I have previously written an article on the “Best Books to Learn Hacking“, one book I did not review at the time, but was subsequently recommended to me by one of our Pen Test gurus was “Hacking – The Art of Exploitation 2nd Edition”, by Jon Erickson.
This book is a winner. The CD included a complete Linux programming and debugging environment, which I could have really used when I was first starting out. I even stole some of their ideas and implementations for my current sandbox. There are plenty of code and examples that used their sandbox to step you through the basics and more advanced examples of debugging code, overflowing buffers, hijacking network communications, bypassing protections and exploiting cryptographic weaknesses.
I also ran a number of their examples on my own sandbox, which gave me a better understanding of what would and would not work in a more realistic production build of Linux and Windows systems.
A lot of the programming and examples are completed in C, which is pretty typical of most exploit tools, if you need a recommendation for a good learn C Programming book, check out this one, The C Programming Language, you can’t get much better reference guide and this brilliant website, which has the content from a book titled “C Programming FAQs: Frequently Asked Questions”. To be honest, you will struggle if you are not comfortable around the basics of C programming as it is a big part of the exploit creation and detection.
The Art of Exploitation walks you through a bunch of really useful techniques on how to breach a system and how to hide yourself once you manage to get in to the target system. You will be redirecting network traffic, hijacking TCP connections and concealing your bot net communication ports. But the most useful section I found was the in memory manipulation, where you could corrupt system memory to run arbitrary code using buffer overflows, extremely powerful for new exploit creations. This section also included in-depth examples of using the debugger to inspect processor registers and system memory, so that you view exactly what was happening when running the exploits.
I loved the fact that Jon took you from some very basic concepts, to buffer overflows, to creating complex tools for exploiting system. I could actually map a number of the techniques directly to zero day exploit tools I have discovered over the last few years. In fact, having done a comprehensive analysis of the cyber weapon, Stuxnet, created by the American intelligence agencies a few years back, I was able to map how they ended up where they did, and the likely evolution of the tool, including where they might be heading.
The weaker part of the book is the Crypto analysis. It wasn’t bad, it just wasn’t as in-depth as some of the other books in this field. I understand why he included the content, your tools will certainly want to exfiltrate data over a secure connection, but the content was just not there. The best reference I have found on this subject is “An Algorithm for Crypto Analysis in MANET: Security In Manet”, I plan to do a review of this at some stage, but yeah it is fantastic.
You can’t go wrong with “Hacking – The Art of Exploitation 2nd Edition”, my only regret is that I didn’t know about it when I was starting out.