I felt this is a good written book, except for a newbie would be very confusing. If you completely new to hacking, start out with another book (unless your going to have a lot of dedication to learning this stuff). Also the CD it came with has a lot of glitches. Install linux dont use the CD

I found the book a pleasure to read. The book explains the fundamental concepts of hacking very well. The treatment of exploits like buffer overflow, format string vulnurabilty is very good. The chapters on networking, shellcode are also very good. All throughout the book every concept is explained by extensive source codes (with clear accompanying commentary). All in all this is a great book to start learning the concepts of hacking and security.

This is an excellent book about hacking. Includes a very well written introduction to the C programming language. The book contains very useful chapters on Networking and on Cryptology with lots of hand-on examples. I highly recommend it if you want to learn hacking techniques presented in a systematic way. Buy this book.

One of the best technical books I have ever read. Starts simple and ramps up very fast building on material already presented.

Goes in detail in showing many different "low level" exploitation techniques. I.e. buffer overflow, format string abuse, etc.

Hacking, 2nd edition features an extensive overview of C and x86 Assembly, Linux, and slowly steps through major functions of GDB. It's a bad idea to read this book without a Linux distro at hand, but thankfully one is included.

I'd buy this again in a heartbeat.

The first edition of this book seemed to be written in code (hexadecimal), but the second effort explains the common software vulnerabilities much more clearly.

Contents
This is the second edition of a well known book about hacking and contains a lot about hacking. Jon Erickson has expanded the book from the first edition doubling the number of pages to 450 pages and a Linux based Live-CD is also included.

I don't own the first edition, since I had to choose between Hacking by Jon Erickson and The Shellcoders Handbook (first edition, it is also in 2nd ed. now). I choose the Shellcoders handbook, which I have considered my bible for buffer overflows and hacking.

Now that I have read Jon Ericksons book about hacking I have two bibles, both excellent and well written, both covering some of the same stuff - but in very different ways.

This book details the steps done to perform buffer overflows on Linux on the x86 architecture. So detailed that any computer science student can do it, and they should. Every computer science student or aspiring programmer should be forced to read this book along with another book called 19 deadly sins of software programming.

That alone would improve internet security and program reliability in the future. Why you may ask, because this book teaches hacking, and how you can get started hacking.

Not hacking as doing criminal computer break ins, but thinking like an old-school hacker - doing clever stuff, seeing the things others don't. This book contains the missing link back to the old days, where hackers were not necessarily bad guys. Unfortunately today the term hacker IS dead in the public eye, it HAS been maimed, mutilated and the war about changing it back to the old meaning is over. (Actually this war was fought in the 1990's but some youngsters new to hacking still think it can be won, don't waste your time.) The word hacking can still be used in both ways, just make sure the receiver knows what you are talking about :-)

This book teaches hacking in the old sense of the word and contains the explanation that most others books don't - and at the same time it introduces all the basic skills for performing various types of overflow attacks. Then the book also digress into some wireless security and even WEP cracking, but this part is pretty slim, not bad, just only a few pages. This is OK, since I think of this more as an example of extending the hacking into new areas and hopefully inspires more people to look into wireless security.

The best part about this book is that it is not just a book with a random Live-CD. It is an inspiration and your fingers will itch to get started trying the examples explained and experiment with the programs. This alone is the single feature that makes this book worth it, you will do the exercises and learn from them. Learn a lot.

To sum it up this books contains clever tricks and easy to follow exercises, so you can learn to apply them.

Target audience
This book is for anyone interested in hacking and developing exploits. While the primary target audience is newcomers to this field I benefitted from the thorough walkthrough of the basics once again. This book kept reminding me about things I have forgotten and also some new things and tricks I hadn't thought of myself.


Conclusion
If you are a beginning hacker and want to get started, but was confused
by various text files found on the internet, this is the book to buy.

If you want to learn how to do basic stuff and get started thinking like a hacker, this is the book to buy.

If you are a software programmer that has started to think about software security, this is the book to buy.

This book goes from beginning hacker to inspired intermediate hacker and explains everything in depth and is well planned and you will be able to extract an awful lot of information about the way programs really work after reading this book.

If you read this book from cover to cover you will be able to follow most other references about hacking, books, papers, zines etc. from the internet.

