// Comparison

Attacking Network Protocols vs The Shellcoder's Handbook: Which Should You Read?

Two cybersecurity books on Offensive, compared honestly: who each is for, what each does best, and which to read first.

Advanced

5/52017

A Hacker's Guide to Capture, Analysis, and Exploitation

James Forshaw

James Forshaw, Project Zero veteran, on how to capture, parse, and break protocols from the wire up to the application layer, with a strong focus on building reusable analysis tooling.

Advanced

4/52007

The Shellcoder's Handbook

Discovering and Exploiting Security Holes

Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte

A foundational text on memory-corruption exploitation across Linux, Windows, Solaris and embedded targets. Pre-modern-mitigations in spirit but still the canonical introduction to the techniques the modern toolchain is built to defeat.

Read this if

Anyone who needs to understand traffic, not just see it. Forshaw is the rare Project Zero veteran who can also teach; the book turns network protocol analysis into a learnable craft.

Readers committed to learning binary exploitation seriously, after they've already finished Hacking: The Art of Exploitation and want a multi-platform reference that goes deeper.

Skip this if

Beginners who haven't yet handled a pcap, or readers who only want HTTP/web. The book covers Layer 2 through application-level RPC, and the value compounds the deeper you go.

Anyone expecting modern (post-2010) mitigations or current heap allocators. The book pre-dates ASLR enforcement, modern heap hardening, CFI, and the entire arc of mitigations the modern toolchain assumes. It teaches the techniques modern systems are built to defeat.

Key takeaways

Capturing, parsing, and replaying traffic is one workflow, not three, and Forshaw's tooling-first framing makes that explicit.
Custom-protocol auditing (the part security curricula skip) is the part of the book that pays back hardest, especially for embedded, OT, and proprietary stacks.
The "build your own network analysis tool" chapters teach more about how protocols actually work than any number of Wireshark lessons.

The Windows exploitation chapters are still the best print introduction to the SEH/PE-format-specific mechanics that don't exist in Erickson.
The heap chapters teach the conceptual vocabulary (unlinking, frontlinking, magic values, freelists) you need to read modern CTF write-ups, even though the specific allocators have moved on.
The "track patches, don't track exploits" chapter is the most underrated piece of vulnerability-research advice in print.

How they compare

We rate Attacking Network Protocols higher (5/5 against 4/5 for The Shellcoder's Handbook). For most readers, that means Attacking Network Protocols is the primary pick and The Shellcoder's Handbook is a useful follow-up.

Both books target advanced-level readers, so the choice is about topic, not difficulty.

Attacking Network Protocols and The Shellcoder's Handbook both cover Offensive, so reading them in sequence reinforces the same material from different angles.

Keep reading

Attacking Network Protocols

→ Alternatives to Attacking Network Protocols → What to read after Attacking Network Protocols