Jump to ratings and reviews
Rate this book

Hacking: The Art of Exploitation w/CD

Rate this book
A comprehensive introduction to the techniques of exploitation and creative problem-solving methods commonly referred to as "hacking." It shows how hackers exploit programs and write exploits, instead of just how to run other people's exploits. This book explains the technical aspects of hacking, including stack based overflows, heap based overflows, string exploits, return-into-libc, shellcode, and cryptographic attacks on 802.11b.

264 pages, Paperback

First published January 1, 2003

Loading interface...
Loading interface...

About the author

Jon Erickson

64 books46 followers

Ratings & Reviews

What do you think?
Rate this book

Friends & Following

Create a free account to discover what your friends think of this book!

Community Reviews

5 stars
1,140 (47%)
4 stars
739 (30%)
3 stars
345 (14%)
2 stars
91 (3%)
1 star
70 (2%)
Displaying 1 - 30 of 119 reviews
Profile Image for Todd N.
344 reviews242 followers
February 23, 2013
My son swells with pride whenever I call him my little hacker. His main goal is to find a way to play Minecraft or watch Minecraft videos on YouTube. He has guessed the iPad and AppleTV passwords to achieve these goals. Once he took my phone and texted this to my wife: "This is Todd. What is the iPad password?" (I was laughing too hard to scold him for that, though we did have a talk about social engineering afterwards.)

Anyway, this book describes much more sophisticated techniques starting with program exploitation techniques -- like stack and heap overflows and returning into system() -- then moves on to network-based techniques -- like port scanning, injecting code, and hijacking connections. Then it covers related topics like avoiding detection, cracking passwords, and breaking into wireless networks.

The networking stuff was already pretty familiar to me because I worked for a vulnerability detection company for about a year, and I've screwed around with stuff like nmap and packet sniffing. But the chapter that covers programming was very eye opening. Just like I didn't feel like I understood networking until I was working with "malformed" packets, I don't think I really understood C until Mr. Erickson walked me through the resulting machine code and how to use it to control the execution of a program. That chapter alone is worth the price of the book and should be read by anyone with a passing interest in writing code.

The quick walk through the math behind RSA encryption was eye-opening as well, though I had to read it a few times despite the fact that it was clearly written. It was interesting to get an update on password cracking, since I haven't run a password cracker since 1997, when I ran it on an /etc/passwd file and inadvertently discovered that one of the engineers was dating the office manager because they were using the same password.

Highly recommended.

By the way, if you are on a Mac then I recommend running the included CD -- which can easily be downloaded from torrent sites -- via VMware Fusion. Just create a basic Linux machine or take an existing one and configure it to boot from the .iso image instead. You will be able to run all of the exercises that way. OS X doesn't come with objdump. It has something called otool that I've never used. (Plus OS X is 64-bit and it probably has modern security features, like randomizing the stack space, that will break some of the examples.)
Profile Image for Stuart Woolf.
141 reviews13 followers
June 21, 2014
This book took me a long time to get through, longer than I care to admit, but I felt this journey paid mega-dividends many times over. I cannot think of a more intellectually-enriching book I have read in the past five or six years.

I read this book with the aim to learn more about assembly language and (broadly speaking) the hardware / software interface. I learned more than I ever cared to know about either of these things and so much more. It should be said, prior to purchasing this book, my experience in programming was limited to a class I took in high school and some MATLAB applications in college - that is to say, I had never programmed in C, knew almost nothing about how computers actually worked, and had yet to spend a single second on Linux or the command line of any operating system.

Since then I have become comfortably familiar with C, basic (and nonbasic) Linux commands, programming in VI, reading assembly and writing shellcode. (Ok, the last one is still pretty difficult.) I learned everything I know about file permissions, networks, memory allocation, and buffer overflows from this book. (These topics were explained well enough that I could probably explain the basics to just about anyone.) I get the feeling I have only scratched the surface of powerful tools like the GNU Compiler and Debugger - and intend to learn more about both in the near future.

