Rating: 
Summary: Phrack for Dummies
Review: This book is a step in the right direction, but it could be better. It seems to have a lot to say about certain topics, a little to say about others, and nothing to say about still other topics. The coverage of buffer overflows, format string exploits, and writing shellcode is excellent. But then when we get to the networking section, there are a couple of paragraphs devoted to some topics. There is no discussion of web vulnerabilities in the book. Nothing on SQL injection. Nothing on cross-site scripting. Furthermore, the Windows world is totally ignored; Linux is used exclusively in the book. Nevertheless, the book is worth it if only for its unsurpassed overflow/format string/shellcode explanations.
Rating: 
Summary: Ultimate Book for programmers and Wannabe hackers
Review: This book is an awesome book for hackers who will learn how the exploits work and the logic behind it, thats why i love this book as its not like the average "how to become a hacker books" which actually make you script kiddies, but this book talks on the intricacies of hacking, program exploits in depth giving you an insight as how the exploits works ,
an awesome book, certainly worth its cost, so what are you waiting for "Go Get It!"
Rating:
Summary: One of a Kind
Review: This book is for the security pro or would be hacker who want's to begin to see how deep the rabbit hole really does go. There is no other book like it on the market, and I've read most of them. Jon Erickson's code included in the book all works well as designed on Linux. The author also suggests some good free Linux tools for use with the code examples including most notably a hex editor, basic dissassembler, and packet injector.The techniques in the book are best described by a caption on its back cover, "The fundamental techniques of serious hacking." It includes major sections on programming, networking, and cryptography. All material is covered with an eye towards exploitation. Languages used in the book material consist of C, PERL, and Assembly for X86. The techniques described in this book are fundamental to any hacker or security professional who takes their work seriously. The book is well worth the discounted amazon.com price. The material in this book is all original and cannot be found elsewhere. Each example in the programming section is truly an eye opener if you are new to code hacking. The examples in the networking and cryptography sections are relevant and fresh as well.
Rating:
Summary: kewl hacking book
Review: this book is way kewl.
I know programming quite well, but this really showed me some good hacks.
Rating:
Summary: Thank you Mr. Erickson
Review: This is not an exploit encyclopedia. This book teaches you the main "hacking" principles. It is not as dry as an academic book, but you will have to expend some time following the examples. If that is what you are looking for, do not hesitate, just buy it.
Rating:
Summary: Superbe, thrilling , excellent book
Review: This is one of the best books I've ever read. I have read most of the current books in network security, and this is the first one, teaching you how to "think". While most other books on the market will show how to run exploits written by others, this is the first one addressing how to make yourself working exploit code. I am familiar with most papers on this issue (Murat's text, Aleph0' etc), but never before have I seen such clarity and pedagogical approach as in "hacking : the art of exploitation". Besides, I learned new techniques on exploiting an elf binary from this book.
Ever since I started reading it, I could not leave the book apart. The writing style is very clear, precise, making diffcult topics (like shellcode writing, printable shellcodes, heap/stack overflows) accesible and easily understandable for everyone. The author presents three major topics. The first one addresses in excellent detail how software exploits can be crafted. Here you can learn a methodology on how buffer/heap/format string vulnerabilities are done. A second part of the book discusses network level vulnerabilities, while the last part adddresses cryptography. Even on this last topic, which traditionally looks either to mathematical or to general in other books, "hacking : the art of exploitation" is great and keeps one breathless.
To summarize : If you're interested in network security, or enjoying learning/reading neurons-stimulating stuff, this is the book to read.
Rating:
Summary: Superbe, thrilling , excellent book
Review: This is one of the best books I've ever read. I have read most of the current books in network security, and this is the first one, teaching you how to "think". While most other books on the market will show how to run exploits written by others, this is the first one addressing how to make yourself working exploit code. I am familiar with most papers on this issue (Murat's text, Aleph0' etc), but never before have I seen such clarity and pedagogical approach as in "hacking : the art of exploitation". Besides, I learned new techniques on exploiting an elf binary from this book.
Ever since I started reading it, I could not leave the book apart. The writing style is very clear, precise, making diffcult topics (like shellcode writing, printable shellcodes, heap/stack overflows) accesible and easily understandable for everyone. The author presents three major topics. The first one addresses in excellent detail how software exploits can be crafted. Here you can learn a methodology on how buffer/heap/format string vulnerabilities are done. A second part of the book discusses network level vulnerabilities, while the last part adddresses cryptography. Even on this last topic, which traditionally looks either to mathematical or to general in other books, "hacking : the art of exploitation" is great and keeps one breathless.
To summarize : If you're interested in network security, or enjoying learning/reading neurons-stimulating stuff, this is the book to read.
Rating:
Summary: Best in show
Review: This is the best general introduction to the mystery of exploits available to the technically-informed reader who does not frequent hacker channels or chats.
The bulk of the writing concentrates on the vulnerabilities of C, particularly overflows of the buffer, stack and heap. A thorough introduction to shellcoding is provided with numerous examples. Readers should have a good working knowledge of Intel assembler but, although most examples are from Linux, no detailed knowledge of the operating system is required.
There is a section on network exploits involving sniffing, TCP/IP hijacking, port scanning and DoS which is brief but a good introduction to the actual techniques used. The cryptology section has some nuggets of information, but is too brief to cover this extensive topic on its own.
Well worth reading if you've ever been puzzled by references to "smashing the stack" or "man in the middle attacks". Programmers should become very thoughtful about their code when they read this. An excellent introduction to the topic.
Rating:
Summary: Need to know Assembly
Review: You have probably heard of such hacking techniques as buffer overflows. Typically, a book might give only cursory explanation, especially if it is not devoted to hacking. But suppose you write in C. Chances are you've inadvertantly created buffer overflows and then spent hours chasing this down, after your program crashed. So how on earth can a deliberate overflow lead to a breakin? It is for such matters that Erickson expounds here. Written for you, whether you want to create such exploits or prevent them. In either case, the knowledge is the same. What the book requires is some knowledge of C and assembly. For the latter, it is the language of the Intel x86 family. But even if you don't know it, so long as you are familiar with any assembly language and the theory of a Neumann machine, then you can follow the text. This book is not for every programmer. It turns out that a fair number of programmers get into the field by learning a high level language like C, Fortran, Java or Pascal. But they never learn any assembly. To them, anything compiled from source is a black box. Instead, you need some background in assembly. The book also gives neat coverage of how to sniff network traffic and manipulate it. There is a section on cryptography. But for this, it is so specialised and vital that you should consult texts dedicated to it.
|
