seitz encourages the reader to code while reading the book. Each chapter has exercises that the reader can complete, allowing the reader to build on the information that was given in the chapter. This type of book layout can allow a reader to fully understand what the author is trying to get across.
However, the book layout requires the reader to have a development environment set up so that they can do the exercises when they want to read the book. Overall, the benefits of following along with the code allow the reader to see potential benefits of the code.
Justin Seitz goes through a variety of topics in “Gray Hat Python.” I found chapter eight (Fuzzing) to be a good review of the topic. The author goes through many types of issues/attacks that can be found while fuzzing. This demonstrates to the reader the type of stuff that they should be looking for while fuzzing. Chapter eight walks the reader through creating a Python script that mutates contents of a file to demonstrate the power of a fuzzer.
After the exercise is finished, the author mentions that there are some improvements that could be made to the fuzzer that the reader completed. The improvements show the reader that a fuzzer can evolve and become more powerful based on the functionality that it contains.
– Andrew Swoboda, Senior Security Researcher, Tripwire
Based on my original reading of the book, which removes many of the outdated references that others have mentioned from the equation, I would give this book a 5/5.
Overall Rating: 4.4/5
Since we just read “Gray Hat Hacking,” it only makes sense to follow it up with “Black Hat Python,” also by Justin Seitz. Feel free to read along; we’ll be posting our reviews in October.