I recommend this book to everybody. It will take a long time to get through and wont always be easy (in fact, its almost never easy) but if you learn a fraction of what I learned, you'll find this book is worth its weight in gold.
18 reviews7 followers
September 3, 2012
This book is a good introductory in the subject for mainly two reasons. One is the fact that the book is clearly written and builds up gradually so you're not required to have too much information about the subject before starting to read. Second being the Livecd you can download and which works as a testing platform when you're learning the basics of programming or studying different kinds of exploits.

I enjoyed reading and practicing while reading and my only beef with this book is that in my opinion there were too many source code listings in the book. Since all of the sourcecodes were in the Livecd I don't really understand why the author didn't just cut out the important parts of the sourcecodes and commented them in the book but instead pasted whole sourcecodes. It's a considerably minor thing but still while progressing started to hinder the reading experience.

All in all this is a very good and informative book with clear explanations and the fact that it came with a Livecd you could test and see the same results as in the book gives good hands-on experience.
Profile Image for Hugh Smalley.
48 reviews
September 14, 2016

While other books merely show how to run existing exploits, Hacking: The Art of Exploitation broke ground as the first book to explain how hacking and software exploits work and how readers could develop and implement their own. In the extensively updated and expanded second edition, author Jon Erickson again uses practical examples to illustrate the most common computer security issues in three related fields: programming, networking and cryptography. Includes a live CD, which provides a Linux programming environment and all of its benefits without the hassle of installing a new operating system.



Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.


Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker's perspective.


Use it to follow along with the book's examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to:


Program computers using C, assembly language, and shell scripts


Corrupt system memory to run arbitrary code using buffer overflows and format strings


Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening


Outsmart common security measures like nonexecutable stacks and intrusion detection systems


Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence


Redirect network traffic, conceal open ports, and hijack TCP connections


Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix


Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don't already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the accompanying Linux environment, and all you need is your own creativity.

Profile Image for Mike O'Brien.
81 reviews1 follower
August 8, 2013
First of all, let me say that if you have a 64-bit computer here is what you need to know: The liveCD that comes with the book ONLY works on 32-bit computers. Luckily, I have a pentesting machine that I have Kali Linux running on. The website for the book has all of the source code, so I just downloaded it and run in on Kali and it was perfect for me. I think the only extra thing I needed to download was Perl (type: "sudo apt-get install perl" without the quotes into the command line for those of you unfamiliar with linux).

That being said, using linux and the programs along with the book is extremely important. Without it I was completely lost, but once I starting going along my comprehension went through the roof. This book is fantastic for learning how to write your own exploits, especially buffer overflows. I learned so much about assembly language and how C programs actually work on the CPU level. I also loved learning how to spoof packets.

However, this is a downside to this book, and its that it is NOT a beginner's book. There is plenty in this book that I will have to read again once I get further in my IT career. I am Cisco certified, therefore the networking stuff was great for me, however Shellcode and some of the really in depth programming stuff was interesting but over my head. There are sections of this book to teach you the basics, but its not enough, I see them as more of refreshers for people who haven't programmed in a while (like me).
18 reviews3 followers
March 21, 2015
Good book. Mostly about C and overflow-based attacks, which can be kind of confusing if you were looking for a more high-level book...
Profile Image for Woflmao.
138 reviews12 followers
January 13, 2021
[This is a review of the German translation of the second edition.]
Jon Erickson's Hacking is a precious resource for anyone wishing to develop a comprehensive understanding of IT security. It covers the development of exploits on the lowest level, that is, with a detailed analysis of the memory layouts of programs, how their stacks and heaps work, up to some tinkering with TCP/IP data on the level of individual bytes. What is not covered by this book are higher level attacks such as cross site scripting, SQL injections, or the use of exploit frameworks such as Metasploit. In fact, this book is rather about the art of creating attack scripts or shellcodes that could later be employed by such a higher level framework.

