The first edition of this book seemed to be written in code (hexadecimal), but the second effort explains the common software vulnerabilities much more clearly.

Contents
This is the second edition of a well known book about hacking and contains a lot about hacking. Jon Erickson has expanded the book from the first edition doubling the number of pages to 450 pages and a Linux based Live-CD is also included.

I don't own the first edition, since I had to choose between Hacking by Jon Erickson and The Shellcoders Handbook (first edition, it is also in 2nd ed. now). I choose the Shellcoders handbook, which I have considered my bible for buffer overflows and hacking.

Now that I have read Jon Ericksons book about hacking I have two bibles, both excellent and well written, both covering some of the same stuff - but in very different ways.

This book details the steps done to perform buffer overflows on Linux on the x86 architecture. So detailed that any computer science student can do it, and they should. Every computer science student or aspiring programmer should be forced to read this book along with another book called 19 deadly sins of software programming.

That alone would improve internet security and program reliability in the future. Why you may ask, because this book teaches hacking, and how you can get started hacking.

Not hacking as doing criminal computer break ins, but thinking like an old-school hacker - doing clever stuff, seeing the things others don't. This book contains the missing link back to the old days, where hackers were not necessarily bad guys. Unfortunately today the term hacker IS dead in the public eye, it HAS been maimed, mutilated and the war about changing it back to the old meaning is over. (Actually this war was fought in the 1990's but some youngsters new to hacking still think it can be won, don't waste your time.) The word hacking can still be used in both ways, just make sure the receiver knows what you are talking about :-)

This book teaches hacking in the old sense of the word and contains the explanation that most others books don't - and at the same time it introduces all the basic skills for performing various types of overflow attacks. Then the book also digress into some wireless security and even WEP cracking, but this part is pretty slim, not bad, just only a few pages. This is OK, since I think of this more as an example of extending the hacking into new areas and hopefully inspires more people to look into wireless security.

The best part about this book is that it is not just a book with a random Live-CD. It is an inspiration and your fingers will itch to get started trying the examples explained and experiment with the programs. This alone is the single feature that makes this book worth it, you will do the exercises and learn from them. Learn a lot.

To sum it up this books contains clever tricks and easy to follow exercises, so you can learn to apply them.

Target audience
This book is for anyone interested in hacking and developing exploits. While the primary target audience is newcomers to this field I benefitted from the thorough walkthrough of the basics once again. This book kept reminding me about things I have forgotten and also some new things and tricks I hadn't thought of myself.


Conclusion
If you are a beginning hacker and want to get started, but was confused
by various text files found on the internet, this is the book to buy.

If you want to learn how to do basic stuff and get started thinking like a hacker, this is the book to buy.

If you are a software programmer that has started to think about software security, this is the book to buy.

This book goes from beginning hacker to inspired intermediate hacker and explains everything in depth and is well planned and you will be able to extract an awful lot of information about the way programs really work after reading this book.

If you read this book from cover to cover you will be able to follow most other references about hacking, books, papers, zines etc. from the internet.

So this book is recommended for anyone interested in hacking and could be a nice start to having your own library about hacking. Reading this book first will also help you understand other books about hacking better and get more information from them by thinking in the right way.

Then later you could expand this library with books like, Steven Levy Hackers, Steven Levy Crypto, Shellcoders Handbook, Clifford Stoll Cuckoos Egg and other references.

I am not missing much from this book, but a short explanation how you could run this CD along with your usual operating system, using something like VMware Player would have been nice.

Links:
The home page for this book is: http://www.nostarch.com/hacking2.htm

This book is great, it says everything in detail if you're into programing. And with the cd you can follow along with the exercises.

Its important to understand what this book tries to cover. Erikson covers specific hacking techniques. He stays close to Linux and C to illustrate the techniques and he exploits a lot of open source software. The goal is to familiarize the reader with the different types of exploits.

In Chapter 6, the author explains: "The state of computer security is a constantly changing landscape...if you understand the concepts of the core hacking techniques explained in this book, you can apply them in new and inventive ways to solve the problem du jour. Like LEGO bricks, these techniques can be used in millions nof different combinations and configurations. As with art, the more you practice these techniques, the better you'll understand them." Clearly, Erickson is passionate about the subject matter he covers in his book.

Any ability to exploit vulnerabilities requires a thorough understanding of the underlying subject. Here Erikson's book offers a number of quick primers on topics such as C programming and network protocols. These introductions are valuable because they introduce the subject and give you deep dives into specifics. They give you some sense of how hacking can lead to a greater understanding of the system under exploit. For example in Chapter 4, Erikson goes from introducing us to the OSI model to socket programming in four pages. But because of a very engaging writing style, it doesn't feel like a hurried course.

