A Bug Hunter's Diary

A Bug Hunter's Diary

A Guided Tour Through the Wilds of Software Security
by Tobias Klein
November 2011, 208 pp.

Download Chapter 2: Back to the 90s
Visit the book's companion website for further information, news, and resources

"This is one of the most interesting infosec books to come out in the last several years."
–—Dino Dai Zovi, Information Security Professional

"Give a man an exploit and you make him a hacker for a day; teach a man to exploit bugs and you make him a hacker for a lifetime."
–—Felix 'FX' Lindner

Seemingly simple bugs can have drastic consequences, allowing attackers to compromise systems, escalate local privileges, and otherwise wreak havoc on a system.

A Bug Hunter's Diary follows security expert Tobias Klein as he tracks down and exploits bugs in some of the world's most popular software, like Apple's iOS, the VLC media player, web browsers, and even the Mac OS X kernel. In this one-of-a-kind account, you'll see how the developers responsible for these flaws patched the bugs—or failed to respond at all. As you follow Klein on his journey, you'll gain deep technical knowledge and insight into how hackers approach difficult problems and experience the true joys (and frustrations) of bug hunting.

Along the way you'll learn how to:

  • Use field-tested techniques to find bugs, like identifying and tracing user input data and reverse engineering
  • Exploit vulnerabilities like NULL pointer dereferences, buffer overflows, and type conversion flaws
  • Develop proof of concept code that verifies the security flaw
  • Report bugs to vendors or third party brokers

A Bug Hunter's Diary is packed with real-world examples of vulnerable code and the custom programs used to find and test bugs. Whether you're hunting bugs for fun, for profit, or to make the world a safer place, you'll learn valuable new skills by looking over the shoulder of a professional bug hunter in action.

Author Bio 

Tobias Klein is a security researcher and founder of NESO Security Labs, an information security consulting and research company based in Heilbronn, Germany. He is the author of two information security books published in German by dpunkt.verlag of Heidelberg, Germany.

Table of contents 


Chapter 1: Bug Hunting
Chapter 2: Back to the 90s
Chapter 3: Escape from the WWW Zone
Chapter 4: NULL Pointer FTW
Chapter 5: Browse and You're Owned
Chapter 6: One Kernel to Rule Them All
Chapter 7: A Bug Older Than 4.4BSD
Chapter 8: The Ringtone Massacre
Appendix A: Hints for Hunting
Appendix B: Debugging
Appendix C: Mitigation


View the detailed Table of Contents (PDF)
View the Index (PDF)


Featured in ZDNet's list of "Cybersecurity reads for every hacker's bookshelf"

"While I am not a hard core C or assembly language programmer, I loved the book; I felt like I was watching over the author's shoulder as he tracked down software bugs."
—Tony Patton, TechRepublic (Read More)

"This is one of the most interesting infosec books to come out in the last several years."
—Dino Dai Zovi, Information Security Professional (Read More)

"What [Tobias Klein] does do, and does very well, is draw a straight line from source or assembly to the beginning stages of a viable exploit. It is a very satisfying book to read and there are great bits of knowledge to be had."
—Alex McGeorge, Immunity Inc. (Read More)

"I definitely recommend this book for anyone who is just starting out in this field and is interested to know exactly what the process of finding software vulnerabilities is like."
—Chris Rohlf, Matasano Security, EM_386 (Read More)

"The first hand accounts of real world vulnerability discovery offer great perspective for anyone seeking to move beyond the theory of vulnerability discovery and exploitation and into the practice of same."
—Chris Eagle, Senior Lecturer of Computer Science at the Naval Postgraduate School

"An entertaining, even fascinating, spelunking through the wilds of low-level, slightly flawed code. Recommended."
—Dr. Dobb's Developer's Reading List (Read More)

"Tobias Klein's book offers something to those who have an interest in software security. And the fact that it is presented in such an approachable format makes it easy to dive into the life of a bug hunter."
—The Ethical Hacker Network (Read More)

"Klein gives us a fascinating, technically detailed insight into how zero-day vulnerabilities are found. There's a good argument that this book should be made required reading for all programmers."
—Network Security Newsletter, January 2012

"What makes this book stand apart from others is the fact that it offers insight into the approaches, techniques and, more importantly, the way of thinking used by the author to find specific bugs in real-life software products."
—Help Net Security (Read More)

"A quick, easy read that was also incredibly informative. It was a pleasure to read and gain the insight of a security researcher's world. I highly recommend it to any IT professional."
—404 Tech Support (Read More)

"A read of this book may change your view of computer software forever."
—Stephen Chapman, Felgall.com (Read More)

"This book should be required reading for new software developers."
—Steve Hannah: This Week (Read More)

"A Bug Hunter's Diary is a great and focused glimpse into the world of vulnerability exploitation, and the approaches described will be of interest to a range of individuals."
—Michael Larsen, TESTHEAD (Read More)

"If you're tired of ordinary programming books, and looking for something a little different, this might be a good book to try. It's got lots of code to read, lots of bugs to understand, and lots of tools and techniques on display."
—Bryan Pendleton, Journal of a Programmer (Read More)

"Tobias Klein is an excellent security researcher with experience in both closed and open source bug hunting as well as exploit development in many different architectures. I would definitely suggest this book to anyone interested in real world bug hunting and exploitation and not just vuln.c programs."
—xorl.wordpress.com (Read More)

"A Bug Hunter's Diary is fun to read in part because we tune in at the dramatic turns, if you will, of each story. What deductions Klein gleans from each turn follows logically from his preparation and his methods. What also seems to help is the muted pleasure he gets from his work."
—Michael Ernest, JavaRanch (Read More)

"This book made me feel like I was sitting down with Mr. Klein personally, pouring over code, gleaning the nuggets of wisdom and information that come from his in-depth understanding of software design and debugging."
—Digital Overdrive (Read More)

"An interesting read for the more serious programmer."
—ACM SIGSOFT Software Engineering Notes

"The writing is engaging and to the point, but still contains a lot of technical detail."
—Michael Kohl, citizen428.blog() (Read More)

"The book is great and a nice diversion from other technical books and can be recommended to security consultants, software engineers, and security researchers."
—Michael Heinzl, aweSEC (Read More)

"I would especially recommend A Bug Hunter’s Diary as an excellent supplement of a security textbook to everyone making his first steps in the software security field."
—Mateusz "j00ru" Jurczyk, Google Inc. (Read More)

"A short and delightful read, I devoured A Bug Hunter's Diary cover to cover in record time. Once I started reading, I would find it hard to put down."
—The Linux Blog (Read More)