The Gray Hat Hackers Handbook, as published in January 2011, claims to summarize the knowledge a Gray Hat should have. Well, I am not so happy with it. It covers a lot of material: starting from USB stick based attacks to malware and programming. However there are many chapters within this book that simply show you how install or use some tools. That is not what I would expect from some one who wants to become or already is a gray hat. If you can not read the manual and think way beyond it you are doing some thing wrong.

Remarkably is the chapter on disclosure and the ethics related to it. Unfortunately it is too short! Similar thing happened to chapter 17 which focusses on application security. The Web Application Part is so small and hardly gives the reader a foothold to dig deeper into the field of finding Vulns in specially crafted applications. Within the following chapters the authors take a very high level and mainly tool focussed perspective on VOIP- and SCADA hacking. Given the medias attention to these topic within 2010 - 2012 I would have expected more content and less tool descriptions.

The chapters on exploit development, shellcodes and return oriented programming are written very well. They explain in great detail how to do such things and heavily rely on AlephOnes work. If you are new to it or have already written shellcodes and exploits - you will always learn some thing from these chapters.

So, to get it to a point: Nice read, but focussing to much on tools. Read a few blogs and skip this book.

Cheers!