Hacking: The Art of Exploitation w/CD [Paperback]

Jon Erickson (Author)

Book Description

ISBN-10: 1593270070 | ISBN-13: 978-1593270070 | Publication Date: October 2003 | Edition: 1

A comprehensive introduction to the techniques of exploitation and creative problem-solving methods commonly referred to as "hacking." It shows how hackers exploit programs and write exploits, instead of just how to run other people's exploits. This book explains the technical aspects of hacking, including stack based overflows, heap based overflows, string exploits, return-into-libc, shellcode, and cryptographic attacks on 802.11b.

Editorial Reviews

About the Author

Jon Erickson has a formal education in computer science and has been hacking and programming since he was five years old. He speaks at computer security conferences and trains security teams around the world. Currently, he works as a vulnerability researcher and security specialist in Northern California.

Product Details

• Paperback: 264 pages
• Publisher: No Starch Press; 1 edition (October 2003)
• Language: English
• ISBN-10: 1593270070
• ISBN-13: 978-1593270070
• Product Dimensions: 9.2 x 7.3 x 0.9 inches
• Shipping Weight: 1.2 pounds
• Average Customer Review: 4.3 out of 5 stars  See all reviews (41 customer reviews)
• Amazon Best Sellers Rank: #861,055 in Books (See Top 100 in Books)

More About the Author

Jon Erickson has a formal education in computer science and speaks frequently at computer security conferences around the world. He currently works as a cryptologist and security specialist in Northern California.

Customer Reviews

Most Helpful Customer Reviews

109 of 119 people found the following review helpful:

4.0 out of 5 stars Need to know Assembly, March 5, 2004

By 

W Boudville (Terra, Sol 3) - See all my reviews
(VINE VOICE)    (TOP 1000 REVIEWER)    (HALL OF FAME REVIEWER)    (REAL NAME)   

This review is from: Hacking: The Art of Exploitation w/CD (Paperback)

You have probably heard of such hacking techniques as buffer overflows. Typically, a book might give only cursory explanation, especially if it is not devoted to hacking. But suppose you write in C. Chances are you've inadvertantly created buffer overflows and then spent hours chasing this down, after your program crashed. So how on earth can a deliberate overflow lead to a breakin?

It is for such matters that Erickson expounds here. Written for you, whether you want to create such exploits or prevent them. In either case, the knowledge is the same.

What the book requires is some knowledge of C and assembly. For the latter, it is the language of the Intel x86 family. But even if you don't know it, so long as you are familiar with any assembly language and the theory of a Neumann machine, then you can follow the text.

This book is not for every programmer. It turns out that a fair number of programmers get into the field by learning a high level language like C, Fortran, Java or Pascal. But they never learn any assembly. To them, anything compiled from source is a black box. Instead, you need some background in assembly.

The book also gives neat coverage of how to sniff network traffic and manipulate it. There is a section on cryptography. But for this, it is so specialised and vital that you should consult texts dedicated to it.

55 of 58 people found the following review helpful:

4.0 out of 5 stars A lot better than the rest!, February 10, 2006

By 

A. Chopra - See all my reviews
(REAL NAME)   

This review is from: Hacking: The Art of Exploitation w/CD (Paperback)

After reading more than 12 different books on this subject, finally I came across this, the best book ever on security. This is the kind of book that gives you what it promises on the cover. I was quiet impressed with the contents and style of writing.

I must add that I have learned a lot from this book, enough to help me in protecting my network and any unauthorized attempt to access my information. This is not for entertainment, like the others which I found in this genre (read Ankit Fadia and you will know what I mean here), this is some serious work by done by an author who knows what he his telling to the readers, and what they will understand. However, somewhere in between it get too technical, and one actually has to sit in front a computer to try and see what the author is trying to tell, but I liked it for being so real and accurate about computer security.

The author has done his homework well before writing it. I found almost all the information correct and original. Wonder why some people have given negative reviews for this book? Because, one has to be a technical qualified in computer security to fully understand what author is telling you. It's like me writing a review for a cooking recipe book. Also, I will like to add that buy it for securing your network, but don't expect it to teach you some serious hacking. For that you have to put lots of real efforts than just buying a book and reading it, though this book can always be a firm stepping stone!

37 of 39 people found the following review helpful:

5.0 out of 5 stars Best hacking book in the market, April 16, 2004

By A Customer

This review is from: Hacking: The Art of Exploitation w/CD (Paperback)

This book is 10 times greater than any other hacking book. It gives useful code and examples rather than 250 pages of theory. Stack and heap overflows are explained in detail as well as many other modern types of exploits. The best part of the book is that it teaches the reader how to write his/her own shellcode and teaches some basic Assembly language along the way. Everything you need to know to be a hacker or stop hackers.

Includes detailed explanations and code for:
buffer / stack / heap based overflows
format string vulnerabilities
writing shellcode
sniffing switched and unswitched networks
tcp / ip hijacking
denial of service
port scanning and tricking port scans of your own computer
password cracking
Man in the middle attacks
Wireless internet security / hacking
and more