|Author||Jack Koziol, David Litchfield, Dave Aitel, Chris Anley, Sinan Eren, Neel Metha, and Riley Hassell|
|Title (Year)||The Shellcoder's Handbook: Discovering and Exploiting Security Holes (2004)|
|Rating||(1=safely ignore; 5=must have!)|
|Summary||Great book for getting into the art of writing shellcode and defending against buffer overflows.|
The Shellcoder's Handbook is a lengthy descriptive guide to writing shell code. The book requires some knowledge of C and a good grasp on assembly for the IA32 chipset, and deals with basic as well as advanced stack and heap exploitations. Even if you are a novice programmer you won't have much of a problem understanding the book. You'll learn what a stack is, how it works, and what you need to know to exploit it within the first chapter. The book progresses smoothly and goes over small steps like extracting hex opcodes on your linux box. The book also offers quick solutions to problems if you are a sysadmin, and uses standard compilers that come with all (maybe some rhat and Suse/mandrake distros don't come with them) linux distros, which are nasm and gcc. The book also covers exploitation within the Windows environment, which might give some readers some insight into how Windows works, (Actually it should be how Windows doesn't work.)
Overall this book not only teaches about buffer overflows, it sets you off in many other directions. Go buy this book; it's worth the $50 and these programmers could be selling code instead of books. Be happy and go get it.