So this book is recommended for anyone interested in hacking and could be a nice start to having your own library about hacking. Reading this book first will also help you understand other books about hacking better and get more information from them by thinking in the right way.

Then later you could expand this library with books like, Steven Levy Hackers, Steven Levy Crypto, Shellcoders Handbook, Clifford Stoll Cuckoos Egg and other references.

I am not missing much from this book, but a short explanation how you could run this CD along with your usual operating system, using something like VMware Player would have been nice.

Links:
The home page for this book is: http://www.nostarch.com/hacking2.htm

This book is great, it says everything in detail if you're into programing. And with the cd you can follow along with the exercises.

Its important to understand what this book tries to cover. Erikson covers specific hacking techniques. He stays close to Linux and C to illustrate the techniques and he exploits a lot of open source software. The goal is to familiarize the reader with the different types of exploits.

In Chapter 6, the author explains: "The state of computer security is a constantly changing landscape...if you understand the concepts of the core hacking techniques explained in this book, you can apply them in new and inventive ways to solve the problem du jour. Like LEGO bricks, these techniques can be used in millions nof different combinations and configurations. As with art, the more you practice these techniques, the better you'll understand them." Clearly, Erickson is passionate about the subject matter he covers in his book.

Any ability to exploit vulnerabilities requires a thorough understanding of the underlying subject. Here Erikson's book offers a number of quick primers on topics such as C programming and network protocols. These introductions are valuable because they introduce the subject and give you deep dives into specifics. They give you some sense of how hacking can lead to a greater understanding of the system under exploit. For example in Chapter 4, Erikson goes from introducing us to the OSI model to socket programming in four pages. But because of a very engaging writing style, it doesn't feel like a hurried course.

After the introduction in which he covers C programming language basics, Erikson introduces us to exploitation via a buffer overflow example. He covers network hacking techniques such as denial of service, TCP/IP hijacking and port scanning. He delves into the more involved topic of spawning shell code to gain control of a system. And in a very entertaining Chapter 6, he shows you how to bypass security measures that detect and track hackers. In the final chapter, he covers hacking techniques for cryptography.

Are you a true hacker in the name of the word? If you are, then this book is for you. Author Jon Erickson, has done an outstanding job of writing a second edition of a book that shows you the true spirit of hacking.

Erickson, begins with an explanation of how programs can be exploited. Then, the author discusses the less obvious errors that have given birth to more complex exploit techniques that can be applied in many different places. Next, he shows you how to network your applications by using sockets and how to deal with common network vulnerabilities. The author also discusses how writing shellcode develops assembly language skills and employs a number of hacking techniques worth knowing. He continues by showing you why defensive countermeasures can be separated into two groups: Those that try to detect the attack and those that try to protect the vulnerability. Finally, the author discusses why cryptology is relevant to hacking in a number of ways.

This most excellent book has explained some of the basic techniques of hacking. But, more importantly, the book looked at various hacker techniques, from the past to the present, and dissected them to learn how and why they work.

Jon Erickson's _Hacking_ is undoubtedly an interesting book, and one that perhaps appeals only to a small subsection of the hacker culture, those who want to learn techniques for exploitation at the conceptual level, aided by plenty of dense examples of code to illustrate those concepts. Erickson's background is in computer science, and he is a corporate lecturer on the subjects of cryptology and network security. With these bona fides, you might expect Erickson to treat the topic professionally and scientifically--and you would be right. Erickson's book is full of interesting and highly useful bits of information on cryptology, ciphers, information theory, and so on, but readers should prepare themselves for a somewhat pedantic, textbook-like style of writing. Having made such preparations, the book does open up for the reader who is looking to learn or brush up on some programming fundamentals.

The majority of _Hacking_ is very technical and deals with programming techniques. The author warns us as much in his Preface, saying that general programming knowledge is necessary in order to make your way through the book. Additionally, those looking for examples of different code flavors will find that Erickson works exclusively with the Gentoo Linux distro, the idea being that the examples are illustrative of techniques and strategies, especially if you are used to a different programming language. Otherwise, you might consider this book a useful primer on Linux, offering practical examples of various exploits, encryption/decryption, and so on.

