67 of 71 people found the following review helpful
Excellent book for the right kind of reader,
This review is from: Hacking: The Art of Exploitation, 2nd Edition (Paperback)
This is the last in a recent collection of reviews on "hacking" books. Jon Erickson's Hacking, 2nd Ed (H2E) is one of the most remarkable books in the group I just read. H2E is in some senses amazing because the author takes the reader on a journey through programming, exploitation, shellcode, and so forth, yet helps the reader climb each mountain. While the material is sufficiently technical to scare some readers away, those that remain will definitely learn more about the craft.
H2E accomplishes a very difficult task. The book strives to take readers with little to no real "hacking" knowledge to a level where they can at least understand, if not perform, fairly complicated digital security tasks. Other books aren't as successful, e.g., "Gray Hat Hacking," which features material on C, assembly, Python, etc. into one short chapter. In contrast, H2E, in my opinion, does a credible job leading the reader from pseudo-code to C and assembly. Now, I would not recommend this book as a reader's sole introduction to programming, let alone C or assembly. Please see my older reviews for recommendations on books devoted to those topics. Still, H2E credibly integrates programming into the hacker narrative in a compelling and educational manner.
The author also has a great eye for consistency and style. I welcomed reading his examples using gdb, where he presented code, explained it, stepped through execution, showed memory, transitioned from displaying source, then assembly, and so on. This was a compelling teaching method that technical authors should try to emulate.
Overall I really liked H2E, hence the 5 star review. My only main gripe was the author seems to believe that it's in society's benefit for black hats to test and exploit defenses. His claims on p4 and p 319 that hackers improve security reminds me of the broken window fallacy, meaning it's economically beneficial to break windows so a repairman has a job. In reality, the security world is more a redirection of resources away from more beneficial innovation, not a way to build "good security jobs." Furthermore, all of the supposed advances spurred by reacting to intruder activity do not result in increased security in the enterprise. At this point so much legacy software and equipment is deployed that intruders can always find a way to accomplish their mission, thanks often to the discoveries of so-called hackers. At the end of the day one has to accept the reality that intruders will always try to breach defenses, so it behooves defenders to understand attackers for the benefit of defense.
Sort: Oldest first | Newest first
Showing 1-1 of 1 posts in this discussion
Initial post: Jun 26, 2014 4:51:55 AM PDT
Last edited by the author on Jul 28, 2015 2:59:00 PM PDT
Bruce D. Wilner says:
The key is "for the right kind of reader." This is hackneyed, not-too-sophisticated material: it's mostly sophisticated-LOOKING programming at a superficial level (Windows does not support kernel development as does, e.g., Linux), plus some brief mention of a tool here or a technique there, and a would-be learned-sounding exploration of "THE global offset table" (THE, mind you). I don't see anything much newer than 2004-2005.
‹ Previous 1 Next ›