Hacking: The Art of Exploitation, 2nd Edition

Author: Jon Erickson
4.5
All Hacker News 7
This Month Reddit 5

Hacking: The Art of Exploitation, 2nd Edition

4.5

Review Date:

Comments

by Axua247   2019-01-13

I personally recommend:

CEHv9 [https://toptalkedbooks.com/amzn/1119252245)
Hacking the art of exploitation [https://toptalkedbooks.com/amzn/1593271441)
Penetration Testing: A hand on Introduction to hacking: [https://toptalkedbooks.com/amzn/1593275641)

by emtuls   2019-01-13

If anyone has any trouble with something in the walk-through as far as needing clarification or they are attempting to do it themselves and find I messed up somewhere, please let me know! Thank you.

The binary can be found on my github: https://github.com/emtuls/ctf/tree/master/2018-hacktober.org/Binary_Analysis/binaries -> Larry.out

For anyone that needs resources for learning Reverse Engineering, I can provide you with a baseline that I would recommend starting with. Eventually, I plan on making my own set of tutorials...but that's in the works.

x86 Assembly:

If you don't know assembly language at all, this list of videos was where I picked up a decent amount of x86 assembly language.

A few good books would be:

  • Hacking: The Art of Exploitation I am a huge advocate for this book. I learned a lot from this and have read it multiple times. It is written very well and teaches someone with no experience how to do C programming and assembly. This is mainly a book for learning exploitation/vulnerability research, but that can play hand and hand with Reverse Engineering. It will show you the assembly language break down of basic exploits and this can help you with RE.

  • Practical Reverse Engineering I read through the beginning of this book and it gave me some good foundations of understanding memory and computer architecture for RE along with assembly of course

  • Secrets of Reverse Engineering This book is a bit in depth, but the beginning gives another good foundation for Comp Architecture and assembly stuff.

  • The IDA Pro Book Haven't personally read this book yet, but I have been told it is the defacto standard for learning IDA Pro, and it has examples you can learn from.

Hands On:

  • Legend of Random Very useful hands on with tutorials. Mainly based on cracking, but that requires reverse engineering. Highly recommend this!

  • Lenas Tutorials Again, another awesome hands on tutorial, mostly based on cracking as well.

  • Crackmes These are more of challenges once you start to have a little understanding down

Courses:

Tons of courses on youtube. I learn well from visual, so I recommend these youtube videos:

Beyond that, Google will always be your friend, and /r/reverseengineering. I also have a bunch of material for Malware RE, but that's a bit different than Software RE, though it is relatable.

by emtuls   2019-01-13

If anyone has any trouble with something in the walk-through as far as needing clarification or they are attempting to do it themselves and find I messed up somewhere, please let me know! Thank you.

The binary can be found on my github: https://github.com/emtuls/ctf/tree/master/2018-hacktober.org/Binary_Analysis/binaries -> Larry.out

For anyone that needs resources for learning Reverse Engineering, I can provide you with a baseline that I would recommend starting with. Eventually, I plan on making my own set of tutorials...but that's in the works.

x86 Assembly:

If you don't know assembly language at all, this list of videos was where I picked up a decent amount of x86 assembly language.

A few good books would be:

  • Hacking: The Art of Exploitation I am a huge advocate for this book. I learned a lot from this and have read it multiple times. It is written very well and teaches someone with no experience how to do C programming and assembly. This is mainly a book for learning exploitation/vulnerability research, but that can play hand and hand with Reverse Engineering. It will show you the assembly language break down of basic exploits and this can help you with RE.

  • Practical Reverse Engineering I read through the beginning of this book and it gave me some good foundations of understanding memory and computer architecture for RE along with assembly of course

  • Secrets of Reverse Engineering This book is a bit in depth, but the beginning gives another good foundation for Comp Architecture and assembly stuff.

  • The IDA Pro Book Haven't personally read this book yet, but I have been told it is the defacto standard for learning IDA Pro, and it has examples you can learn from.