After the introduction in which he covers C programming language basics, Erikson introduces us to exploitation via a buffer overflow example. He covers network hacking techniques such as denial of service, TCP/IP hijacking and port scanning. He delves into the more involved topic of spawning shell code to gain control of a system. And in a very entertaining Chapter 6, he shows you how to bypass security measures that detect and track hackers. In the final chapter, he covers hacking techniques for cryptography.

Are you a true hacker in the name of the word? If you are, then this book is for you. Author Jon Erickson, has done an outstanding job of writing a second edition of a book that shows you the true spirit of hacking.

Erickson, begins with an explanation of how programs can be exploited. Then, the author discusses the less obvious errors that have given birth to more complex exploit techniques that can be applied in many different places. Next, he shows you how to network your applications by using sockets and how to deal with common network vulnerabilities. The author also discusses how writing shellcode develops assembly language skills and employs a number of hacking techniques worth knowing. He continues by showing you why defensive countermeasures can be separated into two groups: Those that try to detect the attack and those that try to protect the vulnerability. Finally, the author discusses why cryptology is relevant to hacking in a number of ways.

This most excellent book has explained some of the basic techniques of hacking. But, more importantly, the book looked at various hacker techniques, from the past to the present, and dissected them to learn how and why they work.

Jon Erickson's _Hacking_ is undoubtedly an interesting book, and one that perhaps appeals only to a small subsection of the hacker culture, those who want to learn techniques for exploitation at the conceptual level, aided by plenty of dense examples of code to illustrate those concepts. Erickson's background is in computer science, and he is a corporate lecturer on the subjects of cryptology and network security. With these bona fides, you might expect Erickson to treat the topic professionally and scientifically--and you would be right. Erickson's book is full of interesting and highly useful bits of information on cryptology, ciphers, information theory, and so on, but readers should prepare themselves for a somewhat pedantic, textbook-like style of writing. Having made such preparations, the book does open up for the reader who is looking to learn or brush up on some programming fundamentals.

The majority of _Hacking_ is very technical and deals with programming techniques. The author warns us as much in his Preface, saying that general programming knowledge is necessary in order to make your way through the book. Additionally, those looking for examples of different code flavors will find that Erickson works exclusively with the Gentoo Linux distro, the idea being that the examples are illustrative of techniques and strategies, especially if you are used to a different programming language. Otherwise, you might consider this book a useful primer on Linux, offering practical examples of various exploits, encryption/decryption, and so on.

The bulk of the book is divided into three sections: "Programming" (writing shellcode, dissemblers, and generalized exploiting techniques), "Networking" (Network sniffing and hijacking, DOS attacks, and port scanning), and "Cryptology" (developing algorithms, password cracking techniques, and WEP attacks). Each of these sections is replete with many detailed examples of code (sometimes pages long) for your referencing pleasures. Personally, I'm more drawn to the socio-political content found in the entirely-too-short Introduction, Conclusion, and Reference sections, which despite their underdeveloped feel, offer readers Erickson's thoughtful perspective on hacking (discovering and exploring system vulnerabilities is a valuable practice when done for noble ends, or in his own words, "Information itself isn't a crime"), a brief look into the history and ethics of early hacker culture (a learn-but-do-no-harm ethic borne of the 1950s MIT model railroad crowd, the distinction between hackers and crackers, and his thoughts on the importance of pursuing creative problem-solving strategies within closed logical structures), and a number of links to potentially useful web tools (hexadecimal editors and fuzzy fingerprint generators, for instance). On the whole, I found myself wishing that these sections had been developed further, as they might help broaden the potential readership for this book.

As a bookshelf resource, I can see this book being an invaluable contribution to the library of the hacker whose interests in the subject are shaped by theoretical or academic ways of thinking. Otherwise, it's not exactly a page-turner, and I don't expect social engineers, tinkerers, and certainly not skript kiddies to be the audience for this book. Nevertheless, it is important in that it marks a serious contribution to the art, science, and philosophy undergirding hacker culture. For good or for ill, it marks an attempt to formalize or legitimize a body of knowledge that has historically relied upon and even relished its underground status.

This book does an excellent job of explain various techniques that hackers employ. The explainations include examples, source code, breakouts, and descriptions. The book progresses from basic examples to more complex by building upon a project a little at a time.

