Hacking: The Art of Exploitation
 |
Hacking: The Art of Exploitation is one of my two favorite books on my shelf - my copy is worn and almost always on loan. Whenever I'm asked for
a "good place to start learning", Hacking: The Art of Exploitation is my recommendation. The level is
beginner to intermediate - having a Linux programming background would be of great help but isn't
strictly necessary. This book is
very well written and researched, and is more than just another "how to write buffer overflows" manual.
The crypto and networking sections are good introductions to those subjects, and the code actually works.
It goes deeper than that, trying to get you to think outside the box - which is really what hacking is
all about, afterall. Once you've finished reading it, try some of Gera's Insecure Programming examples to practice your newfound skillz! |
The Shellcoder's Handbook
 |
The Shellcoder's Handbook: Discovering and Exploiting Security Holes is my other favorite! Another well worn and well read book. The Shellcoder's Handbook is not written for the novice - some background in programming (preferably low-level coding) is required, in my opinion. The chapters on fuzzing and runtime analysis are my favorites, but these come a close second to the chapters on advanced Solaris exploitation - being stuck in the IA32 Linux world, it really opened my eyes. This book has some great ideas for building your own fault injectors (fuzzers) as well as not completely glossing over fault monitoring. The section on code auditing is a great overview of many different exploitable vulnerabilities found in C-based software, complete with code samples. Definitely a book you should pick up - in fact, the second edition is now out covering Cisco, OSX, Vista and more "unbreakable" software! |