Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Evan (elcoocooi_at_osprey.net)
Date: Tue Jul 16 2002 - 11:32:54 CDT
I'm currently looking for the exact same things you are: good references on C
and Assembler. I curious more about libnet and KLD's than buffer overflows,
but that's not important. Anyway, the best I've found so far are as follows:
"Smashing the Stack for Fun and Profit" by Aleph1- it's clearly written and,
although it assumes a certain knowledge of assembler, makes sense without it.
It made much more sense to me than mudge's tutorial from the old l0pht site.
I have seen another essay floating around called "Advanced Buffer Overflows"
or something logical like that, which purports to aid in writing exploits
that do more than spawn a shell. I haven't read it, personnally, but you
might look around.
"The C Programming Language: Second Edition" by Brian Kernighan and Dennis
Ritchie- the first (second?) and, in many opinions, still the best. This
book flat out assumes that you're already a "good" programmer, so if you
don't at least know how an array works or what a function is good for, you
might try starting somewhere else. But the examples are challenging and
relevant, the prose is clear, the reference section is solid, and the
author's qualifications are unmatched: Dennis Ritchie invented C. I don't
know how well this book would work on anything but Un*x.
I'm not so sure about general Assembler references. I think that there's a
Linux Assembler HOWTO floating around somewhere, so you might check that. It
seems a little short, though.
Anyway, best of luck and let me know what you find.
On Monday 15 July 2002 05:29 pm, Jeremy Junginger wrote:
> n00b question:
> I'm diving into Assembler and C with the hopes of understanding
> application level exploits a little more in depth. In your opinion,
> what are the most beneficial references/tutorials/threads/tools that
> helped you get started on your journeys to buffer-overflow-nirvana?
> I've read the Introduction to Buffer Overflow by Ghost Rider as well as
> the Buffer overflow how-to by Mudge, and both were very valuable. GDB
> appears to be a very strong tool to assist with finding and exploiting
> overflows. Any additional references out there? Coding is a bit new to
> me...so like the human torch says..."Flame ON!!!"