≡ Menu

Book Review: Hacking: The Art of Exploitation

The term hackers has been quite sensationalized in today’s media. From movies depicting characters who break into electric substations using Ethereal to being able to do in-depth digital zooms and facial recognition with your cell phone, many of the so called "hackers" are miscategorized and just flat out wrong. In Hacking: The Art of Exploitation Jon Erickson dives deep into what makes up these hacks, working to describe not just what they are, but how they fundamentally work.

Jon certainly has his work cut out for him. As he describes during the introduction, many call themselves hackers, but have neither the technical depth nor breadth to do more than run some commands. But true hacking is really about exploration and understanding, and Jon wastes no time reminding us of this. The first chapter is a review (or an introduction depending on your skill level) to some very basic and foundational concepts – Control Structures, Types, Memory Segmentation, File I/O, Pointers and others. Don’t let this initial chapter fool you – he may describe many of these concepts initially in pseudocode that makes any serious dev roll their eyes, but the concepts are sound and vital for understanding the rest of the book.

With the basics out of the way, we dive into actual exploitations. Jon talks about Stack and Heap based overflows, and how to use Bash and Perl to help automated these exploits. Along the way we build a program that we immediately begin tearing up, showing just how vulnerable our innocuous programs can be.

But getting a root shell locally, while interesting and useful in some situations, is not as big of a concern in today’s computing environments as the next topic – networking. Following his depth and breadth approach, Jon introduces to the fundamentals of networking – the OSI Model, Sockets and the various layers. As we dig deeper, we start understanding network sniffing, denial of service attacks, TCP/IP Hijacking, Port Scanning and then finally exploiting the simple web server we’ve been working on to get a root shell.

But that’s only a start. With the basics, exploits and networking out of the way, we can focus on an extremely interesting topic – shellcode. Jon takes us through the world of Linux System calls, how they interact with the stack, and how you can take advantage of that to create shell-spawning, port binding and connect-back shellcode.

With a firm understanding, Jon begins wrapping up with a discussion on Countermeasures – how to do all of the above without being caught. This includes overwriting or spoofing log files, hiding no-op sleds, and other tools of the trade.

Finally, Jon takes us through some Cryptology lessons. These are as in-depth as you would find in other books, but are enough to get the job done. And the job here is serious – Password cracking and breaking Wireless encryption. Again, this isn’t just a set of tools, but an education in the ways that they work, and why the exploits do what they do.

Personally, this is a book I am extremely glad to own. While some would view this as more ammunition for script kiddies, I see it as a powerful tool in the arsenal of both sysadmins and developers alike in guarding their applications and systems from these attacks, as well as understanding what to look for, how they can happen, and the mindset of those trying them out.

While this book won’t make you an instant security expert, it will give you a strong foundation to understand many of the fundamental tools, protocols and systems we use on a daily basis.

Amazon Link (no referrer) : http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441

Comments on this entry are closed.

  • ASP Net Web Development September 2, 2008, 12:41 am

    Thanks for the book review… I am thinking to buy it soon…

  • Link Wheel November 4, 2009, 3:16 pm

    Ethics an ethical hacker need to kknow
    What you need – a Hacker’s equipment
    Keeping from getting caught
    TCP/IP and the Client/Server model
    Getting Started – You’re first night as a Newbie
    UNIX
    Windows NT
    Netware
    Miscellaneous OS�s
    “Unbelievable… a Hacker!”
    Elite Hacker Tactics
    System Exploits
    Firewall Penetration
    In Summary
    Appendix A – Dialup Hacking
    Appendix B – commonly used UNIX passwords / usernames
    Appendix C – basic UNIX commands
    Appendix D – NT Hex Codes
    Appendix E – well known TCP ports
    Appendix F – NT and UNIX groups
    Appendix G – Further Reading

  • car insurance in Ireland January 7, 2010, 9:41 am

    I m amazed to know how much of information I gained on this subject. I m so very thankful of you. One thing I can say that, after reading this article I got saved from the entire useless search I should have conducted on this matter. Your article is a real blessing in disguise.

  • Insanity Workout January 10, 2010, 2:00 am

    Thanks for posting such a informative portal. Your blog was not just useful but also bvery imaginative too. There are very few experts who can create technical content that creatively. I are on the lookout for articles on this topic. We ourselves went over several websites to acquire knowledge regarding this.We look forward to much more !!

  • Jack Beyke March 25, 2010, 5:13 pm

    Very nice post,i absolutely love this blog

  • technetz June 28, 2011, 8:18 pm

    i just got the pdf version of this book. look very interesting stuffs to learn

Next post:

Previous post: