Reddit Reddit reviews The Shellcoder's Handbook: Discovering and Exploiting Security Holes, 2nd Edition

We found 9 Reddit comments about The Shellcoder's Handbook: Discovering and Exploiting Security Holes, 2nd Edition. Here are the top ones, ranked by their Reddit score.

Computers & Technology
Books
Networking & Cloud Computing
The Shellcoder's Handbook: Discovering and Exploiting Security Holes, 2nd Edition
John Wiley Sons
Check price on Amazon

9 Reddit comments about The Shellcoder's Handbook: Discovering and Exploiting Security Holes, 2nd Edition:

u/keeegan · 22 pointsr/HowToHack

I have all these except the CEH (which shouldn't be on this list lol...) and they're all pretty good in their own way. Starting over, I'd go through hacker playbook while reading through the art of exploitation. You'll be pretty rounded at this point, blackhat python and metasploit will be a breeze. Do the ceh one if you're getting a job that wants to see embossed paper. Also, check out Web Application Hacker's Handbook, and Shellcoder's Handbook.

u/borski · 15 pointsr/netsec

Two good books I'd recommend for getting started in exploitation:

u/___wintermute · 6 pointsr/netsecstudents

Do these courses:

https://www.cybrary.it/course/comptia-network-plus/

https://www.edx.org/course/introduction-computer-science-harvardx-cs50x

https://www.codecademy.com/learn/python

https://www.learn-c.org/

http://opensecuritytraining.info/IntroX86.html

https://www.cybrary.it/course/ethical-hacking/

https://www.cybrary.it/course/advanced-penetration-testing/

https://www.coursera.org/learn/build-a-computer Don't skip over that because you know how to 'build' a computer aka put a computer together from parts; it is a course about building a computer from literal scratch aka: starting with logic gates, not a course on how to 'build a sweet gaming rig' or something.

Read these books:

https://www.nostarch.com/pentesting

http://www.amazon.com/The-Shellcoders-Handbook-Discovering-Exploiting/dp/047008023X

https://www.nostarch.com/hacking2.htm

https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470

Do these for practice:

http://overthewire.org/wargames/bandit/ (and others on there, that is just the best beginner wargame)

http://www.hackthebox.eu

http://www.root-me.org http://www.pwnable.kr/

https://www.codewars.com/

http://www.abatchy.com/2017/02/oscp-like-vulnhub-vms

https://pentesterlab.com/exercises/web_for_pentester (Lots more on there besides that as well)

This should get you well on your way to getting started!

u/whitehat_hacker · 4 pointsr/IAmA

Yes.

Hacking Exposed

Shellcoders Handbook

Reverse Engineering

Malware Analyst's Cookbook

Gray Hat Python

Gray Hat Hacking Second Edition

Writing Security Tools & Exploits

Sockets, Shellcode, Porting and Coding: Reverese Engineering Exploits and Tool Coding for Security Professionals

Professional Penetration Testing

These are definitely some books you could start with. Once you've gone through those, you'll know more then a lot of them out there :)

There's these reddit threads on r/netsec:
http://www.reddit.com/r/netsec/comments/d3hua/how_to_get_started_in_netsec/
http://www.reddit.com/r/netsec/comments/ekyjw/interested_in_learning_about_network_security/

http://www.reddit.com/r/netsec/comments/es4si/what_are_some_good_netsec_books_out_there/
http://www.reddit.com/r/netsec/comments/g6r71/getting_started_in_network_security_a_list_of/

There's also loads of blogs and websites around, if you go hunting or look at some of these netsec threads, you'll find loads more material.



u/root_pentester · 3 pointsr/blackhat

No problem. I am by no means an expert in writing code or buffer overflows but I have written several myself and even found a few in the wild which was pretty cool. A lot of people want to jump right in to the fun stuff but find out rather quickly that they are missing the skills to perform those tasks. I always suggest to people to start from the ground up when learning to do anything like this. Before going into buffer overflows you need to learn assembly language. Yes, it can be excellent sleep material but it is certainly a must. Once you get an understand of assembly you should learn basic C++. You don't have to be an expert or even intermediate level just learn the basics of it and be familiar with it. The same goes for assembly. Once you get that writing things like shellcode should be no problem. I'll send you some links for a few books I found very helpful. I own these myself and it helped me tremendously.

Jumping into C++: Alex Allain

Write Great Code: Volume1 Understanding the Machine

Write Great Code: Volume2 Thinking Low-Level, Writing High Level

Reversing: Secrets of Reverse Engineering

Hacking: The Art of Exploitation I used this for an IT Security college course. Professor taught us using this book.

The Shellcoders Handbook This book covers EVERYTHING you need to know about shellcodes and is filled with lots of tips and tricks. I use mostly shells from metasploit to plug in but this goes really deep.

.

If you have a strong foundation of knowledge and know the material from the ground-up you will be very successful in the future.

One more thing, I recently took and passed the course from Offensive Security to get my OSCP (Offensive Security Certified Professional). I learned more from that class than years in school. It was worth every penny spent on it. You get to VPN in their lab and run your tools using Kali Linux against a LOT of machines ranging from Windows to Linux and find real vulnerabilities of all kinds. They have training videos that you follow along with and a PDF that teaches you all the knowledge you need to be a pentester. Going in I only had my CEH from eccouncil and felt no where close to being a pentester. After this course I knew I was ready. At the end you take a 24-long test to pass. No questions or anything just hands on hacking. You have 24 hrs to hack into a number of machines and then another 24 hours to write a real pentest report like you would give a client. You even write your own buffer overflow in the course and they walk you through step by step in a very clear way. The course may seem a bit pricey but I got to say it was really worth it. http://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/

u/sanitybit · 2 pointsr/netsec
u/LinuxStreetFighter · 2 pointsr/netsecstudents

>Examples of projects I have completed: Coded a basic Linux kernel from the ground up for x86 machines, Working on a basic IRC botnet coded in Python, I have experience in Snort rules and have written Python scripts for log parsing. I have used Wire shark for packet sniffing etc, experience in using IDA for disassembling code for CTFs.

Why on earth would you pursue Sec+ and CISSP if you have experience in those things?

Build a Malware Lab, dude. Check out Practical Malware Analysis and The Art of Memory Forensics. With your experience you could probably wreck those over the summer.

If you want an old school, but relevant (more Red Teamer), you could check out Hacking: The Art of Exploitation and The Shellcoder's Handbook.

Practical Malware Analysis

The Art of Memory Forensics

Hacking

Shellcoder's Handbook


Malware Analyst's Cookbook

u/JustAnothaHacker · 1 pointr/hacking

Wow, it's really encouraging to see people new to hacking actually following the right path. Far too many people disassociate hacking with what it truly is, but you're not one of them; I see that you've got your answer already, but l feel it's necessary to keep pushing you in the right direction. Good luck in your endeavours :)


Some neat resources for someone interested in Binary Exploitation:

Smash The Stack


And a few books:

Hacking: The Art of Exploitation

The Shellcoders Handbook


I've got both of these books and a few on ASM, so I can vouch for them (as can their reviews and ratings).

Happy Hacking

u/postmodern · 1 pointr/netsec