The Shellcoder's Handbook: Discovering and Exploiting Security Holes

Know C, ASM, and x86 architecture before you even open this book or you're not going to understand it. Your favorite blog writer isn't going to understand it, nor is your favorite social media influencer, this book is for intelligent coders and security experts. It is dated, but the concepts are still in use today. Do not be misled by the size, it is packed with verbose code examples and explanations you get you up to speed on shellcode.

High-Level Book. you must know C language. And a basic grasp of gdb debugger and computer architecture. Does set you up with 130pages of trying to catch u up on those topics. However.. if I can master this book and it’s concepts… you’ll be a 0-day God

The book is really one of the classics and explains how exploits work and various types of exploit like stack overflow, heap overflow, format string vulnerability. I am at the beginning of the book and I am already finding it quite fascinating. I will edit the review as I read more. If anyone has read 'Smashing the stack for fun and profit' by Aleph1 and has found it interesting, you would definitely love this book. Security researchers generally suggest reading this book. Now I know why. I am giving it 4 stars because I own a Kindle edition of the book and the code that's in the book is not formatted correctly making it hard to read. For example: Chapter 4 writes the 1st example explaining what are format strings. The code and the output of the code isn't formatted very well. Otherwise, the book is really good.Edit: Ok. I just checked this on my Kindle Reader app on my tablet. Apparently, the formatting is correct on it. However, when I read it on the Kindle Cloud Reader, the formatting is not correct. Hope that the publishers/authors see this.

Make no mistake: this book is pretty hard core and, IMHO, not for the beginner.In short I recommend people interested in learning about malware in depth use the following materials:1."Smashing The Stack For Fun And Profit" by Aleph One (aka Elias Levy).This is a masterpiece of some basic vulnerabilities and their exploitation. A good intro to the topic and many folks may wish to stop here.2. "Hacking: The Art of Exploitation", 2nd Ed by Jon EricksonThis moves into some excellent examples that apply the techniques of exploitation. A good way to get some "hands on" experience and put into practice the core ideas of exploitation. Just don't expect this to be geared toward modern exploits and real-world applications in 2016.3. "The Shellcoder's Handbook: Discovering and Exploiting Security Holes" 2nd Ed. This book being reviewed.This book is much more in depth and focuses on real-world exploits. These exploits actually work and are practical in more modern systems. If your goal is to move beyond concepts and simple examples to practical techniques that are useful, this is the book you'll need.I hope this helps..

The book is a difficult topic and takes close to eternity to read it all the way through its many pages with perfect comprehension, but that's not because it's poorly written. The book is expertly written but covers some very advanced concepts and has a lot of hex bytes, code, and memory addresses. Understanding of C/C++ coding and assembly and ideally one or more interpreted languages will help you understand it. Otherwise, you'll probably end up learning some coding as a side effect of reading this book (which hopefully isn't a terrible thing). It focuses on exploiting and mentions buffer overflows as well as heap overflows and goes into detail about stack protection and evading stack protection. As someone who almost always prefers free text books, this is one of few paid text books I say is worth twice what I paid for it if not more. A word of caution: this is not a beginner book and you may need to research certain concept independently. By the end of this book you will be thinking like a pro.

This book is no joke. The introduction underplays the prerequisites. SIMPLE PROGRAMMING/ IT CONCEPTS IS NOT ENOUGH!!! You shouldn't buy this book unless you have a background in CS and some practice with the concepts - data structures and algorithms, computer organization/architecture, x86, C language/pointer arithmetic, Compilers/converting C code to assembly.IF YOU DON'T KNOW COMPUTER SCIENCE TURN BACK NOWThis book is a nonstop stream of information relating all of those concepts. And certainly the best one I've ever read.You're not going to get fluff, opinion, editorials, introductions or appendixes for review, NOTHING. Many of the other books in this category, such as "Hacking: The Art of Exploitation" have a lot of reviews clearly by people with no a background in Computer Science claiming those books are too technical. Those books are IT and networking books that have a -- nothing compared to this. The meat of what is in "Hacking: The Art of Exploitation" is covered in the first 5 chapters in this book.

This book is really cool. I am interesting in learning more about how to compromise a computer program so I can improve my programming. This book takes a really deep dive into programming and breaking programs. That being said I would suggest you have a fairly decently knowledge of Assembly language. This book uses linux programs to write and dissaemble the various programs. It is important to take your time and work through each exercise and example. There is a world of knowledge for any programmer looking to understand how people man abuse or break your programs and exploit them for self gain.Personal Note: This book will show you how to hack a computer system. I ask that you use this knowledge to help people and to make the world a bit safer than to abuse it for self gain.

The book came in with excellent handling. No pages turned, dirted, nor torn and inked. Haven't read the content thoroughly but seems like the publication date is almost a year back and the information be mostly outdated. The book is worth a read due to its legacy standards, and vintage methodologies. Note that you might wanna know Assembly, and C language to get better grip of the book as a novice. Have a nice day folks!*UPDATE: Mostly outdated content, but some strategies were mind blowing. Recommend reading for geeks, not for learners. Not a beginners book.

El libro se ve muy interesante y fue una buena elección para dar como regalo, el unico problema es que llego maltratado de una de las portadas por ello doy una calificación baja, de eso en fuera se ve muy interesante y con buen contenido..

excellent

The reason I'm giving this book 4 stars is because of Chapter 7 the specific author for this chapter really dropped the ball here. They use one paragraph to explain 2-3 pages of code. I wouldn't be as disappointed if the title of the chapter wasn't "Windows Shellcode" obviously this is critical when writing a handbook to explain things so that they can be understood and the difficulty curve is appropriate. This was not seen in Chapter 7 (Windows Shellcode) it's a real shame as up to this chapter the read was wonderful. I'm not expecting the entire book to be completed by the author who wrote Chapter 7 but if you know who you are yes you are brilliant and an excellent programmer but a handbook it not a place to show off your ego it's supposed to be a bare-bones reference to allow others to go back to the fundamentals not an intellectual ego war. In any event use this book in combination with "Hacking: The Art of Exploitation" and it should make up for whoever wrote this chapter and perhaps subsequent chapters that are written by this one specific author.

This book is a good reference to have to hand if you are trying to write or understand shellcode. Initially it shows the basic stack overflow techniques of old, I worked through these examples using Dam Vulnerable Linux, because every other system will be well protected against these bugs. I got a bit too bogged down with trying to reverse engineer the code and understand every assembly instruction at this point, which i wouldn't recommend.The book then goes into different operating systems and the basics of how to write shellcode for it. Covering Windows, Linux, Solaris, and OSX. This is where i got the most benefit from understanding why Windows shellcode looks and acts the way it does.I would advise not to read this book in order but to go directly to the information that you need. It is not a step by step or a training text. Chapter 15 Establishing a Working Environment is a good place to start if you want to get a machine up and running with the relevant tools you require.This book also helped to make assembler more interesting. Chapter 21, Binary Auditing, shows how various C and C++ statements look once they have been compiled and then decompiled.One interesting concept briefly mentioned is by tracking advisories and bug reports you may be able to identify patterns of similar bugs or problems occurring.