If you use python for your day-to-day scripting and perform some reverse engineering (RE)/debugging/fuzzing tasks, then this definitely a book that is bound to catch your attention. Well, at least that was how it caught mine 
But if are just curious about how python fits into RE or just RE in general (read: high-level overview), this book does a decent job too.
The book spans 12 chapters and covers debugger designs, hooking, code injection,fuzzing and various tools such as PyDbg, Immunity Debugger (did I mention the author works at Immunity?), Sulley, IDAPython and PyEmu. The language is clear and code snippets are explained; I cannot over-emphasize its value. When I go through a technical book the last thing I want is to stop at a line of code and guess the authors’ intent.
The introductory section provides sufficient background information to get readers started. That includes setting up the environment, a guide on the ever-so-useful ctypes python module and fundamentals of debuggers. A nice touch for those who are just starting out on the RE journey.
Next, Justin presents the various magic that can be done to automate the process of debugging: writing breakpoint/access violation handlers, creating process snapshots, searching for instructions etc. Some techniques on exploit development are shared as things are explained. He also touches on IDAPython, which allows scripting on IDA Pro, together with some example scripts. For someone who are performing manual debugging on a regular basis, there can potentially be huge timesavings in automating certain part of their workflows.
Fuzzing is mentioned in the book, with a “Fuzzing 101″ style chapter and another on Sulley, a fuzzing framework, to complement it. To end off the chapter, readers are taken through a Sulley fuzzing run on a real-world application, reinforcing the textbook knowledge with a practical lesson.
Besides the theory and explanations, there are the numerous scripts littered along the way, like DEP bypass, driver fuzzer and upx unpacker, just to name a few.
Of course, this book is not perfect. The chapters are somewhat too brief, and it is largely Windows-based, with windows APIs used throughout the book. Not that I have anything against Windows, but with the degree of bias towards the OS, the book should be titled “Gray Hat Python for Windows”. Lastly, a chapter on network or even pentest would have fit into the book nicely. Perhaps a 2nd edition?
On the whole the book introduces a bundle of tools that will help in various tasks. Not all of them are the best in the trade, but choosing the right tool for the job definitely goes a long way. This is a book that I will recommend to beginners to RE and those who are looking for alternatives to automate their current workflow.