The book bascially covers 3 broad areas: programming, networking, and cryptogrophy.
Programming covers buffer overflows, stack exploits, heap overflows, polymorphic code, inline loaders and other information. Examples are presented in C and assembly. Networking covers many different exploits generally centered around the modification of packets and/or spoofing. Cryptography generally covers password based attacks.

The author has a careful approach that makes the book enjoyable to read and easy to follow. He does not jump from one step to the next without covering each step in detail. This makes the text both readable and enjoyable.

Most examples are realted to Unix or Linux but the exploits are universal. Several different tools are described and all were open source.

Highly recommended.

A book that is providing the hacking knowledge in depth. A must for everyone that wants to learn how the hacking exploits are created.

The vast majority of this book focus on two types of security problems: buffer overflows and user manipulatable format strings. It takes you through, in great detail, how they work, and many of the kinks in exploiting them, as well as techniques used. It does require knowing how to program, otherwise, like all serious books on the subject, it's useless. I found this book invaluable when going through hacking practices (wargames).

I've been interested in hacking and security for years and spent most of those reading various online texts, Phrack, 2600, and anything else I could find. This was the first book that was able to explain just what is happening in enough detail and step-by-step that everything clicked. As is the case with any decent text for this topic you will need to know some programming (Assembly and C) to get the full effect. Without the programming knowledge it's still a valuable book for the concepts but you certainly won't be able to put that knowledge to any use. A great aspect is that Erickson begins with a rough "good enough" style explanation and example then slowly refines them both to a truly elegant end. This is unquestionably my favorite hacking book and without it I might still be trying to figure some of the topics out.

The Book give a good explanation of the concepts, however, the book kind of fail on the illustrations and samples base on general knowdleged

This novel is pretty intricate and is definitely not for a beginning computer user. Knowledge of programming is almost mandatory before reading this book. It is very resourceful and informing. A very good book indeed! Worth the money if you can understand it...

This is an excellent book, and it helped me a lot in understanding the basic techniques of hacking.

It starts from "What is Programming", and goes right into topics like polymorphic shellcodes, WEP cracking, net protocols, cryptography.

Very good item.

This is one of thosw rear books that get five stars from me. The book is very straigntforward: it is short, it is free of unnecessary explanations, it is pretty detailed and well organized. The book assumes you know quite a bit about computers in general and low-level OS organization in particular. It gives a plethora of interesting examples to try out, so even if you're not particularly interested in the low-level detailes of how a certain trick works, you still remain in the zone by simply applying those examples.
I recommend this book to anyone interested in computer security.
Zarif

After reading more than 12 different books on this subject, finally I came across this, the best book ever on security. This is the kind of book that gives you what it promises on the cover. I was quiet impressed with the contents and style of writing.

I must add that I have learned a lot from this book, enough to help me in protecting my network and any unauthorized attempt to access my information. This is not for entertainment, like the others which I found in this genre (read Ankit Fadia and you will know what I mean here), this is some serious work by done by an author who knows what he his telling to the readers, and what they will understand. However, somewhere in between it get too technical, and one actually has to sit in front a computer to try and see what the author is trying to tell, but I liked it for being so real and accurate about computer security.

The author has done his homework well before writing it. I found almost all the information correct and original. Wonder why some people have given negative reviews for this book? Because, one has to be a technical qualified in computer security to fully understand what author is telling you. It's like me writing a review for a cooking recipe book. Also, I will like to add that buy it for securing your network, but don't expect it to teach you some serious hacking. For that you have to put lots of real efforts than just buying a book and reading it, though this book can always be a firm stepping stone!

If you are a programmer and know everything there is to know about computers, then this book will help you understand more about hacking. If you don't know much about programmer, or even if you have amateur experience with it, dream on. This book is for experts who understand the language. I thought I could do it and it's an extremely hard read. Many of the words in the book were not referenced so you have no clue what the author means by anything. Although some chapters were helpful, not worth my money.

This is the best book I have ever read. This book explains everything in each and every topic related to hacking. Unlike other books which explains the preexisting tools, the author has shown some light on how to create new tools and hence I would suggest that this book is for intellectual thinkers who are creative enough to get the knowledge from this book and create a new era.

