Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your email address or mobile phone number.
Sockets, Shellcode, Porting, and Coding: Reverse Engineering Exploits and Tool Coding for Security Professionals 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
2016 Book Awards
Browse award-winning titles. See all 2016 winners
Frequently Bought Together
Customers Who Bought This Item Also Bought
Top Customer Reviews
Additionally, the title says that this book is 'for Security Professionals.' However, the first chapter is devoted to the basics of programming; if someone is unfamiliar with a looping construct, they should not start with a book about shellcode and exploits.
All of this is not to say that <u>Sockets, Shellcode, Porting and Coding</u> is not an excellent book; it is. But with so much cut'n'pasting going on, I find myself reluctant to purchase another book with Foster on the author list.
This book starts of with an intro on programming languages that touches on issues relevant to C, C++, Perl, Java, C#, and others that vulnerability researchers might be interested in. The 2nd chapter on NASL (Nessus) scripting is a little sparse, but is suitable for a quick reference.
The next three chapters are devoted to BSD, Windows, and Java sockets respectively. The information provided is good enough to code working sockets in all three. The BSD code samples seem to work okay.
The next two chapters are on writing portable code and portable network programming. These are probably two of the best chapters in this book. If I ever got heavy into vulnerability coding, I'd be referring to these.
The next two chapters are on writing shellcode. These are pretty good chapters. One issue with these chapters is that the author's s-proc program doesn't quite seem to work. This is a utility that prints your shellcode in hex (-p option) or executes the code to test it (-e option). This would come in handy indeed. I have some working shellcode, but I never got it to work with s-proc -e in chapter 9. I e-mailed the author twice, but he did not respond. I subtract one star for that. Still these chapters have some cool ideas for shellcode.
There are three chapters on writing exploits. The first two are kind of a whirlwind tour of traditional exploit issues (format string, stack & heap overflows, integer bugs). The last chapter is an introductory chapter on using Metasploit and an overview of how to write exploits for the framework.Read more ›
Turns out, multithreading is a very interesting and useful programming approach. This is due to the nature of malware. For example, a Trojan is a piece of software that looks legitimate but iot also contains malicious code. Actually, I've actually built my own Trojan the "Script-Kiddie" way. I was so excited to see my testing to be successful! However, when testing on a system that had AV installed, it was immediately detected.Read more ›
Most Recent Customer Reviews
Have the Syngress proofreaders fallen asleep on the job?
This book is so full of errors and inaccuracies that it becomes painful to read after a while. Read more
I'd say that most people getting a book like this will already be involved with programming a bit. Enough to know what a socket is, how to write a program that uses sockets,... Read morePublished on August 3, 2007 by Dean Jones Jr.
This is a heavy duty book on computer security from a software standpoint. The two authors were high level research people doing some of the fundamental algorithms used by McAfee. Read morePublished on April 17, 2005 by John Matlock