Gray hat hacking the ethical hacker's handbook
This fourth edition explains the enemy's current weapons, skills, and tactics, and offers field-tested remedies, case studies, and ready-to-deploy testing labs. You will learn how to build and launch spoofing exploits with Ettercap and Evilgrade; induce error conditions and crash software using...
| Main Author: | |
|---|---|
| Format: | eBook |
| Language: | English |
| Published: |
New York
McGraw-Hill Education
2015
|
| Edition: | Fourth edition |
| Subjects: | |
| Online Access: | |
| Collection: | O'Reilly - Collection details see MPG.ReNa |
Table of Contents:
- How Did We Get Here?
- CERT's Current Process
- Organization for Internet Safety
- Conflicts Will Still Exist
- "No More Free Bugs"
- Bug Bounty Programs
- Summary
- References
- For Further Reading
- Chapter 2 Programming Survival Skills
- C Programming Language
- Basic C Language Constructs
- Sample Program
- Compiling with gcc
- Computer Memory
- Random Access Memory (RAM)
- Endian
- Segmentation of Memory
- Programs in Memory
- Buffers
- Strings in Memory
- Pointers
- Putting the Pieces of Memory Together
- Intel Processors
- Registers
- Assembly Language Basics
- Includes bibliographical references and index
- Cover
- Title Page
- Copyright Page
- Dedication
- Contents
- Preface
- Acknowledgments
- Introduction
- Part I Crash Course: Preparing for the War
- Chapter 1 Ethical Hacking and the Legal System
- Why You Need to Understand Your Enemy's Tactics
- Recognizing Trouble When It Happens
- The Ethical Hacking Process
- The Penetration Testing Process
- What Would an Unethical Hacker Do Differently?
- The Rise of Cyberlaw
- Understanding Individual Cyberlaws
- The Controversy of "Hacking" Tools
- Vulnerability Disclosure
- Different Teams and Points of View
- Machine vs. Assembly vs. C
- AT&T vs. NASM
- Addressing Modes
- Assembly File Structure
- Assembling
- Debugging with gdb
- gdb Basics
- Disassembly with gdb
- Python Survival Skills
- Getting Python
- Hello World in Python
- Python Objects
- Strings
- Numbers
- Lists
- Dictionaries
- Files with Python
- Sockets with Python
- Summary
- References
- For Further Reading
- Chapter 3 Static Analysis
- Ethical Reverse Engineering
- Why Bother with Reverse Engineering?
- Reverse Engineering Considerations
- Source Code Analysis
- Source Code Auditing Tools
- Introduction to Fuzzing
- Choosing a Target
- Input Types
- Ease of Automation
- Complexity
- Types of Fuzzers
- Mutation Fuzzers
- Generation Fuzzers
- Getting Started
- Finding the Fuzzing Templates
- Lab 5-1: Collecting Samples from the Internet Archive
- Choosing the Optimal Template Set with Code Coverage
- Lab 5-2: Selecting the Best Samples for Fuzzing
- Peach Fuzzing Framework
- Peach Fuzzing Strategies
- Speed Does Matter
- Crash Analysis
- Lab 5-3: Mutation Fuzzing with Peach
- Other Mutation Fuzzers
- Generation Fuzzers
- Summary
- For Further Reading
- The Utility of Source Code Auditing Tools
- Manual Source Code Auditing
- Automated Source Code Analysis
- Binary Analysis
- Manual Auditing of Binary Code
- Automated Binary Analysis Tools
- Summary
- For Further Reading
- Chapter 4 Advanced Analysis with IDA Pro
- Static Analysis Challenges
- Stripped Binaries
- Statically Linked Programs and FLAIR
- Data Structure Analysis
- Quirks of Compiled C++ Code
- Extending IDA Pro
- Scripting in IDAPython
- Example 4-1: Decrypting Strings in Place
- Executing Python Code
- Summary
- For Further Reading
- Chapter 5 World of Fuzzing