Home :: Books :: Computers & Internet  

Arts & Photography
Audio CDs
Audiocassettes
Biographies & Memoirs
Business & Investing
Children's Books
Christianity
Comics & Graphic Novels
Computers & Internet

Cooking, Food & Wine
Entertainment
Gay & Lesbian
Health, Mind & Body
History
Home & Garden
Horror
Literature & Fiction
Mystery & Thrillers
Nonfiction
Outdoors & Nature
Parenting & Families
Professional & Technical
Reference
Religion & Spirituality
Romance
Science
Science Fiction & Fantasy
Sports
Teens
Travel
Women's Fiction
The Shellcoder's Handbook  : Discovering and Exploiting Security Holes

The Shellcoder's Handbook : Discovering and Exploiting Security Holes

List Price: $50.00
Your Price: $31.50
Product Info Reviews

<< 1 2 >>

Rating: 5 stars
Summary: If you buy one book on security this year...
Review: Get this one. It is not for the faint of heart. C and asm knowledge are required before you start.

Rating: 5 stars
Summary: Yes! The Real Deal is Here!
Review: Here's how this wonderful learning resource is laid out:

PART 1 INTRO TO EXPLOITATION ON LINUX x86

1) Before You Begin
2) Stack Overflows
3) Shellcode
4) Introduction to Format String Bugs
5) Introduction to Heap Overflows

PART 2 EXPLOITING MORE PLATFORMS: Windows, Solaris, and Tru64

6) The Wild World of Windows
7) Windows Shellcode
8) Windows Overflows
9) Overcoming Filters
10) Introduction to Solaris Exploitation
11) Advanced Solaris Exploitation
12) HP Tru64 Unix Exploitation

PART 3 VULNERABILITY DISCOVERY

13) Establishing a Working Environment
14) Falut Injection
15) The Art of Fuzzing
16) Souce Code Auditing: Finding Vulnerabilities in C-based Languages
17) Instrumented Investigation: A manual approach
18) Tracing for Vulnerabilities
19) Binary Auditing: Hacking Closed Source Software

PART 4 ADVANCED MATERIALS

20) Alternative Payload Strategies
21) Writing Exploits that Work in the Wild
22) Attacking Database Software
23) Kernel Overflows
24) Exploiting Kernel Vulnerabilities

This is not just another security book! The wizards from bugtraq have shared a significant portion of their craft and tools with us in this book. For that, I am most grateful. Given the technical prowess of many of the authors, I was pleasantly supprised by their willingness and ability to explain concepts in very detailed, clear, and concise manner.

Learn baby, learn! Everything you need to really understand & discover vulnerabilities is here along with everything you need to understand and craft exploits. The first two chapters explain more about vulnerabilities in 35 pages than other books do in their entire length. This is a progressive read in that each chapter builds and expands on concepts discussed in previous chapters.

This book is not for beginners. This book assumes working knowledge of C, Assemply, and computer architecture... all at an intermediate level. If you buy the book and discover that you don't have enough background to proceed through the material, the authors tell you where to go and get the knowledge you lack. How can you beat that?

This book is a real gem. Other books have tease and hint at some of these concepts for maybe a sentence or two, but they never truly explain any of them. It's rare to find such complex technical material explained so concisely and clearly. There is no fluff and no confusion. This is very well done, and a joy to read. It is the definitivie text book for students of vulnerability discovery. I'd give it 10 or 20 stars if I could. It's a work of art and a masterpiece at that.

Rating: 4 stars
Summary: A nice read that doesn't shy away from specifics
Review: I found the shellcoder's handbook to be an enticing technical journey into some of the things that are going on in exploit development today. It is not for the casual reader, nor is it a book that tries to cater to a general audience. However if you're serious about exploit development on a wide variety of platforms for whatever purpose. This book is for you. It would have received 5 stars had it not included Jack Koziol's (?..I'm assuming he wrote the introductionary chapters) childish dribble, which was far below par with the rest of the book. Luckily this is only 50 pages or so and after that it becomes a gripping text.

Rating: 5 stars
Summary: Be Familiar with C, assembly, and computer architectures
Review: I love this book, I have been gradually working through it over the last two months. I have been brushing up on C and Assembly as I go so that I can truly understand all the material.

