Reading material

mrhaun03

I see in a lot of these posts people recommend Hacking Exposed. How does The ShellCoder's Handbook stack up against Hacking Exposed? I know the ShellCoder's Handbook is a couple years old, but is it still a good read?

What are some other great hacking books?

keatron

The Shellcoders Handbook is a must if you're serious about security (specifically application security). That book is considered a standard piece in the pentester's library. It's also written by someone whom I respect in the industry (and happen to live very close to). Though the book happens to be a few years old, most of the material is still valid. Shell scripting is shell scripting.

mrhaun03

Thanks for the reply. I just picked up the ShellCoder's Handbook and after reading the first chapter I know there's a lot I need to learn before continuing.

What do you think about Hacking Exposed?

keatron

mrhaun03 wrote:

Thanks for the reply. I just picked up the ShellCoder's Handbook and after reading the first chapter I know there's a lot I need to learn before continuing.

What do you think about Hacking Exposed?

I would definitely consider the Shellcoders Handbook "advanced". For someone with no exposure to coding (specifically assembly), it's a tough read. Hacking Exposed is a good apetizer, and it's a much easier read. What is your experience level with information security? If I know this I can better make a recommendation for you as far as a list of books.

mrhaun03

My experience level is very limited. I got my degree in Network Security and Computer Forensics, but I've been working as Help Desk Support for about 8 months. While in school for IT, I started getting interested in the Security side of it. My last quarter of school I got a change to get my Sec+ cert, which I did. But that's really all the experience I have.

I've just been doing some self study on C++, assembly, memory management, etc...

mrhaun03

So, Keatron, can you recommend some books?

keatron

Sorry about that.

Here ya go.

The Unofficial Guide to Ethical Hacking. Fadia

Gray Hat Hacking. Shon Harris, Allen Harper, Chris Eagle, Jonathan Ness, Michael Lester.

Exploiting Software. Greg Hoglund and Gary McGraw

TCP/IP Illustrated. Stevens

The Art of Intrustion.Mitnick

The Art of Deception. Mitnick

Start trying to learn assembly..like right now.

This will get you started.

JDMurray

keatron wrote:

Start trying to learn assembly..like right now.

Oh God, you have no idea how true this is. I started using Motorola assembly language nearly 20 years ago and loved it. However, I soon realized that the world was Intel (although Sun was big at the time) and switched to learning x86 assembly language. The x86 architecture was so different from Motorola, and the assembly language so counter-intuitive to me that I felt discouraged from pursuing further use of any assembly language. That has been one of the biggest mistakes of my on-going software development career.

mrhaun03

Thanks for the list, Keatron! I started reading the Art of Deception not too long ago...great book! I like that he uses real situations.

I've been reading up on C++ and I'll definitely start getting into learning some assembly. I'll tell ya one thing, it's hard staying motivated to learn programming. Programmers are a special breed.

JDMurray

mrhaun03 wrote:

I'll tell ya one thing, it's hard staying motivated to learn programming. Programmers are a special breed.

You need to start associating with other programmers. Some of the special qualities about programmers is that they are competitive and competency-driven. You'll want to learn stuff and build software that none of your programming friends can just to impress them. It's a great motivator for learning.

keatron

jdmurray wrote:

mrhaun03 wrote:

I'll tell ya one thing, it's hard staying motivated to learn programming. Programmers are a special breed.

You need to start associating with other programmers. Some of the special qualities about programmers is that they are competitive and competency-driven. You'll want to learn stuff and build software that none of your programming friends can just to impress them. It's a great motivator for learning.

I don't think it could've been worded any better. For me, I always had specific task in mind when I was learning to code. And there's no task more motivating than showing up a friend It can be very boring if you're not coding with a task in mind. I actually didn't start with coding. I started with modifying shell scripts/perl scripts, then took the challenge of trying to create some of my own. It's a big help looking at somebody else's code and trying to figure out exactly how it's doing what it's doing. I never hesitated to send emails to authors of various books on the subjects when they would give arbitrary code for examples. Never be afraid or too arrogant to ask for help. Most books on coding has so many gaps. In other words, you'll read through a section and none of it makes any sense because the author assumed a certain level of knowledge. When you run into situations like this, ask somebody who knows. And one of the best resources on the planet happens to be right here. JD Murray.

JDMurray

keatron wrote:

And one of the best resources on the planet happens to be right here. JD Murray.

There's a couple of code search engines that are pretty helpful too:

http://www.google.com/codesearch

http://www.krugle.com/

mrhaun03

Where I'm from it's hard to find someone who could install Windows, let alone know much about programming. So I really don't have anyone to associate with. But I always find ways to motivate and challenge myself.

JDMurray

It just occurred to me that the god of software security and testing is Gary McGraw. You should really look through all of his books. Besides Exploiting Software, as Keatron mentioned, have a look at Building Security In and Building Secure Software. All three books are sold as boxed set too.

Interview With Gary McGraw, Co-Author Of Exploiting Software