Archive for the ‘books’ Category
Book: Puzzles for Programmers and Pros
So, I had this book lying around for quite some time. Recently, I found some time to read it. It’s a really good book if you like puzzles and “mind games” in general. Due to its structure I won’t have a per-chapter overview since it is just a collection of puzzles. There is nothing to discuss. :P
Title: Puzzles for Programmers and Pros
Author: Dennis E. Shasha
Part I: Mind Games
Part II: The Secret of the Puzzle
Part III: Faithful Foes
If you like logic puzzles and mind games I definitely suggest you to read this book. It’s well written and has many cool puzzles to play with. Although it isn’t a huge book (just 200 pages) if you want to solve the puzzles without checking out the solutions it might take a lot of time to finish it. :P
Book: The Shellcoder’s Handbook (second edition)
Despite what most people think, the second edition of this book is slightly different from the first edition. Some chapters from the first edition were removed and others were added. I will only comment on the chapters that differ from the previous release.
Title: The Shellcoder’s Handbook: Discovering and Exploiting Security Holes
Authors: Chris Anley, John Heasman, Felix “FX” Linder, Gerardo Richarte
Part I: Introduction to Exploitation: Linux on x86
Chapter 1: Before You Begin
Chapter 2: Stack Overflows
Chapter 3: Shellcode
Chapter 4: Introduction to Format String Bugs
Chapter 5: Introduction to Heap Overflows
Part II: Other Platforms – Windows, Solaris, OS/X, and Cisco
Chapter 6: The Wild World of Windows
Chapter 7: Windows Shellcode
Chapter 8: Windows Overflows
Chapter 9: Overcoming Filters
Chapter 10: Introduction to Solaris Exploitation
Chapter 11: Advanced Solaris Exploitation
Chapter 12: OS X Shellcode
This is a new chapter that deals with Mac OS X shellcoding. A good thing about it is that it has information for both Intel and PowerPC architectures and even for cross-platform shellcode.
Chapter 13: Cisco IOS Exploitation
Another very innovative chapter for such exploit development books. All the major steps along with numerous examples are included in this chapter. This means everything from Cisco IOS essentials, vulnerabilities, reverse engineering and both stack and heap exploitation.
Chapter 14: Protection Mechanisms
Most common (for the time the book was published) protection mechanisms are discussed here. Some of them are non-executable stack, W^X, ASLR, Windows SEH, etc.
Part III: Vulnerability Discovery
Chapter 15: Establishing a Working Environment
Chapter 16: Fault Injection
Chapter 17: The Art of Fuzzing
Chapter 18: Source Code Auditing: Finding Vulnerabilities in C-Based Languages
Chapter 19: Instrumented Investigation: A Manual Approach
Chapter 20: Tracing for Vulnerabilities
Chapter 21: Binary Auditing: Hacking Closed Source Software
Part IV: Advanced Materials
Chapter 22: Alternative Payload Strategies
Chapter 23: Writing Exploits that Work in the Wild
Chapter 24: Attacking Database Software
Chapter 25: Unix Kernel Overflows
Chapter 26: Exploiting Unix Kernel Vulnerabilities
Chapter 27: Hacking the Windows Kernel
Another new chapter this time for Windows kernel exploitation. It is a good reading that goes through the basics of Windows kernel programming and exploitation of stack and heap based buffer overflows.
So, as you can see it is another very good book but it lacks some important parts of the previous edition. In my opinion, nowadays it is a little bit outdated but it has some parts like the CISCO IOS chapter that are otherwise not well documented (from an exploit developer’s point of view).
Book: The Shellcoder’s Handbook (first edition)
I had numerous requests to write review about the two editions of “The Shellcoder’s Handbook”. I have read those two books a few times in the past so I think I’m in position of writing a review about them. Here is the first edition…
Title: The Shellcoder’s Handbook: Discovering and Exploiting Security Holes
Authors: Jack Koziol, David Litchfield, Dave Aitel, Chris Anley, Sinan Eren, Neel Mehta and Riley Hassell
Part 1: Introduction to Exploitation: Linux on x86
Chapter 1: Before You Begin
Just like most “exploitation” books, it starts with a chapter that introduces the essentials for understanding basic exploitation on x86 platform.
Chapter 2: Stack Overflows
Nice chapter that goes through all the basics as well as some common bypassing techniques such as NOP sleds and return-to-libc techniques.
Chapter 3: Shellcode
Once again, a gentle introduction to simple x86 shellcoding.
Chapter 4: Introduction to Format String Bugs
Everything you need to know to get started with format string vulnerabilities as well as their exploitation for x86 on Linux.
