Friday, December 23, 2005

Pre-Review: Writing Security Tools and Exploits

Yesterday I posted a pre-review for Penetration Tester's Open Source Toolkit. I wrote that I thought the two chapters on Metasploit looked interesting. Today I received a review copy of the new Syngress book pictured at left, Writing Security Tools and Exploits by James Foster, Vincent Liu, et al. This looks like a great book, with chapters on various sorts of exploits, plus sections on extending Nessus, Ethereal, and Metasploit.

Metasploit, hmm. I looked at chapters 10 and 11 in Writing and found them to be identical to chapters 12 and 13 in Penetration. Identical! I can't remember the last time I saw a publisher print the same chapters in two different books. I assume James Foster wanted the chapters he wrote for Penetration to appear in Writing because he follows with a new chapter 12 on more Metasploit extensions.

This realization made me remember another Syngress book that I received earlier this year -- Nessus, Snort, & Ethereal Power Tools. I saw that Noam Rathaus had written chapters on Nessus for both Power Tools and Penetration. Could they be the same? Sure enough, chapters 3 and 4 in Power Tools match chapters 10 and 11 in Penetration.

So, 4 out of the 13 chapters in Penetration are published in other books. I would enjoy hearing someone at Syngress explain this, or perhaps one of the authors could comment?


Anonymous said...

Two other Syngress titles suffer from the same problem:
Buffer overflow attacks
sockets, shellcode, porting & coding

Two chapters on shellcode are exactly the same in these two books. The exploit case studies from Buffer overflow attacks are also repeated in the other book.

John Collins said...

This scenario looks just like modern day movies, no originality. Everyone just keeps doing remakes (or reprints in this case) of old stuff.