Product Description

A comprehensive introduction to the techniques of
exploitation and creative problem-solving methods commonly
referred to as "hacking." It shows how hackers exploit
programs and write exploits, instead of just how to run
other people's exploits. This book explains the technical
aspects of hacking, including stack based overflows, heap
based overflows, string exploits, return-into-libc,
shellcode, and cryptographic attacks on 802.11b.

Product Details

• Amazon Sales Rank: #58671 in Books
• Published on: 2003-11-01
• Original language: English
• Number of items: 1
• Binding: Paperback
• 264 pages

About the Author
Jon Erickson has a formal education in computer science and has been hacking and programming since he was five years old. He speaks at computer security conferences and trains security teams around the world. Currently, he works as a vulnerability researcher and security specialist in Northern California.

Customer Reviews

Great book for those truly interested in system exploitation
"Hacking: The Art of Exploitation" is a truly excellent resource for those *truly* interested in system exploitation. Erickson starts from the beginning by introducing the scene to the user, explaining what the book intends to teach the reader, as well as the whole deal with the hacking spirit and the workings of the hacking scene. Erickson wastes little time in delving deep into the technical details of common vulnerabilities often found in all sorts of programs, as well as teaching the reader how to write their very own homegrown exploit codes in several different programming languages. Whilst Erickson does not drown the user in boring or irrelevant information, he provides plenty of information which only encourages the reader even more to carry out some of the experimental exercises presented in the book.

A few topics covered in this truly great book include:

- Writing shellcodes (polymorphic, ASCII printable etc.)
- Defeating non-exec stacks (such as in OpenBSD) by teaching how to "return into libc" as an alternative to executing shellcode.
- Various network hacks (such as network DoS vulnerabilities aswell as a multitude of port scanning techniques).
- A wide and vast overview of crytography, including breaking WEP encryption, the details of various popular ciphers, and password cracking using a few little documented techniques.
- and much, much more...

I consider "Hacking: The Art of Exploitation" to be the bible of system exploitation. Whilst other "hacking" books provide an introduction to many off-the-shelf hacking tools, "Hacking: The Art of Exploitation" teaches the true spirit of hacking and system exploitation: creative thinking. This book is a must for all of those interested in true hacking.

Good Introduction
This book gives a good introduction to general security concepts.
it starts off with some common programming exploits (eg buffer overflows) and explains how they work and shows you how to execute them. This section of the book is good, although i found the need for other material to expand on what i learned here. For example aleph1's excellent tutorial Smash the Stack is a good way to supplement this. Other programming exploits explained are heap overflows, format strings and returning into libc. These are all well explained introductions, but to gain a deeper understanding it is necessary to do some more research.

There is also a good section on writing your own shellcode. Some assembly language experience is useful here and generally it is well explained and set out.

The section on network attacks is also a very good although at times it seems like he is only explaining how to use existing tools and doesn't go into the theory behind them enough, but having said that it is an excellent introduction. Topics covered here include: packet sniffing, DOS attacks, port scanning and TCP/IP hijacking.

The final section on encryption offers some good theoretical knowledge on general encryption concepts but lacks a little on the practical implications of this. However if you are really into encryption you will want to get a dedicated book on it. In the meantime this definatly severs as a good introduction.

With the nature of the topics covered the best way i found to learn was to read over a section and experiment with it. You can only learn so much from a book, but this book will give you a good knowledge base to start from. A decent knowledge of C is assumed, some assembly knowledge would be helpful but isn't strictly necessary.

The Definitive Computer Security Handbook!
I consider this book to be excellent. It is a "must read" if you really want a thorough grasp of the priciples behind computer security. It concisely explains the techniques of exploitation, aided by clear code examples. You will benefit most from this book if you start with a basic background knowledge of C programming, shell scripting and networking.