|
|
|
|
+++
|
|
|
|
|
title = "A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security - Tobias Klein"
|
|
|
|
|
date = 2016-10-14
|
|
|
|
|
|
|
|
|
|
[taxonomies]
|
|
|
|
|
tags = ["books", "tobias klein", "reviews", "it", "4 stars"]
|
|
|
|
|
+++
|
|
|
|
|
|
|
|
|
|
[GoodReads Summary](https://www.goodreads.com/book/show/12746081-a-bug-hunter-s-diary):
|
|
|
|
|
Seemingly simple bugs can have drastic consequences, allowing attackers to
|
|
|
|
|
compromise systems, escalate local privileges, and otherwise wreak havoc on a
|
|
|
|
|
system.
|
|
|
|
|
|
|
|
|
|
<!-- more -->
|
|
|
|
|
|
|
|
|
|
{{ stars(stars=4) }}
|
|
|
|
|
|
|
|
|
|
For a long time you keep hearing things like "don't use this 'cause it can be
|
|
|
|
|
exploited", but you really never saw something like that being exploited. And
|
|
|
|
|
then comes this book and shows how someone can use everything you know you
|
|
|
|
|
can't use to actually call something it wasn't expected to be called.
|
|
|
|
|
|
|
|
|
|
Confusing? Well, it's a very complex issue that involves the call stack and
|
|
|
|
|
assembly and registers and all that. But the book goes into length explaining
|
|
|
|
|
and showing those things (so, yeah, some knowledge of assembly is required).
|
|
|
|
|
|
|
|
|
|
In the end, it's a good book about those "things" you know your shouldn't use,
|
|
|
|
|
and what happens when you actually use them.
|
