Star Wars Sale
 
 

Special Offers see all

Enter to WIN!

Weekly drawing for $100 credit. Subscribe to PowellsBooks.news for a chance to win.
Privacy Policy

More at Powell's


Recently Viewed clear list


Original Essays | June 20, 2014

Lauren Owen: IMG The Other Vampire



It's a wild and thundery night. Inside a ramshackle old manor house, a beautiful young girl lies asleep in bed. At the window, a figure watches... Continue »
  1. $18.90 Sale Hardcover add to wish list

    The Quick

    Lauren Owen 9780812993271

spacer
Qualifying orders ship free.
$26.77
List price: $39.95
New Trade Paper
Ships in 1 to 3 days
Add to Wishlist
Qty Store Section
1 Local Warehouse Mathematics- General

More copies of this ISBN

A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security

by

A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security Cover

 

Synopses & Reviews

Publisher Comments:

"This is one of the most interesting infosec books to come out in the last several years."

-Dino Dai Zovi, Information Security Professional

"Give a man an exploit and you make him a hacker for a day; teach a man to exploit bugs and you make him a hacker for a lifetime."

-Felix 'FX' Lindner

Seemingly simple bugs can have drastic consequences, allowing attackers to compromise systems, escalate local privileges, and otherwise wreak havoc on a system.

A Bug Hunter's Diary follows security expert Tobias Klein as he tracks down and exploits bugs in some of the world's most popular software, like Apple's iOS, the VLC media player, web browsers, and even the Mac OS X kernel. In this one-of-a-kind account, you'll see how the developers responsible for these flaws patched the bugs—or failed to respond at all. As you follow Klein on his journey, you'll gain deep technical knowledge and insight into how hackers approach difficult problems and experience the true joys (and frustrations) of bug hunting.

Along the way you'll learn how to:

  • Use field-tested techniques to find bugs, like identifying and tracing user input data and reverse engineering
  • Exploit vulnerabilities like NULL pointer dereferences, buffer overflows, and type conversion flaws
  • Develop proof of concept code that verifies the security flaw
  • Report bugs to vendors or third party brokers

A Bug Hunter's Diary is packed with real-world examples of vulnerable code and the custom programs used to find and test bugs. Whether you're hunting bugs for fun, for profit, or to make the world a safer place, you'll learn valuable new skills by looking over the shoulder of a professional bug hunter in action.

Synopsis:

Although ominous-sounding terms like "zero-day" and "exploit" are widely used, even many security professionals don't know how bug hunters actually find and attack software security flaws. In A Bug Hunter's Diary, readers follow along with security expert Tobias Klein as he tracks down and exploits bugs in some of the world's most popular programs. Whether by browsing source code, poring over disassembly, or fuzzing live programs, readers get an over-the-shoulder glimpse into the world of a bug hunter as Klein unearths security flaws and uses them to take control of affected systems. Readers learn about critical vulnerabilities in Mac OS X, Linux, Oracle Solaris, and the iPhone OS, among others. They also learn how the developers responsible for these flaws responded to Klein's discoveries—or didn't seem to respond at all. In this one-of-a-kind guide that mixes the personal with the deeply technical, readers learn how hackers approach difficult problems, see the fallout of a security advisory, and understand the true joys (and frustrations) of bug hunting.

About the Author

Tobias Klein is a security researcher and founder of NESO Security Labs, an information security consulting and research company based in Heilbronn, Germany. As a vulnerability researcher, Tobias has identified and helped to fix numerous security vulnerabilities. He is the author of two other information security books published in German by dpunkt.verlag of Heidelberg, Germany.

