Hacking, 2nd Edition

The Art of Exploitation
by Jon Erickson

February 2008, 488 pp., w/ CD
ISBN: 978-1-59327-144-2

Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.

Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker's perspective.

The included LiveCD provides a complete Linux programming and debugging environment—all without modifying your current operating system. Use it to follow along with the book's examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to:

  • Program computers using C, assembly language, and shell scripts
  • Corrupt system memory to run arbitrary code using buffer overflows and format strings
  • Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening
  • Outsmart common security measures like nonexecutable stacks and intrusion detection systems
  • Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence
  • Redirect network traffic, conceal open ports, and hijack TCP connections
  • Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix

Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don't already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity.


About the Author

Jon Erickson has a formal education in computer science and speaks frequently at computer security conferences around the world. He works as a cryptologist and security specialist in Northern California.


Table of Contents

Chapter 0x100: Introduction
Chapter 0x200: Programming
Chapter 0x300: Exploitation
Chapter 0x400: Networking
Chapter 0x500: Shellcode
Chapter 0x600: Countermeasures
Chapter 0x700: Cryptography
Chapter 0x800: Conclusion

View the detailed Table of Contents (PDF)

View the Index (PDF).

Need a copy of the Hacking CD right away? Bought the PDF and wondering how you'll follow along? Grab the ISO yourself using Bittorrent: http://www.mininova.org/tor/2533556

(top)

Reviews

"A book this good is a rare find, and certainly worth the read for any individual interested in security. Rating: 9/10"
—Slashdot (Read More)

"This book does a great job of covering C programming, assembly programming, vulnerability discovery, and exploitation all in one. If you are going to read only one book, start here."
—Dino Dai Zovi

"Like all good books, Hacking: The Art of Exploitation, 2nd Edition encourages you to get your hands dirty. Each chapter focuses on a series of examples with finely worded guidance from Erickson. It's not a beast of a read either; it is highly accessible with an emphasis on allowing practice of the examples rather than drowning the reader in hacking theory."
—The Register (Read More)

"With especially clear coverage of heap and stack overflows, this book not only explains what's involved in hacking, but walks readers through common tools and techniques."
—InformIT (Read More)

"A security professional's paradise, burrowing down to the code level of dozens of different loopholes and explaining the underlying logic behind the attacks."
—GeekDad on Wired.com (Read More)

"This is a good book. It does a great job of first establishing the mindset of a hacker and then walking the reader step by step through the various techniques of finding interesting ways to solve problems. This in itself is what the author claims is the defining characteristic of a hacker, and I agree."
—;login: The USENIX Magazine (Read More)

"This book will take any programmer well beyond the usual programming techniques covered in conventional programming books."
—Electronic Design (Read More)

"Those whose jobs are to protect computer systems and applications must understand these flaws and techniques in order to fix, prevent and protect against them. This does not only apply to computing, but to any other field where a 'bad guy' can take advantage of a system for their own selfish reasons. Once knowledge has been released, it becomes very difficult to put it back in its box. This book is just knowledge wrapped in a different package. We recommend you strongly consider this title if you would like to enter this field or add to your repertoire."
—Gizmos for Geeks (Read More)

"Jon Erickson has completed the second edition of his seminal work, Hacking: The Art of Exploitation, adding a significant amount of text to the original work. In doing so, he has created a work that will quickly become a "go-to" guide for anyone wanting to learn hacking, or who wants to understand the hacking mindset."
—Blogcritics.org (Read More)

"Personally, this is a book I am extremely glad to own. I see it as a powerful tool in the arsenal of both sysadmins and developers alike in guarding their applications and systems from these attacks, as well as understanding what to look for, how they can happen, and the mindset of those trying them out."
—Cory Foy, software developer (Read More)

"This fantastic little book - actually not so little anymore at 488 pages - is a real gem for the serious code geek, or those in search of their inner code geek."
—The IT Security Guy (Read More)

"I now recommend this book for the Exploitation chapter alone. This chapter covers buffer and function overflows and the format string vulnerability. Buy the book and discover why strings should be formatted like this:

printf("%s", text);

and never like this:

printf(text);"

—Linux Pro Magazine (Read More)

"Probably the most detailed, thorough, and lucid coverage of 'the fundamental techniques of serious hacking.'"
—Major Keary, Linux and Open Source SIG (Read More)

(top)

Updates

(show updates)(top)