To make the best use of this book, the reader should bring some decent knowledge of C, at least a little knowledge of assembly language and some basic understanding of the TCP/IP protocol suite. Even though the second chapter of the book is considered an introduction to C, debugging and a little bit of assembly, it is rather a fast-tracked revision of stuff you better already know. (Make sure to take a good look at the example programs in this part, as they will be used repeatedly later on!)
The third chapter builds directly on the second and introduces the memory layout of x86 programs, and how to cause mischief with some simple buffer overflows. This is a challenging topic when you meet it for first time, but the presentation here breaks it down into elementary steps with detailed debugger analyses, so with some patience it becomes quite palatable. Particularly surprising to me where the attacks made possible by improper uses of C's printf function, mainly because I was not even aware of the huge flexibility this function offers (there are hardly any resources to read this up). Indeed, you can learn quite a bit in this chapter on how the Linux operation system works that will not be easily found somewhere else, if you had even thought about looking it up in the first place.
One confusing thing about this chapter is that shellcodes are used without any explanation of what they are, or even a remark that they will be introduced later in Chapter 5. It is ok to accept them as black box code at this point.

Then the text diverts into a concise but suprisingly readable introduction refresher of network protocols and their Linux programming interface. Again, the text is challenging here, as not all details are explained in the book, but rather left to the reader to deduce from the context or research him/herself. With the fundamentals established, we see how a network sniffing, denial-of-service and man-in-the-middle attacks, and port scanning are done using hand-crafted network packets.

In Chapter 5, shellcodes are introduced, and the knowledge gained in the previous parts of the book is gathered to create reverse shells. This is what lies at the heart of most hacking endeavours with the aim to get control over a remote computer! In many introductions to hacking or penetration testing, shellcodes will be merely presented as a black box tool to be generated by some high-level framework; therefore this chapter is particularly valuable. For simplicity, the shellcodes are only developed for Linux, which is a bit unfortunate, as it is much harder to self-learn this under Windows.
This subject is continued in the sixth chapter, where countermeasures against exploits are discussed, and also counter-countermeasures that help the shellcode avoid detection. Here, it actually shows that the book is already a bit dated, as several modern countermeasures are only discussed cursorily here, and also many of the exploits developed before in the book would not work on modern operating systems. At the time of this writing (early 2021), I am not aware of any book or even web resource that gives a comprehensive introduction on how to reliably beat modern exploit countermeasures, though. However, it would be missing the point to demand from this book to be always up to date and provide a solution for everything. Its purpose is to provide a throrough understanding of the principles underlying program execution and what can give rise to vulnerabilities, and it does this very well.

The seventh and last chapter on cryptography is completely independent on the others and not strictly necessary to make the book complete. It gives a very brief introduction to the underlying mathematics, unfortunately with quite few typos in the equations (both in the English original and the German translation). I recommend reading up the mathematical foundations elsewhere and then come back to this chapter. As cryptography is probably the strongest pillar in the foundation of cyber security, there are only few possible attacks, and many of of them are only discussed briefly here due to the high effort of actually implementing them. The focus is then on brute-force attacks on password, which can have a moderate chance of success. The author presents a password cracking attack developed by himself, which is very complicated and interesting, but of little practical value. The chapter concludes with a discussion of how to crack the by now obsolete WEP encryption for WiFi.

In summary, this book, though a demanding read, is quite unique in its approach to teaching hacking, and as such very valuable. It is a little bit dated, but that does not devalue any of its content, but rather asks for an update at some point.
For the German edition, there is a companion website, which ironically is only reachable as HTTP (not HTTPS).
Profile Image for F.
93 reviews8 followers
February 3, 2019
This book primarily focuses on teaching buffer overflow exploits under Linux.
the techniques shown in the book will not work on most modern Linux distributions without crippling the security features that are baked into them (ASLR, stack canaries, DEP, etc)
the book focuses on teaching you the concepts without having you worry about turning off security features on Linux. While most of these techniques are outdated
The book does not cover Windows exploitation at all
after all i enjoyed reading it and wish i had read it long time ago.
Profile Image for TΞΞL❍CK Mith!lesh .
303 reviews175 followers
September 9, 2020
The rules of engagement have been irreversibly changed by the internet. This book sums up the urgent significance of the modern hacking threat. Erickson shows how computer manipulation can be a useful defensive mechanism, but one with an unavoidable vulnerability. The flaws of standard internet coding can be maliciously manipulated to infiltrate a target’s privacy. Vital information can be instantaneously stolen, and individuals can be discretely monitored without an iota of their awareness.
Profile Image for Sandy Maguire.
Author 3 books167 followers
December 5, 2022
DNF. Lots of inline code. Overwhelming. Who wants to read a few pages worth of C and NOT get paid to do it? Go read the Web Application Hacker's Handbook instead.
113 reviews
January 20, 2021
Low level and hard to read

