2 min to read

Hacking: The art of Exploitation Book

Still, one of the best foundatinal books for cybersecurity and hacking even though outdated like hell

Featured image

Hacking: The art of exploitation is not a book to read, it’s rather a book to study. It starts with the fundementals of C programming language and big-endian and low-endian conversions inside the computer memory. It then dives into assembly level programming and how a basic c executable is compiled into assembly code. Then it touches on typecasting, pointers, and how to manipulate memory in C. But it does not explain these concepts in a theoretical way, it encourages to use gdb and other tools to examine the underlying concepts. It then talks about Memory segmentation, the interview questions that we all suck at, and how to use gdb to examine the memory segments of a running process. It then dives into buffer overflows, format string vulnerabilities, and how to exploit them. It also covers shellcode, NOP sleds, and how to write your own shellcode. The book also covers network programming, how to write your own network protocols, and how to exploit network vulnerabilities. Buffer overflow examples will not work in modern c compilers because of stack protection, ASLR, and other security mechanisms. I remember the same examples given in the book also appeared in Cisco: Ethical hacking course. The book details very well OSI model, TCP/IP model, and explains socket functions.

It then covers Network sniffing, Denial of Service attacks, TCP/IP Hijacking, port scanning with nmap using different techniques. It shows how to create a basic webserver and moving to creating a tinywebserver that handles GET and HEAD requests that would come from a basic webserver. It describes the lower layers below the newtwork layer which our basic home routers or default gateway if you like, handle. It gives basic information about Header format of Network and Transport Layers as TCP handling the transportation and IP Format handling the Network layer. Network Sniffing techniques are also given a section with tcpdump tool to sniff data from unencrypted protocols such as telnet, FTP and POP3. Raw socket sniffing, and libpcap sniffer functions and decoding the communication protocol layers are described in great detail. Active sniffing with basic pinging with nemesis project is shown before jumping to DDOS(Distributed Denial of Service attacks. ) NMap is studied with a high-importance before moving to shellcoding and countermeasures in cybersecurity. The book ends with a very good and detailed approach to Cyptology, Brute Force Attacks, ciphers and the future of cyptology with the rise of the Quantum Computing capabilities.

Definitely a good book to start for an excellent CyberSecurity career.