Practical Binary Analysis | No Starch Press

I started reading this book in november and it took me about two weeks to finish it. You should be a bit comfortable Linux and programming if you plan to give it a try. Here are my thoughts about it.

What I like the most about this book is that it explains the subject in a straightforward and concise way! The author is a very knowledgeable security researcher and his work is state of the art! 

The book helped me fill a lot of gaps about how binary analysis is done, code obfuscation, linear disassemblers, recursive disassemblers, intermediate languages and lots of tools and libraries. It also helped me learn things that I didn’t know they exist, like: code injection, binary instrumentation, dynamic taint analysis and symbolic execution analysis.

Each chapter sets the foundation for the next one and at the end of each chapter you’re invited to solve the exercises which help you enforce and understand the information. The code and examples can be found on the book’s website.

There weren’t many books that I’ve found the appendixes very useful. This one is an exception! There’s one appendix that guides you on further reading and one that discusses the disassemblers and tools used in the book. Being a novice in the field I just love when I get recommendation from an expert like Dennis Andriesse.

I enjoyed the book a lot and I hope you will too! 🙂

Serious Cryptography | No Starch Press

This is my first book review that I did my blog, I’m not really good at reviewing books and I’m not a native english speaker either, so bear with me and my clumsy english.

I must also say that the subject covered by the book overwhelms me, I don’t claim to be an expert on the topic and and to be honest I don’t really want to become one, reading this book has provided me with enough information in order to be able to hold a basic discussion about cryptography related topics, had I put more effort, time and thought in this book I could probably become proficient.

The book has four parts. I think the Fundamentals part is a must-read for any aspiring developer out there, it explains in a very simple and concise way the notions of encryption, randomness and cryptographic security. I never knew there was a thing such as secure random generator and that generating true random numbers is really hard to do.

The Symmetric Crypto part covers block ciphers, hash functions, stream ciphers, keyed hashing and authenticated encryption. The author explains the design of the ciphers, how they work and provides a mathematical background along with proof and fancy equations.

Asymmetric Crypto part is all about RSA, Diffie-Hellman, Elliptic Curves and hard problems in cryptography.

And finally, the Applications part contains two chapters on TLS and Quantum and Post-Quantum cryptography.

I did enjoy reading the book and felt like I’ve learned a thing or two, I definitely wasn’t waste of time even if I didn’t understand most of it. As the author put it:

This book can nonetheless be intimidating, and despite its relative
accessibility, it requires some effort to get the most out of it. I like the
mountaineering analogy: the author paves the way, providing you with
ropes and ice axes to facilitate your work, but you make the ascent
yourself. Learning the concepts in this book will take an effort, but there
will be a reward at the end.

Jean-Philippe Aumasson – Serious Cryptography

I hope you decide to give this book a try!

PS: Let me know in the comments if you liked the review I wrote and how may I improve it and future reviews, thank you!