Pre-Review: Writing Security Tools and Exploits
Yesterday I posted a pre-review for Penetration Tester's Open Source Toolkit. I wrote that I thought the two chapters on Metasploit looked interesting. Today I received a review copy of the new Syngress book pictured at left, Writing Security Tools and Exploits by James Foster, Vincent Liu, et al. This looks like a great book, with chapters on various sorts of exploits, plus sections on extending Nessus, Ethereal, and Metasploit.
Metasploit, hmm. I looked at chapters 10 and 11 in Writing and found them to be identical to chapters 12 and 13 in Penetration. Identical! I can't remember the last time I saw a publisher print the same chapters in two different books. I assume James Foster wanted the chapters he wrote for Penetration to appear in Writing because he follows with a new chapter 12 on more Metasploit extensions.
This realization made me remember another Syngress book that I received earlier this year -- Nessus, Snort, & Ethereal Power Tools. I saw that Noam Rathaus had written chapters on Nessus for both Power Tools and Penetration. Could they be the same? Sure enough, chapters 3 and 4 in Power Tools match chapters 10 and 11 in Penetration.
So, 4 out of the 13 chapters in Penetration are published in other books. I would enjoy hearing someone at Syngress explain this, or perhaps one of the authors could comment?
Metasploit, hmm. I looked at chapters 10 and 11 in Writing and found them to be identical to chapters 12 and 13 in Penetration. Identical! I can't remember the last time I saw a publisher print the same chapters in two different books. I assume James Foster wanted the chapters he wrote for Penetration to appear in Writing because he follows with a new chapter 12 on more Metasploit extensions.
This realization made me remember another Syngress book that I received earlier this year -- Nessus, Snort, & Ethereal Power Tools. I saw that Noam Rathaus had written chapters on Nessus for both Power Tools and Penetration. Could they be the same? Sure enough, chapters 3 and 4 in Power Tools match chapters 10 and 11 in Penetration.
So, 4 out of the 13 chapters in Penetration are published in other books. I would enjoy hearing someone at Syngress explain this, or perhaps one of the authors could comment?
Comments
Buffer overflow attacks
sockets, shellcode, porting & coding
Two chapters on shellcode are exactly the same in these two books. The exploit case studies from Buffer overflow attacks are also repeated in the other book.