Unlike other books about hacking, this book focuses on the technical details about exploits rather than using them with other tools. But this additional depth comes at a price: First of all, such low-level approaches are not very practical in many situations - rather than building your own port scanner, you would use a prebuilt one so you can focus on other things. Second, several exploits which are discussed in depth are limited to C because higher-level languages like Java generally prevent a lot of these things at the cost of reduced performance. This is a minor thing though, because the principles should work as well. Third, and most importantly, the book is pretty hard to read because of the technical details. I had prior knowledge about C++ and a rough understanding about assembly, but the level of detail was too much to wrap my head around easily, so I ended up skimming a lot of sections.

As a consequence, this book is definitely not for beginners. I would probably come back to this book if I wanted to learn specifically about low-level exploits in combination with C and Assembler, but I would definitely not recommend this book for just getting a basic understanding of hacking or knowledge of basic tools.
Profile Image for Simón.
148 reviews
May 26, 2016
I had read part of this book at university, years ago. While it is no longer up to date and maybe most of the exploits and techniques described have been patched for years, the concepts and general strategies still apply.

If you're looking for a general overview of security (buffer overflows, encryption, passwords, wireless networks, network-enabled apps...), I think this is still a great resource.
Profile Image for Brian Powell.
172 reviews32 followers
May 22, 2017
Far from comprehensive, and not a "how to" book for burgeoning hackers. Excellent coverage of buffer overflows, including sample code in C to bring it to life. Some interesting discussion of SSH man-in-the-middle and WEP attacks. The remainder of the book is standard (but good) coverage of programming, networking, and crypto.
67 reviews1 follower
May 23, 2009
this is a very good book on the subject of hacking. it covers all of the fundamentals in great detail with plenty of diagrams and code examples that make the text easy to follow. Topics covered include buffer overflows, writing shellcode, and even some wireless hacking.
Profile Image for Mikulas Dite.
3 reviews5 followers
September 2, 2011
Obsah vynikající. Autor zabíhá i do čistě praktických záležitostí jako utility grep, sed atp, ale i hutně zpracovává samoutnou teorii. Jediné mínus jsou zbytečně dlouhé ukázky kódu a výstupů z konzole, kde kvůli jedné změně často pročítáte celou stránku znovu.
Profile Image for Joey.
7 reviews
July 5, 2012
I really enjoyed the sections on buffer overflows (NOP sled, overwriting the stack return pointer) and network scans/DoS attacks. This book afforded me some cool techniques I didn't learn in my Computational Science degree. The author thoroughly conveys the hacker mentality.
Profile Image for عَبدُالكَرِيمْ .
187 reviews3 followers
October 22, 2014
Hands down this is one of the best technical books I've read so far.
The only missing part I think is:
- no integer overflow exploitation
- no details about recent techniques to bypass ASLR
- some chapters are not about exploits or memory corruptions
Profile Image for dersteppenwolf.
188 reviews20 followers
August 29, 2012


