Hacking: The Art of Exploitation, 2nd Edition
Ed Schaefer reviews the newest edition of Hacking: The Art of Exploitation.
Members of the Hacking world are known by the color of their hat – white for good, black for bad, and gray for those who aren't too sure. By writing Hacking: The Art of Exploitation, Jon Erickson proves his hat color is "mother of pearl." Don't let the title mislead you: Erickson isn't exploiting or vandalizing – he's instructing.
In 2004, I reviewed the book's first edition. In my reviews, I typically like to compare the differences between editions. Erickson beat me to it. At the publisher's web site, you can compare the first and second editions of the book; view excerpts from the Exploitation, Networking, and Countermeasures chapters; and download the book's source. Erickson also bundles the source in a CD included with the book, but more on that later.
Expanded Concepts Introduction
In my first review, I recommended this book for the programming chapter alone. I can no longer do that because the programming chapter is now an "Expanded introduction to fundamental programming concepts for beginners." But it's like no introduction I've ever seen. In one chapter, Erickson takes us from basic Control Structures to Function Pointers. Think of it as Kernighan and Ritchie in 100 pages.
Erickson covers other introductory topics in a hurry, such as his network sockets description in the Networking section (Chapter 4), and his "Crash Course in Signals" in the Countermeasures section (Chapter 6).
It's not that I don't like the author's introductions – I do. I just want to warn you that the introductions might be above the true beginner's head. This book is code intensive and if you don't have a programming background – preferably in Linux "C" – then this book may be of limited value. If you aren't into hacking Linux, or at least wanting to learn, then this book just might gather dust on your book shelf.
Should You Buy the Book?
Because the programming chapter is now an introduction, I now recommend this book for the Exploitations chapter alone. This chapter covers buffer and function overflows and the format string vulnerability. Buy the book and discover why strings should be formated like this:
and never like this:
What's on the CD?
For readers with no access to a Linux box, Erickson bundles his source with a bootable Ubuntu Linux Live CD. The Live CD requires "an x86-based PC with at least 64MB of system memory and a BIOS that is configured to boot from a CD-ROM." I successfully booted the Live CD with both an IBM T43 laptop and a HP dv9000t laptop.
Paperback, 488 pages
No Starch Press, January, 2008
RE: CDThe publisher has an active torrent over at Mininova: http://www.mininova.org/tor/2533556 We also replace CDs with proof of purchase. Sorry for the late reply!
live CDI want its CD and I dont have any access to it because of my location,
where ca I download it's CD?
Upcoming switch to HTML5-only ads is further evidence the Flash is entering its final days.
US government invests $19 billion on enhancing security and replacing ancient computer systems.
But you can still be a non-voting “individual supporter” if you pay the money
Several current systems could fall victim to the attack
Latest Linux engine comes with better graphics and support for Intel's new power-saving chips.
Hackers send a message of beauty and liberation to server logs
Citrix gets excited about new Pi-Powered XenDesktop client system
Linux on Azure cert heralds a new era for Redmond.
Proposals for presentations at the CeBIT Open Source Forum will be accepted through 24 January 2016.
Adobe looks for a new start; renames its embattled Flash tool.