I've found it to be excelent so far.
I've made a few notes on the second chapter concepts on my blog (
www.nickfnord.com) I don't know if it will help persuade you to get it.
I heard good things about the first edition and most of the reviews on amazon.com are about the first edition - some mention the mistakes throuought etc.
the second edition is very good and although I can't compare it to the entire first edition, it does seem to have a less condecending tone than the one chapter I read of the first edition somewhere.
It does go in-depth very quickly and so I'm taking it very slowly and making sure I understand everything before I move on, but it is has a nice tone to it that makes it a bit less dry:
quote from chapter 2:
"Now it is time to do something useful with the vulnerability you exploited earlier. Forcing overflow.c to ask for input twice instead of once is a neat trick, but hardly something you would want to tell your friends about - "Hey, guess what, I caused a 15 line C program to ask for input twice!" No, we want you to be cooler than that."
I have alredy found a number of minor technical errors, but at the moment suspect that they may have been introduced deliberately perhaps, as it forces you to understand what's going on rather than just copying and pasting code from the book.
also - it's been noted that Jack Koziol is notably absent from the authors list of the second edition, but he is specifically mentioned in the authors acknowledgements and his code is liberaly sprinkled throuought the book:
[jack@0day local]$ gcc shellcode.c -o shellcode
[jack@0day local]$ ./shellcode
sh-2.05b#
despite the fact I'm a newbie in this sort of thing, I'd highly recommend it anyway. it definately doesn't hold your hand and so I'd imagine that it would be great for an old hat also.
CEH - Certified Ethical Hacker : CEH is a scam