Libro apto para quienes estén interesados en el tema de la computación forense (para el resto de los mortales nos puede resultar demasiado detallado)
Profile Image for Itai.
128 reviews2 followers
January 2, 2022
Let's say you are a carpenter that builds chairs. You've been building chairs for several years now and people seem to be pretty happy with them, and you are as well. One day a man comes to your shop and goes to one of your chairs. Taking his hand he presses down on a particular spot in the back post, causing the chair to fall apart. "What's this?" you ask, surprised. "Aha, you see, I took apart your chair and noticed you were using a particular type of nails, which have this weakness, if you press them so". You've never paid too much attention to the nails you are using, somewhere in the beginning of your career as a carpenter you've chosen some brand of nails and continued using them ever since. "And another thing", the man continues, picking up a small splinter and holding a flame to it from a lighter, the splinter immediately bursts into flames. "The lacquer you've chosen is highly flamable and is a serious fire hazard, you should probably change to another type". Again, you've never paid too much attention to your choice of lacquer, but you must admit the man has a good point.

This is what this book does to computer programming. Erickson takes us through the vulnerabilities of certain functions, system calls, and Linux quirks to show us the weak spots, but by doing so - we learn more about the intricacies of our code. Hacking, and knowing how a certain hack works, serves us well even if we have good intentions, because 1) if we get any input from the user, we want to make sure we are not subject to any malicous code execution and 2) by learning about the weaknesses we gain a better understanding of code. Both of these skills make us better programmers.

The book goes through several major topics related to hacking, buffer overflows, code injection, writing shell-code, networking, and some basic cryptographic algorithms. Any programmer working with C and C++ development would greatly benefit from this book (more so if their application runs on a UNIX-based system). The same goes for anyone working on networking. When it comes to cryptography and encryption/decryption this book would probably serve only as an introduction, but would still be valuable, in my opinion.

Highly recommended, especially for low-level programmers and anyone who has an interest in hacking and writing more secure code.
15 reviews
September 1, 2021
Main focus is on Linux, C coding, assembly, GDB and writing exploits/shellcode. Book explains all these subjects at very fast pace, but I doubt you will be able to follow along if you don't already have knowlege of at least C/assembly. These chapters probably should have been just skipped. Judging by other reviews, if you indeed didn't know this already, it wasn't explained well enough.

Don't use this book as a learn-to-code book, the author himself clearly isn't a software developer by profession. His own code examples (of course ignoring the ones having vulnerabilities on purpose) were often iffy at best.

As the book also explains, this is a continuous battle between attackers/defenders. So even though this book still contains many subjects still relevant today, it's showing its age. Many of the 'latest' defences against exploits discussed are at this time old techniques already.

Book ends with a chapter on cryptography, which isn't a very good chapter and doesn't really fit in with the rest of the book. Should have been left out.

Interesting things from my point of view
- format string vulnerabilities
- return address abuse, including all sorts of related challenges
- writing assembly shell code, from very basic to polymorphic (ASCII-characters only against IDS)

This book does not include anything about website vulnerabilities (SQL injection, XSS, ...).
Profile Image for William Schram.
1,919 reviews80 followers
March 16, 2024
I was born in 1986. As of this writing, I am 38 years old. I've used the internet longer than some people have been alive. I've experienced dial-up modems and the need to defragment my hard drives. I've been through the rise and fall of chain letters on posts. I remember America Online and other providers, but we had Prodigy.

Hacking: The Art of Exploitation is a book by John Erickson. It comes with a bootable CD. Remember those? I'm lucky my home PC has a disk drive to read it. The book is from 2008 and is the second edition. Perhaps the more recent editions have another way to get the environment onto the user's computer. Hacking has a bad reputation among the public, but their techniques are practical.

The book opens by discussing programming. Any programmer can write a program, but the book tries to take it one step further to tell you what each part of the program is doing on the Assembly Language Level.

The book is fascinating. I never took a programming or computer science course.

