Tournament of Books 2015
 
 

Special Offers see all

Enter to WIN a $100 Credit

Subscribe to PowellsBooks.news
for a chance to win.
Privacy Policy

Visit our stores


    Recently Viewed clear list


    Original Essays | January 14, 2015

    Marie Mutsuki Mockett: IMG On Trimming Roses



    Gardens do not wait. Weeds grow and flowers wilt. In the days and weeks following my father's death, my parents' garden continued to flourish and... Continue »

    spacer

This item may be
out of stock.

Click on the button below to search for this title in other formats.


Check for Availability
Add to Wishlist

The Shellcoder's Handbook: Discovering and Exploiting Security Holes

The Shellcoder's Handbook: Discovering and Exploiting Security Holes Cover

 

Synopses & Reviews

Publisher Comments:

Jack Koziol, the lead author of The Shellcoder’s Handbook, is a Senior Instructor and Security Program Manager at InfoSec Institute, a provider of advanced ethical hacking training. He regularly is called upon to train members of the United States intelligence community, military, and federal law enforcement agencies. Additionally, Jack provides training for Fortune 500 companies, such as Microsoft, HP, and Citibank, on how to better secure their networks and applications. When not teaching hacking classes, Jack regularly performs penetration tests and application security assessments for a number of clients. He has years of private vulnerability development and exploitation experience for his customers and himself.

Jack is also the author of Intrusion Detection with Snort, one of the best-selling security books in its first year of publication (2003). The book has been translated into several languages, including French and Japanese, and has received rave reviews from Linux Journal, Slashdot, and Information Security magazine.

Jack has appeared in USA Today, CNN, MSNBC, First Business, and other media outlets for his expert opinions on information security. He lives in Oak Park, Illinois, in the shadow of Frank Lloyd Wright’s home and studio, with his girlfriend Tracy and dog Quasi.

David Litchfield is the world’s leading computer security vulnerability researcher and one of the five founding members of NGSSoftware. David has discovered and published over 100 major security vulnerabilities in many different products, including most notably Apache, Microsoft Internet Information Server, Oracle, and Microsoft SQL Server. With his vast experience of network and application penetration testing, David is a permanent presenter to the Black Hat Briefings. He is also the lead author of SQL Security (Osborne/ McGraw-Hill).

Dave Aitel is the author of SPIKE and the founder of the NYC-based Internet security company Immunity, Inc. His research has incorporated exploitation of both Windows and Unix vulnerabilities, and advanced methodologies for finding new vulnerabilities.

Chris Anley is a Director of Next Generation Security Software, a U.K.-based security consulting, research, and software company. Chris is actively involved in vulnerability research and has published several white papers and security advisories on a number of products, including PGP, Windows, SQL Server, and Oracle. He splits his time evenly between research, coding, consulting, and drinking, and hopes at some point to add sleeping to the list.

Sinan Eren is a security researcher based in the Bay Area. He has done extensive work regarding exploitation of Unix vulnerabilities, developed advanced and robust methodologies for exploiting Kernel-level holes, and found many high-profile bugs in commercial and open source Unix software.

Neel Mehta works as an application vulnerability researcher at ISS X-Force, and, like many other security researchers, comes from a reverse-engineering background. His reverse-engineering experience was cultivated through extensive consulting work in the copy protection field, and has more recently been focused on application security. Neel has done extensive research into binary and source-code auditing and has applied this knowledge to find many vulnerabilities in critical and widely deployed network applications.

Riley Hassell, a Senior Researcher Engineer at eEye Digital Security, is responsible for the design and implementation of eEye Digital Security’s QA and research tool suite. He is responsible for the discovery of several highly exposed vulnerabilities released by eEye Digital Security.

Synopsis:

The topics covered in this title include basic vulnerability discovery and development on popular operating systems (Windows, Linux, Solaris, etc.) and applications (MS SQL Server, Oracle software, etc.).

