28 March 2016

The Hacker's Playbook

When reading technical books I mainly find three kind of books: those that don't teach anything new, those that are gold mine of knowledge and those that only scratchs the surfaces of topics but give you interesting links to investigate further on. I think that "The Hacker's Playbook: Practical Guide to Penetration Testing" by Peter Kim is placed in the third category: just reading it you won't be a master pentester but if you really investigate the links and resources the author points you'll definitely get the mastery.

The book deals with many topics but not profoundly: scanning (network and web), exploiting, privilege elevation, networks attacks (wired and wireless), social engineering, AV-evasion, password cracking, etc. I think that as an introductory text is right and it's well focused because it explains things using tools "open source" or freely available, but where this books excels is pointing at public resources to go deeper in your learning. There are a wealth of links along the book all all of them points to really interesting web resources with tools, courses, tutorials and, and this is very important, places to train your skills without end with SWAP knocking your door.

Text is well written and explanations are concise and easy to understand. Content is cleverly structured and covers almost every field in penetration testing.

Taking in count it's not an expensive book I've found worth buying and reading it and I recommend it for introductory levels or for mediums levels who want a quick state-of-the-art review.


12 January 2016

Functional Python Programming

I always wanted to know what was about that thing called functional programming, but I didn't want top learn a new language to understand functional programming, not now at least. So when a found a book dealing the topic (Functional Python Programming by Steven Lott) from a Python focus I read it.

After reading it I feel that I've been following a lot of functional programming principles without even realizing it: short functions, don't alter outer states from inside a function, use iterators (lazy-evaluation) wherever possible, etc. That doesn't mean I didn't learn anything, for instance I really enjoyed the examples about features in itertools library which I hadn't used so far.

It includes some advices I'm not going to follow, like the one about chaining functions. The book really like function chaining (you know, inserting a function call as a parameter for another function) but doing that you end with really long line codes that I feel entirely un-pythonic. Besides, they really like recursion but I fell unconfortable with that concept and to be honest I didn't understand the books example about tail optimizations.

Nevertheless the book is extensive, systematic and includes a lot of example so I think it's worth reading it to get some concepts to improve your overall coding skills.