Hacking: The Art of Exploitation, 2nd Edition

I've read quite a few books on hacking, many of which focus on specific technologies—such as using tools to perform reconnaissance on websites and identify potential attack targets. This book, however, takes a different approach. It starts by teaching the fundamentals of assembly and C programming, then moves on to help you identify programs vulnerable to buffer overflows. You'll learn how to write shellcode to exploit these vulnerabilities.What sets this book apart is its minimal reliance on abstractions. For instance, it teaches you how to build your own simple web server, which you can then exploit. Need to perform a SYN flood against a target? No problem—you'll write your own in C to fully understand the process. This hands-on approach will give you a solid understanding of networking. There's even a chapter dedicated to cryptography, which will deepen your knowledge in this critical area.To top it off, the book culminates in a project where you'll learn to crack WEP encryption—not with third-party tools, but by exploiting weak initialization vectors (IVs) and doing it all yourself.While some of the examples, such as the buffer overflow scenarios, may not work in real-world environments, this book is still an invaluable resource. It covers essential foundational knowledge that will serve you well on your hacking journey. There are books that quickly get outdated because they teach you how to use tools. This book is a classic. It teaches you understanding. After reading this, you’ll have a better understanding of how third-party tools work, or you can write your own!

I had the first edition copy of this book that I studied. This second edition has a lot more knowledge and sets the mindset to have. It’s very insightful and tackles concept in an easy to grasp way.The first edition had a CD in the back, but since then they have gone away with the physical disk and have a link in the back of the book to set up your vm or machine to practice the concepts in a safe environment.This is a great addition to anyone curious about computers and wanting to do a hands on approach. I’d recommend for beginners up to advanced. It’s a handy reference and great for getting your feet wet.

This is a 'real' hacking book, not another high level concepts book. It examines low level exploits, mostly via assembly language and C code examples.By page 21, Jon is walking the user through an object dump of a C program, by page 25 explaining the Intel assembly language.We have all heard of buffer overflow exploits, shellcodes. Jon provides detailed coding examples, teaching the reader about registers, memory locations - all in exacting, working detail.My favorite part of the book is when Jon, wanting to reduce the footprint of a sample exploit program's code, reverses a loop's order, shortening a section of code from 5 to 4 instructions! Super clever.

Amazing book. Really gets you thinking the correct way for coding with C / C++. The book was in decent shape, definitely used, but still in decent condition. Haven't found scribbles or tears. So very acceptable shape.

The book opens with "The goal of this book is to share the art of hacking with everyone." That sums up exactly what the book does. For those that are interested in learning more about the exploitation side of security, this book is THE primer.Hacking goes into the mindset of the hacker when it comes to exploitation. It starts out with the terms and concepts that are required to understand all of the in depth technical parts that come next.The book ships with a LiveCD with all of the code on it, which makes it easy to follow along with each section. The sections start out with Unix basics and move forward. Most of the programs are short and easy to follow, although there are a few 400+ line programs thrown in, which for me were harder to follow.You don't need to KNOW assembly in order to follow through with this book, however, you must have a strong enough background in computers to look up what the assembly means and be able to follow through. The only exception may be the Shellcode chapter, where the whole point is dealing with assembly tricks to remove NULL bytes in appliactions.Each section has strong examples and explanations, and the stack overflows, heap overflows, and format string exploits are well covered. The stack and heap overflows had awesome examples and were clear and concise. The format string section was really good, although I did reference The Shellcoder's Handbook to solidify my understanding.The book even has material on network exploitation. Before the exploitation is presented, the author goes into how the network works, how to sniff network traffic, and then finally goes into network exploitation. The background is great if you need a refresher on networking before you get to the network based exploitation.Overall, great book. It is one of my two favorites for dealing with exploitation, and it is a must have on your bookshelf if you need to deal with exploits as a sys admin, pen tester, or vulnerability researcher or hobbyist.