.

[Article]-Hacking: The Art of Exploitation 2nd Edition

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Mon Dec 22, 2008 1:55 pm

[Article]-Hacking: The Art of Exploitation 2nd Edition

In talking to a few people about this book earlier in the year, it was expressed to me that it seems as though it is way over the head of most. What Ryan does well in this review is explain how effectively the author can take readers of widely varying skill levels through the same material. Some may go faster than others, while some may need to do a little research on the side and then come back. Either way, if you are not a master coder and that has prevented you from picking up this book... read on my friend.

Permanent link: [Article]-Hacking: The Art of Exploitation 2nd Edition


Review by Ryan Linn, CISSP, MCSE, GPEN

Hacking: The Art of Exploitation 2nd Edition (HTAoE) by Jon Erickson is frequently considered a "must read" for those wanting to understand exploits and exploit development.  So when I wanted to understand more about the exploit development side of security this was the first book I picked up.

When talking about a book that involves programming, it is often beneficial to know where the reviewer is coming from.  I do Windows, Unix, and network security, and I am pretty comfortable with programming although by no means a professional programmer.  I have worked some with assembly programming, albeit in the days of Windows for Workgroups, and I really wish that I'd paid better attention in that class in college.  Although I do have some experience in these areas, I'm going to point out what areas may cause individuals who haven't been exposed to much programming challenges, and also what areas should be understandable by everyone.

Free Sample Chapter Available Below
"0x300 EXPLOITATION"




Leave comments below or suggest other book reviews for Mr. Linn.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Mon Dec 22, 2008 11:06 pm

Re: [Article]-Hacking: The Art of Exploitation 2nd Edition

It is a good book. I think that most folks with a little technical aptitude and drive could make it through.
<<

sgt_mjc

Sr. Member
Sr. Member

Posts: 294

Joined: Tue Feb 05, 2008 8:34 am

Location: AL

Post Tue Dec 23, 2008 9:43 am

Re: [Article]-Hacking: The Art of Exploitation 2nd Edition

I think just about all of us have a copy here at the office. It seems to be required reading for us.
Mike Conway
CISSP
CompTia Security +
C|EH
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Tue Mar 03, 2009 6:35 pm

Re: [Article]-Hacking: The Art of Exploitation 2nd Edition

I ordered my copy, but I didn't click on the link through here. Do you get any kick back if I order through here. If so, I'll buy stuff on Amazon after clicking through here in the future.
twitter.com/timmedin | http://blog.securitywhole.com
<<

former33t

Full Member
Full Member

Posts: 226

Joined: Sat Feb 14, 2009 12:33 am

Post Tue Mar 03, 2009 9:27 pm

Re: [Article]-Hacking: The Art of Exploitation 2nd Edition

It's practically required reading where I work.  It was one of those books that made me dust some cobwebs off my brain.  I was truly impressed.  It is a little down in the weeds for what most people think of as hacking (as compared to say "Hacking Exposed") but it doesn't leave you guessing about what's going on behind the scenes.

I was proud to find that I was finding most of the vulnerabilities in the (admittedly simplistic) C code as it was being presented (before it was discussed).  Anyway, I'd recommend the book to anyone interested in the field.
Certifications: CREA, MCSE: Security, CCNA, Security+, other junk
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Tue Mar 03, 2009 10:10 pm

Re: [Article]-Hacking: The Art of Exploitation 2nd Edition

I enjoyed the book very much.  I don't think that you can copy and paste the code in the book to create your own buffer overflows with today stack guards, but I thought the concepts were quite solid.  It's one of the best tech books I've ever read.
~~~~~~~~~~~~~~
Ketchup
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Mon Mar 16, 2009 9:13 pm

Re: [Article]-Hacking: The Art of Exploitation 2nd Edition

You're correct in that many of the buffer overflows cannot just be copied and pasted, as many are specific to windows patch levels, etc.  However, if you combine what you read and get from the book, and use it in accordance with some good training (perhaps the OSCP training from muts, at Offensive,) you can learn to use the same exploits on different patch-level'ed windows boxes, etc.  (Not even lending to the Linux explanations, but for MANY places I have pentested, the majority have been easiest to access via a Windows box, anyway...
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

pizza1337

Full Member
Full Member

Posts: 156

Joined: Mon Mar 08, 2010 5:29 pm

Post Thu Jul 01, 2010 2:20 pm

Re: [Article]-Hacking: The Art of Exploitation 2nd Edition

Old thread I know, but I ordered this book.  :D
Knowledge Resource is Power.
<<

zeroflaw

User avatar

Full Member
Full Member

Posts: 208

Joined: Fri Feb 12, 2010 10:41 am

Location: Holland, Den Helder

Post Sat Jul 03, 2010 11:31 am

Re: [Article]-Hacking: The Art of Exploitation 2nd Edition

Good move ;D
ZF
<<

Determ

Newbie
Newbie

Posts: 23

Joined: Tue Jul 13, 2010 1:20 am

Post Sat Sep 11, 2010 12:30 pm

Re: [Article]-Hacking: The Art of Exploitation 2nd Edition

Does anyone know when will 3rd edition be released?

Return to Book Reviews

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software