The Ethical Hacker Network - [Article]-Hacking: The Art of Exploitation 2nd Edition

don

Editor-In-Chief
Administrator
Hero Member

Offline

Posts: 4165

Editor-In-Chief

[Article]-Hacking: The Art of Exploitation 2nd Edition

« on: December 22, 2008, 12:55:37 PM »

In talking to a few people about this book earlier in the year, it was expressed to me that it seems as though it is way over the head of most. What Ryan does well in this review is explain how effectively the author can take readers of widely varying skill levels through the same material. Some may go faster than others, while some may need to do a little research on the side and then come back. Either way, if you are not a master coder and that has prevented you from picking up this book... read on my friend.

Permanent link: [Article]-Hacking: The Art of Exploitation 2nd Edition

Quote

Review by Ryan Linn, CISSP, MCSE, GPEN

Hacking: The Art of Exploitation 2nd Edition (HTAoE) by Jon Erickson is frequently considered a "must read" for those wanting to understand exploits and exploit development. So when I wanted to understand more about the exploit development side of security this was the first book I picked up.

When talking about a book that involves programming, it is often beneficial to know where the reviewer is coming from. I do Windows, Unix, and network security, and I am pretty comfortable with programming although by no means a professional programmer. I have worked some with assembly programming, albeit in the days of Windows for Workgroups, and I really wish that I'd paid better attention in that class in college. Although I do have some experience in these areas, I'm going to point out what areas may cause individuals who haven't been exposed to much programming challenges, and also what areas should be understandable by everyone.

Free Sample Chapter Available Below
"0x300 EXPLOITATION"

Leave comments below or suggest other book reviews for Mr. Linn.

Don


	Logged

CISSP, MCSE, CSTA, Security+ SME

jason

Hero Member

Offline

Posts: 1012

Re: [Article]-Hacking: The Art of Exploitation 2nd Edition

« Reply #1 on: December 22, 2008, 10:06:50 PM »

It is a good book. I think that most folks with a little technical aptitude and drive could make it through.


	Logged

sgt_mjc

Sr. Member

Offline

Posts: 294

Re: [Article]-Hacking: The Art of Exploitation 2nd Edition

« Reply #2 on: December 23, 2008, 08:43:59 AM »

I think just about all of us have a copy here at the office. It seems to be required reading for us.


	Logged

Mike Conway
CISSP
CompTia Security +
C|EH

timmedin

Sr. Member

Offline

Posts: 469

Re: [Article]-Hacking: The Art of Exploitation 2nd Edition

« Reply #3 on: March 03, 2009, 05:35:21 PM »

I ordered my copy, but I didn't click on the link through here. Do you get any kick back if I order through here. If so, I'll buy stuff on Amazon after clicking through here in the future.


	Logged

twitter.com/timmedin | http://blog.securitywhole.com

former33t

Full Member

Offline

Posts: 226

Re: [Article]-Hacking: The Art of Exploitation 2nd Edition

« Reply #4 on: March 03, 2009, 08:27:45 PM »

It's practically required reading where I work. It was one of those books that made me dust some cobwebs off my brain. I was truly impressed. It is a little down in the weeds for what most people think of as hacking (as compared to say "Hacking Exposed") but it doesn't leave you guessing about what's going on behind the scenes.

I was proud to find that I was finding most of the vulnerabilities in the (admittedly simplistic) C code as it was being presented (before it was discussed). Anyway, I'd recommend the book to anyone interested in the field.


	Logged

Certifications: CREA, MCSE: Security, CCNA, Security+, other junk

Ketchup

Hero Member

Offline

Posts: 1021

Re: [Article]-Hacking: The Art of Exploitation 2nd Edition

« Reply #5 on: March 03, 2009, 09:10:01 PM »

I enjoyed the book very much. I don't think that you can copy and paste the code in the book to create your own buffer overflows with today stack guards, but I thought the concepts were quite solid. It's one of the best tech books I've ever read.


	Logged

~~~~~~~~~~~~~~
Ketchup

hayabusa

Hero Member

Offline

Posts: 1630

Re: [Article]-Hacking: The Art of Exploitation 2nd Edition

« Reply #6 on: March 16, 2009, 09:13:45 PM »

You're correct in that many of the buffer overflows cannot just be copied and pasted, as many are specific to windows patch levels, etc. However, if you combine what you read and get from the book, and use it in accordance with some good training (perhaps the OSCP training from muts, at Offensive,) you can learn to use the same exploits on different patch-level'ed windows boxes, etc. (Not even lending to the Linux explanations, but for MANY places I have pentested, the majority have been easiest to access via a Windows box, anyway...


	Logged

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCE, OSCP , GPEN, C|EH

pizza1337

Full Member

Offline

Posts: 156

Resource is Power.

Re: [Article]-Hacking: The Art of Exploitation 2nd Edition

« Reply #7 on: July 01, 2010, 02:20:57 PM »

Old thread I know, but I ordered this book. Cheesy