I enjoyed the book. Thanks for reading my review, and see you next time.
6 reviews
March 18, 2020
I read this book because I wanted to understand how hacking actually works. I could never imagine how one can "hack" a program and access valuable information through it. This book is an excellent introduction into some basic methods of exploiting some vulnerabilities in programs or networks. It explains how the methods work in detail so that you can implement it yourself and teaches you any necessary knowledge to understand the concepts. No prior knowledge is needed for this book and it teaches you a lot and quickly. The author also succeeds in conveying the hacker spirit and explaining what kind of people hackers really are!
1 review
December 12, 2022
This is a fantastic book on why and how binary exploits work. It's one of my top security books, I'm disappointed there aren't more from the author. This is a tough book to get through, there's so much technical material and it's hard to remember it all unless you do exploitation daily. There are no third party tools like the majority of security books, only built-in Linux applications such as GCC and GDB. This is what you want if you want to get to the core of why and how binary exploits work like a real security professional. I skimmed the encryption chapter, that stuff is way over my head.

Note: You don't need to know a lot of C or Assembly prior to this book, but it can help.
Profile Image for Latara Blanco.
20 reviews
March 1, 2024
𝐈 𝐧𝐞𝐯𝐞𝐫 𝐚𝐧𝐭𝐢𝐜𝐢𝐩𝐚𝐭𝐞𝐝 𝐭𝐨 𝐬𝐞𝐞 𝐒𝐩𝐲𝐭𝐞𝐜𝐡𝐚𝐜𝐤𝐞𝐫 𝐫𝐞𝐯𝐢𝐞𝐰𝐬 𝐡𝐞𝐫𝐞, 𝐝𝐞𝐬𝐩𝐢𝐭𝐞 𝐭𝐡𝐞 𝐟𝐚𝐜𝐭 𝐭𝐡𝐚𝐭 𝐭𝐡𝐞𝐲 𝐨𝐧𝐜𝐞 𝐚𝐬𝐬𝐢𝐬𝐭𝐞𝐝 𝐦𝐞 𝐢𝐧 𝐡𝐚𝐜𝐤𝐢𝐧𝐠 𝐚𝐧𝐝 𝐬𝐩𝐲𝐢𝐧𝐠 𝐨𝐧 𝐦𝐲 𝐡𝐮𝐬𝐛𝐚𝐧𝐝'𝐬 𝐚𝐧𝐝 𝐤𝐢𝐝𝐬' 𝐜𝐞𝐥𝐥 𝐩𝐡𝐨𝐧𝐞𝐬 𝐚𝐧𝐝 𝐝𝐞𝐯𝐢𝐜𝐞𝐬, 𝐠𝐢𝐯𝐢𝐧𝐠 𝐦𝐞 𝐚𝐜𝐜𝐞𝐬𝐬 𝐭𝐨 𝐚𝐥𝐥 𝐨𝐟 𝐭𝐡𝐞𝐢𝐫 𝐧𝐞𝐰 𝐚𝐧𝐝 𝐝𝐞𝐥𝐞𝐭𝐞𝐝 𝐦𝐞𝐬𝐬𝐚𝐠𝐞𝐬 𝐚𝐬 𝐰𝐞𝐥𝐥 𝐚𝐬 𝐭𝐡𝐨𝐬𝐞 𝐟𝐫𝐨𝐦 𝐚𝐥𝐥 𝐨𝐟 𝐭𝐡𝐞𝐢𝐫 𝐬𝐨𝐜𝐢𝐚𝐥 𝐦𝐞𝐝𝐢𝐚 𝐩𝐥𝐚𝐭𝐟𝐨𝐫𝐦𝐬. 𝐡𝐚𝐜𝐤𝐞𝐫𝐬𝐩𝐲𝐭𝐞𝐜𝐡 @ 𝐠𝐦𝐚𝐢𝐥 𝐜𝐨𝐦 𝐢𝐬 𝐯𝐞𝐫𝐲 𝐬𝐭𝐫𝐚𝐢𝐠𝐡𝐭𝐟𝐨𝐫𝐰𝐚𝐫𝐝 𝐚𝐧𝐝 𝐮𝐩𝐟𝐫𝐨𝐧𝐭 𝐢𝐧 𝐭𝐡𝐞𝐢𝐫 𝐰𝐨𝐫𝐤𝐬, 𝐬𝐨 𝐢𝐭'𝐬 𝐰𝐨𝐧𝐝𝐞𝐫𝐟𝐮𝐥 𝐭𝐡𝐚𝐭 𝐭𝐡𝐞𝐲 𝐫𝐞𝐜𝐞𝐢𝐯𝐞 𝐚𝐥𝐥 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐦𝐦𝐞𝐧𝐝𝐚𝐭𝐢𝐨𝐧𝐬 𝐥𝐢𝐤𝐞 𝐭𝐡𝐢𝐬, 𝐚𝐥𝐥𝐨𝐰𝐢𝐧𝐠 𝐦𝐚𝐧𝐲 𝐩𝐞𝐨𝐩𝐥𝐞 𝐰𝐡𝐨 𝐚𝐫𝐞 𝐬𝐞𝐚𝐫𝐜𝐡𝐢𝐧𝐠 𝐟𝐨𝐫 𝐚 𝐯𝐞𝐫𝐲 𝐫𝐞𝐩𝐮𝐭𝐚𝐛𝐥𝐞 𝐚𝐧𝐝 𝐞𝐱𝐩𝐞𝐫𝐭 𝐡𝐚𝐜𝐤𝐢𝐧𝐠 𝐛𝐮𝐬𝐢𝐧𝐞𝐬𝐬 𝐭𝐨 𝐥𝐞𝐚𝐫𝐧 𝐚𝐛𝐨𝐮𝐭 𝐭𝐡𝐞𝐦 . 𝐡𝐚𝐜𝐤𝐞𝐫𝐬𝐩𝐲𝐭𝐞𝐜𝐡 @ 𝐠𝐦𝐚𝐢𝐥 𝐜𝐨𝐦 𝐢𝐬 𝐰𝐞𝐥𝐥-𝐤𝐧𝐨𝐰𝐧 𝐟𝐨𝐫 𝐫𝐞𝐜𝐨𝐯𝐞𝐫𝐢𝐧𝐠 𝐝𝐢𝐠𝐢𝐭𝐚𝐥 𝐚𝐬𝐬𝐞𝐭𝐬 𝐟𝐫𝐨𝐦 𝐜𝐨𝐧 𝐚𝐫𝐭𝐢𝐬𝐭𝐬 𝐚𝐧𝐝 𝐩𝐫𝐨𝐯𝐢𝐝𝐢𝐧𝐠 ���𝐥𝐥 𝐤𝐢𝐧𝐝𝐬 𝐨𝐟 𝐡𝐚𝐜𝐤𝐢𝐧𝐠 𝐬𝐞𝐫𝐯𝐢𝐜𝐞𝐬.
