The Shellcoder's Handbook

The Shellcoder's Handbook : Discovering and Exploiting Security Holes

4.12 (247 ratings by Goodreads)
By (author) 

List price: US$50.00

Currently unavailable

Add to wishlist

AbeBooks may have this title (opens in new window).

Try AbeBooks


* Examines where security holes come from, how to discover them, how hackers exploit them and take control of systems on a daily basis, and most importantly, how to close these security holes so they never occur again * A unique author team-a blend of industry and underground experts- explain the techniques that readers can use to uncover security holes in any software or operating system * Shows how to pinpoint vulnerabilities in popular operating systems (including Windows, Linux, and Solaris) and applications (including MS SQL Server and Oracle databases) Details how to deal with discovered vulnerabilities, sharing some previously unpublished advanced exploits and techniques
show more

Out of ideas for the holidays?

Visit our Gift Guides and find our recommendations on what to get friends and family during the holiday season. Shop now .

Product details

  • Paperback | 644 pages
  • 188 x 226 x 36mm | 961.61g
  • Hungry Minds Inc,U.S.
  • Foster City, United States
  • English
  • w. figs.
  • 0764544683
  • 9780764544682
  • 1,642,644

Back cover copy

Uncover, exploit, and close security holes in any software or operating systemEvery day, patches are created to cover up security holes in software applications and operating systems. But by the time you download a patch, it could be too late. A hacker may have already taken advantage of the hole and wreaked havoc on your system. This innovative book will help you stay one step ahead. It gives you the tools to discover vulnerabilities in C-language-based software, exploit the vulnerabilities you find, and prevent new security holes from occurring.The Shellcoder's Handbook is written by a unique author team, consisting of "white hat" corporate security experts and underground hacker-cracker types, who are the most respected contributors to Bugtraq, a vulnerability tracking mailing list. They take you from introductory-level exploitation and exposing vulnerabilities in binaries to advanced content on kernel overflows. In addition, they provide you with advanced techniques to close new security holes that are not yet known to the public but could cause devastating consequences. With all this information, you'll be able to develop your own discovery process and quickly determine whether a security hole is truly exploitable. The methods discussed will also dramatically improve your penetration testing skills in order to achieve a "100% Penetration Rate Guaranteed."The Shellcoder's Handbook shows you how to: Find out where security holes come from and how to close them so they never occur againPinpoint vulnerabilities in popular operating systems (including Windows(R), Linux(R), and SolarisTM) and applications (including MS SQL Server and Oracle(R) databases)Write exploits for use with filters and hack closed source systems to understand what countermeasures need to be takenDeal with discovered vulnerabilities using previously unpublished advanced exploits and techniques
show more

Table of contents

About the Authors; Credits; Acknowledgments; Part; 1: Introduction to Exploitation: Linux on x86; Chapter; 1: Before You Begin; Chapter; 2: Stack Overflows; Chapter 3: Shellcode; Chapter 4: Introduction to Format String Bugs; Chapter 5: Introduction to Heap Overflows. Part; 2: Exploiting More Platforms: Windows, Solaris, and Tru64; Chapter 6: The Wild World of Windows; Chapter 7: Windows Shellcode; Chapter 8: Windows Overflows; Chapter 9: Overcoming Filters; Chapter; 10: Introduction to Solaris Exploitation; Chapter; 11: Advanced Solaris Exploitation; Chapter; 12: HP Tru64 Unix Exploitation. Part 3: Vulnerability Discovery; Chapter; 13: Establishing a Working Environment; Chapter; 14: Fault Injection; Chapter; 15: The Art of Fuzzing; Chapter; 16: Source Code Auditing: Finding Vulnerabilities in C-Based Languages; Chapter; 17: Instrumented Investigation: A Manual Approach; Chapter; 18: Tracing for Vulnerabilities; Chapter; 19: Binary Auditing: Hacking Closed Source Software. Part 4: Advanced Materials; Chapter; 20: Alternative Payload Strategies; Chapter; 21: Writing Exploits that Work in the Wild; Chapter; 22: Attacking Database Software; Chapter; 23: Kernel Overflows; Chapter; 24: Exploiting Kernel Vulnerabilities; Index.
show more

