Andress Jason Linn Ryan - Coding for penetration testers: building better tools

My Dear Reader,

This wretched war, the gravest threat humankind has ever faced, is not going well at all. We have suffered major setbacks, as our ruthless adversary has conquered vast territories, leaving little ground controlled by our ragtag band of rebels. Our few surviving generals blame the lack of skills in our fighting forces, allowing the enemy to rout us in every hard-fought battle. Our situation is dire.

Historians have traced this impossibly sad state of affairs to some crucial mistakes we made collectively in the 20122015 time frame. We had spent the prior 30 years building ever more powerful networked machines, including PCs, smartphones, and industrial control systems, all interconnected on that blasted Internet. At first, before 2012, the machines were our servants, mindless systems processing transactions, scurrying about vacuuming our floors, and otherwise making life more pleasant for humans. Then, in 2012, Moores relentless law kicked things into maximum overdrive. Within a decade, the machines had become sentient, matching the smartest humans on the planet. They quickly became our most trusted advisors and friends. We should have seen the warning signs and used that precious time to develop our skills. Instead, we stupidly let ourselves atrophy. As they surpassed humans, the machines began to view us as pets, but we rejected their control. Soon, they came to the conclusion that humans were a disease, a cancer of this planet, and they viewed themselves as the cure, tirelessly working for our eradication. The war began.

We could have stopped them, I tell you, if only we had enough people with scripting and coding skills.

Through an astonishing scientific breakthrough, our physicists have managed to figure out a way to transmit this message back in time to you. I have been tasked by the Human Ruling Council to ask no, beg you to read this book and master its skills so that you can turn the tide of history itself. In these pages, you will learn how to wield control of computer systems through writing scripts and code in a variety of the most important languages today: Python, Ruby, PowerShell, and more. Youll also learn how to apply various coding concepts to extend the capabilities of some of the most powerful free security scanners and tools. The book covers these topics from a penetration testers perspective, showing you how to find and exploit security flaws in the exciting and rapidly growing field of information security. Whats more, using the automation available in these powerful scripting languages and tools, youll be able to improve defenses throughout enterprises of any scale, from small mom-and-pop shops to large multinationals. These skills will help both security professionals and general IT practitioners do their jobs more effectively. The book is eminently practical, showing you how to get real stuff done in these scripting languages. Thats your immediate payoff.

But its usefulness in improving your skills and career isnt the only reason to read the book. I wont mince words our very survival as a species is inherently linked to your mastering the knowledge of this book. We need you to learn script writing to keep the machines in check over your coming decade so that you can avoid our sad fate. I implore you to learn it and live it, for your sake and for that of future generations. What are you waiting for? Help us, Dear Reader. Youre our only hope!

Ed Skoudis

SANS Instructor and
Co-Founder of Counter Hack Challenges

June 10, 2011