Reading Hacking-The Art of Exploitation


I have seen Hacking-The Art of Exploitation, by Jon Erickson, on bookstore shelves many times and have always wanted to pick up a copy, but for some reason I just never did. Until now. I have to admit right up front that I was a little intimated, starting with chapter two. A good portion of the book consists of examples written in the C programming language. It has been some time since I have programmed in C, so I had some difficulty following the included examples.


Chapter two starts out simply enough with basic programming techniques, but then it jumps heavily into analyzing compiled binaries, using a debugger for stepping through compiled code, and looking even at Assembly language. And as if that were not enough, you'll finish the chapter decomposing memory segments and the heap. And again, that's just chapter two.


In chapter three, the author starts discussing exploit techniques, again using examples written in C. Chapter four covers the OSI model and how packets travel up and down the OSI layers. Chapter five discusses the power of shell code, written in Assembly, of course. Chapter six does a great job discussing intrusion detection and using countermeasures to respond against an attacker. Finally, chapter seven covers cryptology. The author covers one-time pads, symmetric and asymmetric encryption, and man-in-the-middle attacks, all written in plain English.


If you are the geeky type of person that likes digging into the bits and bytes of how things work, this is the book for you.