"Violent Python" Review

The amount of effort that goes into writing any book is substantial, but the amount of effort that goes into a great book is mind-boggling. "Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers, and Security Engineers" by TJ O'Connor is a great book.  Despite the "cookbook" title, this book is well-organized and can be read cover-to-cover. If you are a security professional, you have already or will use the methods mentioned in the book.

The first chapter dives right into the basics of scripting and the Python scripting language which is probably the slowest part of the entire book. I imagine that the majority of readers will be comfortable with skipping the whole first chapter - but don't. The magic of the book is in how TJ preps most of the scripts and functions with a story which adds context to the effort of writing the script. I don't think I have ever seen that before and it's awesome. It almost prevents you from treating the book as a "cookbook" and only looking for "recipes" that are relevant to you.  Instead, you have a scenario where that method or function was important.  The reader is never left wondering "who would ever use that?"  I hope more authors follow the model created by this book. 

I don't have any major complaints about the content of the book, but there should probably be more discussion about the short-comings of relying on external libraries.  Modules and libraries make Python fast, flexible and powerful for most security professionals. However, penetration testers may find themselves on a remote box with Python already installed.  In that common scenario, its important to be able to accomplish similar tasks without having to download any external code.

There are two things that I hope the author and publisher do to further improve the book (and any other future books).  First, I would love to this book implement syntax highlighting.  I know color print would be more expensive, so maybe release a special edition. I would gladly pay more money to see code in color! The second thing I am anxious for is the ebook release. It's a new book, so I am sure it won't be long - but color should be an easy edition to kindle edition and I will always have access to the book that way.

Overall, it's my favorite book of the year and I will certainly be referencing it in the future.  It will be added to the recommended books page shortly and I really hope you pick up a copy and see how Python can make your life easier.

-Chris

"Metasploit : The Penetration Tester's Guide" Review

Dave Kennedy, Jim O'Gorman, Devon Kearns and Mati Aharoni set out to do the impossible.  How do you write a book about a software project that improves nearly every day?  How do you keep it relevant for more than a few weeks or months? Other books have tried and in my opinion failed, but this one is great.  It doesn't just teach you how to use this great security tool, it takes you through some of the thought and methodology involved in a professional penetration test.

Almost everyone can learn something from this book.  I particularly liked the following chapters because they contain the most complete coverage of topics that you won't find much on anywhere else:
 
Chapter 3 - Working with Databases in Metasploit
Chapter 5 - Resource Files

Although I found a few tips that I was able to immediately start utilizing on engagements, I think the book would be even better for those with less exposure to Metasploit and SET.  
 
Most of my gripes about the book stem from the content in Chapter 6 (Meterpreter).  Process migration is explained, but I think the authors should have gone into more depth about how to choose the right processes to migrate to.  Most Host IPS products protect a specific set of processes which should be avoided if at all possible. A warning similar to that about the use of bind shells on page 94 would have been have nice.  Another potential improvement to Chapter 6 could be a discussion on why NOT to kill antivirus.  If you have gone through the trouble getting code execution with Meterpreter with AV installed, why not leave AV alone?  Meterpreter is running in memory so in theory it shouldn't be affected by AV.  You should avoid uploading tools if at all possible. 
 
The acknowledgment on page 108 is completely accurate.  Generating a payload to bypass some AV products is nearly impossible using the methods described in the book.  Any popular method of generating payloads will eventually be reversed (for good reason) by the AV vendors.  There is a great discussion about this concept here and here.  For that reason, its normally best to find your own method and keep it private.

Overall, the book is well-written and organized.  If I were designing a course on penetration testing, this book would definitely be mandatory reading.  Its on the short list of books I would recommend to any security practitioner.  You can pick it up from amazon or directly from No Starch. 

-Chris