Thread: Socket programming or....

Originally Posted by abachler

MK, you know better than to post hacking links...

The author is not a hacker, he is a "security consultant" . I am not really sure whether he means to use the word prejudicially or not. In the introduction he does say:

Originally Posted by Jon Erickson

the essence of hacking is finding unintended or overlooked uses for the laws and properties of a given situation and then applying them in new and inventive ways to solve a problem

which is basically positive and pretty much describes his approach to writing a beginning book on (mostly) C programming. However, he does also introduce explicit examples of how "exploitation" works -- that is how I learned why a buffer overflow can be very bad, like not just segfault bad, for example.

There are some historical examples of how people have done other bad things (how polymorphic shellcode is constructed, various "DoS attack" methods, TCP/IP hijacking, etc). By the time you are done*, if you are stupid enough, you should be ready to try out some obvious and well known exploit, get traced, and go to jail.

*actually I am not. Polymorphic shellcode is in the last chapter, "cryptology". The book has a very steep curve in it, something you keep coming back to. It also very code heavy.

Originally Posted by JOZZY& Wakko

@MK27, Am I allowed to skip chapter 2 "programming" when I have basic understanding of variables, strings, functions, control structures etc.?

I think he basically puts everything you will need to know about C syntax, etc, for the rest of the book in chapter 1, which is over 100 pages. Some of it is quite condensed, like I had to get a "teach yourself C in 7 days" type book from the library as well. So you could probably skip most of it, yeah.

The networking stuff is a little more detailed, it is almost 100 pages on it's own. However, it has a peculiar slant -- the intro leads up to code for a simple web server, then it goes off into packet sniffing, denial of service, port scanning and hijacking. Interesting, but specialized. Really, it is a book about network security, or an introduction to networking with a very low level and security oriented perpspective. So, a more generally themed networking book may be better (but on the other hand, most of the stuff in a general networking book is probably replicated a dozen times on the web already, whereas that stuff is harder to find).