Goodreads helps you keep track of books you want to read.
Start by marking “Hacking: The Art of Exploitation” as Want to Read:
Hacking: The Art of Exploitation
Enlarge cover
Rate this book
Clear rating
Open Preview

Hacking: The Art of Exploitation

4.16  ·  Rating details ·  2,155 ratings  ·  105 reviews
Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.

Rather than merely showing how to run existing exploits, author Jon Erickson explains how

ebook, 2nd Edition, 491 pages
Published August 2010 by No Starch Press, Inc. (first published 2003)
More Details... Edit Details

Friend Reviews

To see what your friends thought of this book, please sign up.

Community Reviews

Showing 1-30
Average rating 4.16  · 
Rating details
 ·  2,155 ratings  ·  105 reviews

More filters
Sort order
Start your review of Hacking: The Art of Exploitation
Todd N
Feb 22, 2013 rated it it was amazing  ·  review of another edition
Shelves: kindle
My son swells with pride whenever I call him my little hacker. His main goal is to find a way to play Minecraft or watch Minecraft videos on YouTube. He has guessed the iPad and AppleTV passwords to achieve these goals. Once he took my phone and texted this to my wife: "This is Todd. What is the iPad password?" (I was laughing too hard to scold him for that, though we did have a talk about social engineering afterwards.)

Anyway, this book describes much more sophisticated techniques starting with
Stuart Woolf
Jan 26, 2014 rated it it was amazing  ·  review of another edition
This book took me a long time to get through, longer than I care to admit, but I felt this journey paid mega-dividends many times over. I cannot think of a more intellectually-enriching book I have read in the past five or six years.

I read this book with the aim to learn more about assembly language and (broadly speaking) the hardware / software interface. I learned more than I ever cared to know about either of these things and so much more. It should be said, prior to purchasing this book, my
Jan 20, 2012 rated it it was amazing  ·  review of another edition
This book is a good introductory in the subject for mainly two reasons. One is the fact that the book is clearly written and builds up gradually so you're not required to have too much information about the subject before starting to read. Second being the Livecd you can download and which works as a testing platform when you're learning the basics of programming or studying different kinds of exploits.

I enjoyed reading and practicing while reading and my only beef with this book is that in my o
Mike Polsky
Nov 12, 2019 rated it really liked it  ·  review of another edition
Shelves: programming
Mike O'Brien
Jul 03, 2013 rated it really liked it  ·  review of another edition
First of all, let me say that if you have a 64-bit computer here is what you need to know: The liveCD that comes with the book ONLY works on 32-bit computers. Luckily, I have a pentesting machine that I have Kali Linux running on. The website for the book has all of the source code, so I just downloaded it and run in on Kali and it was perfect for me. I think the only extra thing I needed to download was Perl (type: "sudo apt-get install perl" without the quotes into the command line for those o ...more
Apr 27, 2013 rated it liked it  ·  review of another edition
Good book. Mostly about C and overflow-based attacks, which can be kind of confusing if you were looking for a more high-level book...
Hugh Smalley
Sep 14, 2016 rated it really liked it

While other books merely show how to run existing exploits, Hacking: The Art of Exploitation broke ground as the first book to explain how hacking and software exploits work and how readers could develop and implement their own. In the extensively updated and expanded second edition, author Jon Erickson again uses practical examples to illustrate the most common computer security issues in three related fields: programming, networking and cryptography. Includes a live CD, which provides a Linux

Jan 13, 2021 rated it it was amazing  ·  review of another edition
Shelves: science, reviewed
[This is a review of the German translation of the second edition.]
Jon Erickson's Hacking is a precious resource for anyone wishing to develop a comprehensive understanding of IT security. It covers the development of exploits on the lowest level, that is, with a detailed analysis of the memory layouts of programs, how their stacks and heaps work, up to some tinkering with TCP/IP data on the level of individual bytes. What is not covered by this book are higher level attacks such as cross site s
TEELOCK Mithilesh
Sep 09, 2020 rated it it was amazing  ·  review of another edition
Shelves: security
The rules of engagement have been irreversibly changed by the internet. This book sums up the urgent significance of the modern hacking threat. Erickson shows how computer manipulation can be a useful defensive mechanism, but one with an unavoidable vulnerability. The flaws of standard internet coding can be maliciously manipulated to infiltrate a target’s privacy. Vital information can be instantaneously stolen, and individuals can be discretely monitored without an iota of their awareness.
May 17, 2020 rated it it was amazing  ·  review of another edition
I must admit when I found this in Barnes and Noble, I suspected this book to be of sketchy quality. How very wrong I was!

