Product Description

Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope. Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker's perspective. The included LiveCD provides a complete Linux programming and debugging environment-all without modifying your current operating system. Use it to follow along with the book's examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to: Program computers using C, assembly language, and shell scripts Corrupt system memory to run arbitrary code using buffer overflows and format strings Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening Outsmart common security measures like nonexecutable stacks and intrusion detection systems Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence Redirect network traffic, conceal open ports, and hijack TCP connections Crack encrypted wireless trafficusing the FMS attack, and speed up brute-force attacks using a password probability matrix Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don't already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity.

Product Details

• Amazon Sales Rank: #35185 in Books
• Published on: 2007-12-24
• Original language: English
• Number of items: 1
• Binding: Paperback
• 488 pages

About the Author
Jon Erickson has a formal education in computer science and has been hacking and programming since he was five years old. He speaks at computer security conferences and trains security teams around the world. Currently, he works as a vulnerability researcher and security specialist in Northern California.

Customer Reviews

Great book for those truly interested in system exploitation
"Hacking: The Art of Exploitation" is a truly excellent resource for those *truly* interested in system exploitation. Erickson starts from the beginning by introducing the scene to the user, explaining what the book intends to teach the reader, as well as the whole deal with the hacking spirit and the workings of the hacking scene. Erickson wastes little time in delving deep into the technical details of common vulnerabilities often found in all sorts of programs, as well as teaching the reader how to write their very own homegrown exploit codes in several different programming languages. Whilst Erickson does not drown the user in boring or irrelevant information, he provides plenty of information which only encourages the reader even more to carry out some of the experimental exercises presented in the book.

A few topics covered in this truly great book include:

- Writing shellcodes (polymorphic, ASCII printable etc.)
- Defeating non-exec stacks (such as in OpenBSD) by teaching how to "return into libc" as an alternative to executing shellcode.
- Various network hacks (such as network DoS vulnerabilities aswell as a multitude of port scanning techniques).
- A wide and vast overview of crytography, including breaking WEP encryption, the details of various popular ciphers, and password cracking using a few little documented techniques.
- and much, much more...

I consider "Hacking: The Art of Exploitation" to be the bible of system exploitation. Whilst other "hacking" books provide an introduction to many off-the-shelf hacking tools, "Hacking: The Art of Exploitation" teaches the true spirit of hacking and system exploitation: creative thinking. This book is a must for all of those interested in true hacking.

Good Introduction
This book gives a good introduction to general security concepts.
it starts off with some common programming exploits (eg buffer overflows) and explains how they work and shows you how to execute them. This section of the book is good, although i found the need for other material to expand on what i learned here. For example aleph1's excellent tutorial Smash the Stack is a good way to supplement this. Other programming exploits explained are heap overflows, format strings and returning into libc. These are all well explained introductions, but to gain a deeper understanding it is necessary to do some more research.

There is also a good section on writing your own shellcode. Some assembly language experience is useful here and generally it is well explained and set out.

The section on network attacks is also a very good although at times it seems like he is only explaining how to use existing tools and doesn't go into the theory behind them enough, but having said that it is an excellent introduction. Topics covered here include: packet sniffing, DOS attacks, port scanning and TCP/IP hijacking.

The final section on encryption offers some good theoretical knowledge on general encryption concepts but lacks a little on the practical implications of this. However if you are really into encryption you will want to get a dedicated book on it. In the meantime this definatly severs as a good introduction.

With the nature of the topics covered the best way i found to learn was to read over a section and experiment with it. You can only learn so much from a book, but this book will give you a good knowledge base to start from. A decent knowledge of C is assumed, some assembly knowledge would be helpful but isn't strictly necessary.

The Definitive Computer Security Handbook!
I consider this book to be excellent. It is a "must read" if you really want a thorough grasp of the priciples behind computer security. It concisely explains the techniques of exploitation, aided by clear code examples. You will benefit most from this book if you start with a basic background knowledge of C programming, shell scripting and networking.