Table of Contents

Acknowledgments; Introduction; The Goals of This Book; Who Should Read the Book; Disclaimer; Resources; Chapter 1: Bug Hunting; 1.1 1.1 For Fun and Profit; 1.2 1.2 Common Techniques; 1.3 1.3 Memory Errors; 1.4 1.4 Tools of the Trade; 1.5 1.5 EIP = 41414141; 1.6 1.6 Final Note; Chapter 2: Back to the 90s; 2.1 2.1 Vulnerability Discovery; 2.2 2.2 Exploitation; 2.3 2.3 Vulnerability Remediation; 2.4 2.4 Lessons Learned; 2.5 2.5 Addendum; Chapter 3: Escape from the WWW Zone; 3.1 3.1 Vulnerability Discovery; 3.2 3.2 Exploitation; 3.3 3.3 Vulnerability Remediation; 3.4 3.4 Lessons Learned; 3.5 3.5 Addendum; Chapter 4: NULL Pointer FTW; 4.1 4.1 Vulnerability Discovery; 4.2 4.2 Exploitation; 4.3 4.3 Vulnerability Remediation; 4.4 4.4 Lessons Learned; 4.5 4.5 Addendum; Chapter 5: Browse and Youre Owned; 5.1 5.1 Vulnerability Discovery; 5.2 5.2 Exploitation; 5.3 5.3 Vulnerability Remediation; 5.4 5.4 Lessons Learned; 5.5 5.5 Addendum; Chapter 6: One Kernel to Rule Them All; 6.1 6.1 Vulnerability Discovery; 6.2 6.2 Exploitation; 6.3 6.3 Vulnerability Remediation; 6.4 6.4 Lessons Learned; 6.5 6.5 Addendum; Chapter 7: A Bug Older Than 4.4BSD; 7.1 7.1 Vulnerability Discovery; 7.2 7.2 Exploitation; 7.3 7.3 Vulnerability Remediation; 7.4 7.4 Lessons Learned; 7.5 7.5 Addendum; Chapter 8: The Ringtone Massacre; 8.1 8.1 Vulnerability Discovery; 8.2 8.2 Crash Analysis and Exploitation; 8.3 8.3 Vulnerability Remediation; 8.4 8.4 Lessons Learned; 8.5 8.5 Addendum; Hints for Hunting; A.1 Stack Buffer Overflows; A.2 NULL Pointer Dereferences; A.3 Type Conversions in C; A.4 GOT Overwrites; Debugging; B.1 The Solaris Modular Debugger (mdb); B.2 The Windows Debugger (WinDbg); B.3 Windows Kernel Debugging; B.4 The GNU Debugger (gdb); B.5 Using Linux as a Mac OS X Kernel-Debugging Host; Mitigation; C.1 Exploit Mitigation Techniques; C.2 RELRO; C.3 Solaris Zones; Updates; Colophon;

Product Details

ISBN:
9781593273859
Author:
Klein, Tobias.
Publisher:
No Starch Press
Author:
Klein, Tobias
Subject:
Security
Subject:
Networking-Computer Security
Subject:
bug hunting;exploit;remediation;security;vulnerability
Copyright:
Edition Description:
Trade Paper
Publication Date:
20111131
Binding:
TRADE PAPER
Language:
English
Pages:
208
Dimensions:
9.25 x 7 in

Related Subjects

Computers and Internet » Networking » Computer Security
Computers and Internet » Software Engineering » Systems Analysis and Design
Science and Mathematics » Mathematics » General

A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security New Trade Paper
0 stars - 0 reviews
$26.77 In Stock
Product details 208 pages No Starch Press - English 9781593273859 Reviews:
"Synopsis" by ,

Although ominous-sounding terms like "zero-day" and "exploit" are widely used, even many security professionals don't know how bug hunters actually find and attack software security flaws. In A Bug Hunter's Diary, readers follow along with security expert Tobias Klein as he tracks down and exploits bugs in some of the world's most popular programs. Whether by browsing source code, poring over disassembly, or fuzzing live programs, readers get an over-the-shoulder glimpse into the world of a bug hunter as Klein unearths security flaws and uses them to take control of affected systems. Readers learn about critical vulnerabilities in Mac OS X, Linux, Oracle Solaris, and the iPhone OS, among others. They also learn how the developers responsible for these flaws responded to Klein's discoveries—or didn't seem to respond at all. In this one-of-a-kind guide that mixes the personal with the deeply technical, readers learn how hackers approach difficult problems, see the fallout of a security advisory, and understand the true joys (and frustrations) of bug hunting.

spacer
spacer
  • back to top
Follow us on...




Powell's City of Books is an independent bookstore in Portland, Oregon, that fills a whole city block with more than a million new, used, and out of print books. Shop those shelves — plus literally millions more books, DVDs, and gifts — here at Powells.com.