After the wave of script kiddie book boom, a solid book has come to educate the more educated. I was very impressed with this book to the point that I was reading this even in the coffee shops. Very well written and challenging. This book really tests your brain and makes you realize what the picture is behind the exploits and how they work. The writer is very clear in his explanations and overviews. Very mentally stimulating

Some of you who have seen HACKERS (the Film) will know that its just fiction and the film doesn't really show you any real techniques to hack...well...this book pretty much does explain how to hack...although the book SAYS that the intention is to teach you ways to expolite systems...which is fine....although to some of you the book may seem to be a bit brief on specific details like the NT chapter for example...yeah its only 30 pages long...but I can tell you this...this book will start you off doing your own research into other things that the book doesn't cover, thats the whole idea of being a hacker..you consistently learn new things and ways in which how things work..this book may not contain all the nitty gritty stuff that you need to know...however this book does teach you how...and why, and its also starts you off...thats the main thing that no other book gives...

People often talk about whether the hacker technique genre of books such as Hacking Exposed, Hack Attacks Revealed or Counter Hack actually do more to teach the next generation of hackers and crackers than they do to help educate people about security. Those books don't go to nearly the depth that Hacking: The Art of Exploitation does.

Jon Erickson picks up more or less where those other books leave off. He provides a look at techniques and tools used by hackers as well, but he also gives a more comprehensive look at stack overflows, heap overflows, string vulnerabilities and other commonly exploited weaknesses.

Rather than simply describing the vulnerabilities and their exploits theoretically or showing you how to use pre-existing tools to exploit the vulnerabilities, Jon Erickson provides the nuts & bolts you need to learn how to program your own exploit code.

Arguably, this information could very well be used by a hacker wannabe to learn how to break into machines illegally. However, like the other hacker technique genre books, the purpose is to educate so that we can better protect ourselves from such hackers.

Armed with the information in this book you can actively develop your own exploit code to conduct vulnerability and penetration testing- the results of which could be very valuable in helping to secure your networks and computers.

This is an excellent book. Those who are ready to move on to Level 2 should pick this book up and read it thoroughly.

(...)

This is the best general introduction to the mystery of exploits available to the technically-informed reader who does not frequent hacker channels or chats.

The bulk of the writing concentrates on the vulnerabilities of C, particularly overflows of the buffer, stack and heap. A thorough introduction to shellcoding is provided with numerous examples. Readers should have a good working knowledge of Intel assembler but, although most examples are from Linux, no detailed knowledge of the operating system is required.

There is a section on network exploits involving sniffing, TCP/IP hijacking, port scanning and DoS which is brief but a good introduction to the actual techniques used. The cryptology section has some nuggets of information, but is too brief to cover this extensive topic on its own.

Well worth reading if you've ever been puzzled by references to "smashing the stack" or "man in the middle attacks". Programmers should become very thoughtful about their code when they read this. An excellent introduction to the topic.

Hacking: The Art of Exploitation is a highly-technical book not designed for the faint of heart. However, it has some great material that any information security professional could benefit from. I especially like the coverage of buffer overflows and network attacks - two of the major types of attacks our systems face. The WEP attacks coverage is good as well. As the author of a "hacking" book myself, I know that a lot of effort goes into putting together a technical book - especially for a book as technical as this one. Although it may not be the most practical book to learn about penetration testing or vulnerability assessments, it's certainly a great read and resource for those who want to get behind the scenes and understand what's going on with all those bits and bytes inside a computer and across a network. Kudos to Jon Erickson for putting together such a unique work.

I agree with some other reviews. I love the idea and image of this book, but it's all too short. This book should have been 1000 pages. The NT chapter is only about 30 pages, mostly which only defines the attacks. I could have written a 30-page essay for my highschool about NT attacks before i read this book.
Buy it, it's a nice addition to the library.

Although this text is aimed at more experienced programmers, it definitely provides insight that you'll be hard pressed to find elsewhere. More or less, many programming books in general are either interesting and for beginners or advanced and very dull. This book is pretty advanced but written in manner that keeps the reader interested. Highly recommended for anyone who would like some hacking background as well as some Linux/Unix systems background. Definitely a great place to start for those who are truly interested in today's more low level system internals.

Good, but difficult to follow unless you are a programmer. But I didn't learn a great deal from it and enjoyed the challenge.

I found this to be a decent book but nothing over the top. The best chapter is the second, which deals with buffer overflows. The rest of the chapters are quiet basic intros to networking and crypto. If you are completely new to the security scene, this is a great book to start with.

this book is way kewl.

I know programming quite well, but this really showed me some good hacks.

