We take a look at "The Shellcoder's Handbook" by Jack Koziol, David Litchfield, et al on finding and exploiting buffer overflow vulnerabilities
The Shellcoder's Handbook by Jack Koziol, David Litchfield, et al is an exhaustive book on finding and exploiting buffer overflow vulnerabilities. This will be a good reference book for people who are in to application security testing and vulnerability research. The first part of the book gives detailed account of stack and heap overflows, shell code and format string vulnerabilities. Chapters are devoted for exploit developments on Windows, Solaris and True64 platform with description of tools for test techniques such as fault injection, fuzzing, and source code and binary auditing. The final part of the book discusses advanced exploit scenarios such as alternative payload strategies, kernel overflows, and kernel vulnerabilities. The book is rich in code snippets and real world examples reflecting the authors' collective experience in researching and testing vulnerabilities on commercial software products.