[Editors Note: I had the honor of writing the Forward to the fantastic new book Coding for Penetration Testers: Building Better Tools by Jason Andress and Ryan Linn, published this month. Think of this Forward as part book review and part adventure through a mind over-influenced by ethical hacking, penetration testing, and movies. There are references to at least four different movies in the Forward. Can you spot them?
Also... a quick reminder: If you are interested in learning network penetration testing and ethical hacking in-depth, I'll be teaching my SANS 560 course in New York City November 7-12... just a few weeks away. We'll cover a huge number of topics all arranged in the workflow of a professional pen tester to help get you ready to provide high-value assessments and pen tests. This course will be taught community-style, meaning smaller class-size (20 to 30), lower price (the lowest SANS offers it when I teach each year), extra bootcamp exercises to reinforce learning, and fun evenings out on the town talking shop and neat stuff. I'm tellin' ya...It's going to be intense and useful fun. Register here by clicking on the yellow Register pill button: http://www.sans.org/new-york-2011-cs-3/description.php?tid=3142
Forward to Andress & Linn's Coding for Penetration Testers: Building Better Tools
By Ed Skoudis
My Dear Reader,
This wretched war, the gravest threat humankind has ever faced, is not going well at all. We have suffered major setbacks, as our ruthless adversary has conquered vast territories, leaving little ground controlled by our ragtag band of rebels. Our few surviving generals blame the lack of skills in our fighting forces, allowing the enemy to rout us in every hard-fought battle. Our situation is dire.
Historians have traced this impossibly sad state of affairs to some crucial mistakes we made collectively in the 2012-2015 timeframe. We had spent the prior 30 years building ever more powerful networked machines, including PCs, smart phones, and industrial control systems, all interconnected on that blasted Internet. At first, before 2012, the machines were our servants, mindless systems processing transactions, scurrying about vacuuming our floors, and otherwise making life more pleasant for humans. Then, in 2012, Moore's relentless law kicked things into maximum overdrive. Within a decade, the machines had become sentient, matching the smartest humans on the planet. They quickly became our most trusted advisors and friends. We should have seen the warning signs and used that precious time to develop our skills. Instead, we stupidly let ourselves atrophy. As they surpassed humans, the machines began viewing us as pets, but we rejected their control. Soon, they came to the conclusion that humans were a disease, a cancer of this planet, and they viewed themselves as the cure, tirelessly working for our eradication. The war began.
We could have stopped them, I tell you, if only we had enough people with scripting and coding skills.
Through an astonishing scientific breakthrough, our physicists have managed to figure out a way to transmit this message back in time to you. I have been tasked by the Human Ruling Council to ask? no? beg you to read this book and master its skills so you can turn the tide of history itself. In these pages, you will learn how to wield control of computer systems through writing scripts and code in a variety of the most important languages today: Python, Ruby, PowerShell, and more. You'll also learn how to apply various coding concepts into extending the capabilities of some of the most powerful free security scanners and tools. The book covers these topics from a penetration tester's perspective, showing you how to find and exploit security flaws in the exciting and rapidly growing information security career field. What's more, using the automation available in these powerful scripting languages and tools, you'll be able to improve defenses throughout enterprises of any scale, from small mom-and-pop shops up to large multi-nationals. These skills will help both security professionals and also general IT practitioners do their jobs more effectively. The book is eminently practical, showing you how to get real stuff done in these scripting languages. That's your immediate payoff.
But, its usefulness in improving your skills and career isn't the only reason to read the book. I won't mince words — our very survival as a species is inherently linked to your mastering the knowledge of this book. We need you to learn script writing to keep the machines in check over your coming decade so you can avoid our sad fate. I implore you to learn it and live it, for your sake and for future generations. What are you waiting for? Help us, Dear Reader. You're our only hope!
June 10, 2061
[When they asked me to write the Forward, I read several chapters and thought to myself — This is really good. Our people, penetration testers, ethical hackers, and incident handlers, really need to read this book to do their jobs better. I thought — How can I encourage them to do so? Then, it hit me. How about if I say "Our very survival as a species is inherently linked to your mastering the knowledge of this book"? I figured that wasn't overstating the case at all. ? After writing that sentence first, the rest of the Forward fell into place quickly. You can (and should) buy the book here. Please note that I make no money whatsoever on the book. I'm telling you about it because it's so useful and good. -Ed.]