Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your email address or mobile phone number.

Sockets, Shellcode, Porting, and Coding: Reverse Engineering Exploits and Tool Coding for Security Professionals 1st Edition

3.8 out of 5 stars 8 customer reviews
ISBN-13: 978-1597490054
ISBN-10: 1597490059
Why is ISBN important?
ISBN
This bar-code number lets you verify that you're getting exactly the right version or edition of a book. The 13-digit and 10-digit formats both work.
Scan an ISBN with your phone
Use the Amazon App to scan ISBNs and compare prices.
Trade in your item
Get a $8.67
Gift Card.
Have one to sell? Sell on Amazon
Buy used On clicking this link, a new layer will be open
$47.95 On clicking this link, a new layer will be open
Buy new On clicking this link, a new layer will be open
$53.58 On clicking this link, a new layer will be open
More Buying Choices
14 New from $41.90 17 Used from $33.27
Free Two-Day Shipping for College Students with Amazon Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student


2016 Book Awards
Browse award-winning titles. See all 2016 winners
$53.58 FREE Shipping. Only 3 left in stock (more on the way). Ships from and sold by Amazon.com. Gift-wrap available.
click to open popover

Frequently Bought Together

  • Sockets, Shellcode, Porting, and Coding: Reverse Engineering Exploits and Tool Coding for Security Professionals
  • +
  • Writing Security Tools and Exploits
  • +
  • Buffer Overflow Attacks: Detect, Exploit, Prevent
Total price: $139.29
Buy the selected items together

Editorial Reviews

About the Author

James C. Foster, Fellow, is the Deputy Director of Global Security Solution Development for Computer Sciences Corporation where he is responsible for the vision and development of physical, personnel, and data security solutions. Preceding CSC, Foster was the Director of Research and Development for Foundstone Inc. and was responsible for all aspects of product, consulting, and corporate R&D initiatives. Prior to joining Foundstone, Foster was an Executive Advisor and Research Scientist with Guardent Inc. and an adjunct author at Information Security Magazine, subsequent to working as Security Research Specialist for the Department of Defense. Foster is also a well published author with multiple commercial and educational papers; and has authored, contributed, or edited for major publications to include Snort 2.1 Intrusion Detection (Syngress, ISBN: 1-931836-04-3), Hacking Exposed, Fourth Edition, Anti-Hacker Toolkit, Second Edition, Advanced Intrusion Detection, Hacking the Code: ASP.NET Web Application Security (Syngress, ISBN: 1-932266-65-8), Anti-Spam Toolkit, Google Hacking for Penetration Techniques (Syngress, ISBN: 1-931836-36-1), and Sockets, Shellcode, Porting and Coding (Syngress ISBN: 1-597490-05-9).
NO_CONTENT_IN_FEATURE


Product Details

  • Paperback: 700 pages
  • Publisher: Syngress; 1 edition (April 26, 2005)
  • Language: English
  • ISBN-10: 1597490059
  • ISBN-13: 978-1597490054
  • Product Dimensions: 7.1 x 1.3 x 9.2 inches
  • Shipping Weight: 2.1 pounds (View shipping rates and policies)
  • Average Customer Review: 3.8 out of 5 stars  See all reviews (8 customer reviews)
  • Amazon Best Sellers Rank: #1,257,386 in Books (See Top 100 in Books)

Customer Reviews

Top Customer Reviews

By James Lee on June 24, 2006
Format: Paperback
I purchased <u>Buffer Overflow Attacks</u>, which is also published by Syngress and co-authored by Foster, a couple of months ago. The chapters about shellcode were good and I wanted a deeper explanation. When I saw this book I thought I had found what I was looking for. Unfortunately, the chapters about shellcode are taken straight from BOA. So are the chapter about the xlockmore format string vulnerability and the section in chapter one about InlineEgg.

Additionally, the title says that this book is 'for Security Professionals.' However, the first chapter is devoted to the basics of programming; if someone is unfamiliar with a looping construct, they should not start with a book about shellcode and exploits.

All of this is not to say that <u>Sockets, Shellcode, Porting and Coding</u> is not an excellent book; it is. But with so much cut'n'pasting going on, I find myself reluctant to purchase another book with Foster on the author list.
Comment 15 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
I've had this book for about 6 months now. I've read it, and I've worked through about a third of the code samples.

This book starts of with an intro on programming languages that touches on issues relevant to C, C++, Perl, Java, C#, and others that vulnerability researchers might be interested in. The 2nd chapter on NASL (Nessus) scripting is a little sparse, but is suitable for a quick reference.

The next three chapters are devoted to BSD, Windows, and Java sockets respectively. The information provided is good enough to code working sockets in all three. The BSD code samples seem to work okay.

The next two chapters are on writing portable code and portable network programming. These are probably two of the best chapters in this book. If I ever got heavy into vulnerability coding, I'd be referring to these.

The next two chapters are on writing shellcode. These are pretty good chapters. One issue with these chapters is that the author's s-proc program doesn't quite seem to work. This is a utility that prints your shellcode in hex (-p option) or executes the code to test it (-e option). This would come in handy indeed. I have some working shellcode, but I never got it to work with s-proc -e in chapter 9. I e-mailed the author twice, but he did not respond. I subtract one star for that. Still these chapters have some cool ideas for shellcode.

There are three chapters on writing exploits. The first two are kind of a whirlwind tour of traditional exploit issues (format string, stack & heap overflows, integer bugs). The last chapter is an introductory chapter on using Metasploit and an overview of how to write exploits for the framework.
Read more ›
Comment 10 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback Verified Purchase
Okay, so I had this book for maybe a couple of years, because I was trying to complete my Syngress collection of hacking books. As another reviewer has states, yes I agree that the shellcode chapters are indeed copy and paste from the Buffer Overflow book. But, where this book is different, and different from most hacking books, is where it focuses (or maybe its not the focus, but rather where I'm choosing to focus my attention on?) on coding and porting. That in-and-of-itself makes this one of the most powerful security, or more honestly, hacking books out there. The only other one that I can think of is Programming Linux Hacker Tools Uncovered by Ivan Sklyarov. It just so happened that Ivan Sklyarov promised in his book that he was going to follow up with a Windows port, but that never happened. So, that's where this book comes into play. Sockets, Shellcode, Porting & Coding is about porting software from Windows to Linux, vice versa, and using Java for portability. It teaches how to program sockets in Windows, in Linux, and in Java. And, most interestingly, it was my first exposure to the concept of multithreaded programming. I've actually never heart of the word before, or if I did, it never occured to me to bother investigating its purpose.

Turns out, multithreading is a very interesting and useful programming approach. This is due to the nature of malware. For example, a Trojan is a piece of software that looks legitimate but iot also contains malicious code. Actually, I've actually built my own Trojan the "Script-Kiddie" way. I was so excited to see my testing to be successful! However, when testing on a system that had AV installed, it was immediately detected.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback Verified Purchase
I personally like this book. It is not for the light of heart, and for those of you that have no idea what the term reverse engineering means. If you have a knowledge of reverse engineering, or have some experience in analyzing binaries. This is an excellent tool.
Comment 4 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse

Set up an Amazon Giveaway

Sockets, Shellcode, Porting, and Coding: Reverse Engineering Exploits and Tool Coding for Security Professionals
Amazon Giveaway allows you to run promotional giveaways in order to create buzz, reward your audience, and attract new followers and customers. Learn more
This item: Sockets, Shellcode, Porting, and Coding: Reverse Engineering Exploits and Tool Coding for Security Professionals