Rating: 4 stars
Summary: Amazing
Review: I've always been facinated by the amount of work security researchers put into finding vulnerabilities. This is a very good book on software vulnerabilities. It's also very current as it examines a number of the recently widely publicized vulnerabilities. It also rightly points out the fact that Linux/Unix are not as secure as a lot of people out there would like the public to believe.

The ways to get around stack protection outlined in this book was an eye opener for me.

I thought I had very good knowledge of the material the book covers until I actually read it. It is clear that as software shops continue to plug vulnerabilties, people will continue to find new ways to exploit software.

Clearly, this book is not for the casual reader. This is essentially a book for people who have above average assembly language and c/c++ skills.

Rating: 5 stars
Summary: Required reading
Review: If you want to learn how to exploit software, this is is a MUST for your library. An awesome book despite a few errors in the text.

The only issue I have is with the numerous promises of additional resources on the web site that have never materialized.

Rating: 5 stars
Summary: great book
Review: Im only half way through the book, but what I can say so far is that the shellcoder's handbook has been a very positive experience. Not being an expert hacker, the book is easy to understand, and has enlightened me to many security bugs that i didn't even know existed. Highly recommended.

Rating: 5 stars
Summary: Couldnt be better
Review: Its the first totally technical hacking book that doesn't fall into the trap of pandering to an uneducated or undereducated reader for extra book sales. No garbage on outdated network recon from '97 which seems to make it into so many "hacking" books nowadays, nothing on lan man hashes or other silliness. Just exploit writing and vuln finding, cut and dry.

I like it, and surprisingly, most of the samples work. At least the ones in the first half of the book that i have tried.

Rating: 5 stars
Summary: Awesome resource to have.
Review: Just the sheer wealth of information is something you are rarely treated to in ANY book. 24 chapters of very deep security tips.

I haven't read the whole book yet as I've skipped to the advanced topics but I can say i've learnt quite a bit despite the fact that I've read many papers on shellcode/buffer overflows.

I can see why some people said this book is dangerous because it will help the attackers. Although this idea of security through obscurity is absurd, I have to say that it will be difficult for most attackers to come up on their own with the things discussed in this book.

In all cases, kudos to the authors for writing such a comprehensive handbook. I hope we'll see a sequel to it.

Rating: 4 stars
Summary: Excellent material, but...
Review: Not for beginners as others have previously stated, you require deep knowledge of C, assembler and IA32 architecture as well as some knowledge of the Linux and Windows operating systems. If you have this then it will suffice (Even if you have not ever heard of a buffer overflow before).

What amazes me, and the reason of me not giving five stars to the book, is the enormous amount of errors in the book (no one else has talked about this on previous reviews). These go from forgetting to include memory allocation routines in some sample code and putting incorrect labels in some diagrams to talking about certain parts of code while actually showing completely different lines of code or talking about different addresses in the explanations from the ones on the sample code and program output that they talk about.

For example, on page 90 the authors wrote:

" Let's take a look at two assembly instructions that correspond to the free() routine finding the previous chunk

0x42073ff8 <_int_free+136>: mov 0xfffffff8 (%edx),%eax
0x42073ffb <_int_free+139>: sub %eax,%esi

In the first instruction (mov 0x8 (%esi), %edx), %edx is 0x80499b8, the address of..."

The instruction being referred to at the last sentence should be "mov 0xfffffff8 (%edx),%eax". "mov 0x8 (%esi), %edx" appears many lines below this paragraph, in another code sample, and it is completely unrelated to the explanation given there.

Of course, people familiar with these topics who also have a deep knowledge of the required programming languages and architectures will catch these flaws easily. The problem is that there are so many of them that it gets annoying at some point and you end asking yourself why do the editorial reviewers didn't do their job properly.

Also, I bought this book almost as soon as it went out for sale, yet as of this date (may 2004), the only material found in the web page of the book is the source code to most of the examples. Definitely much less compared to all the material that the authors promised in the book to be there (so don't expect to find more than this).

It is an excellent reference book though, and if you take the time to read the book thoroughly and make notes to fix the errors in the book you will find that even this activity is rewarding. Some might even argue that the authors put the errors there on purpose to keep script kiddies away from this knowledge, but I don't think that would be OK with a book like this which has created so much expectation. Hopefully the next edition will have all this fixed.


<< 1 2 >>

© 2004, ReviewFocus or its affiliates