[Article]-Hacking: The Art of Exploitation 2nd Edition

Viewing 9 reply threads
  • Author
    Posts
    • #3127
      Don Donzal
      Keymaster

      In talking to a few people about this book earlier in the year, it was expressed to me that it seems as though it is way over the head of most. What Ryan does well in this review is explain how effectively the author can take readers of widely varying skill levels through the same material. Some may go faster than others, while some may need to do a little research on the side and then come back. Either way, if you are not a master coder and that has prevented you from picking up this book… read on my friend.

      Permanent link: [Article]-Hacking: The Art of Exploitation 2nd Edition

      Review by Ryan Linn, CISSP, MCSE, GPEN

      Hacking: The Art of Exploitation 2nd Edition (HTAoE) by Jon Erickson is frequently considered a “must read” for those wanting to understand exploits and exploit development.  So when I wanted to understand more about the exploit development side of security this was the first book I picked up.

      When talking about a book that involves programming, it is often beneficial to know where the reviewer is coming from.  I do Windows, Unix, and network security, and I am pretty comfortable with programming although by no means a professional programmer.  I have worked some with assembly programming, albeit in the days of Windows for Workgroups, and I really wish that I’d paid better attention in that class in college.  Although I do have some experience in these areas, I’m going to point out what areas may cause individuals who haven’t been exposed to much programming challenges, and also what areas should be understandable by everyone.

      Free Sample Chapter Available Below
      “0x300 EXPLOITATION”

      Leave comments below or suggest other book reviews for Mr. Linn.

      Don

    • #21035
      jason
      Participant

      It is a good book. I think that most folks with a little technical aptitude and drive could make it through.

    • #21036
      Michael J. Conway
      Participant

      I think just about all of us have a copy here at the office. It seems to be required reading for us.

    • #21037
      timmedin
      Participant

      I ordered my copy, but I didn’t click on the link through here. Do you get any kick back if I order through here. If so, I’ll buy stuff on Amazon after clicking through here in the future.

    • #21038
      former33t
      Participant

      It’s practically required reading where I work.  It was one of those books that made me dust some cobwebs off my brain.  I was truly impressed.  It is a little down in the weeds for what most people think of as hacking (as compared to say “Hacking Exposed”) but it doesn’t leave you guessing about what’s going on behind the scenes.

      I was proud to find that I was finding most of the vulnerabilities in the (admittedly simplistic) C code as it was being presented (before it was discussed).  Anyway, I’d recommend the book to anyone interested in the field.

    • #21039
      Ketchup
      Participant

      I enjoyed the book very much.  I don’t think that you can copy and paste the code in the book to create your own buffer overflows with today stack guards, but I thought the concepts were quite solid.  It’s one of the best tech books I’ve ever read.

    • #21040
      hayabusa
      Participant

      You’re correct in that many of the buffer overflows cannot just be copied and pasted, as many are specific to windows patch levels, etc.  However, if you combine what you read and get from the book, and use it in accordance with some good training (perhaps the OSCP training from muts, at Offensive,) you can learn to use the same exploits on different patch-level’ed windows boxes, etc.  (Not even lending to the Linux explanations, but for MANY places I have pentested, the majority have been easiest to access via a Windows box, anyway…

    • #21041
      pizza1337
      Participant

      Old thread I know, but I ordered this book.  😀

    • #21042
      zeroflaw
      Participant

      Good move ;D

    • #21043
      Determ
      Participant

      Does anyone know when will 3rd edition be released?

Viewing 9 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?