Cyber Shelf

// Comparison

Hacking: The Art of Exploitation vs The Shellcoder's Handbook: Which Should You Read?

Two cybersecurity books on Offensive, compared honestly: who each is for, what each does best, and which to read first.

Intermediate
5/52008
Hacking: The Art of Exploitation

Jon Erickson

A from-first-principles tour of low-level exploitation that still teaches the mindset two decades later.

Advanced
4/52007
The Shellcoder's Handbook

Discovering and Exploiting Security Holes

Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte

A foundational text on memory-corruption exploitation across Linux, Windows, Solaris and embedded targets. Pre-modern-mitigations in spirit but still the canonical introduction to the techniques the modern toolchain is built to defeat.

Read this if

Self-taught hackers who want to understand what a stack overflow actually is, not just how to invoke msfconsole.
Readers committed to learning binary exploitation seriously, after they've already finished Hacking: The Art of Exploitation and want a multi-platform reference that goes deeper.

Skip this if

Readers looking for modern exploitation (ASLR, CFI, browser sandboxes). The defenses Erickson covers are now baseline, not frontiers.
Anyone expecting modern (post-2010) mitigations or current heap allocators. The book pre-dates ASLR enforcement, modern heap hardening, CFI, and the entire arc of mitigations the modern toolchain assumes. It teaches the techniques modern systems are built to defeat.

Key takeaways

  • Exploitation is a way of seeing programs, not a list of techniques.
  • Memory corruption is best learned with a debugger open beside the book.
  • The first half on C/assembly is worth the price even if you skip the exploits.
  • The Windows exploitation chapters are still the best print introduction to the SEH/PE-format-specific mechanics that don't exist in Erickson.
  • The heap chapters teach the conceptual vocabulary (unlinking, frontlinking, magic values, freelists) you need to read modern CTF write-ups, even though the specific allocators have moved on.
  • The "track patches, don't track exploits" chapter is the most underrated piece of vulnerability-research advice in print.

How they compare

We rate Hacking: The Art of Exploitation higher (5/5 against 4/5 for The Shellcoder's Handbook). For most readers, that means Hacking: The Art of Exploitation is the primary pick and The Shellcoder's Handbook is a useful follow-up.

Hacking: The Art of Exploitation is pitched at intermediate level. The Shellcoder's Handbook is pitched at advanced level. Read the easier one first if you're not yet comfortable with the topic.

Hacking: The Art of Exploitation and The Shellcoder's Handbook both cover Offensive, Binary Exploitation, so reading them in sequence reinforces the same material from different angles.

Keep reading

Hacking: The Art of Exploitation

Alternatives to Hacking: The Art of ExploitationWhat to read after Hacking: The Art of Exploitation

The Shellcoder's Handbook

Alternatives to The Shellcoder's HandbookWhat to read after The Shellcoder's Handbook

Related topics

OffensiveBinary Exploitation