Rating: 
Summary: Covers important material -- includes too many errors
Review: The Shellcoder's Handbook covers important and relevant aspects of exploiting system and program vulnerabilities. The point is made clearly; however, examples and figures include errors that make it very inefficient to experiment with the examples. Considering this current (1st) edition, I'd rather recommend interested readers to have a look at other available documentation (e.g. Smashing the stack for fun and profit). This book does not tell the whole story for new Operating Systems either; for example, Fedora Core 3 comes with several protection mechanisms that must be disabled in order to successfully test some of the less complicated examples. Fazit for readers: this book is a nice read but in its current edition ineffective for hands-on experience. Fazit for editor: eliminate errors and update instructions for testing examples on current operating system releases.
Rating: 
Summary: Extremely cool book
Review: The Shellcoder's Handbook is an awesome book.
I have been wiating for a title like this for a long time!Very well worth reading!
Rating:
Summary: Excellent security book although misleading title
Review: The title "Shellcoder's handbook" made me reluctant to even buy this book. I thought it would go about explaining exploiting stack, heap overruns, bypassing memory exploitation methods and so on in order to execute shell code: basically, a book for hacking and I didn't like that. Nonetheless, it took me a glance of the list of authors and the table of contents to realize that this book goes beyond exploitation and into core penetration testing and vulnerability discovery methods. Hopefully, like rational and ethical software security engineers will do, this book will be used more for vulnerability discovery and benign exploitation rather than malicious exploitation. Parts 1 and 2 are a great introduction of OS internal, system calls, memory management, and in-depth analysis of security bug exploitation; thus making them relevant for part 3: "Vulnerability Discovery". Part 3 goes into great depth on how discover security bugs. No so often do we have the brightest minds in the art of software vulnerability discovery, penetration testing, or "ethical hacking" joining forces. The variety of ways to discover security bugs is what we need to learn in order to ship secure software or to successfully secure existing software applications. Great Job!
Rating:
Summary: Excellent security book although misleading title
Review: The title "Shellcoder's handbook" made me reluctant to even buy this book. I thought it would go about explaining exploiting stack, heap overruns, bypassing memory exploitation methods and so on in order to execute shell code: basically, a book for hacking and I didn't like that. Nonetheless, it took me a glance of the list of authors and the table of contents to realize that this book goes beyond exploitation and into core penetration testing and vulnerability discovery methods. Hopefully, like rational and ethical software security engineers will do, this book will be used more for vulnerability discovery and benign exploitation rather than malicious exploitation. Parts 1 and 2 are a great introduction of OS internal, system calls, memory management, and in-depth analysis of security bug exploitation; thus making them relevant for part 3: "Vulnerability Discovery". Part 3 goes into great depth on how discover security bugs. No so often do we have the brightest minds in the art of software vulnerability discovery, penetration testing, or "ethical hacking" joining forces. The variety of ways to discover security bugs is what we need to learn in order to ship secure software or to successfully secure existing software applications. Great Job!
Rating:
Summary: One of the best!
Review: This book is excellent. I highly recommend it for everyone from admins learning about what hackers are trying to do to their network to seasoned exploit writers. The best part of this book is that if gives a very solid foundation to anyone interested in the field. The only negative thing that I can say is that you can see a slight difference in writing style between some of the chapters, but I suppose that is to be expected with so many authors.
Rating:
Summary: Cryptology without the annoying co-math/code compiler info..
Review: This book is for grandma after her prunes...cause she'll have to take this "information trickle" sitting down, or she might just go learn to compile what you just programed in shell environment.....she is laughing at the author and decompiling the volume for a rudimentary fecalscraper....no custom metatag reverse assembly, no custom compiling even mentioed (major security faux pa') and where did you get that information on dissemination? nothing you write about would occur even throughout a single network....cept for wellknown exploits already attended to. and what about overflow in 64bit environment? sun (rackstation), oracle (rackstation) .db's are covered...mmmm, not too many rackmount servers needing networking to each other.... .db server for sure...and that's not even affecting the intranet completely. you'd need a nimda variant to even run away with workstation terminals due to ...well....varied shellscripting, Ironically enough. (meaning a multiplatform attack across several domains) This guy can be buried in an aol landfill for all he helped me or my grandma. You didn't even help her! (well, she's a bit stricken...but she can still learn...if she would choose this for her last years of learning, I'd blaim the author for wrongful death. Back to actual coding for Creation of something useful, like "Decompiling yourself" (anon) ..or 0xAA proofing, the end of the end. (anon...due to ebook style 'openness") I hope you overflow your toilet buffer. You should be sent to dev\null for nullifying my time.
Rating:
Summary: An honest security book!
Review: When guys like these go to all the hard work of testing and testing to find the kinds of security holes they talk about in this book and then do the good guy thing of reporting the vulnerabilities to the vendor to HELP them, and to help the community, and still our security stinks, then someone has to speak up. Kudos to these guys!
Rating:
Summary: Good material... bad editing
Review: While the material is good, there are way to many errors. For someone who's looking for the hows and whats of software exploitation, this book comes through. For someone who actually wants to follow their example code... good luck. Errors everywhere! I wonder how this book made it past the editors. I haven't come across a book like this in a long long time. The webpage also lacks much content save for the chapter code, some of which is faulty and will not run properly without modification. Get some new editors!
| 
