A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security - Tobias Klein

GoodReads Summary: Seemingly simple bugs can have drastic consequences, allowing attackers to compromise systems, escalate local privileges, and otherwise wreak havoc on a system.


For a long time you keep hearing things like "don't use this 'cause it can be exploited", but you really never saw something like that being exploited. And then comes this book and shows how someone can use everything you know you can't use to actually call something it wasn't expected to be called.

Confusing? Well, it's a very complex issue that involves the call stack and assembly and registers and all that. But the book goes into length explaining and showing those things (so, yeah, some knowledge of assembly is required).

In the end, it's a good book about those "things" you know your shouldn't use, and what happens when you actually use them.