Have you ever been interested in real-world exploitation? The book I’m about to review is going to blow your mind.
“Hacking: The Art of Exploitation” is a book explaining the basics of computers so you can exploit them. It contains programming exploits, the faults of protocols and networking, and the basics of cryptography and cryptoanalysis. The book has lots of examples, so you can try them for yourself.
“Chapter 2: 0x200—Programming” is a must read for computer science students because it explains the computer memory in depth. The computer memory consists of a text, data, bss, heap and the stack segment. You can read more about these segments in the book. What I’m interested in as an amateur security enthusiast is the heap and the stack segment. If a programmer builds a program which allocates a certain amount memory without any restrictions, it could be used to overwrite areas of the memory. All the attacker wants to do is to overwrite the return address. This can allow him to write arbitrary code. The programmer doesn’t ever want this to happen, because it can possibly lead to full compromise of the target system. That’s bad, right?
 |
This image presents the basic format of a stack segment, where the buffer
approaches the return address and the function arguments. The attacker
wants to write more bytes than the buffer has space to overwrite the
return address. The return address is an address, which the stack uses
to remember to return to the code after a function call.
The book is thorough with its contents. I couldn’t understand all of it. It’s not because of my English, but because it’s like the book is challenging you to understand it. And I absolutely love it. My only critique is that the chapter parts are too long, which is probably already fixed in the second edition of the book: “Hacking: The Art of Exploitation, Second Edition”.
I recommend this book to everyone who wants to delve deeper into computers and how they actually work behind the scenes. I liked this book and I’m thinking of reading the second edition after. I loved how the book has plenty of examples and they are easy to try. Understanding them is a completely different scenario.
Citations:
Erickson, J. (2003). Hacking: The art of exploitation. No Starch Press.
Nice post, the book sounds so fascinating that I might have to read it as well.
ReplyDeleteThank you for your interesting post! That book does sound like it is useful to read. I like when books have a lot of examples cause it makes it more fun to read!
ReplyDeleteSounds like a good and useful book. I liked the post and your writing about the subject seems inspired.
ReplyDeleteI'm with you that memory is such an interesting thing that has many possible security issues if not taken care of properly. Thank you for this great post!
ReplyDelete