Hacking: The Art of Exploitation
This book is truly meaty stuff. It explains in detail what every hacker should know, but more importantly, what every security expert should be aware of so they can take action to avoid being hacked.
This is not a catalogue of exploits, but a book that teaches the principles of hacking through example. You must be something of an extreme techie to get to grips with the content, and it requires your full attention to work through the book, especially for some of the several pages of code in examples. However, it is truly informative and interesting.
The author Jon Erickson's approach to hacking is described as "the art of creative problem solving". He makes every attempt to move away from the traditional and negative stereotype of the word 'hacker'. He emphasises the 'spirit of hacking' for whichever side of the fence the reader sits on. Basically, it's written for cops and robbers.
Erickson states: "Like it or not vulnerabilities exist in the software and networks that the world depends on form day to day. It's simply an inevitable result of profit orientated software development. As long as money is connected to technology, there will be vulnerabilities in software and criminals in networks." This book merely shows you how it all fits together.
As opposed to guiding the average teenager through breaking rules and causing as much mayhem as possible, this book helps the reader to determine which areas of a network are open to attack and why. It includes practical examples for the reader to work through, and breaks up the areas of hacking into three sections: programming, networking and cryptology.
Erickson goes into incredible detail on subjects such as buffer overflow, format string exploits, shellcode, and cryptographic attacks on 802.11b wireless standards. These sections are informative and well written.
On the downside, the book is a bit light on the networking section. It dances around certain areas such as internet vulnerabilities, SQL and cross-site scripting, and it totally emits mention of Windows as code examples are written on an x86-based computer running Linux.
The book is tough going, but a fountain of knowledge for someone who wants to increase their overall knowledge of network security. It teaches the foundations of hacking while detailing vulnerabilities and how to exploit them. Many people would neglect this sort of knowledge, but it is a requirement for the security expert.