Chapter 5: Introduction to Heap Overflows
The last chapter of this part of the book that follows the same approach as the previous chapter, but this time for heap based buffer overflows.
Part 2: Exploiting More Platforms: Windows, Solaris, and Tru64
Chapter 6: The Wild World of Windows
An introduction to the nuances of Windows operating system. This includes APIs, DCE-RPC (along with an exploitation example), debugging, etc.
Chapter 7: Windows Shellcode
The title says it all…
Chapter 8: Windows Overflows
This is a very extensive chapter on Windows overflows going through stack, heap, .data and TEB/PEB overflows. Furthermore, you can find information on some usual bypassing techniques and other important aspects for heap based buffer overflows.
Chapter 9: Overcoming Filters
Another chapter on shellcoding, this time dealing with a little bit more advanced concepts. More specifically, the chapter includes information for alphanumeric and Unicode shellcodes and provides a complete example for encoding/decoding shellcodes.
Chapter 10: Introduction to Solaris Exploitation
Beginning with an introduction to the SPARC architecture and Solaris specific details, it goes through basic stack based buffer overflows and off-by-one overflows, to heap based overflows and static data overflows. Clearly one of my personally favourite chapters even up to the date of this writing.
Chapter 11: Advanced Solaris Exploitation
This is a small chapter that includes a good amount of Solaris/SPARC tricks useful for exploitation.
Chapter 12: HP Tru64 Unix Exploitation
Believe it or not this is the only Tru64 exploitation reference you can find on any book (of course, I’m talking about the books I am aware of). After discussing the essentials of the ALPHA architecture, the author goes through shellcoding, stack based buffer overflows, bypassing of non-executable stack and finally remote exploitation of an RPC vulnerability.
Part 3: Vulnerability Discovery
Chapter 13: Establishing a Working Environment
As its title suggests, this guides you through the general setup you need to have for working on vulnerability discovery.
Chapter 14: Fault Injection
Most of these are well known nowadays but in any case, it is a good reference.
Chapter 15: The Art of Fuzzing
So, here you have information on fuzzing and a couple of examples as well as a few concepts that you have to consider when either fuzzing or writing your own fuzzer.
Chapter 16: Source Code Auditing: Finding Vulnerabilities in C-based Languages
Here you can find information on useful tools for such jobs and also for methodology, identification, etc.
Chapter 17: Instrumented Investigation: A Manual Approach
This is a truly interesting chapter that begins from the background philosophy and later uses the Oracle EXTPROC vulnerability as a case study. It includes very helpful information on manual vulnerability discovery.
Chapter 18: Tracing Vulnerabilities
Another innovative chapter (for such books) dealing with the methodology for tracing vulnerabilities.
Chapter 19: Binary Auditing: Hacking Closed Source Software
Moving to the closed source code side, we have this nice introduction to reverse engineering and debugging closed source software. As in most of the previous chapter, this one also includes some examples using real-world vulnerabilities on Microsoft software.
Part 4: Advanced Materials
Chapter 20: Alternative Payload Strategies
The first chapter of the 4th part of the book is about some less common payload techniques. Authors provide some nice examples with both closed and open source software that range from common patching or runtime patching to less common like system call proxies.
Chapter 21: Writing Exploits that Work in the Wild
Most modern books dealing with exploit development now include such chapters. Nevertheless, it is always important to keep in mind the requirements for having a working exploit and not just a proof of concept exploit code.
Chapter 22: Attacking Database Software
A small introduction to database exploitation although, as it turned out, David Litchfield wrote an entire book on this subject. This chapter has sections for all major enterprise class products including Oracle, IBM DB2 and Microsoft SQL Server.
Chapter 23: Kernel Overflows
Two nice examples are discussed for the OpenBSD and Solaris platforms.
Chapter 24: Exploiting Kernel Vulnerabilities
General techniques for kernel exploitation are available in this chapter. Most parts of this chapter are specifically for OpenBSD and Solaris operating systems but there are information that can be applied to other systems too.
So, even though today this book is a little bit outdated on some parts, it is still an excellent resource. However, when it was published it was definitely one of the best, if not the best, book for exploitation. Even today it is the only book I am aware of that deals with Tru64 exploitation as well as user space Solaris remote exploitation. Also, the amount of examples and code samples in the book is amazing. Congratulations to all the authors for this release.
Book: FM 23-91: Mortar Gunnery
I recently found this US Army FM (Field Manual) and since I read it, here is a quick overview. Oh… Just for your information, regardless of the below image, the content is about the “1 March 2000″ edition of the manual.
