by Tobias Klein
November 2011, 208 pp.
Seemingly simple bugs can have drastic consequences, allowing attackers to compromise systems, escalate local privileges, and otherwise wreak havoc on a system.
A Bug Hunter's Diary follows security expert Tobias Klein as he tracks down and exploits bugs in some of the world's most popular software, like Apple's iOS, the VLC media player, web browsers, and even the Mac OS X kernel. In this one-of-a-kind account, you'll see how the developers responsible for these flaws patched the bugs—or failed to respond at all. As you follow Klein on his journey, you'll gain deep technical knowledge and insight into how hackers approach difficult problems and experience the true joys (and frustrations) of bug hunting.
Along the way you'll learn how to:
A Bug Hunter's Diary is packed with real-world examples of vulnerable code and the custom programs used to find and test bugs. Whether you're hunting bugs for fun, for profit, or to make the world a safer place, you'll learn valuable new skills by looking over the shoulder of a professional bug hunter in action.
About the Author
Tobias Klein is a security researcher and founder of NESO Security Labs, an information security consulting and research company based in Heilbronn, Germany. He is the author of two information security books published in German by dpunkt.verlag of Heidelberg, Germany.
Table of Contents
Chapter 1: Bug Hunting
View the detailed Table of Contents (PDF)
View the Index (PDF)(top)
"While I am not a hard core C or assembly language programmer, I loved the book; I felt like I was watching over the author's shoulder as he tracked down software bugs."
"This is one of the most interesting infosec books to come out in the last several years."
"What [Tobias Klein] does do, and does very well, is draw a straight line from source or assembly to the beginning stages of a viable exploit. It is a very satisfying book to read and there are great bits of knowledge to be had."
"I definitely recommend this book for anyone who is just starting out in this field and is interested to know exactly what the process of finding software vulnerabilities is like."
"The first hand accounts of real world vulnerability discovery offer great perspective for anyone seeking to move beyond the theory of vulnerability discovery and exploitation and into the practice of same."
"An entertaining, even fascinating, spelunking through the wilds of low-level, slightly flawed code. Recommended."
"Tobias Klein's book offers something to those who have an interest in software security. And the fact that it is presented in such an approachable format makes it easy to dive into the life of a bug hunter."
"Klein gives us a fascinating, technically detailed insight into how zero-day vulnerabilities are found. There's a good argument that this book should be made required reading for all programmers."
"What makes this book stand apart from others is the fact that it offers insight into the approaches, techniques and, more importantly, the way of thinking used by the author to find specific bugs in real-life software products."
"A quick, easy read that was also incredibly informative. It was a pleasure to read and gain the insight of a security researcher's world. I highly recommend it to any IT professional."
"A read of this book may change your view of computer software forever."
"This book should be required reading for new software developers."
"A Bug Hunter's Diary is a great and focused glimpse into the world of vulnerability exploitation, and the approaches described will be of interest to a range of individuals."
"If you're tired of ordinary programming books, and looking for something a little different, this might be a good book to try. It's got lots of code to read, lots of bugs to understand, and lots of tools and techniques on display."
"Tobias Klein is an excellent security researcher with experience in both closed and open source bug hunting as well as exploit development in many different architectures. I would definitely suggest this book to anyone interested in real world bug hunting and exploitation and not just vuln.c programs."
"A Bug Hunter's Diary is fun to read in part because we tune in at the dramatic turns, if you will, of each story. What deductions Klein gleans from each turn follows logically from his preparation and his methods. What also seems to help is the muted pleasure he gets from his work."
"This book made me feel like I was sitting down with Mr. Klein personally, pouring over code, gleaning the nuggets of wisdom and information that come from his in-depth understanding of software design and debugging."
"An interesting read for the more serious programmer."
"The writing is engaging and to the point, but still contains a lot of technical detail."
"The book is great and a nice diversion from other technical books and can be recommended to security consultants, software engineers, and security researchers."
"I would especially recommend A Bug Hunter’s Diary as an excellent supplement of a security textbook to everyone making his first steps in the software security field."
"A short and delightful read, I devoured A Bug Hunter's Diary cover to cover in record time. Once I started reading, I would find it hard to put down."