Joined: 19 Dec 2003
|Posted: Thu Jan 27, 2005 11:32 pm Post subject: Book Review - The Shellcoder's Handbook
The Shellcoder's Handbook, Discovering and Exploiting Security Holes
Author(s): Jack Koziol, David Litchfield, Date Aitel, Chris Anley, Sinan Eren, Neel Mehta, Riley Hassell
Publisher: Wiley http://www.wiley.com/
Date Published: 2004
Book Specifications: Softcover, 620 pages
Publisher's Suggested User Level: Not Rated
Reviewer's Recommended User Level: Intermediate/Advanced
Suggested Publisher Price: $50.00 US / $72.99 CDN / L33.99 UK / ?43.50
Amazon.com: Book Title US (Include /securitforums-20/)
Amazon.co.uk: Book Title UK (Include /securityforum-21/)
Blurb from back cover:
Every day, patches are created to cover up security holes in software applications and operating systems. But by the time you download a patch, it could be too late. A hacker may have already taken advantage of the hole and wreaked havok on your system. This innovative book will help you stay one step ahead. It gives you the tools to discover the vulnerabilities in C-language-based software, exploit the vulnerabilities you find, and prevent new security holes from occurring.
Security is a black art, taking software and forcing it to do something it wasn't intended to do is never trivial. A deep understanding of computers is required, the type of understanding that you don't often find on the store shelves. That, combined with the controversial nature of this information means books on this subject are scarce. The Shellcoder's Handbook attempts to correct that by teaching how the most successful shellcoding and exploitation techniques work.
The number of subjects covered in The Shellcoder's Handbook is intimidating. Covered in just the first few chapters are stack overflows, basic shellcoding techniques, heap overflows and format string vulnerabilities. Many people would be happy with just these, mastering those alone is a huge step, but this is just the first four of the twenty four chapters. Platforms covered are Linux/i386, Windows/i386, Solaris/SPARC and Tru64/Alpha, a far cry from just Linux on i386. Other than basic exploit and shellcoding techniques, topics include Windows shellcode, evading IDS and filters and code auditing. The scope of this book is impressive, to say the least.
The first chapters (covering buffer overflows and format string vulns) aren't incredible, the topics have just been beaten to death. I could easily get the same effect by reading freely available and widely known Internet texts such as Smashing the stack for fun and profit. If you judge this book by the first chapters, it's a huge letdown.
As I said before, the scope of this book is impressive, and so is the depth in which each subject is covered. This has a price though, things can be quite terse at times. This is offset by ample references to external sources for further reading. Though one letdown is the book's website, which is referenced throughout the book. The only thing found there is the sample code for the book, not the links and papers promised throughout the book, but other URLs are given for papers and there's always Google.
The nearly 100 page section on Windows is a welcome addition, starting from the basics of the Windows API to advanced techniques. An entire section, 5 full chapters, is devoted to vulnerability discovery and code auditing. If that weren't enough, nearly 100 pages on Solaris and 30 pages on Tru64 tread into not often discussed territory. This is enough variety to probably expose you to at least one platform you've never worked on and teach you a thing or two about the ones you do work on.
The authors obviously know what they're talking about and despite somewhat "dry" prose, The Shellcoder's Handbook is a joy to read. You won't find witty comments, analogies or funny side stories, this book is purely technical. In some places, correctness is eshewed in favor terseness or code that "just works." As someone who insists all his code must be perfect and compile without warnings, this can make me cringe, but I didn't find any code that wouldn't compile or work correctly.
Diagrams, figures and tables are used sparingly, but to positive effect. Things that can be shown in manual pages are often omitted, it is assumed that the reader will look it up themselves. This cuts out a lot of fluff, leaving room for more pure technical discussion and code. Everything is very hands-on, there aren't many runs of straight discussion of more than a few pages without program output, code or screenshots of things you can try for yourself. I read most of this book in front of the computer, trying things as I saw them.
Style and Detail
The layout and style leaves something to be desired. Code and program output sections are in monospace font, but have little else separating it from the text. It's also poorly formatted, some lines are broken without giving any indication that the line was wrapped and should be a single, long line. There are obvious typographical errors, in one place, they even misspell "Doug Lee" as "Dog Lee", demoting Linux's original malloc implementor to a lower species. This book is pretty rough, it could use some editing and polishing.
Code and program output are abundant, but the amount of discussion is almost always balanced. There are a few parts that have excessive code, one of them 21 pages long, but since the book doesn't come with a CD, I don't see a way around this. The program output is very helpful, especially if you've never used a particular tool. Perhaps this is a hint that a CD should be included, and could also contain many of the papers that were supposed to be linked from the site.
I had plenty of bad things to say about this book, but there are few places to find so many topics all in the same place. Is this book worth your money? Yes. Does this book need a second edition to address these shortcomings? YES!
The contents of this book are somewhat controversial. After all, you can do quite a bit of damage with the information in this book. However, it's important that such books are written and published to get these techniques out in the open. Books like The Shellcoder's Handbook not only give the techniques to the blackhats, but to the whitehats, programmers and sysadmins. Books like these are an important link in the security process.
This book receives an honored SFDC Rating of 6/10.
- Michael Morin
Keywords: security, shellcode
This review is copyright 2004 by the author and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.