rbrummett wrote:I've skimmed through a lot of this book and very confused for the most part. I've done a lot of programming in C and some programming in assembly and familiar with unix, but not to the extent that the author covers. He really takes advantage of system tools that I wasn't aware of and running programs, shellcode from extra memory in variables.
I need to go back into this book with a highlighter, pencil, post-it notes and bug the hell out of my professor who is a security expert.
I have a similar coding background -- No Assembly but mostly C, some Python, and a little Java. I wasn't crazy about the structure of this book. I didn't think the content was confusing as much as it was annoying. Do we have to have THAT MANY screenshots? It's nice to be able to see a few on-screen results just to know that you are on the right track, but most of the screenshots were fluff. (I'm a technical writer, so I'm very anti-fluff when it comes to technical content.)
I'm still new to the many exploits out there and there's a lot of fascinating info in this book. But there were a hundred pages dedicated to programming. Really, if you are reading a book like this, you should know what variables are and pointers, arrays, and functions. With that and all the fluffy screenshots, the book was ridiculously over padded.
Still, the book is worth having. Though it's also worth it to read books on specific attacks. "Violent Python" is a good one, for example, and there are whole books dedicated to SQL Injection.