Synopsis:

  • Examines where security holes come from, how to discover them, how hackers exploit them and take control of systems on a daily basis, and most importantly, how to close these security holes so they never occur again
  • A unique author team-a blend of industry and underground experts- explain the techniques that readers can use to uncover security holes in any software or operating system
  • Shows how to pinpoint vulnerabilities in popular operating systems (including Windows, Linux, and Solaris) and applications (including MS SQL Server and Oracle databases)
  • Details how to deal with discovered vulnerabilities, sharing some previously unpublished advanced exploits and techniques

Synopsis:

The black hats have kept up with security enhancements. Have you?

In the technological arena, three years is a lifetime. Since the first edition of this book was published in 2004, built-in security measures on compilers and operating systems have become commonplace, but are still far from perfect. Arbitrary-code execution vulnerabilities still allow attackers to run code of their choice on your system—with disastrous results.

In a nutshell, this book is about code and data and what happens when the two become confused. You'll work with the basic building blocks of security bugs—assembler, source code, the stack, the heap, and so on. You'll experiment, explore, and understand the systems you're running—and how to better protect them.

  • Become familiar with security holes in Windows, Linux, Solaris, Mac OS X, and Cisco's IOS
  • Learn how to write customized tools to protect your systems, not just how to use ready-made ones

  • Use a working exploit to verify your assessment when auditing a network

  • Use proof-of-concept exploits to rate the significance of bugs in software you're developing

  • Assess the quality of purchased security products by performing penetration tests based on the information in this book

  • Understand how bugs are found and how exploits work at the lowest level

About the Author

Chris Anleyis a founder and director of NGSSoftware, a security software, consultancy, and research company based in London, England. He is actively involved in vulnerability research and has discovered security flaws in a wide variety of platforms including Microsoft Windows, Oracle, SQL Server, IBM DB2, Sybase ASE, MySQL, and PGP.

John Heasmanis the Director of Research at NGSSoftware. He is a prolific security researcher and has published many security advisories in enterprise level software. He has a particular interest in rootkits and has authored papers on malware persistence via device firmware and the BIOS. He is also a co-author of The Database Hacker’s Handbook: Defending Database Servers(Wiley 2005).

Felix “FX” Linderleads SABRE Labs GmbH, a Berlin-based professional consulting company specializing in security analysis, system design creation, and verification work. Felix looks back at 18 years of programming and over a decade of computer security consulting for enterprise, carrier, and software vendor clients. This experience allows him to rapidly dive into complex systems and evaluate them from a security and robustness point of view, even in atypical scenarios and on arcane platforms. In his spare time, FX works with his friends from the Phenoelit hacking group on different topics, which have included Cisco IOS, SAP, HP printers, and RIM BlackBerry in the past.

Gerardo Richartehas been doing reverse engineering and exploit development for more than 15 years non-stop. In the past 10 years he helped build the technical arm of Core Security Technologies, where he works today. His current duties include developing exploits for Core IMPACT, researching new exploitation techniques and other low-level subjects, helping other exploit writers when things get hairy, and teaching internal and external classes on assembly and exploit writing. As result of his research and as a humble thank you to the community, he has published some technical papers and open source projects, presented in a few conferences, and released part of his training material. He really enjoys solving tough problems and reverse engineering any piece of code that falls in his reach just for the fun of doing it.

Table of Contents

About the Authors.

Credits.

Acknowledgments.

Part 1: Introduction to Exploitation: Linux on x86.

Chapter 1: Before You Begin.

Chapter 2: Stack Overflows.

Chapter 3: Shellcode.

Chapter 4: Introduction to Format String Bugs.

Chapter 5: Introduction to Heap Overflows.

Part 2: Exploiting More Platforms: Windows, Solaris, and Tru64.

Chapter 6: The Wild World of Windows.

Chapter 7: Windows Shellcode.

Chapter 8: Windows Overflows.

Chapter 9: Overcoming Filters.

Chapter 10: Introduction to Solaris Exploitation.

Chapter 11: Advanced Solaris Exploitation.

Chapter 12: HP Tru64 Unix Exploitation.

Part 3: Vulnerability Discovery.

Chapter 13: Establishing a Working Environment.

