Gray Hat Hacking The Ethical Hacker's Handbook, Fourth Edition

Well, the book is very good,but I believe that the first 55 pages Chapters 1 and 2 are useless for a beginner because it does not teach C, ASM, or Python - (for these skills I recommend the books  The Art of Assembly Language , Python Cookbook, Third edition  and  Black Hat Python: Python Programming for Hackers and Pentesters  - excellent), the chapters 1 and 2 give a very basic explanation of languages, these pages are also useless for an experienced User seeking challenges and new, the exercises of laboratory listed in the appendix of the book, are now available in the mcgraw professional download site.The other 500 pages of the book are a wonderful contribution of the authors to us hobbyists, professionals, curious and hackers.The cover is nice and well finished, has colors and a varnish that leaves very beautiful, the pages are excellent for reading and handling, have about 90% opacity, are White and firm, I believe the weight is between 65g to 70g.

Good to excellent, but very technical treatment of individual tools and techniques, so don't start on it if you are a beginner. Very early, there's a chapter on reverse engineering -- in my opinion, by far the most complex task you can attempt other than designing and writing a new virus from scratch. The author fails to point out that at a minimum, you need to be a skilled assembler programmer who can read hex dumps, knows machine level instructions, and knows the operating system internals and BIOS thoroughly (for example, Windows.) I have done some of it, some years ago as part of my job, and have all those skills. I doubt anyone who hasn't would understand the chapter. I also felt that there wasn't a top-down explanation as to why you need to pursue each technique or tool presented in the book. I bought another book, by a different author, to obtain the high level picture of viruses, worms, etc.and hacking in general after attempting to wade through this one..

the only thing i don't like so far is that the amazon environment doesn't allow my text reader to work. i absorb information much better with my text reader. great book so far, IF ANYONE KNOWS HOW I CAN FIX THIS, I WOULD APPRECIATE IT..

Excellent overview of how an ethical hacker should proceed with his/her work. Clear, detailed explanation of how to proceed through many stages of hacking and how far the gray hat hacker should go in order to fulfill his/her statement of work. A proactive approach to finding weaknesses in systems is well-explained, in combination with suggestions for the company to proceed to find those errors. Other books on malware are excellent as well, but are more reactive in their approach.

It's an excellent book for CISSP candidates to have a very high level idea of hacking techniques. For anyone trying to apply their hacking instincts in the digital realm, this is at best a compilation of notes someone would take about secure coding while in CS courses (if any Higher Ed. began incorporating secure coding to their curriculum) or independent studies. If you learned to program from security conscious authors, usually non-textbook authors, you will be very disappointed and should not need this book. It would have also been good to provide the source code for find.c on a single page. I guess the author didn't intend for the readers to follow along; typical CISSP or script kiddy manager/"pentester" approach of reading quickly without committing techniques to memory.

Very good book, Good for beginners and seasons programmers.

When I got this book, I just quickly scanned over the pages, I found SO MUCH detail, I couldn't wait to have my week off to spend every single day reading this and taking notes from it.

Sufficient delivery. I am reading multiple books along with this one and it seems to be providing what I want. Overall it is turning out to be a great read on its own.

I pre-ordered the 4th edition, which arrived last week. A number of very competent security experts are the authors of this book. I have been a fan of Shon Harris, since reading her CISSP book, which helped me pass my CISSP. I previously read the third edition of Gray Hat hacking, with which I was very impressed. This had prompted me to pre-order the 4th edition.From an ethical hacker point of view, the book describes the applicability of the topics from the perspective of the white, gray and black hat hacker. This contrast of viewpoints adds to the richness of the topics presented and I feel is a nice touch.The first part of the book focuses on a number of chapters on preparation. These cover topics on static analysis, de-compilation, a good chapter on fuzzing with lots of useful pointers to further reading (although Sutton, Greene and Amini's excellent book on the subject of fuzzing is not listed). The preparation section concludes with a couple of chapters on shellcode and particularly writing shellcode for Linux. This covers how to encode the shellcode using Metasploit.The second part of the book, which comprises over 50% of the book, covers the use of all the common tools the ethical hacker is likely to need to use. The tools covered include nmap, Metasploit, tcpdump, onesixtyone, along with a number of others. There is a nice section on Linux exploits, which includes some example python scripts. The Windows chapters cover interesting areas like how to bypass memory protection, and different methods for exploiting access control mechanisms.There is also coverage of buffer overflows, stack overflows and methods for attacking the heap.Chapter 15 on exploiting web applications frames the chapter by covering the Owasp top 10. There is good coverage of XSS injection, including the use of the fiddler proxy.Exploitation of the Heap is covered in the later chapters with manipulation of the IE browser.Chapter provides excellent coverage of the BeEF framework; examples of how to run it from with Kali, including coverage of how to ensure you have the latest version from the git repository.There is also good coverage in chapter 19 of how to determine vulnerable areas of Microsoft systems by analysing the patches released on patch Tuesday using IDA and turbodiff.The third part of the book delves into some advanced topics in the area of Malware analysis.Chapter 20 covered how to analyse android malware, which I found fascinating. Whilst chapter 21 delved into ransomware and methods to dissect it. This included some nice examples of using Metasploit and netcat to log into the windows machine and kill the ransomware locker process using pskill, which was cute.The book concludes with some approaches to next generation reverse engineering with a lot of focus on IDA.If you work in Information Security, you should read this book. Well done to all the authors.

Brilliant book, it's an older version. Bought it because it was cheap. For the age it still an excellent guide and you will definitely learn alot. Highly recommended

This is a vast improvement from previous versions. In many respects too advanced in many sections however I personally like that. Therefore this book is for the serious advanced skilled security professional.

Great book, even better than the 3rd edition.Simple, straight to the point with enough background so you can understand even the more complicated subjects.

This book is the in depth understanding I was looking for, packed full of labs to try. I got great value from this book.Heavy duty reading, a lot to take in but worth it.Have a look through the table of contents, if you like the topics mentioned in the chapters then buy the book you won't be disappointed.