Review Text

"... 80% ... anyone developing their own software may be surprised by how easily flaws can be exploited and fixed ..." (PC Utilities, July 2004)

"... essential for administrators who want to secure computer systems under their management ..." (Computer Weekly, March 2004)

"... has caused some raised eyebrows in the technical community ..." (, 17 March 2004)
show more

Review quote

"...80 per cent...anyone developing their own software may be surprised by how easily flaws can be exploited and fixed..." (PC Utilities, July 2004) "...essential for administrators who want to secure computer systems under their management..." (Computer Weekly, March 2004) "...has caused some raised eyebrows in the technical community..." (www, 17 March 2004)
show more

About Jack Koziol

Jack Koziol, the lead author of The Shellcoder's Handbook, is a Senior Instructor and Security Program Manager at InfoSec Institute, a provider of advanced ethical hacking training. He regularly is called upon to train members of the United States intelligence community, military, and federal law enforcement agencies. Additionally, Jack provides training for Fortune 500 companies, such as Microsoft, HP, and Citibank, on how to better secure their networks and applications. When not teaching hacking classes, Jack regularly performs penetration tests and application security assessments for a number of clients. He has years of private vulnerability development and exploitation experience for his customers and himself. Jack is also the author of Intrusion Detection with Snort, one of the best-selling security books in its first year of publication (2003). The book has been translated into several languages, including French and Japanese, and has received rave reviews from Linux Journal, Slashdot, and Information Security magazine. Jack has appeared in USA Today, CNN, MSNBC, First Business, and other media outlets for his expert opinions on information security. He lives in Oak Park, Illinois, in the shadow of Frank Lloyd Wright's home and studio, with his girlfriend Tracy and dog Quasi. David Litchfield is the world's leading computer security vulnerability researcher and one of the five founding members of NGSSoftware. David has discovered and published over 100 major security vulnerabilities in many different products, including most notably Apache, Microsoft Internet Information Server, Oracle, and Microsoft SQL Server. With his vast experience of network and application penetration testing, David is a permanent presenter to the Black Hat Briefings. He is also the lead author of SQL Security (Osborne/ McGraw-Hill). Dave Aitel is the author of SPIKE and the founder of the NYC-based Internet security company Immunity, Inc. His research has incorporated exploitation of both Windows and Unix vulnerabilities, and advanced methodologies for finding new vulnerabilities. Chris Anley is a Director of Next Generation Security Software, a U.K.-based security consulting, research, and software company. Chris is actively involved in vulnerability research and has published several white papers and security advisories on a number of products, including PGP, Windows, SQL Server, and Oracle. He splits his time evenly between research, coding, consulting, and drinking, and hopes at some point to add sleeping to the list. Sinan Eren is a security researcher based in the Bay Area. He has done extensive work regarding exploitation of Unix vulnerabilities, developed advanced and robust methodologies for exploiting Kernel-level holes, and found many high-profile bugs in commercial and open source Unix software. Neel Mehta works as an application vulnerability researcher at ISS X-Force, and, like many other security researchers, comes from a reverse-engineering background. His reverse-engineering experience was cultivated through extensive consulting work in the copy protection field, and has more recently been focused on application security. Neel has done extensive research into binary and source-code auditing and has applied this knowledge to find many vulnerabilities in critical and widely deployed network applications. Riley Hassell, a Senior Researcher Engineer at eEye Digital Security, is responsible for the design and implementation of eEye Digital Security's QA and research tool suite. He is responsible for the discovery of several highly exposed vulnerabilities released by eEye Digital Security.
show more

Rating details

247 ratings
4.12 out of 5 stars
5 38% (95)
4 41% (102)
3 16% (40)
2 3% (7)
1 1% (3)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X