xorl %eax, %eax

Book: A Bug Hunter’s Diary

with 3 comments

I have recently finished reading Tobias Klein‘s english version of “A Bug Hunter’s Diary“. The book has a very innovative approach of breaking down all the steps from the initial bug discovery up to exploitation and disclosure of some notable vulnerabilities Tobias Klein has discovered through the years.

Title: A Bug Hunter’s Diary: A Guided Tour Through the Wilds of Software Security
Author: Tobias Klein

Since all chapters follow the same structure with the only difference being the vulnerability, I will only mention the vulnerability associated to each one in the below chapters’ overview.

Chapter 1: Bug Hunting
This is a small introduction chapter with information necessary to understand author’s approaches in this book as well as basic security concepts such as common techniques, tools, etc.

Chapter 2: Back to the ’90s
This chapter goes through the first vulnerability of the book which is VLC TiVo demuxer stack overflow. For more information you can check author’s security advisory here.

Chapter 3: Escape from the WWW Zone
Here we have my personally favourite vulnerability of the book which is a Sun Solaris IOCTL kernel NULL pointer dereference. I always liked Solaris exploitation and the exploitation resources are very limited. This is definitely an excellent resource. Official advisory: “TKADV2008-015

Chapter 4: NULL Pointer FTW
In this chapter there is a very interesting vulnerability in FFmpeg that affected numerous projects. For more information check out “TKADV2009-004“.

Chapter 5: Browse and You’re Owned
Moving to the Windows world we have this chapter with a WebEx Meeting Manager ActiveX stack overflow that you can find here.

Chapter 6: One Kernel to Rule Them All
Next, still in the Windows world we have this Avast! kernel memory corruption vulnerability disclosed with “TKADV2008-002” security advisory.

Chapter 7: A Bug Older Than 4.4BSD
Another very unique and interesting kernel side vulnerability, this time for Mac OS X kernel. For more information you can read “TKADV2007-001“.

Chapter 8: The Ringtone Massacre
And the book’s final chapter goes to the mobile world with “TKADV2010-002“, an iPhone stack buffer overflow.

The book also has three very informative appendices for bug hunting hints, debugging and mitigation technologies respectively.

To conclude, the last few years we have seen countless books dealing with software security and vulnerability discovery but in my humble opinion this book can easily be part of the top 5. Tobias Klein is an excellent security researcher with experience in both closed and open source bug hunting as well as exploit development in many different architectures. I would definately suggest this book to anyone interested in real world bug hunting and exploitation and not just vuln.c programs.

Written by xorl

December 11, 2011 at 18:50

Posted in books

3 Responses

Subscribe to comments with RSS.

  1. Thanks for the review.

    Just curious, what’s your top five books ?


    December 11, 2011 at 19:11

  2. In my opinion, for bug hunting and exploitation the top 5 is the following:

    1) A Guide to Kernel Exploitation
    2) The Art of Software Security Assessment
    3) A Bug Hunter’s Diary
    4) The Shellcoder’s Handbook
    5) Hacking: The Art of Exploitation


    December 11, 2011 at 19:39

  3. Enjoyed reading this one, nice little book :)


    December 19, 2011 at 14:40

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: