Customer Reviews

Hacking: The Art of Exploitation w/CD

5 star:		(22)
4 star:		(11)
3 star:		(8)
2 star:		(0)
1 star:		(0)

 

 

You have probably heard of such hacking techniques as buffer overflows. Typically, a book might give only cursory explanation, especially if it is not devoted to hacking. But suppose you write in C. Chances are you've inadvertantly created buffer overflows and then spent hours chasing this down, after your program crashed. So how on earth can a deliberate overflow lead to a breakin?

It is for such matters that Erickson expounds here. Written for you, whether you want to create such exploits or prevent them. In either case, the knowledge is the same.

What the book requires is some knowledge of C and assembly. For the latter, it is the language of the Intel x86 family. But even if you don't know it, so long as you are familiar with any assembly language and the theory of a Neumann machine, then you can follow the text.

This book is not for every programmer. It turns out that a fair number of programmers get into the field by learning a high level language like C, Fortran, Java or Pascal. But they never learn any assembly. To them, anything compiled from source is a black box. Instead, you need some background in assembly.

The book also gives neat coverage of how to sniff network traffic and manipulate it. There is a section on cryptography. But for this, it is so specialised and vital that you should consult texts dedicated to it.

After reading more than 12 different books on this subject, finally I came across this, the best book ever on security. This is the kind of book that gives you what it promises on the cover. I was quiet impressed with the contents and style of writing.

I must add that I have learned a lot from this book, enough to help me in protecting my network and any unauthorized attempt to access my information. This is not for entertainment, like the others which I found in this genre (read Ankit Fadia and you will know what I mean here), this is some serious work by done by an author who knows what he his telling to the readers, and what they will understand. However, somewhere in between it get too technical, and one actually has to sit in front a computer to try and see what the author is trying to tell, but I liked it for being so real and accurate about computer security.

The author has done his homework well before writing it. I found almost all the information correct and original. Wonder why some people have given negative reviews for this book? Because, one has to be a technical qualified in computer security to fully understand what author is telling you. It's like me writing a review for a cooking recipe book. Also, I will like to add that buy it for securing your network, but don't expect it to teach you some serious hacking. For that you have to put lots of real efforts than just buying a book and reading it, though this book can always be a firm stepping stone!

This book is 10 times greater than any other hacking book. It gives useful code and examples rather than 250 pages of theory. Stack and heap overflows are explained in detail as well as many other modern types of exploits. The best part of the book is that it teaches the reader how to write his/her own shellcode and teaches some basic Assembly language along the way. Everything you need to know to be a hacker or stop hackers.

Includes detailed explanations and code for:
buffer / stack / heap based overflows
format string vulnerabilities
writing shellcode
sniffing switched and unswitched networks
tcp / ip hijacking
denial of service
port scanning and tricking port scans of your own computer
password cracking
Man in the middle attacks
Wireless internet security / hacking
and more

Don't expect the conceptual fluff. Be prepared for school. This book does not use the time and motivation wasting filler that so many "hacking" books fill pages with. This describes in significant depth the root techniques used in exploitation. It can make some technical assumptions about the reader, and it is helpful to have programming experience, but I prefer this approach. I would rather have the author "teach to the highest common denominator" and not the lowest... What you don't know when you read this book, you will be motivated to learn.

The writing style can be a little empty, and could use a bit more of a layered approach, but this is a minor criticism.

I work in IT security, and this is the first hacking book I have ever recommended. Go for it.

This book is a step in the right direction, but it could be better. It seems to have a lot to say about certain topics, a little to say about others, and nothing to say about still other topics. The coverage of buffer overflows, format string exploits, and writing shellcode is excellent. But then when we get to the networking section, there are a couple of paragraphs devoted to some topics. There is no discussion of web vulnerabilities in the book. Nothing on SQL injection. Nothing on cross-site scripting. Furthermore, the Windows world is totally ignored; Linux is used exclusively in the book. Nevertheless, the book is worth it if only for its unsurpassed overflow/format string/shellcode explanations.

I found this to be a decent book but nothing over the top. The best chapter is the second, which deals with buffer overflows. The rest of the chapters are quiet basic intros to networking and crypto. If you are completely new to the security scene, this is a great book to start with.

This is one of the best books I've ever read. I have read most of the current books in network security, and this is the first one, teaching you how to "think". While most other books on the market will show how to run exploits written by others, this is the first one addressing how to make yourself working exploit code. I am familiar with most papers on this issue (Murat's text, Aleph0' etc), but never before have I seen such clarity and pedagogical approach as in "hacking : the art of exploitation". Besides, I learned new techniques on exploiting an elf binary from this book.
Ever since I started reading it, I could not leave the book apart. The writing style is very clear, precise, making diffcult topics (like shellcode writing, printable shellcodes, heap/stack overflows) accesible and easily understandable for everyone.

The author presents three major topics. The first one addresses in excellent detail how software exploits can be crafted. Here you can learn a methodology on how buffer/heap/format string vulnerabilities are done. A second part of the book discusses network level vulnerabilities, while the last part adddresses cryptography. Even on this last topic, which traditionally looks either to mathematical or to general in other books, "hacking : the art of exploitation" is great and keeps one breathless.
To summarize : If you're interested in network security, or enjoying learning/reading neurons-stimulating stuff, this is the book to read.

This book covers foundational exploit techniques very well the emphasis on how to do things efficent and then in more than one way is great. The programming section is unlike anything else you'll find on the shelf and is a great next step for someone who knows the concepts and techniques of exploitation just isn't making their own home grown stuff yet. The networking section leaves a lot to be desired if this book is to be considered to contain "The fundamental techniques of serious hacking". Still this book on the shelf is one on a level above Counter Hack/Hacking Exposed/Hack Attacks Revealed. Less concept, more application. Buy this book, read it, and read it again.

If you can understand what is on the front cover, then you
will probably think the cover in itself is worth the price of
the book.

If you write software, you will find this book fascinating for
its explanation of "buffer overflows" and how they are exploited
by hackers (er, crackers) to take control of other people's
computers.

If you don't write software, then you'll probably have great
difficulty understanding this book.

I wonder why it's taken so long for a book like this to be published. Not only does the book clearly cover the most common network hacking programming techniques, he goes through all the major attacks and hacks of interests to today's network security enthusiast/professional.

Jon Erickson writes in a clear, concise and organized manner that I wish today's programming books were written in. It's not dumbed-down, but it isn't too obtuse for a complete newbie to understand. Some people in the field say, "we should teach hacking in schools". Well, to all who would--your textbook just arrived.