Customer Reviews

The Shellcoder's Handbook: Discovering and Exploiting Security Holes

5 star:		(14)
4 star:		(3)
3 star:		(4)
2 star:		(0)
1 star:		(0)

 

 

Not for beginners as others have previously stated, you require deep knowledge of C, assembler and IA32 architecture as well as some knowledge of the Linux and Windows operating systems. If you have this then it will suffice (Even if you have not ever heard of a buffer overflow before).

What amazes me, and the reason of me not giving five stars to the book, is the enormous amount of errors in the book (no one else has talked about this on previous reviews). These go from forgetting to include memory allocation routines in some sample code and putting incorrect labels in some diagrams to talking about certain parts of code while actually showing completely different lines of code or talking about different addresses in the explanations from the ones on the sample code and program output that they talk about.

For example, on page 90 the authors wrote:

" Let's take a look at two assembly instructions that correspond to the free() routine finding the previous chunk

0x42073ff8 <_int_free+136>: mov 0xfffffff8 (%edx),%eax
0x42073ffb <_int_free+139>: sub %eax,%esi

In the first instruction (mov 0x8 (%esi), %edx), %edx is 0x80499b8, the address of..."

The instruction being referred to at the last sentence should be "mov 0xfffffff8 (%edx),%eax". "mov 0x8 (%esi), %edx" appears many lines below this paragraph, in another code sample, and it is completely unrelated to the explanation given there.

Of course, people familiar with these topics who also have a deep knowledge of the required programming languages and architectures will catch these flaws easily. The problem is that there are so many of them that it gets annoying at some point and you end asking yourself why do the editorial reviewers didn't do their job properly.

Also, I bought this book almost as soon as it went out for sale, yet as of this date (may 2004), the only material found in the web page of the book is the source code to most of the examples. Definitely much less compared to all the material that the authors promised in the book to be there (so don't expect to find more than this).

It is an excellent reference book though, and if you take the time to read the book thoroughly and make notes to fix the errors in the book you will find that even this activity is rewarding. Some might even argue that the authors put the errors there on purpose to keep script kiddies away from this knowledge, but I don't think that would be OK with a book like this which has created so much expectation. Hopefully the next edition will have all this fixed.

I've always been facinated by the amount of work security researchers put into finding vulnerabilities. This is a very good book on software vulnerabilities. It's also very current as it examines a number of the recently widely publicized vulnerabilities. It also rightly points out the fact that Linux/Unix are not as secure as a lot of people out there would like the public to believe.

The ways to get around stack protection outlined in this book was an eye opener for me.

I thought I had very good knowledge of the material the book covers until I actually read it. It is clear that as software shops continue to plug vulnerabilties, people will continue to find new ways to exploit software.

Clearly, this book is not for the casual reader. This is essentially a book for people who have above average assembly language and c/c++ skills.

The title "Shellcoder's handbook" made me reluctant to even buy this book. I thought it would go about explaining exploiting stack, heap overruns, bypassing memory exploitation methods and so on in order to execute shell code: basically, a book for hacking and I didn't like that. Nonetheless, it took me a glance of the list of authors and the table of contents to realize that this book goes beyond exploitation and into core penetration testing and vulnerability discovery methods. Hopefully, like rational and ethical software security engineers will do, this book will be used more for vulnerability discovery and benign exploitation rather than malicious exploitation.

Parts 1 and 2 are a great introduction of OS internal, system calls, memory management, and in-depth analysis of security bug exploitation; thus making them relevant for part 3: "Vulnerability Discovery". Part 3 goes into great depth on how discover security bugs. No so often do we have the brightest minds in the art of software vulnerability discovery, penetration testing, or "ethical hacking" joining forces. The variety of ways to discover security bugs is what we need to learn in order to ship secure software or to successfully secure existing software applications. Great Job!

This book is absolutely excellent. One of the best, if not the best security book I have ever read.


As previously stated numerous times, it will require you have Assembly and C knowledge. If you don't know either one the book will move lightning fast and you will probably not have the ability to keep up. If you do know both, you should be able to take the book at a nice and steady speed.


Aside from difficulty, the rumors that it contains syntax errors ARE true. There are a few little errors in places like this (showing a typical off-by-one error to prove that C doesn't check boundries on arrays):

#include <stdio.h>

int main() {
int array[5] = {1,2,3,4,5};
printf("%d",array[5];
}


While these errors ARE numerous and slightly annoying, the important thing to understand is that you get the general concepts they are trying to teach you. Anybody can fix the syntax to work correctly but if they don't know the logic behind the syntax it's no different than a car mechanic trying to fix a F-16 jet.

I am willing to overlook the syntax and lexical errors that appear in this book and give it a 5/5. I may be too light, but I think it's an absolutely essential book that everybody should read.


If you find yourself wanting to get a book, whether it be Hacking: The Art of Exploitation, Reversing: Secrets of Reverse Engineering, Rootkits: subverting the Windows kernel, or The Art of Computer Virus Research and Defense, while all excellent books (which I highly recommend you all read if this book interests you), if you have the ability to get The Shellcoders Handbook: Discovering and Exploiting Security Holes, you should.

In the last few months I've read several white hat/black hat books on security, and I must say that this one is the best. Not for the completely new to the subject, and a little too quick to explain some complex topics, but still a great book. I have only two complaints, which aren't making me give this book less than a 5:
1. There's a lot of errors in the content, and following such an advance book when you can't trust the code gets complicated.
2. There are a few chapters, particularly in section 3, where the style hasn't been neutralized, and you can absolutely tell that the book was written by 5 different people with almost no coordination.

Other than that, excellent book. I'm looking forward to buying Database Hacker's Handbook, by the same editor.

Im only half way through the book, but what I can say so far is that the shellcoder's handbook has been a very positive experience. Not being an expert hacker, the book is easy to understand, and has enlightened me to many security bugs that i didn't even know existed. Highly recommended.

When guys like these go to all the hard work of testing and testing to find the kinds of security holes they talk about in this book and then do the good guy thing of reporting the vulnerabilities to the vendor to HELP them, and to help the community, and still our security stinks, then someone has to speak up. Kudos to these guys!

While the material is good, there are way to many errors. For someone who's looking for the hows and whats of software exploitation, this book comes through. For someone who actually wants to follow their example code... good luck. Errors everywhere! I wonder how this book made it past the editors. I haven't come across a book like this in a long long time. The webpage also lacks much content save for the chapter code, some of which is faulty and will not run properly without modification.

Get some new editors!

Just the sheer wealth of information is something you are rarely treated to in ANY book. 24 chapters of very deep security tips.

I haven't read the whole book yet as I've skipped to the advanced topics but I can say i've learnt quite a bit despite the fact that I've read many papers on shellcode/buffer overflows.

I can see why some people said this book is dangerous because it will help the attackers. Although this idea of security through obscurity is absurd, I have to say that it will be difficult for most attackers to come up on their own with the things discussed in this book.

In all cases, kudos to the authors for writing such a comprehensive handbook. I hope we'll see a sequel to it.

If you want to learn how to exploit software, this is is a MUST for your library. An awesome book despite a few errors in the text.

The only issue I have is with the numerous promises of additional resources on the web site that have never materialized.