Hands On:

  • Legend of Random Very useful hands on with tutorials. Mainly based on cracking, but that requires reverse engineering. Highly recommend this!

  • Lenas Tutorials Again, another awesome hands on tutorial, mostly based on cracking as well.

  • Crackmes These are more of challenges once you start to have a little understanding down

Courses:

Tons of courses on youtube. I learn well from visual, so I recommend these youtube videos:

Beyond that, Google will always be your friend, and /r/reverseengineering. I also have a bunch of material for Malware RE, but that's a bit different than Software RE, though it is relatable.

by anonymous   2018-01-07
I'm using ggc under Linux, but this is a copy from a book: https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/ref=sr_1_1?ie=UTF8&qid=1515250375&sr=8-1&keywords=hacking+the+art+of+exploitation%2C+2nd+edition
by bubblicious   2017-08-20
I would really suggest purchasing a good book about it. From my point of view, I would go for "Hacking: The Art of Exploitation, 2nd Edition" from Jon Erickson which goes in depth about how to crack programs using gdb and other tools. It's really a wonderful book if you want to learn more about the world of cracking in general, and it doesn't require much prior security experience.

Quick link to Amazon: http://www.amazon.com/Hacking-The-Art-Exploitation-Edition/d...

by davidbalbert   2017-08-20
We mean hacker in the pg (http://www.paulgraham.com/gba.html) esr (http://www.catb.org/~esr/faqs/hacker-howto.html) sense of the word, namely an awesome programmer who loves learning, groks hacker culture, and self identifies as a hacker. Not a cracker. Certainly learning about computer security is part of being a good hacker, but it's not primarily what Hacker School is about.

Incidentally, have you ever read Hacking: The Art of Exploitation (http://www.amazon.com/Hacking-The-Art-Exploitation-Edition/d...)? It's my favorite book on the subject.

by anonymous   2017-08-20

I finally found the issue!!! I have to put #include <unistd.h> in order to use the correct lseek(). However I'm not sure why without including unistd.h it was compile-able though resulting in unexpected behavior. I thought that without including the prototype of a function, it shouldn't even compile-able.

The code was written in Hacking: The Art of Exploitation 2nd Edition by Jon Erickson and I have verified that in the book, there is no #include <unistd.h>.

by anonymous   2017-08-20

I found Hacking: The Art of Exploitation to be an interesting and useful way into this topic... can't say that I have ever used the knowledge directly, but that's really not why I read it. It gives you a much richer appreciation of the instructions that your code compiles to, which has occasionally been useful in understanding subtler bugs.

Don't be put off by the title. Most of the first part of the book is "Hacking" in the Eric Raymond sense of the word: creative, surprising, almost sneaky ways to solve tough problems. I (and maybe you) was a lot less interested in the security aspects.

by anonymous   2017-08-20

Definitely learn the dark side. Even if you don't learn the actual techniques, at least make the effort to learn what's possible.

alt text http://ecx.images-amazon.com/images/I/51rqNSV141L._BO2,204,203,200_PIsitb-sticker-arrow-click,TopRight,35,-76_AA240_SH20_OU01_.jpgalt text http://ecx.images-amazon.com/images/I/519BX6GJZVL._BO2,204,203,200_PIsitb-sticker-arrow-click,TopRight,35,-76_AA240_SH20_OU01_.jpg

Good resources to learn the tricks of the trade are Reversing: Secrets of Reverse Engineering and Hacking: The Art of Exploitation. They're written for both sides - these could be used to LEARN how to hack, but they also give ways to prevent these kinds of attacks.

by mercurysmessage   2017-08-19
I'm the same as you. I got this book:

https://www.amazon.ca/Hacking-Art-Exploitation-Jon-Erickson/...

Which I've dabbled in, and haven't gotten further than what I already know from my CS education, but the consensus seems to be it's a good book to learn from.