 |
The Shellcoder's Handbook: Discovering and Exploiting Security Holes You have in your hands The Shellcoder’s Handbook Second Edition: Discovering and Exploiting Security Holes. The first edition of this volume attempted to show the reader how security vulnerabilities are discovered and exploited, and this edition holds fast to that same objective. If you’re a skilled network auditor, software developer, or sysadmin and you want to understand how bugs are found and how exploits work at the lowest level, you’ve come to the right place. So what’s this book about? Well, the preceding quotation more or less sums it up. This book is mostly concerned with arbitrary code execution vulnerabilities, by which we mean bugs, that allow attackers to run code of their choice on the target machine. This generally happens when a program interprets a piece of data as a part of the program— part of an http “Host” header becomes a return address, part of an email address becomes a function pointer, and so on. The program ends up executing the data the attacker supplied with disastrous effects. The architecture of modern processors, operating systems, and compilers lends itself toward this kind of problem— as the good Countess wrote, “the symbols of operation are frequently also the symbols of the results of operations.” Of course, she was writing about the difficulty of discussing mathematics when the number “5” might also mean “raised to the power of 5” or “the fifth element of a series,” but the basic idea is the same. If you confuse code and data, you’re in a world of trouble. So, this book is about code and data, and what happens when the two become confused. |
- From Filserve.com The Shellcoder's Handbook 2nd edition : Discovering and Exploiting Security Holes
- From Mediafire.com The Shellcoder's Handbook 2nd edition : Discovering and Exploiting Security Holes
No comments:
Post a Comment