Re: Shellcoder's Handbook, Second Edition

["matthew wollenweber" <mwollenweber () gmail com>]

I haven't read the whole book cover to cover, but I've finally managed to
spend a bit of time with it. My general opinion is that they've cleaned up
the book quite a bit. The first edition was difficult to read. This one is a
bit easier.

On the whole, the book seems to have refocused on shellcode. That makes
sense given the title, but I'm a bit disappointed by this. I mainly enjoyed
the first book as it was the best reference on how to exploit software....
the metasploit page is always there to generate shellcode that usually
works. This book of course discusses exploitation techniques, but it doesn't
seem to go into depth with newer technologies in fuzzing or bypassing
exploit protections.

I didn't see too much particular to Vista in the book, though it does have a
lot regarding Windows 2003.

I was particularly attracted by the thought of bypassing Entercept. I've ran
into it a few times during pen tests and it's always amusing to get thrown
off the box. The book suggests two methods for bypassing Entercep and
neither are detailedt. The first is mimicking normal behaviour -- which is
obvious, or second, hooking the system call table which is nuts in most
cases. I've only ever seen Entercept on important production boxes and
injecting custom shell code into a kernel level process to hook the system
calls again is probably asking for an explosion.

It's probably a book worth having, but I don't think it nearly has the
impact of the first book.


On 8/19/07, Robert Wesley McGrew <wesley () mcgrewsecurity com> wrote:
> I was just browsing around on Amazon, noticed the slightly different
> cover, and realized that the release date for the Second Ediiton is
> the 20th:
>
>
> http://www.amazon.com/Shellcoders-Handbook-Discovering-Exploiting-Security/dp/047008023X/ref=pd_sim_b_4/002-9507551-2756861?ie=UTF8&qid=1187579269&sr=1-3
>
> Dave is no longer listed as an author (I hope your content's out of it
> then!).  If anyone's had a look at this, I'd love to see some opinions
> on how this compares to the first edition, which was good, but had
> some serious errors, and was never supported on the Wiley site as was
> promised.
>
> The book features, straight from amazon:
> """
>      *  This much-anticipated revision, written by the ultimate group
> of top security experts in the world, features 40 percent new content
> on how to find security holes in any operating system or application
>     * New material addresses the many new exploitation techniques that
> have been discovered since the first edition, including attacking
> "unbreakable" software packages such as McAfee's Entercept, Mac OS X,
> XP, Office 2003, and Vista
>     * Also features the first-ever published information on exploiting
> Cisco's IOS, with content that has never before been explored
>     * The companion Web site features downloadable code files
> """
>
> --
> Robert Wesley McGrew
> http://mcgrewsecurity.com
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunitysec com
> http://lists.immunitysec.com/mailman/listinfo/dailydave



-- 
Matthew  Wollenweber
mwollenweber () gmail com | mjw () cyberwart com
www.cyberwart.com

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave