It's been quite a long time since I have this book, and I have just finished it (yes I mean, entirely). It was strongly recommended by some people at school, and also by Amazon, and comments on the Internet. Indeed it's very well written, in about 500 pages. The title might suggest something very classical, or more like a collection of exploits without interest, but it's really far from that. This book is very very good if you plan to start in Computer Security, I mean it contains the basics of system and network security in a Unix world. Sure if you know nothing about GNU/Linux the step would be high, but it takes you back to the basics of C language, analyze the assembly code behind, and show you why it is vulnerable, how to create an exploit (yes I mean from scratch, not just copy/paste some script kiddie), and then what happen, etc...

This book would have teach me a lot of things a few years ago, unfortunately I have already learned 70% of the things presented elsewhere. What you will learn:

• Some (quick!) recalls in C programming language.
• How your code is compiled into assembly code (x86 32 bits here).
• How to analyze it with GDB.
• How to exploit buffer overflow, format strings, with different techniques (.dtors, return to libc, etc...).
• How the TCP/IP networks work, and how to use it for fun with very classical attacks (+ create your own packet sniffer, ...).
• How to write you own shellcodes (with different types of shellcodes).
• Counter-measures and various tricks (bypass IDS, prevent from having evidences in logs).
• Cryptology, with description of RSA algorithm, password cracking, WEP cracking (and not just using tools, more like coding tools).
• Ethical, Philosophical and Artistic sides of Hacking.

What I liked in this book is that it is never (or very few) boring, except sometimes when a C program is pasted over 4 or 5 pages for example. I discovered some nice tools such as Nemesis, I learned how to exploit format strings, some nice tricks such as .dtors section. A live CD containing the different pieces of code used in this book is also included, but just probably useful only in case you don't already own a real GNU/Linux.

My conclusion is that it is a very good entry point to Unix systems, and brings you to think on how to create exploits rather than just to use them, while providing subsequent knowledge on the Unix world itself. This is a must read, especially for the parts on assembly analysis, and philosophical views which I found just perfect.