The bulk of the book is divided into three sections: "Programming" (writing shellcode, dissemblers, and generalized exploiting techniques), "Networking" (Network sniffing and hijacking, DOS attacks, and port scanning), and "Cryptology" (developing algorithms, password cracking techniques, and WEP attacks). Each of these sections is replete with many detailed examples of code (sometimes pages long) for your referencing pleasures. Personally, I'm more drawn to the socio-political content found in the entirely-too-short Introduction, Conclusion, and Reference sections, which despite their underdeveloped feel, offer readers Erickson's thoughtful perspective on hacking (discovering and exploring system vulnerabilities is a valuable practice when done for noble ends, or in his own words, "Information itself isn't a crime"), a brief look into the history and ethics of early hacker culture (a learn-but-do-no-harm ethic borne of the 1950s MIT model railroad crowd, the distinction between hackers and crackers, and his thoughts on the importance of pursuing creative problem-solving strategies within closed logical structures), and a number of links to potentially useful web tools (hexadecimal editors and fuzzy fingerprint generators, for instance). On the whole, I found myself wishing that these sections had been developed further, as they might help broaden the potential readership for this book.

As a bookshelf resource, I can see this book being an invaluable contribution to the library of the hacker whose interests in the subject are shaped by theoretical or academic ways of thinking. Otherwise, it's not exactly a page-turner, and I don't expect social engineers, tinkerers, and certainly not skript kiddies to be the audience for this book. Nevertheless, it is important in that it marks a serious contribution to the art, science, and philosophy undergirding hacker culture. For good or for ill, it marks an attempt to formalize or legitimize a body of knowledge that has historically relied upon and even relished its underground status.

Jon Erickson's _Hacking_ is undoubtedly an interesting book, and one that perhaps appeals only to a small subsection of the hacker culture, those who want to learn techniques for exploitation at the conceptual level, aided by plenty of dense examples of code to illustrate those concepts. Erickson's background is in computer science, and he is a corporate lecturer on the subjects of cryptology and network security. With these bona fides, you might expect Erickson to treat the topic professionally and scientifically--and you would be right. Erickson's book is full of interesting and highly useful bits of information on cryptology, ciphers, information theory, and so on, but readers should prepare themselves for a somewhat pedantic, textbook-like style of writing. Having made such preparations, the book does open up for the reader who is looking to learn or brush up on some programming fundamentals.

The majority of _Hacking_ is very technical and deals with programming techniques. The author warns us as much in his Preface, saying that general programming knowledge is necessary in order to make your way through the book. Additionally, those looking for examples of different code flavors will find that Erickson works exclusively with the Gentoo Linux distro, the idea being that the examples are illustrative of techniques and strategies, especially if you are used to a different programming language. Otherwise, you might consider this book a useful primer on Linux, offering practical examples of various exploits, encryption/decryption, and so on.

The bulk of the book is divided into three sections: "Programming" (writing shellcode, dissemblers, and generalized exploiting techniques), "Networking" (Network sniffing and hijacking, DOS attacks, and port scanning), and "Cryptology" (developing algorithms, password cracking techniques, and WEP attacks). Each of these sections is replete with many detailed examples of code (sometimes pages long) for your referencing pleasures. Personally, I'm more drawn to the socio-political content found in the entirely-too-short Introduction, Conclusion, and Reference sections, which despite their underdeveloped feel, offer readers Erickson's thoughtful perspective on hacking (discovering and exploring system vulnerabilities is a valuable practice when done for noble ends, or in his own words, "Information itself isn't a crime"), a brief look into the history and ethics of early hacker culture (a learn-but-do-no-harm ethic borne of the 1950s MIT model railroad crowd, the distinction between hackers and crackers, and his thoughts on the importance of pursuing creative problem-solving strategies within closed logical structures), and a number of links to potentially useful web tools (hexadecimal editors and fuzzy fingerprint generators, for instance). On the whole, I found myself wishing that these sections had been developed further, as they might help broaden the potential readership for this book.

As a bookshelf resource, I can see this book being an invaluable contribution to the library of the hacker whose interests in the subject are shaped by theoretical or academic ways of thinking. Otherwise, it's not exactly a page-turner, and I don't expect social engineers, tinkerers, and certainly not skript kiddies to be the audience for this book. Nevertheless, it is important in that it marks a serious contribution to the art, science, and philosophy undergirding hacker culture. For good or for ill, it marks an attempt to formalize or legitimize a body of knowledge that has historically relied upon and even relished its underground status.