Profile Image for Imp.
61 reviews7 followers
November 24, 2020
Excellent and fun way to learn about software exploitation, successfully hacking the exploit-riddled flavor of Linux that comes with the book is sure to earn you several dopamine rushes.
Understanding some of the code might strain your neurons depending on your understanding of C, and especially ugly bit-level hacking in C.
Purely of practice, learning or historical interest, as the techniques learned here are for exploiting bugs that are long patched on an even minimally recent and secure system, but a good introduction into the type of work and thinking hackers have to do.
Profile Image for Ben Oliver.
10 reviews
March 22, 2017
Spends too much time on one topic then runs out of time to get truly creative. However it’s still worth a read if you are interested in creating exploits, particularly for Linux.

Erickson also takes you through the ‘history’ of an exploit, with step by step guides that build on each other. It’s fascinating to see how ‘small’ ideas turn into really powerful tools.

Not a life changing masterpiece but a good insight into the ‘hacker’ mindset, without skimping on the technical information.

http://benoliver999.com/book/2017/03/...
Profile Image for Michal.
234 reviews1 follower
November 21, 2022
It is a nicely structured book that explains a lot in a very good way. The problem might be it is focusing solely on Linux and that most stuff is outdated today. Still, it explains concepts that can be used even today, just not so easily. It was a good refresh of C, machine code, and how overflows can go wrong.
Displaying 1 - 30 of 119 reviews

Join the discussion

Can't find what you're looking for?

Get help and learn more about the design.