Jon Erickson has completed the second edition of his seminal work, Hacking: The Art of Exploitation, adding a significant amount of text to the original work. In doing so, he has created a work that will quickly become a "go-to" guide for anyone wanting to learn hacking, or who wants to understand the hacking mindset.
Erickson starts off with an explanation of terms, differentiating between the idea of "hacking" and the idea of "cracking," and showing how misuse has confused things greatly. I really think that it's important for people to understand the purpose behind hacking; there is a mindset among hackers, a thirst for knowledge, but also a desire to see code written as cleanly as possible. By exploiting sloppily-written code, they point out to programmers how they can make things simpler and more secure at the same time.
Erickson assumes very little prior knowledge in this book. He starts at the beginning, even discussing pseudocode that programmers use to "sketch out" their programming ideas, and progresses quickly to basic C code. It's important to understand how programming works if you're going to try to exploit another programmer's carelessness, after all. Erickson then introduces a simple program, with potential for exploitation. He points out the various exploits that can be used against the program, including buffer overflows, complete with code examples. More importantly, he shows why each exploit works.
That's the real benefit in this book. Other "hacking" books show what to do in a given situation, but Erickson explains what you're trying to accomplish, and shows why the exploits he shows work. This way, readers can develop their own exploits based on situations they encounter, without having to find an existing code to simply copy and paste. This is a learning process - since hacking really starts as a quest for information and knowledge, it's an attractive feature of the book.
Article comments
1 - gagongsta
i enjoyed reading! TNT