Chapter 14: Fault Injection.

Chapter 15: The Art of Fuzzing.

Chapter 16: Source Code Auditing: Finding Vulnerabilities in C-Based Languages.

Chapter 17: Instrumented Investigation: A Manual Approach.

Chapter 18: Tracing for Vulnerabilities.

Chapter 19: Binary Auditing: Hacking Closed Source Software.

Part 4: Advanced Materials.

Chapter 20: Alternative Payload Strategies.

Chapter 21: Writing Exploits that Work in the Wild.

Chapter 22: Attacking Database Software.

Chapter 23: Kernel Overflows.

Chapter 24: Exploiting Kernel Vulnerabilities.

Index.

Product Details

ISBN:
9780764544682
Subtitle:
Discovering and Exploiting Security Holes
Publisher:
Wiley
Author:
Hassell, Riley
Author:
Litchfield, David
Author:
Lindner, Felix"
Author:
Anley, Chris
Author:
Eren, Sinan "noir"
Author:
Aitel, Dave
Author:
Heasman, John
Author:
Mehta, Neel
Author:
Koziol, Jack
Author:
Richarte, Gerardo
Location:
Indianapolis, IN
Subject:
Computer security
Subject:
Security
Subject:
Risk assessment
Subject:
Data protection
Subject:
Security - General
Subject:
Networking/Security
Subject:
Networking-Computer Security
Copyright:
Edition Description:
WebSite Associated w/Book
Series Volume:
200120A
Publication Date:
March 2004
Binding:
Paperback
Grade Level:
General/trade
Language:
English
Illustrations:
Yes
Pages:
644
Dimensions:
9.14x7.52x1.39 in. 2.04 lbs.

Related Subjects

Computers and Internet » Internet » General
Computers and Internet » Networking » Computer Security

The Shellcoder's Handbook: Discovering and Exploiting Security Holes
0 stars - 0 reviews
$ In Stock
Product details 644 pages Wiley Publishing - English 9780764544682 Reviews:
"Synopsis" by , The topics covered in this title include basic vulnerability discovery and development on popular operating systems (Windows, Linux, Solaris, etc.) and applications (MS SQL Server, Oracle software, etc.).
"Synopsis" by ,
  • Examines where security holes come from, how to discover them, how hackers exploit them and take control of systems on a daily basis, and most importantly, how to close these security holes so they never occur again
  • A unique author team-a blend of industry and underground experts- explain the techniques that readers can use to uncover security holes in any software or operating system
  • Shows how to pinpoint vulnerabilities in popular operating systems (including Windows, Linux, and Solaris) and applications (including MS SQL Server and Oracle databases)
  • Details how to deal with discovered vulnerabilities, sharing some previously unpublished advanced exploits and techniques
"Synopsis" by , The black hats have kept up with security enhancements. Have you?

In the technological arena, three years is a lifetime. Since the first edition of this book was published in 2004, built-in security measures on compilers and operating systems have become commonplace, but are still far from perfect. Arbitrary-code execution vulnerabilities still allow attackers to run code of their choice on your system—with disastrous results.

In a nutshell, this book is about code and data and what happens when the two become confused. You'll work with the basic building blocks of security bugs—assembler, source code, the stack, the heap, and so on. You'll experiment, explore, and understand the systems you're running—and how to better protect them.

  • Become familiar with security holes in Windows, Linux, Solaris, Mac OS X, and Cisco's IOS
  • Learn how to write customized tools to protect your systems, not just how to use ready-made ones

  • Use a working exploit to verify your assessment when auditing a network

  • Use proof-of-concept exploits to rate the significance of bugs in software you're developing

  • Assess the quality of purchased security products by performing penetration tests based on the information in this book

  • Understand how bugs are found and how exploits work at the lowest level

spacer
spacer
  • back to top

FOLLOW US ON...

     
Powell's City of Books is an independent bookstore in Portland, Oregon, that fills a whole city block with more than a million new, used, and out of print books. Shop those shelves — plus literally millions more books, DVDs, and gifts — here at Powells.com.