SecurityCertified

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Sunday, August 14, 2011

Impressions: The Shellcoder's Handbook, 2nd Ed

Posted on 1:57 PM by Unknown
The third book for which I'd like to share my impressions is The Shellcoder's Handbook, 2nd Ed (TSH2E) by Chris Ainley, John Heasman, FX, and Gerardo Richarte. I liked TSH2E, but I could tell that the collaboration among four authors caused some issues that could have been addressed by better editing. For example, early parts of the book use both Intel and AT&T assembly syntax, but the reader doesn't get an explanation of either until chapter 7.



For me, the best aspect of TSH2E was the integration of real-world obstacles to exploiting victims. The book (although published in 2008) expertly addressed various defenses introduced in operating systems over the past decade. The authors usually start with simple concepts, promising to address tougher challenges later -- and they deliver.



One item early in the text caught my attention though. The book includes the following code to demonstrate spawning a shell:



int main(){

        char *name[2];



        name[0] = "/bin/sh";

        name[1] = 0x0;

        execve(name[0], name, 0x0);

        exit(0);

}



Then they show the following:



[jack@0day local]$ gcc shell.c -o shell

[jack@0day local]$ ./shell

sh-2.05b#



This looks like a section left over from the first edition by Jack Koziol. Why does the prompt change to a root shell? Should it not be a user shell, since user "jack" appears to have been running with user privileges? Maybe not?



Regardless, TSH2E is a very strong book with practical lessons and examples for anyone writing offensive code.

Tweet
Email ThisBlogThis!Share to XShare to Facebook
Posted in impressions | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • DojoCon Videos Online
    Props to Marcus Carey for live streaming talks from DojoCon . I appeared in my keynote , plus panels on incident response and cloud secur...
  • Bejtlich Speaking at TechTarget Emerging Threats Events in Seattle and New York
    I will be speaking at two events organized by TechTarget , for whom I used to write my Snort Report and Traffic Talk articles. The one-da...
  • SANS WhatWorks Summit in Forensics and Incident Response
    I wanted to remind everyone about the SANS WhatWorks Summit in Forensics and Incident Response in DC, 8-9 July 2010. The Agenda looks gre...
  • A Book for the Korean Cyber Armies
    I've got a book for the Korean cyber armies, North and South. That's right, it's my first book , The Tao of Network Security Mo...
  • Sguil 0.7.0 on Ubuntu 9.10
    Today I installed a Sguil client on a fresh installation of Ubuntu 9.10. It was really easy with the exception of one issue I had to troubl...
  • Microsoft Updates MS09-048 to Show XP Vulnerable to 2 of 3 CVEs
    Microsoft published a Major Revision of MS09-048 to show that Windows XP Service Pack 2 and Windows XP Service Pack 3* are now Affected So...
  • Understanding Responsible Disclosure of Threat Intelligence
    Imagine you're hiking in the woods one day. While stopping for a break you happen to find a mysterious package off to the side of the t...
  • Embedded Hardware and Software Pen Tester Positions in GE Smart Grid
    I was asked to help locate two candidates for positions in the GE Smart Grid initiative. We're looking for an Embedded Hardware Penetr...
  • BeyondTrust Report on Removing Administrator: Correct?
    Last week BeyondTrust published a report titled BeyondTrust 2009 Microsoft Vulnerability Analysis . The report offers several interesting ...
  • Human Language as the New Programming Language
    If you've read the blog for a while you know I promote threat-centric security in addition to vulnerability-centric security. I think ...

Categories

  • afcert
  • Air Force
  • analysis
  • announcement
  • apt
  • attribution
  • bestbook
  • blackhat
  • books
  • breakers
  • bro
  • bruins
  • certification
  • china
  • cisco
  • cissp
  • cloud
  • clowns
  • commodore
  • conferences
  • controls
  • correlation
  • counterintelligence
  • cybercommand
  • cyberwar
  • dfm
  • education
  • engineering
  • feds
  • fisma
  • freebsd
  • GE
  • ge-cirt
  • hakin9
  • history
  • impressions
  • information warfare
  • ipv6
  • law
  • leadership
  • malware
  • mandiant
  • microsoft
  • mssp
  • nsm
  • offense
  • oisf
  • packetstash
  • philosophy
  • pirates
  • powerpoint
  • press
  • psirt
  • reading
  • redteam
  • reviews
  • russia
  • sans
  • sec
  • sguil
  • snorby
  • spying
  • threat model
  • threats
  • Traffic Talk
  • training
  • tufte
  • tv
  • ubuntu
  • usenix
  • verizon
  • vulnerabilities
  • wisdom
  • writing

Blog Archive

  • ►  2013 (16)
    • ►  September (1)
    • ►  August (1)
    • ►  June (2)
    • ►  April (2)
    • ►  March (1)
    • ►  February (3)
    • ►  January (6)
  • ►  2012 (60)
    • ►  December (4)
    • ►  November (5)
    • ►  October (3)
    • ►  September (10)
    • ►  August (2)
    • ►  July (6)
    • ►  June (6)
    • ►  May (4)
    • ►  April (2)
    • ►  March (9)
    • ►  February (6)
    • ►  January (3)
  • ▼  2011 (108)
    • ►  December (3)
    • ►  November (7)
    • ►  October (11)
    • ►  September (9)
    • ▼  August (18)
      • TaoSecurity Security Effectiveness Model
      • TCP/IP Weapons School 3.0 in McLean, VA 26-27 Oct
      • Jaime Metzl Describes "China's Threat to World Order"
      • Expect to Hear "IDS Is Dead" (Again)
      • Bejtlich Leading Session at IANS
      • Check Out MANDIANT Job Postings
      • Tao of NSM Errata and Possible Book Plans
      • Bejtlich Webinar for Dark Reading and InformationWeek
      • Bejtlich Keynote at Hawaiian Telcom Conference
      • Feedback from Latest TCP/IP Weapons School 3.0 Class
      • Impressions: Android Forensics
      • Impressions: iPhone and iOS Forensics
      • Impressions: XBox 360 Forensics
      • Impressions: Digital Forensics with Open Source Tools
      • Impressions: The Shellcoder's Handbook, 2nd Ed
      • Impressions: Reversing: Secrets of Reverse Enginee...
      • Impressions: The IDA Pro Book, 2nd Ed
      • Book Reviews vs Impressions
    • ►  July (10)
    • ►  June (5)
    • ►  May (4)
    • ►  April (13)
    • ►  March (17)
    • ►  February (2)
    • ►  January (9)
  • ►  2010 (193)
    • ►  December (14)
    • ►  November (11)
    • ►  October (6)
    • ►  September (16)
    • ►  August (15)
    • ►  July (26)
    • ►  June (15)
    • ►  May (15)
    • ►  April (15)
    • ►  March (16)
    • ►  February (19)
    • ►  January (25)
  • ►  2009 (123)
    • ►  December (10)
    • ►  November (17)
    • ►  October (21)
    • ►  September (13)
    • ►  August (20)
    • ►  July (21)
    • ►  June (21)
Powered by Blogger.

About Me

Unknown
View my complete profile