book

Black Hat Python

Name: Black Hat Python
Author: Justin Seitz
ISBN: 9781593275907

by Justin Seitz

December 2014

Intermediate to advanced

192 pages

4h 38m

English

No Starch Press

Read now

Unlock full access

Black Hat Python: Python Programming for Hackers and Pentesters
Dedication
About the Author
About the Technical Reviewers
Foreword
Preface
Acknowledgments
1. Setting Up Your Python Environment
Installing Kali LinuxWingIDE
2. The Network: Basics
Python Networking in a ParagraphTCP ClientUDP ClientTCP ServerReplacing NetcatKicking the TiresBuilding a TCP ProxyKicking the TiresSSH with ParamikoKicking the TiresSSH TunnelingKicking the Tires
3. The Network: Raw Sockets and Sniffing
Building a UDP Host Discovery ToolPacket Sniffing on Windows and LinuxKicking the TiresDecoding the IP LayerKicking the TiresDecoding ICMPKicking the Tires

4. Owning the Network with Scapy
Stealing Email CredentialsKicking the TiresARP Cache Poisoning with ScapyKicking the TiresPCAP ProcessingKicking the Tires
5. Web Hackery
The Socket Library of the Web: urllib2Mapping Open Source Web App InstallationsKicking the TiresBrute-Forcing Directories and File LocationsKicking the TiresBrute-Forcing HTML Form AuthenticationKicking the Tires
6. Extending Burp Proxy
Setting UpBurp FuzzingKicking the TiresBing for BurpKicking the TiresTurning Website Content into Password GoldKicking the Tires
7. Github Command and Control
Setting Up a GitHub AccountCreating ModulesTrojan ConfigurationBuilding a Github-Aware TrojanHacking Python’s import FunctionalityKicking the Tires
8. Common Trojaning Tasks on Windows
Keylogging for Fun and KeystrokesKicking the TiresTaking ScreenshotsPythonic Shellcode ExecutionKicking the TiresSandbox Detection
9. Fun with Internet Explorer
Man-in-the-Browser (Kind Of)Creating the ServerKicking the TiresIE COM Automation for ExfiltrationKicking the Tires
10. Windows Privilege Escalation
Installing the PrerequisitesCreating a Process MonitorProcess Monitoring with WMIKicking the TiresWindows Token PrivilegesWinning the RaceKicking the TiresCode InjectionKicking the Tires
11. Automating Offensive Forensics
InstallationProfilesGrabbing Password HashesDirect Code InjectionKicking the Tires
Updates
Index
Copyright

Overview

When it comes to creating powerful and effective hacking tools, Python is the language of choice for most security analysts. But just how does the magic happen?

In Black Hat Python, the latest from Justin Seitz (author of the best-selling Gray Hat Python), you'll explore the darker side of Python's capabilities—writing network sniffers, manipulating packets, infecting virtual machines, creating stealthy trojans, and more. You'll learn how to:

Create a trojan command-and-control using GitHub
Detect sandboxing and automate common malware tasks, like keylogging and screenshotting
Escalate Windows privileges with creative process control
Use offensive memory forensics tricks to retrieve password hashes and inject shellcode into a virtual machine
Extend the popular Burp Suite web-hacking tool
Abuse Windows COM automation to perform a man-in-the-browser attack
Exfiltrate data from a network most sneakily

Insider techniques and creative challenges throughout show you how to extend the hacks and how to write your own exploits.

When it comes to offensive security, your ability to create powerful tools on the fly is indispensable. Learn how in Black Hat Python.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781457189807Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills