http://lsd-pl.net/ are the reigning champions in this tournament. They've also collected most of the reference documents you're going to need. :> -dave On Tue, 2002-07-16 at 12:32, Evan wrote: > I'm currently looking for the exact same things you are: good references on C > and Assembler. I curious more about libnet and KLD's than buffer overflows, > but that's not important. Anyway, the best I've found so far are as follows: > > "Smashing the Stack for Fun and Profit" by Aleph1- it's clearly written and, > although it assumes a certain knowledge of assembler, makes sense without it. > It made much more sense to me than mudge's tutorial from the old l0pht site. > I have seen another essay floating around called "Advanced Buffer Overflows" > or something logical like that, which purports to aid in writing exploits > that do more than spawn a shell. I haven't read it, personnally, but you > might look around. > > "The C Programming Language: Second Edition" by Brian Kernighan and Dennis > Ritchie- the first (second?) and, in many opinions, still the best. This > book flat out assumes that you're already a "good" programmer, so if you > don't at least know how an array works or what a function is good for, you > might try starting somewhere else. But the examples are challenging and > relevant, the prose is clear, the reference section is solid, and the > author's qualifications are unmatched: Dennis Ritchie invented C. I don't > know how well this book would work on anything but Un*x. > > I'm not so sure about general Assembler references. I think that there's a > Linux Assembler HOWTO floating around somewhere, so you might check that. It > seems a little short, though. > > Anyway, best of luck and let me know what you find. > > On Monday 15 July 2002 05:29 pm, Jeremy Junginger wrote: > > n00b question: > > > > I'm diving into Assembler and C with the hopes of understanding > > application level exploits a little more in depth. In your opinion, > > what are the most beneficial references/tutorials/threads/tools that > > helped you get started on your journeys to buffer-overflow-nirvana? > > I've read the Introduction to Buffer Overflow by Ghost Rider as well as > > the Buffer overflow how-to by Mudge, and both were very valuable. GDB > > appears to be a very strong tool to assist with finding and exploiting > > overflows. Any additional references out there? Coding is a bit new to > > me...so like the human torch says..."Flame ON!!!" > > > > -Jeremy > >
This archive was generated by hypermail 2b30 : Tue Jul 16 2002 - 10:26:40 PDT