Toggle between light and dark mode.
Your selection will not be saved. From GDPR with ❤.

A Bug Hunter's Diary

A Guided Tour Through the Wilds of Software Security

No Starch Press

Welcome to the companion website of the book »A Bug Hunter's Diary«.

Book Cover

In this website you will find information on the book and a wealth of resources to complement the book. If you simply want to know what this book is about, head over to my publisher's website No Starch Press and see the sample chapter as well as the table of contents.

For purchasing information, please visit No Starch Press (free ebook with print book purchase), Amazon or your local bookstore (ISBN: 978-1-59327-385-9).

The book was translated into many languages, including Japanese, Chinese, Russian, German, and Korean.

If you've already purchased the book, the Code Examples, Exploits, Videos, and Download Links sections found below might be of interest for you.

Reviews.

👏🏼 Endorsements and reviews from some established industry experts.

»Give a man an exploit and you make him a hacker for a day; teach a man to exploit bugs and you make him a hacker for a lifetime.«

—Felix "FX" Lindner, Head of Recurity Labs / Phenoelit

»This is one of the most interesting infosec books to come out in the last several years.«

—Dino Dai Zovi, Security Engineer at Square

»As a diary, I believe it is one of the best books I have read so far. Easy writing style, interesting bugs and illustrative pictures and code listings are the key points making it so successful. [..] That said, I would especially recommend A Bug Hunter's Diary as an excellent supplement of a security textbook to everyone making his first steps in the software security field.«

—Mateusz "j00ru" Jurczyk, Google Inc. read more

»Really enjoyed A Bug Hunter's Diary. Short and to the point. Excellent for people wanting to get into vulnerability hunting.«

—Tarjei Mandt, of Azimuth Security on Twitter

»I definitely recommend this book for anyone who is just starting out in this field and is interested to know exactly what the process of finding software vulnerabilities is like.«

—Chris Rohlf, Head of pentesting and red team at Yahoo read more

That moment when one of your heroes praises your book on Twitter ❤

»My @nostarch recommendations: Silence on the Wire, Bug Hunter's Diary, Inside The Machine, and Hacking the XBox.«

—Peiter C. Zatko, better known as Mudge, on Twitter

Code Examples.

You can download the source code examples for the entire book here.

SHA-256:

39297686a2bf22021d228c5d402e04e9ce5736ea13c70a761860b12e1932d577

Exploits.

Exploit code for some of the vulnerabilities described in the book:

🧪 Developed and published by third parties.

2: Back to the 90s (1, 2)

3: Escape from WWW Zone (1)

4: NULL Pointer FTW (1)

5: Browse and you're Owned (1)

6: One Kernel to Rule them all (1)

Videos.

I recorded some videos demonstrating the exploitability of the bugs described in the book:

📺 The videos are best viewed in HD quality and set to full screen.

2: Back to the 90s (1, 2)

3: Escape from WWW Zone (1)

4: NULL Pointer FTW (1)

5: Browse and you're Owned (1)

6: One Kernel to Rule them all (1)

7: A Bug Older Than 4.4BSD (1)

Download Links.

Below you can find the download links for the vulnerable software mentioned in the book:

2: Back to the 90s

Get the source code of the vulnerable VLC version 0.9.4 here.

Get the vulnerable Windows version 0.9.4 of VLC here.

3: Escape from WWW Zone

Unfortunately, the official source tree of OpenSolaris is no longer available. However, the kernel source code files referenced in Chapter 3 can still be found at repo.or.cz. For example, the patch developed by Sun to address the vulnerability described in the book can be found here. The git commit description is also still available (see the problem description 6606222 Parsing tunnel parameters should be more robust).

Get the vulnerable version of Solaris: Google search

4: NULL Pointer FTW

Get the source code of the vulnerable FFmpeg revision 16556 here.

You may also use the following command to checkout the vulnerable revision:

$ svn checkout svn://svn.ffmpeg.org/ffmpeg/trunk@16556 ffmpeg

5: Browse and you're Owned

Get the vulnerable version of WebEx Meeting Manager here.

Version: 8.0.4902

File size: 9.3 MB (9784832 bytes)

Signing date: 28 February 2008, 8:34 PM

SHA-256:

3581ccb674c051b9e2caac94f244fd2df1d28c57f708e542f2f02f07a3fcd28c

6: One Kernel to Rule them all

Get the vulnerable trial version of avast! Professional here.

File version: 4.7.1098.0

File size: 19.2 MB (20140376 bytes)

Signing date: 15 February 2008, 9:34 PM

SHA-256:

1ef9e6a24026df19ba94bbf2ee751e86c9ee4ea84d127101ac3ba29c1484d123

7: A Bug Older Than 4.4BSD

Get the vulnerable source code revision of the XNU kernel here.