Erickson's book is simply a masterpiece - a very cleanly written book yet comprehensive which introduces many concepts of hacking to the reader in an effective manner. It will likely be quite a challenging read for the inexperienced reader but well worth the effort for those attempting to get into cybersecurity. I also highly recommend this to many C and C++ programmers who ar
Feb 02, 2019 rated it really liked it
Shelves: exploitation
This book primarily focuses on teaching buffer overflow exploits under Linux.
the techniques shown in the book will not work on most modern Linux distributions without crippling the security features that are baked into them (ASLR, stack canaries, DEP, etc)
the book focuses on teaching you the concepts without having you worry about turning off security features on Linux. While most of these techniques are outdated
The book does not cover Windows exploitation at all
after all i enjoyed reading it an
May 10, 2016 rated it really liked it  ·  review of another edition
Shelves: professional
I had read part of this book at university, years ago. While it is no longer up to date and maybe most of the exploits and techniques described have been patched for years, the concepts and general strategies still apply.

If you're looking for a general overview of security (buffer overflows, encryption, passwords, wireless networks, network-enabled apps...), I think this is still a great resource.
Brian Powell
May 22, 2017 rated it really liked it  ·  review of another edition
Far from comprehensive, and not a "how to" book for burgeoning hackers. Excellent coverage of buffer overflows, including sample code in C to bring it to life. Some interesting discussion of SSH man-in-the-middle and WEP attacks. The remainder of the book is standard (but good) coverage of programming, networking, and crypto. ...more
Mar 18, 2007 rated it really liked it  ·  review of another edition
Shelves: techno-books
this is a very good book on the subject of hacking. it covers all of the fundamentals in great detail with plenty of diagrams and code examples that make the text easy to follow. Topics covered include buffer overflows, writing shellcode, and even some wireless hacking.
Jun 20, 2012 rated it really liked it  ·  review of another edition
I really enjoyed the sections on buffer overflows (NOP sled, overwriting the stack return pointer) and network scans/DoS attacks. This book afforded me some cool techniques I didn't learn in my Computational Science degree. The author thoroughly conveys the hacker mentality. ...more
Hands down this is one of the best technical books I've read so far.
The only missing part I think is:
- no integer overflow exploitation
- no details about recent techniques to bypass ASLR
- some chapters are not about exploits or memory corruptions
Oct 18, 2007 rated it really liked it  ·  review of another edition
Shelves: reference, security
Really great introduction to the subject.
Jan 20, 2021 rated it liked it  ·  review of another edition
Low level and hard to read

Unlike other books about hacking, this book focuses on the technical details about exploits rather than using them with other tools. But this additional depth comes at a price: First of all, such low-level approaches are not very practical in many situations - rather than building your own port scanner, you would use a prebuilt one so you can focus on other things. Second, several exploits which are discussed in depth are limited to C because higher-level languages like
Aug 10, 2020 rated it it was amazing  ·  review of another edition
Hello Everyone!!
It actually hurts and bring tears to my eyes when I read comments of scammed victims ripped off by BINARY OPTIONS AND FAKE HACKERS. I know actually know how it feels and hurts to lose money you have worked half of your life for to invest with the thoughts of getting returns when you are retired. It was all a scam in the end. STOP BEING SCAMMED BY THESE BINARY OPTIONS AND FAKE HACKERS. I've had enough of complains from clients over the months who has one way or the other being a v
Wellington Watt
Jun 18, 2020 rated it it was amazing  ·  review of another edition
I have a Direct/Recommended source of an hacker that did a perfect job for me.

Email: Wisetechhacker @ gmail com

He's always ready to render his service for a better deal.

He is a legit private investigator and a certified hacker, that's capable of handling hack related issues, hire him and he won't disappoint you. He can help hack into any device, social networks including - Facebook, hangouts, I messages, Twitter account, snapshot, Instagram, whatsapp, WeChat, text messages., smart phones cloning
Feb 06, 2021 rated it it was amazing  ·  review of another edition
Yeah, this book was dense...

The first chapter gets into C as simple as could be. May quite possibly be the only C programming book one could ever need. The others showed me a side of the internet and networking protocols that blew me away. You really see the technicalities behind the information systems we take for granted.

