Book of the Month : The Shellcoder’s Handbook

This is one of the best book written on most complex and interesting topics of computer security, ‘Discovering and Exploiting Security Holes’. It starts with explanation of different classes of security vulnerabilities such as stack overflows, heap overflows and format string bugs. Then it goes on describing the techniques to discover these flaws and then ultimately exploiting them in real world.

.

.

Part 1: Introduction to Exploitation: Linux on x86.

Chapter 1: Before You Begin.
Chapter 2: Stack Overflows.
Chapter 3: Shellcode.
Chapter 4: Introduction to Format String Bugs.
Chapter 5: Introduction to Heap Overflows.

Part 2: Exploiting More Platforms: Windows, Solaris, and Tru64.

Chapter 6: The Wild World of Windows.
Chapter 7: Windows Shellcode.
Chapter 8: Windows Overflows.
Chapter 9: Overcoming Filters.
Chapter 10: Introduction to Solaris Exploitation.
Chapter 11: Advanced Solaris Exploitation.
Chapter 12: HP Tru64 Unix Exploitation.

Part 3: Vulnerability Discovery.

Chapter 13: Establishing a Working Environment.
Chapter 14: Fault Injection.
Chapter 15: The Art of Fuzzing.
Chapter 16: Source Code Auditing: Finding Vulnerabilities in C-Based Languages.
Chapter 17: Instrumented Investigation: A Manual Approach.
Chapter 18: Tracing for Vulnerabilities.
Chapter 19: Binary Auditing: Hacking Closed Source Software.

Part 4: Advanced Materials.

Chapter 20: Alternative Payload Strategies.
Chapter 21: Writing Exploits that Work in the Wild.
Chapter 22: Attacking Database Software.
Chapter 23: Kernel Overflows.
Chapter 24: Exploiting Kernel Vulnerabilities.

————————————————————————————-

The book contains rich set of code examples in every chapter which makes it very useful. Also the discovery and exploitation techniques have been covered in multiple platforms including Linux, Windows, Solaris and Tru64.  In the end it explains some of the advanced topics such as alternate ways of carrying shell code, writing real world exploits, exploiting database and kernel vulnerabilities.

.

Finally, if you are a fan of Matrix series then this is the book for you….!

.

[Ebook Download Link –http://earth.flazx.net/preview/c4bac9/flazx_the-shellcoder-s-handbook-discovering-and-exploiting-security-holes.zip ]

.

Similar posts
  • SecurityXploded Mentorship Programme ... I am writing this blog to share my SecurityXploded Student Mentorship Programme experience with the future students of this programme. My mentorship programme started last year in August when I was in 2nd year of MS at IIIT-Allahabad. I knew about SecurityXploded community since I used to follow their blogs, training programmes and security tools [...]
  • Code Injection and API Hooking Techni... Hooking covers a range of techniques used for many purposes like debugging, monitoring, intercepting messages, extending functionality etc. Hooking is also used by a lot of rootkits to camouflage themselves on the system. Rootkits use various hooking techniques when they have to hide a process, hide a network port, redirect file writes to some different [...]
  • Announcement – SecurityXploded ... From the past two years we are working actively on couple of projects to support the security community. As you all may already know that we have successfully completed our reversing and malware analysis training programme and we are very glad that it was very helpful for everyone. In my opinion the success of any [...]
  • Advanced Malware Analysis Training Se... Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) and our advanced malware training session on (Part 2) Dissecting the HeartBeat  RAT Functionalities   This is part of our FREE ‘Advanced Malware Analysis Training’ series started from Dec 2012.       In this extended session, I explained “Decrypting various Communications Of HeartBeat [...]
  • Advanced Malware Analysis Training Se...   Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) and our advanced malware training session on (Part 1) Reversing & Decrypting Communications of HeartBeat RAT This is part of our FREE ‘Advanced Malware Analysis Training’ series started from Dec 2012.       In this extended session, I explained “Decrypting The [...]

2 Comments

  1. Iqbal Shaikh Iqbal Shaikh
    March 25, 2009    

    From where i can get this book?

  2. March 26, 2009    

    You can buy it from Amazon directly. Indian edition is not yet available 🙁

Leave a Reply

Our Company

Follow us on Facebook


Join Mailing List

Get direct access to our expert trainers or mingle with like minded security folks in our mailing list