Book: A Bug Hunter’s Diary
I have recently finished reading Tobias Klein‘s english version of “A Bug Hunter’s Diary“. The book has a very innovative approach of breaking down all the steps from the initial bug discovery up to exploitation and disclosure of some notable vulnerabilities Tobias Klein has discovered through the years.
Title: A Bug Hunter’s Diary: A Guided Tour Through the Wilds of Software Security
Author: Tobias Klein
Since all chapters follow the same structure with the only difference being the vulnerability, I will only mention the vulnerability associated to each one in the below chapters’ overview.
Chapter 1: Bug Hunting
This is a small introduction chapter with information necessary to understand author’s approaches in this book as well as basic security concepts such as common techniques, tools, etc.
Chapter 2: Back to the ’90s
This chapter goes through the first vulnerability of the book which is VLC TiVo demuxer stack overflow. For more information you can check author’s security advisory here.
Chapter 3: Escape from the WWW Zone
Here we have my personally favourite vulnerability of the book which is a Sun Solaris IOCTL kernel NULL pointer dereference. I always liked Solaris exploitation and the exploitation resources are very limited. This is definitely an excellent resource. Official advisory: “TKADV2008-015”
Chapter 4: NULL Pointer FTW
In this chapter there is a very interesting vulnerability in FFmpeg that affected numerous projects. For more information check out “TKADV2009-004“.
Chapter 5: Browse and You’re Owned
Moving to the Windows world we have this chapter with a WebEx Meeting Manager ActiveX stack overflow that you can find here.
Chapter 6: One Kernel to Rule Them All
Next, still in the Windows world we have this Avast! kernel memory corruption vulnerability disclosed with “TKADV2008-002” security advisory.
Chapter 7: A Bug Older Than 4.4BSD
Another very unique and interesting kernel side vulnerability, this time for Mac OS X kernel. For more information you can read “TKADV2007-001“.
Chapter 8: The Ringtone Massacre
And the book’s final chapter goes to the mobile world with “TKADV2010-002“, an iPhone stack buffer overflow.
The book also has three very informative appendices for bug hunting hints, debugging and mitigation technologies respectively.
To conclude, the last few years we have seen countless books dealing with software security and vulnerability discovery but in my humble opinion this book can easily be part of the top 5. Tobias Klein is an excellent security researcher with experience in both closed and open source bug hunting as well as exploit development in many different architectures. I would definately suggest this book to anyone interested in real world bug hunting and exploitation and not just vuln.c programs.