Reprinting Security Tools and Exploits

Yesterday I blogged about reprinted material in Syngress' "new" Writing Security Tools and Exploits. A commment on that post made me take another look at this book in light of other books by James Foster already published by Syngress. Here is what I found.

  • Chapter 3, "Exploits: Stack" is the same as Chapter 5, "Stack Overflows" in Buffer Overflow Attacks, published several months ago.

  • Chapter 4, "Exploits: Heap" is the same as Chapter 6, "Heap Corruption" in Buffer.

  • Chapter 5, "Exploits: Format String" is the same as Chapter 7, "Format String Attacks" in Buffer.

  • Chapter 6, "Writing Exploits I" is the same as Chapter 10, "Writing Exploits I" in Sockets, Shellcode, Porting, and Coding, another Syngress book by Foster published several months ago.

  • Chapter 7, "Writing Exploits II" is the same as Chapter 11, "Writing Exploits II" in Sockets.

  • Chapter 8, "Coding for Ethereal" appears to be Chapters 11, "Capture File Formats", and 12, "Protocol Dissectors", from Nessus, Snort, and Ethereal Power Tools.

  • Chapter 9, "Coding for Nessus" is the same as Chapter 2, "NASL Scripting" in Sockets and Chapter 9 in Penetration Tester's Open Source Toolkit.

  • Appendix A, "Data Conversion Reference" is the same as Appendix A in Buffer.

  • Appendix B, "Syscall Reference" is the same as Appendix B in Buffer and Appendix D in Sockets.


At the end of the day this 12 chapter Writing book offers only Chapters 1, 2, 10, 11, and 12 as new material.

I decided to next take a look at Sockets, Shellcode, Porting, and Coding to see what material it may have duplicated. Here is what I found.

  • Chapter 8, "Writing Shellcode I" appears the same as Chapter 2, "Understanding Shellcode" in the previously published Buffer Overflow Attacks.

  • Chapter 9, "Writing shellcode II" appears the same as Chapter 3, "Writing Shellcode" in Buffer.

  • Several of the case studies appear to be duplicates of material from Buffer, like "xlockmore User-Supplied Format String Vulnerability", "X11R6 4.2 XLOCALEDIR Overflow", and "OpenSSL SSLv2 Malformed Client Key Remote Buffer".


I guess it's easier to be "authored in over fifteen books" when your material is recycled.

Comments

Anonymous said…


Couldn't agree with you more, he has used other authors material without even asking for their permission
11:49 AM
Anonymous said…
This should be also put on Amazon as a first review.
12:35 PM
Richard Bejtlich said…
Bold Anonymous, can you provide an example?
12:45 PM
Anonymous said…
Not sure if one can "search inside" Syngress titles @Amazon, but it would be interesting to harness that ability to take a broader look at the extent to which they recycle content.

Somebody also should drop Peter Salus a line about this.
12:46 PM
Anonymous said…
This is disappointing, to say the least. ...very disappointing. I truly hope Syngress explains this.

-LonerVamp
3:10 PM
Anonymous said…
Richard,

Great find. I always wondered how Syngress was putting out so many books in such little time. I had always questioned the quailty (in some of their books) but now I'll have to question a little more. I've been lucky enough to re-purchase parts of one book within another to date, but I'll be sure to double check that from now on.

Again, another great find. By the way, I just purchased your book at the local Borders and plan on reading it at the start of the New Year!

Thanks again for a great year full of excellent content and look forward to what you'll do in the future.

Sincerely,
Chuck
10:09 PM
Anonymous said…
Thanks RB.

I have to say, this does blow chunks! I have been looking forward to the Pen Testers Tool Kit book for a long time and was hoping it to be a good book to read adn learn from. Now it looks not too good.
12:11 AM
C.S.Lee said…
Apparently this is unforgiven, Syngress should has already known this before publishing, the new book with old contents, don't they know it will be discovered eventually especially people who reading their book. I guess no one would tolerate with this since they think reader is stupid. Anyway thanks to Richard for the great findings and Merry Xmas :]
1:57 AM
Anonymous said…
The book content was used without the permission of the actual authors - shame on Foster for screwing over people who trusted him and making a somewhat crappy publisher that much worse.
9:48 AM
Anonymous said…
I have been writing to apply refund from Syngress already.
11:53 AM
Anonymous said…
piquos bro ... u need not apply for a refund if you used ebooks like me.They're free and they're out as soon as their hardcopy comes up. Iam not rich enough to buy books, so I google for it :))

Cheers
Vx
3:02 PM
Post a Comment

Popular posts from this blog

Zeek in Action Videos

Image
This is a quick note to point blog readers to my Zeek in Action YouTube video series for the Zeek network security monitoring project .  Each video addresses a topic that I think might be of interest to people trying to understand their network using Zeek and adjacent tools and approaches, like Suricata, Wireshark, and so on.  I am especially pleased with Video 6 on monitoring wireless networks . It took me several weeks to research material for this video. I had to buy new hardware and experiment with a Linux distro that I had not used before -- Parrot .  Please like and subscribe, and let me know if there is a topic you think might make a good video.
Read more

MITRE ATT&CK Tactics Are Not Tactics

Image
Just what are "tactics"? Introduction MITRE ATT&CK  is a great resource, but something about it has bothered me since I first heard about it several years ago. It's a minor point, but I wanted to document it in case it confuses anyone else. The MITRE ATT&CK Design and Philosophy document from March 2020 says the following: At a high-level, ATT&CK is a behavioral model that consists of the following core components: • Tactics, denoting short-term, tactical adversary goals during an attack; • Techniques, describing the means by which adversaries achieve tactical goals; • Sub-techniques, describing more specific means by which adversaries achieve tactical goals at a lower level than techniques; and • Documented adversary usage of techniques, their procedures, and other metadata. My concern is with MITRE's definition of "tactics" as "short-term, tactical adversary goals during an attack," which is oddly recursive. The key word in the tacti
Read more

New Book! The Best of TaoSecurity Blog, Volume 4

Image
  I've completed the TaoSecurity Blog book series . The new book is  The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship .  It's available now for Kindle , and I'm working on the print edition.  I'm running a 50% off promo on Volumes 1-3 on Kindle through midnight 20 April. Take advantage before the prices go back up. I described the new title thus: Go beyond TaoSecurity Blog with this new volume from author Richard Bejtlich. In the first three volumes of the series, Mr. Bejtlich selected and republished the very best entries from 18 years of writing and over 18 million blog views, along with commentaries and additional material.  In this title, Mr. Bejtlich collects material that has not been published elsewhere, including articles that are no longer available or are stored in assorted digital or physical archives. Volume 4 offers early white papers that Mr. Bejtlich wrote as a network defender, either for technical or pol
Read more