Bug Hunter Diary

“Give a man an exploit and you make him a hacker fora day; teach a man to exploit bugs and you make him ahacker for a lifetime.” — Felix “FX” LindnerSeemingly simple bugs can havedrastic consequences, allowingattackers to compromise systems,escalate local privileges, andotherwise wreak havoc on a system.A Bug Hunter’s Diary followssecurity expert Tobias Klein as hetracks down and exploits bugs insome of the world’s most popularsoftware, like Apple’s iOS, the VLCmedia player, web browsers, andeven the Mac OS X kernel. In thisone-of-a-kind account, you’ll seehow the developers responsible forthese flaws patched the bugs — orfailed to respond to them at all.Along the way you’ll learn how to:* Use field-tested techniques tofind bugs, like identifying andtracing user input data andreverse engineering* Exploit vulnerabilities likeNULL pointer dereferences,buffer overflows, and typeconversion flaws* Develop proof-of-concept codethat verifies the security flaw* Report bugs to vendors or thirdpartybrokersA Bug Hunter’s Diary is packed withreal-world examples of vulnerablecode and the custom programs usedto find and test bugs. Whether you’rehunting bugs for fun, for profit, or tomake the world a safer place, you’lllearn valuable new skills by lookingover the shoulder of a professionalbug hunter in action.About The AuthorTobias Klein is a security researcherand founder of NESO Security Labs,an information security consultingand research company. He is theauthor of two information securitybooks published in the Germanlanguage by dpunkt.verlag.“I LAY FLAT.” This book uses RepKover — a durable binding that won’t snap shut.THE FINEST IN GEEK ENTERTAINMENTwww.nostarch.com$39.95 ($41.95 CDN) Shelve In:Computers/Security