Hacking: The Art of Exploitation
January 22, 2004
No Starch PressProduct:
This book is truly meaty stuff. It explains in detail what every hacker should know, but more importantly, what every security expert should be aware of so they can take action to avoid being hacked.
This is not a catalogue of exploits, but a book that teaches the principles of hacking through example. You must be something of an extreme techie to get to grips with the content, and it requires your full attention to work through the book, especially for some of the several pages of code in examples. However, it is truly informative and interesting.
The author Jon Erickson's approach to hacking is described as "the art of creative problem solving". He makes every attempt to move away from the traditional and negative stereotype of the word 'hacker'. He emphasises the 'spirit of hacking' for whichever side of the fence the reader sits on. Basically, it's written for cops and robbers.
Erickson states: "Like it or not vulnerabilities exist in the software and networks that the world depends on form day to day. It's simply an inevitable result of profit orientated software development. As long as money is connected to technology, there will be vulnerabilities in software and criminals in networks." This book merely shows you how it all fits together.
As opposed to guiding the average teenager through breaking rules and causing as much mayhem as possible, this book helps the reader to determine which areas of a network are open to attack and why. It includes practical examples for the reader to work through, and breaks up the areas of hacking into three sections: programming, networking and cryptology.
Erickson goes into incredible detail on subjects such as buffer overflow, format string exploits, shellcode, and cryptographic attacks on 802.11b wireless standards. These sections are informative and well written.
On the downside, the book is a bit light on the networking section. It dances around certain areas such as internet vulnerabilities, SQL and cross-site scripting, and it totally emits mention of Windows as code examples are written on an x86-based computer running Linux.
The book is tough going, but a fountain of knowledge for someone who wants to increase their overall knowledge of network security. It teaches the foundations of hacking while detailing vulnerabilities and how to exploit them. Many people would neglect this sort of knowledge, but it is a requirement for the security expert.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Data centres are on the move - where will they end up?
- The information security implications of M&A deals
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Over 400,000 phishing sites have been detected each month in 2016
- TalkTalk customers urged to get routers swapped over hacker fears
- Report: Mirai 'is just the tip of the iceberg'
- Avalanche takedown involved searches in 40 countries
- India Supreme Court calls on tech giants to curb sexual assault, cyber-crime