top of page
Writer's pictureMatthew Twells

Recommended Reading: Hacking - The Art Of Exploitation by Jon Erickson



Recommended Reading are quick posts highlighting those books, courses and software that are true force-multipliers when it comes to getting started, getting better or getting ahead.

Hacking - The Art Of Exploitation by Jon Erickson is under the spotlight in this article - this is not for the faint of heart, as it deals with hardcore exploitation principles and expects you to keep up. No spoonfed examples here, you'll be expected to work hard often and get your head around difficult system concepts - but you will get better. Much better. Get it here.

 

What's In The Book


Hacking - The Art Of Exploitation is a book for anyone who's working, or planning to work in real, hands-on cybersecurity with a real technical streak. Weighing in at 480 pages, this is also potentially one for the Kindle!


This book is for people who don't just want to run exploits, they want to write them. Truly understanding how your exploits work, and how the protocols you're exploiting work is the secret to being truly dangerous as a "hacker".


According to the author, in this book you'll learn:

  • Program computers using C, assembly language, and shell scripts.

  • Corrupt system memory to run arbitrary code using buffer overflows and format strings.

  • Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening.

  • Outsmart common security measures like nonexecutable stacks and intrusion detection systems.

  • Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence.

  • Redirect network traffic, conceal open ports, and hijack TCP connections.

  • Crack encrypted wireless traffic using the FMS attack.


This is not for the faint of heart, or for those who require a more gradual approach. This is definitely more advanced than some of the other books that we've recommended - but for those who liked the look of the Exploit Developer / Reverse Engineering tracks in the Cybersecurity Field Manual - this is required reading/work.


How Easy Is It to Read?


Considering how difficult the material inside is, the layout of the book inside is extremely clear and easy to understand.

Code blocks are shown in much the same design and layout of actual terminal windows, helping you visualise what you're doing in a practical context.

Content-wise , however, this stuff is not easy. It doesn't pretend to be, and you'll have to take multiple hacks out of this one before the metaphorical "tree" falls over (pun intended).


Does It Ever Get Past The Basics?


I would personally argue that this particular book jumps past the basics very early on. Exploitation itself is fairly advanced, and people buying this book should prepare for a difficult, but massively worthwhile track ahead of them.

It's hard, but by no means impossible, and is highly regarded by cybersecurity pros for a good reason.


How much does it cost?




This book is currently on Amazon for under £26 and is a worthy investment at that price - I've seen far more expensive books - and it is well regarded because it has earned those stripes from the people who have read it.


Overall Impression: Difficult, but massively worthwhile explanation on the art of exploitation. Somewhat unforgiving for newcomers but this book will make you a better hacker, if you put the work in. Also handy for a variety of real-world certifications, it makes a good prepatory program for something like the Offensive Security Certified Expert (OSCE) certification - centred around exploit development.

16 views0 comments

留言


bottom of page