Title: Field Manual No. 23-91: Mortar Gunnery
Author: Headquarters, Department of the Army
Part One: Introduction and Fundamentals of Mortar Gunnery
Chapter 1: Introduction
This is a general introduction dealing with concepts like the mission of mortar platoon, teams and procedures, etc.
Chapter 2: Fundamentals of Mortar Gunnery
Another introduction chapter that goes through various information about subjects such as ranges, vertical interval, distribution of bursts, muzzle velocities, ammunition etc. This is a large chapter with useful information about the equipment and techniques involved in mortar gunnery.
Part Two: Fire Direction Center
Chapter 3: Introduction
This is the starting chapter of the second part of the manual. Here, the reader can learn about the principles of fire direction, team duties, etc. Its a very small introduction chapter that leads to the next chapter.
Chapter 4: Major Concerns of the Fire Direction Center
Continuing from chapter five, this one dives into the details of fire direction center. Starting with the types of sheaves, it moves to angle T, ballistic meteorological message and corrections, and other specific topics providing extensive details and examples on each subject.
Chapter 5: Call for Fire
Here we go through all the details involved when a call for fire message is involved. Everything from identification to description, methods of engagement, authentication, etc. are discussed in this chapter.
Part Three: Mortar Ballistic Computer
Chapter 6: Introduction
And here is the third part dealing with the details of mortar ballistic computer systems. Beginning with identification of the various switches, it moves to audio alarm, capabilities, memory characteristics and error messages to end this introduction and get into more details in the upcoming chapters.
Chapter 7: Preparation of Fire Control Equipment
Here you can find the different types of data entries that the mortar ballistic computer can process and how to use each one of them. Of course, it goes through each data entry, discussing how to use it with mortar ballistic computer.
Chapter 8: Type of Missions
All the supported mission types are explained in this chapter. Everything from naming, switches, operator’s manual, etc. about mission types are available in this chapter.
Chapter 9: Special Procedures
Here more advanced concepts are identified. Ranging from registration and sheaf adjustment, to immediate smoke and immediate suppression. It’s a very detailed and informative chapter.
Chapter 10: Digital Message Device Supported
This is the last chapter of this part and deals with mortar ballistic computer’s (MBC) abilities for digital communications. Its a compact operator’s communication manual.
Part Four: M16 and M19 Plotting Boards
Chapter 11: Introduction
This new part is about the two classic plotting boards to do mortar gunnery calculations by hand. This chapter introduces the reader to the two boards and how to use them.
Chapter 12: Preparation of Fire Control Equipment
Based on the knowledge from the previous chapter, this one goes into the details of the three supported (by M16 and M19 plotting boards) firing charts which are observed firing charts, modified-observed firing charts and surveyed firing charts. In all cases, the manual provides extensive details and examples.
Chapter 13: Types of Missions
Similarly to the MBC’s mission types, this one discusses the plotting boards’ supported mission types. For each scenario it goes through the various concepts and examples required to understand the procedures and techniques involved in each case.
Chapter 14: Special Considerations
The last chapter is about special procedures when using plotting boards for effectively engaging targets. Its a nice chapter with very detailed examples.
First of all, I have to admit that I was very impressed by the similarities of this US Army field manual and the equivalent one from the Greek Army. They are almost the same. Now to the content, like most FMs, it is simple, compact and gives all the information you need to know for each subject. Anyway, if you are interested in mortar gunnery it is a good reading.
Book: White Line Fever
As some of you might already know, I’m a big fan of Motörhead. Of course, Motörhead would have never been what they are without the incredibly talented Lemmy. This book is his autobiography and I thought it’d worth reading it.
Since this is not a technical book, I don’t find it suitable to write a per chapter overview. So, it is an amazing autobiography that makes you feel like you have Lemmy talking to you about parts of his life from his early age in England, to countless sex and drugs (a lot of drugs) stories and unbelievable things like working with The Jimi Hendrix Experience band for one year.
I really enjoyed this book and didn’t even realized how fast I had read it. A true rockstar autobiography. :]
Title: White Line Fever: The Autobiography
Authors: Lemmy with Janiss Garza
Prologue
Chapter 1: Capricorn
Chapter 2: Fast and Loose
Chapter 3: Jailbait
Chapter 4: Metropolis
Chapter 5: Speedfreak
Chapter 6: Built for Speed
Chapter 7: Beer Drinkers and Hell Raisers
Chapter 8: Keep Us on the Road
Chapter 9: Back at the Funny Farm
Chapter 10: (Don’t Let ‘Em) Grind Ya Down
Chapter 11: Angel City
Chapter 12: We Are Motörhead
Chapter 13: Brave New World
