Synopses & Reviews
Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.
Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker's perspective.
The included LiveCD provides a complete Linux programming and debugging environment-all without modifying your current operating system. Use it to follow along with the book's examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to:
- Program computers using C, assembly language, and shell scripts
- Corrupt system memory to run arbitrary code using buffer overflows and format strings
- Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening
- Outsmart common security measures like nonexecutable stacks and intrusion detection systems
- Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence
- Redirect network traffic, conceal open ports, and hijack TCP connections
- Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix
Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don't already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity.
While other books merely show how to run existing exploits, Hacking: The Art of Exploitation broke ground as the first book to explain how hacking and software exploits work and how readers could develop and implement their own. In the second edition, author Jon Erickson again uses practical examples to illustrate the most common computer security issues in three related fields: programming, networking and cryptography. All sections have been extensively updated and expanded, including a more thorough introduction to the complex, low-level workings of a computer. Readers can easily follow along with example code by booting the included live CD, which provides a Linux programming environment and all of its benefits without the hassle of installing a new operating system.
In this second edition, author Erickson uses practical examples to illustrate the most common computer security issues in three related fields: programming, networking, and cryptography. Readers can easily follow along with example code by booting the included live CD.
This 25th anniversary edition of Steven Levy's classic book traces the exploits of the computer revolution's original hackers -- those brilliant and eccentric nerds from the late 1950s through the early '80s who took risks, bent the rules, and pushed the world in a radical new direction. With updated material from noteworthy hackers such as Bill Gates, Mark Zuckerberg, Richard Stallman, and Steve Wozniak, Hackers is a fascinating story that begins in early computer research labs and leads to the first home computers.
Levy profiles the imaginative brainiacs who found clever and unorthodox solutions to computer engineering problems. They had a shared sense of values, known as "the hacker ethic," that still thrives today. Hackers captures a seminal period in recent history when underground activities blazed a trail for today's digital world, from MIT students finagling access to clunky computer-card machines to the DIY culture that spawned the Altair and the Apple II.
The Metasploit Framework is a powerful suite of tools that security researchers use to investigate and resolve potential network and system vulnerabilities. Metasploit: The Penetration Tester's Guide shows readers how to assess networks by using Metasploit to launch simulated attacks that expose weaknesses in their security. The book begins with the basics of information security and Metasploit, then proceeds to general and advanced techniques for penetration testing, including network reconnaissance and enumeration, server- and client-side attacks, devastating wireless attacks, and even targeted social engineering attacks. Whether readers are looking to secure their own networks or discover holes in others', Metasploit is the definitive guide to penetration testing with this dynamic and flexible framework.
About the Author
David Kennedy, a.k.a. ReL1K, is a professional security ninja who likes to break things in his spare time. He has been featured as a computer security expert in numerous TV appearances and news interviews, and has also spoken at DEFCON, Black Hat, and other high-profile hacking conferences.
Jim O'Gorman, a.k.a. Elwood, is a professional penetration tester working with CSC's StrikeForce. He is one of the founders of Social-Engineer.org and co-trainer in Offensive Security's most challenging class, Advanced Windows Exploits (AWE).
Devon Kearns, a.k.a. dookie, is a former Security Analyst for the Canadian Department of National Defense and current team member of Offensive Security. He is a security addict who loves exploiting software and is a co-author and lead maintainer of the free Metasploit Unleashed online training course.
Mati Aharoni is the creator of the Back|Track Linux distribution and the founder of Offensive-Security, the industry leader in security training. Mati is a thought leader in the information security field, has authored several zero-day vulnerabilities, and is considered a subject matter expert on security.
Table of Contents
HACKING: THE ART OF EXPLOITATION, 2ND EDITION.; ACKNOWLEDGMENTS; PREFACE; Chapter 0x100: INTRODUCTION; Chapter 0x200: PROGRAMMING; 0x210 What Is Programming?; 0x220 Pseudo-code; 0x230 Control Structures; 0x240 More Fundamental Programming Concepts; 0x250 Getting Your Hands Dirty; 0x260 Back to Basics; 0x270 Memory Segmentation; 0x280 Building on Basics; Chapter 0x300: EXPLOITATION; 0x310 Generalized Exploit Techniques; 0x320 Buffer Overflows; 0x330 Experimenting with BASH; 0x340 Overflows in Other Segments; 0x350 Format Strings; Chapter 0x400: NETWORKING; 0x410 OSI Model; 0x420 Sockets; 0x430 Peeling Back the Lower Layers; 0x440 Network Sniffing; 0x450 Denial of Service; 0x460 TCP/IP Hijacking; 0x470 Port Scanning; 0x480 Reach Out and Hack Someone; Chapter 0x500: SHELLCODE; 0x510 Assembly vs. C; 0x520 The Path to Shellcode; 0x530 Shell-Spawning Shellcode; 0x540 Port-Binding Shellcode; 0x550 Connect-Back Shellcode; Chapter 0x600: COUNTERMEASURES; 0x610 Countermeasures That Detect; 0x620 System Daemons; 0x630 Tools of the Trade; 0x640 Log Files; 0x650 Overlooking the Obvious; 0x660 Advanced Camouflage; 0x670 The Whole Infrastructure; 0x680 Payload Smuggling; 0x690 Buffer Restrictions; 0x6a0 Hardening Countermeasures; 0x6b0 Nonexecutable Stack; 0x6c0 Randomized Stack Space; Chapter 0x700: CRYPTOLOGY; 0x710 Information Theory; 0x720 Algorithmic Run Time; 0x730 Symmetric Encryption; 0x740 Asymmetric Encryption; 0x750 Hybrid Ciphers; 0x760 Password Cracking; 0x770 Wireless 802.11b Encryption; 0x780 WEP Attacks; Chapter 0x800: CONCLUSION; 0x810 References; 0x820 Sources; COLOPHON;