I received Grey Hat Python by Justin Seitz this week for my birthday — thanks sis! So far I’ve worked into Chapter 3: Building a Windows Debugger.
I’m very pleased with the level of detail the book goes into when explaining debugging techniques and how a CPU deals with processes. It almost makes me want to focus more on C code, but I know that the further I get into the book the more I will be happy with the relative simplicity offered by Python.
My only gripe with the book is the first sentence of the first paragraph on section 1.1, “I assume that you are using a 32-bit Windows-based platform to do most of your coding.” While it certainly makes sense to focus on debugging techniques on the Windows platform since most of the software one would be dealing with is written for it, it rubs me the wrong way to make the assumption that I’m using Windows to write software — especially with a language like Python. And no, I’ll be writing code primarily with vim on OSX and running Python on Windows via Parallels.
With that only negative note aside, it’s a fantastic book and I would absolutely recommend it to others.
Been playing with some online programming and hacking fun. If you’re like me and can’t sleep at night because of an overactive mind, try some of these out:
- The Python Challenge – Pretty self-explanitory. Some puzzles that require a little bit of creative Python programming along with some outside-the-box thinking on solving problems. Can probably use other programming languages as well, but at some point I’m betting there’s some Python specific data-types (I just started a few last night so don’t know yet).
- HAXTOR (warning – JS will attempt to resize your browser window) – Various decrypting challenges and web-related stuff.
- hackergames.net – Just ran across this the other day but haven’t gone through any of them.
* Word to the wise: Use a disposable virtual machine with a safe snapshot when messing around with this kind of stuff. The sites are probably safe, but you never know where you’ll end up and who could be targeting them for extra kicks. Use No-Script at a minimum.
If I have more time at a later date then I’ve really been meaning to write a more detailed review of each podcast in the IS realm that I’ve been listening to for the past 6 months, but since that time never seems to make it my way I’m just going to post links for now. Whether it’s on my feed reader or the BlackBerry, each of the shows has been extremely valuable in keeping me up to speed and looking at the horizon. Thanks guys (and gals)!
SecuraBit
Security Justice
PaulDotCom Security Weekly
Hak5
Network Security Podcast
This might not seem like a huge deal to some, but we just passed our first PCI vulnerability scan. These little Mikrotik routers (using RouterOS) really know how to rock!
Out of our current 19 public interfaces, we did have a single one that responded via ICMP. It was more or a less bad timing on our part because performing support on the machines behind the routers isn’t perfected yet, so we have to go in and disable bottom drop-rules for a few minutes to get in. Packet filtering is still active and unwanted traffic won’t come through, but it did allow that router to talk back and announce its existence — unlike the rest of the stoic batch.
One more big step out of the way…