I bought this book to gain a better understanding of how modern OS and Network protocols can be exploited (hacked). While this book covered these topics in some detail, it lost my attention due to its lack of explanation. I am an IT professional with high level programming and networking experience and I felt that certain topics (such as x86 machine language, and memory calls) where glossed over. This book would have a had a wider audience if it included more explanation. Some parts of the book are well written while others are rushed through.

This book is an awesome book for hackers who will learn how the exploits work and the logic behind it, thats why i love this book as its not like the average "how to become a hacker books" which actually make you script kiddies, but this book talks on the intricacies of hacking, program exploits in depth giving you an insight as how the exploits works ,
an awesome book, certainly worth its cost, so what are you waiting for "Go Get It!"

This book is 10 times greater than any other hacking book. It gives useful code and examples rather than 250 pages of theory. Stack and heap overflows are explained in detail as well as many other modern types of exploits. The best part of the book is that it teaches the reader how to write his/her own shellcode and teaches some basic Assembly language along the way. Everything you need to know to be a hacker or stop hackers.

Includes detailed explanations and code for:
buffer / stack / heap based overflows
format string vulnerabilities
writing shellcode
sniffing switched and unswitched networks
tcp / ip hijacking
denial of service
port scanning and tricking port scans of your own computer
password cracking
Man in the middle attacks
Wireless internet security / hacking
and more

You have probably heard of such hacking techniques as buffer overflows. Typically, a book might give only cursory explanation, especially if it is not devoted to hacking. But suppose you write in C. Chances are you've inadvertantly created buffer overflows and then spent hours chasing this down, after your program crashed. So how on earth can a deliberate overflow lead to a breakin?

It is for such matters that Erickson expounds here. Written for you, whether you want to create such exploits or prevent them. In either case, the knowledge is the same.

What the book requires is some knowledge of C and assembly. For the latter, it is the language of the Intel x86 family. But even if you don't know it, so long as you are familiar with any assembly language and the theory of a Neumann machine, then you can follow the text.

This book is not for every programmer. It turns out that a fair number of programmers get into the field by learning a high level language like C, Fortran, Java or Pascal. But they never learn any assembly. To them, anything compiled from source is a black box. Instead, you need some background in assembly.

The book also gives neat coverage of how to sniff network traffic and manipulate it. There is a section on cryptography. But for this, it is so specialised and vital that you should consult texts dedicated to it.

If you can understand what is on the front cover, then you
will probably think the cover in itself is worth the price of
the book.

If you write software, you will find this book fascinating for
its explanation of "buffer overflows" and how they are exploited
by hackers (er, crackers) to take control of other people's
computers.

If you don't write software, then you'll probably have great
difficulty understanding this book.

Don't expect the conceptual fluff. Be prepared for school. This book does not use the time and motivation wasting filler that so many "hacking" books fill pages with. This describes in significant depth the root techniques used in exploitation. It can make some technical assumptions about the reader, and it is helpful to have programming experience, but I prefer this approach. I would rather have the author "teach to the highest common denominator" and not the lowest... What you don't know when you read this book, you will be motivated to learn.

The writing style can be a little empty, and could use a bit more of a layered approach, but this is a minor criticism.

I work in IT security, and this is the first hacking book I have ever recommended. Go for it.

This book is for the security pro or would be hacker who want's to begin to see how deep the rabbit hole really does go. There is no other book like it on the market, and I've read most of them. Jon Erickson's code included in the book all works well as designed on Linux. The author also suggests some good free Linux tools for use with the code examples including most notably a hex editor, basic dissassembler, and packet injector.

The techniques in the book are best described by a caption on its back cover, "The fundamental techniques of serious hacking." It includes major sections on programming, networking, and cryptography. All material is covered with an eye towards exploitation. Languages used in the book material consist of C, PERL, and Assembly for X86.

The techniques described in this book are fundamental to any hacker or security professional who takes their work seriously. The book is well worth the discounted amazon.com price. The material in this book is all original and cannot be found elsewhere. Each example in the programming section is truly an eye opener if you are new to code hacking. The examples in the networking and cryptography sections are relevant and fresh as well.

This book covers foundational exploit techniques very well the emphasis on how to do things efficent and then in more than one way is great. The programming section is unlike anything else you'll find on the shelf and is a great next step for someone who knows the concepts and techniques of exploitation just isn't making their own home grown stuff yet. The networking section leaves a lot to be desired if this book is to be considered to contain "The fundamental techniques of serious hacking". Still this book on the shelf is one on a level above Counter Hack/Hacking Exposed/Hack Attacks Revealed. Less concept, more application. Buy this book, read it, and read it again.