This is one of the best book written on most complex and interesting topics of computer security, ‘Discovering and Exploiting Security Holes’. It starts with explanation of different classes of security vulnerabilities such as stack overflows, heap overflows and format string bugs. Then it goes on describing the techniques to discover these flaws and then ultimately exploiting them in real world.
Part 1: Introduction to Exploitation: Linux on x86.
Chapter 1: Before You Begin.
Chapter 2: Stack Overflows.
Chapter 3: Shellcode.
Chapter 4: Introduction to Format String Bugs.
Chapter 5: Introduction to Heap Overflows.
Part 2: Exploiting More Platforms: Windows, Solaris, and Tru64.
Chapter 6: The Wild World of Windows.
Chapter 7: Windows Shellcode.
Chapter 8: Windows Overflows.
Chapter 9: Overcoming Filters.
Chapter 10: Introduction to Solaris Exploitation.
Chapter 11: Advanced Solaris Exploitation.
Chapter 12: HP Tru64 Unix Exploitation.
Part 3: Vulnerability Discovery.
Chapter 13: Establishing a Working Environment.
Chapter 14: Fault Injection.
Chapter 15: The Art of Fuzzing.
Chapter 16: Source Code Auditing: Finding Vulnerabilities in C-Based Languages.
Chapter 17: Instrumented Investigation: A Manual Approach.
Chapter 18: Tracing for Vulnerabilities.
Chapter 19: Binary Auditing: Hacking Closed Source Software.
Part 4: Advanced Materials.
Chapter 20: Alternative Payload Strategies.
Chapter 21: Writing Exploits that Work in the Wild.
Chapter 22: Attacking Database Software.
Chapter 23: Kernel Overflows.
Chapter 24: Exploiting Kernel Vulnerabilities.
The book contains rich set of code examples in every chapter which makes it very useful. Also the discovery and exploitation techniques have been covered in multiple platforms including Linux, Windows, Solaris and Tru64. In the end it explains some of the advanced topics such as alternate ways of carrying shell code, writing real world exploits, exploiting database and kernel vulnerabilities.
Finally, if you are a fan of Matrix series then this is the book for you….!