- This topic has 9 replies, 10 voices, and was last updated 10 years, 4 months ago by
Determ.
-
AuthorPosts
-
-
December 22, 2008 at 6:55 pm #3127
Don Donzal
KeymasterIn talking to a few people about this book earlier in the year, it was expressed to me that it seems as though it is way over the head of most. What Ryan does well in this review is explain how effectively the author can take readers of widely varying skill levels through the same material. Some may go faster than others, while some may need to do a little research on the side and then come back. Either way, if you are not a master coder and that has prevented you from picking up this book… read on my friend.
Permanent link: [Article]-Hacking: The Art of Exploitation 2nd Edition
Review by Ryan Linn, CISSP, MCSE, GPEN
Hacking: The Art of Exploitation 2nd Edition (HTAoE) by Jon Erickson is frequently considered a “must read” for those wanting to understand exploits and exploit development. So when I wanted to understand more about the exploit development side of security this was the first book I picked up.
When talking about a book that involves programming, it is often beneficial to know where the reviewer is coming from. I do Windows, Unix, and network security, and I am pretty comfortable with programming although by no means a professional programmer. I have worked some with assembly programming, albeit in the days of Windows for Workgroups, and I really wish that I’d paid better attention in that class in college. Although I do have some experience in these areas, I’m going to point out what areas may cause individuals who haven’t been exposed to much programming challenges, and also what areas should be understandable by everyone.
Free Sample Chapter Available Below
“0x300 EXPLOITATION”Leave comments below or suggest other book reviews for Mr. Linn.
Don
-
December 23, 2008 at 4:06 am #21035
jason
ParticipantIt is a good book. I think that most folks with a little technical aptitude and drive could make it through.
-
December 23, 2008 at 2:43 pm #21036
Michael J. Conway
ParticipantI think just about all of us have a copy here at the office. It seems to be required reading for us.
-
March 3, 2009 at 11:35 pm #21037
timmedin
ParticipantI ordered my copy, but I didn’t click on the link through here. Do you get any kick back if I order through here. If so, I’ll buy stuff on Amazon after clicking through here in the future.
-
March 4, 2009 at 2:27 am #21038
former33t
ParticipantIt’s practically required reading where I work. It was one of those books that made me dust some cobwebs off my brain. I was truly impressed. It is a little down in the weeds for what most people think of as hacking (as compared to say “Hacking Exposed”) but it doesn’t leave you guessing about what’s going on behind the scenes.
I was proud to find that I was finding most of the vulnerabilities in the (admittedly simplistic) C code as it was being presented (before it was discussed). Anyway, I’d recommend the book to anyone interested in the field.
-
March 4, 2009 at 3:10 am #21039
Ketchup
ParticipantI enjoyed the book very much. I don’t think that you can copy and paste the code in the book to create your own buffer overflows with today stack guards, but I thought the concepts were quite solid. It’s one of the best tech books I’ve ever read.
-
March 17, 2009 at 2:13 am #21040
hayabusa
ParticipantYou’re correct in that many of the buffer overflows cannot just be copied and pasted, as many are specific to windows patch levels, etc. However, if you combine what you read and get from the book, and use it in accordance with some good training (perhaps the OSCP training from muts, at Offensive,) you can learn to use the same exploits on different patch-level’ed windows boxes, etc. (Not even lending to the Linux explanations, but for MANY places I have pentested, the majority have been easiest to access via a Windows box, anyway…
-
July 1, 2010 at 7:20 pm #21041
pizza1337
ParticipantOld thread I know, but I ordered this book. 😀
-
July 3, 2010 at 4:31 pm #21042
zeroflaw
ParticipantGood move ;D
-
September 11, 2010 at 5:30 pm #21043
Determ
ParticipantDoes anyone know when will 3rd edition be released?
-
-
AuthorPosts
- You must be logged in to reply to this topic.