EH-Net

Ethical Hacking Discussions and Related Certifications => Programming => Topic started by: Ketchup on October 28, 2008, 04:45:00 PM


Title: Reading Suggestions
Post by: Ketchup on October 28, 2008, 04:45:00 PM
Hello everyone,

I just finished reading Hacking, The Art of Exploitation 2nd Edition by Jon Erickson.   I thought this was a great book that got me started on writing my own exploits.   While I am not planning to go into vulnerability research, I do hope to gain an indepth understanding of exploitation.   As a side goal, I am also hoping to be able to begin extending the Metasploit framework with the countless exploits and proofs of concept available out there.   I am trying to figure out what I want to read next, and I am hoping that you guys can offer some advice and opinions.

While reading the book, I got a refresher in C programming, which I haven't done much since college.   I am pretty confident in my C and C++ programming knowledge at this point.   However, I am severely lacking in Assembly and understanding of the Intel architecture.   Can someone recommend their favorite Assembly book for Intel architecture?

Also, this book concentrated on NIX and its method of memory management.  All of the sample exploits pertained to sample Linux programs.   Windows is a bit different and has its own libraries.  Is there a similar publication that deals more with the Windows architecture, it's memory management and stack defense methods, from a hacker's perspective?

Thank you in advance! 

Title: Re: Reading Suggestions
Post by: NickFnord on October 29, 2008, 05:34:34 AM
I've found the following free assembly language guides/books helpful - you may want to read them first before paying for something as they are pretty comprehensive.

Art of Assembly Language Programming (http://webster.cs.ucr.edu/AoA/index.html)

PC Assembly Language (http://www.drpaulcarter.com/pcasm/)

I know you said you were not interested in vulnerability research but perhaps one option would be the shellcoders handbook (http://www.amazon.com/Shellcoders-Handbook-Discovering-Exploiting-Security/dp/047008023X/ref=sr_1_1?ie=UTF8&s=books&qid=1225276442&sr=8-1) - which seems extremely highly recommended (although I havn't read it myself it's on my christmas list).


edit:  fixed links

Title: Re: Reading Suggestions
Post by: Ketchup on October 29, 2008, 09:56:59 AM
Thanks!   I will definitely have to check those out.   

Oh, and to clarify one thing.  When I said that I wasn't planning to go into vulnerability research, I meant to say that I wasn't planning to make a career out of it.  I am more than interested in this science from a hobby perspective.  I am just comfortable doing Sec Audits and Pen Tests and slowly drifting towards a management role at this point of my career :)


Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com