[ISN] Book Review: Hacking: The Art of Exploitation, 2nd Edition

From: InfoSec News (alerts@private)
Date: Wed Feb 20 2008 - 23:01:22 PST


http://books.slashdot.org/books/08/02/20/1439224.shtml

Author:         Jon Erickson
Pages:          472
Publisher: 	No Starch Press
Rating:         9
Reviewer: 	David Martinjak
ISBN:   	1-59327-144-1
Summary 	An informative, and authoritative source on hacking and 
                exploit techniques.


"Hacking: The Art of Exploitation is authored by Jon Erickson and 
published by No Starch Press. It is the anticipated second edition of 
Erickson's earlier publication of the same title. I can't think of a way 
to summarize it without being over-dramatic, so it will just be said: I 
really liked it. The book, which will be referred to as simply Hacking, 
starts by introducing the author's description of hacking. Erickson 
takes a great approach by admitting that the common perception of 
hacking is rather negative, and unfortunately accurate in some cases. 
However, he smoothly counters this antagonistic misunderstanding by 
presenting a simple arithmetic problem. A bit of creativity is needed to 
arrive at the correct solution, but creativity and problem-solving are 
two integral aspects of hacking, at least to Erickson. The introduction 
chapter sets an acceptable tone and proper frame of mind for proceeding 
with the technical material."

Chapter 2 enters the subject of programming. The first few sections in 
the chapter may feel a bit slow to readers who have been coding for any 
legitimate length of time. Erickson explains some fundamental, yet 
essential, concepts of programming before finally moving into some 
actual code. Some readers may choose to skip these few pages, but they 
are necessary for brave new adventurers in the dark realm of 
development. The remainder of the chapter certainly compensates for any 
perceived slow-start. Each of the remaining sections presents a 
sufficient quantity of technical information, accompanied by 
descriptive, yet straightforward explanations.

I don't mean to disrupt the chronological progression of the book 
review, but it is important to highlight the excellence of the 
explanations provided in Hacking. Throughout the book, the writing 
provides adequate details and the content is to the point. Many sources 
on exploit techniques supply sparse information, or are too wordy and 
often miss the relevant and important concepts. Erickson does a 
phenomenal job in Hacking of explaining each subject in just the right 
manner.

The third chapter is the staple of the book. This chapter covers buffer 
overflows in both the stack and the heap, demonstrates a few different 
ways that bash can aid in successfully exploiting a process, and 
provides an essentially all-encompassing elaboration of format string 
vulnerabilities and exploits. As I said, this is the main portion of the 
book so I don't want to give away too much material here. Undoubtedly, 
though, this chapter has the best explanation of format string attacks 
that I have ever read. The explanations in Chapter 3, like the rest of 
the book, are of substantial value.

Chapter 4 focuses on a range of network-related subjects. At first I 
wondered why the chapter starts with rather basic concepts like the OSI 
model, sockets, etc. Then I realized it was consistent with the earlier 
chapters. Hacking presents some core concepts, then moves on to 
utilizing them in exploits. In this case, these specific concepts and 
techniques just hadn't been covered yet. The exploit toward the end of 
this chapter includes some of the concepts in the previous chapter, 
which also helps to cement the reader's understanding.

I will mention two main shortcomings. First, the material in the "Denial 
of Service" section of the Networking chapter was unnecessary for this 
book. Attacks like the Ping of Death, and smurfing were interesting 
developments when they were first discovered, and effective on a large 
scale. Now in 2008, almost all of the items in the "Denial of Service" 
section are either outdated or have been covered to an excessive extent. 
Rather than denial of service, I would have preferred to see a section 
on integer attacks. This would have fit perfectly with the book's theme 
as there are several issues surrounding numeric types in C of which many 
programmers are unaware. Considering the fact that the book is about 
hacking and much of the code is in C; integer attacks seem like a 
natural component to include. The second pitfall in this review is 
through a fault of my own. I cannot compare this second edition of 
Hacking with its original, first edition release as I unfortunately do 
not own the first edition. Hacking finishes out the second half of the 
book with chapters on shellcode, countermeasures, and cryptology. The 
chapter on cryptology is especially interesting as it contains a good 
mix of information without being too hardcore on the mathematics 
involved. There are plenty of gems in the shellcode and countermeasures 
chapters, as well. Specifically, Erickson does a stellar job of 
explaining return-(in)to-libc attacks, and dealing with the address 
space layout randomization in Linux. He covers the exploit technique for 
linux-gate.so in a randomized memory space before it was fixed in 
2.6.18, then proceeds to demonstrate a different technique for 
successful exploitation on kernels at 2.6.18 and later.

Undeniably, Hacking: The Art of Exploitation is one of the 
quintessential books for its subject. A book this good is a rare find, 
and certainly worth the read for any individual interested in security.

-=-

David Martinjak is a programmer, GNU/Linux addict, and the director of 
2600 in Cincinnati, Ohio. He can be reached at 
david.martinjak (at) gmail.com. 


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Wed Feb 20 2008 - 23:13:11 PST