We would love to stay in touch with you!

Enter your details to join our mailing list and we'll send you a link to exclusive content.

* indicates required
Close

Review: Hacking, The Art of Exploitation

by Jago Maniscalchi  //  August 24, 2011  //  Reviews  //  No comments

A review of Hacking, The Art of Exploitation by Jon Erickson (2nd Edition).

This 450-page introduction to hacking – possibly the best single lesson on exploitation I’ve ever seen – assumes no prior knowledge at all, although it would be incredibly difficult to survive the book without it. Because no assumptions are made about underpinning knowledge, absolutely everything is explained, and you’ll find it fills gaps in the knowledge of even a veteran security expert.

Despite being excellent, this book is not for the faint hearted – it certainly isn’t for you if you don’t understand source code (or don’t want to) or aren’t the kind of person who reads a textbook with a notepad and pen. The examples are tough, and some of the source code extracts long. The explanatory text, though, is easy to digest, the tone light-hearted, and the book well structured. It is arranged into eight chapters (numbered like memory locations in hexadecimal), starting with a short introduction to hackers and hacking – a few definitions and some context – and then progressing into a large primer on programming. Chapters on exploitation, networking, shellcode, countermeasures and cryptography follow.

0×200 Programming

Much of the genius of the book is contained in this 100 page introduction to programming. Starting with pseudocode, mathematical operators and control structures, it moves on to introduce C, X86 assembly, variable types, file access and memory segmentation. It moves very, very, fast, but everything is included. It is particularly useful as a reference throughout the rest of the book.

0×300 Exploitation

This section, at only 80 pages, felt like a bit of a let down after such a lengthy precursor on programming. Despite being short, though, it covers stack overflows, heap overflows and format string vulnerabilities in depth. These three techniques, in some form, are at the heart of the majority of remote exploits and understanding them is essential if trying to use them against new targets. Source code is included for all the vulnerable sample programs, and step-by-step GDB screenshots are included illustrating the techniques used to identify and exploit the vulnerabilities.

0×400 Networking

The networking chapter, about the same size as the exploitation chapter, covers a broad area. There is a short introduction to sockets and TCP/IP, some networking sniffing techniques and advice, a section on DDOS techniques, an explanation of TCP/IP connection hijacking and then a section on port scanning. The whole chapter is underpinned by C code examples what weaponise the techniques described, though in practice, a lot of the techniques are so widely used that stable tools exist to freely download.

0×500 Shellcode

Not a comprehensive guide to writing your own shellcode, this chapter does include important techniques like avoiding Null bytes, optimising shellcode, spawning shells, binding to ports and connecting-back to an attack-base. Full examples are given for each. There is no mention of creating new users, however, a rather blunt but heavily used technique.

0×600 Countermeasures

This chapter discusses, in depth, the countermeasures that might be used to avoid exploitation, and discusses the techniques that can be used to evade them. Log analysis, IP address spoofing, socket resuse, string encoding, nonexecutable stacks and randomised stack space are all explained alongside techniques to exploit the countermeasures.

0×700 Cryptology

In the same manner as previous chapters, the Cryptology section begins with an introduction – to information theory, symmetric encryption and asymmetric encryption. Man-in-the-middle attacks are discussed, as are various methods for password cracking, including dictionary, hybrid and rainbow table attacks. The chapter finishes with a discussion of WEP encryption and the various techniques to crack it.

Conclusion

In 450 pages, this book is an introduction to programming, networking and cryptography, and covers exploitation of all three – vulnerability exploitation, network attacks, shellcode, countermeasures and crypt attacks. Given its size, it covers all the bases admirably, and notably avoids the mention of any downloadable tools along the way – all the attacks, countermeasures and evasions are covered from first principles.

This is one of the best lessons on exploitation I’ve ever seen and is highly recommended.

About the Author

Jago Maniscalchi is a Cyber security consultant, though he tries to avoid the word "Cyber" at all costs. He has spent 15 years working with Information Systems and has experience in website hosting, software engineering, infrastructure management, data analysis and security assessment. Jago lives in London with his family, enough pets to start a small zooalogical society, and a Samsung NaviBot Robotic Vacuum Cleaner. Despite an aptitude for learning computer languages, his repeated attempts to learn Italian have resulted in spectacular failure.

Leave a Comment

comm comm comm