A lot of the chapters are daunting at a glance but are really simple if you proceed slowly. I suggest following along with the examples especially on the networking session.
Andreas Ellison
Mar 18, 2020 rated it it was amazing  ·  review of another edition
I read this book because I wanted to understand how hacking actually works. I could never imagine how one can "hack" a program and access valuable information through it. This book is an excellent introduction into some basic methods of exploiting some vulnerabilities in programs or networks. It explains how the methods work in detail so that you can implement it yourself and teaches you any necessary knowledge to understand the concepts. No prior knowledge is needed for this book and it teaches ...more
Sep 14, 2020 rated it it was amazing  ·  review of another edition

Hello everyone, I would like to share my experience with you all, I lost over 100k to all these fake so-called BO merchants, after several attempts in trying to recover my money all efforts failed, I was looking through the page of the internet then I saw cyber files hacker they were recommended as a good and reputable company so I reach out to them, to my surprise I was able to recover all my fun.
you can reach out to them with this email if you want to recover your lost funds:
Nov 23, 2020 rated it really liked it  ·  review of another edition
Excellent and fun way to learn about software exploitation, successfully hacking the exploit-riddled flavor of Linux that comes with the book is sure to earn you several dopamine rushes.
Understanding some of the code might strain your neurons depending on your understanding of C, and especially ugly bit-level hacking in C.
Purely of practice, learning or historical interest, as the techniques learned here are for exploiting bugs that are long patched on an even minimally recent and secure system,
Aug 14, 2018 rated it really liked it  ·  review of another edition
This is a fundamentals approach to hacking, diving deep into C and assembly code to give you a thorough understanding of how hacks work on the most basic level. I really liked how it selves into the source code of common tools like nmap so you understand how they work, rather than using them blindly. At the same time, I expect to revisit this book at a later stage; it ramps up quickly and the reader would benefit from a familiarity with shellcode and so on.
Ben Oliver
Spends too much time on one topic then runs out of time to get truly creative. However it’s still worth a read if you are interested in creating exploits, particularly for Linux.

Erickson also takes you through the ‘history’ of an exploit, with step by step guides that build on each other. It’s fascinating to see how ‘small’ ideas turn into really powerful tools.

Not a life changing masterpiece but a good insight into the ‘hacker’ mindset, without skimping on the technical information.

Stefanos Bekiaris
Aug 01, 2020 rated it it was amazing  ·  review of another edition
Shelves: favorites
Holly crap this book is a must read for anyone looking to learn more about hacking. Although it is an older book, this does not mean that its information has no value or its outdated.

Yes, many of the exploits presented are indeed outdated, but what is important is the logic behind them. It only took 2 chapters and 1 buffer overflow exploit to get me hooked.
Noah Nadeau
Sep 25, 2017 rated it it was amazing  ·  review of another edition
Probably one of the most difficult books I've ever read, but only because it's packed full of deep level information. Definitely a must for anyone interested in learning Assembly or C coding, if only to avoid common pitfalls. Supplement this book with "A Bug Hunter's Diary" by Tobias Klein. ...more
Nov 19, 2019 rated it really liked it  ·  review of another edition
Whenever I begin to think that I'm maybe sort of intelligent, I read a book like this and am pleasantly reminded that I'm an incompetent moron when it comes to most topics, lol. Also, this is actually pretty basic stuff for hacking, apparently (?!).

Dora solano
Oct 06, 2017 rated it it was amazing  ·  review of another edition
« previous 1 3 4 next »

Readers also enjoyed

  • The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
  • Red Team Field Manual (RTFM)
  • The C Programming Language
  • Code: The Hidden Language of Computer Hardware and Software
  • Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
  • Social Engineering: The Art of Human Hacking
  • Cracking the Coding Interview: 150 Programming Questions and Solutions
  • Metasploit: The Penetration Tester's Guide
  • Advanced Penetration Testing: Hacking the World's Most Secure Networks
  • Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground
  • Ghost in the Wires: My Adventures as the World's Most Wanted Hacker
  • Reversing: Secrets of Reverse Engineering
  • The Hacker Crackdown: Law and Disorder on the Electronic Frontier
  • The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy
  • The Art of Deception: Controlling the Human Element of Security
  • HTML and CSS: Design and Build Websites
  • The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers
  • Clean Code: A Handbook of Agile Software Craftsmanship
See similar books…

Goodreads is hiring!

If you like books and love to build cool products, we may be looking for you.
Learn more »

News & Interviews

Why not focus on some serious family drama? Not yours, of course, but a fictional family whose story you can follow through the generations of...
160 likes · 60 comments
“The essence of hacking is finding unintended or overlooked uses for the laws and properties of a given situation and then applying them in new and inventive ways to solve a problem — whatever it may be.” 1 likes
“proved that technical problems can have artistic solutions,” 0 likes
More quotes…