Synopses & Reviews
Uncover, plug, and ethically disclose security flawsPrevent catastrophic network attacks by exposing security flaws, fixing them, and ethically reporting them to the software author. Fully expanded to cover the hacker's latest devious methods, Gray Hat Hacking: The Ethical Hacker's Handbook, Second Edition lays out each exploit alongside line-by-line code samples, detailed countermeasures, and moral disclosure procedures. Find out how to execute effective penetration tests, use fuzzers and sniffers, perform reverse engineering, and find security holes in Windows and Linux applications. You'll also learn how to trap and autopsy stealth worms, viruses, rootkits, adware, and malware.
- Implement vulnerability testing, discovery, and reporting procedures that comply with applicable laws
- Learn the basics of programming, stack operations, buffer overflow and heap vulnerabilities, and exploit development
- Test and exploit systems using Metasploit and other tools
- Break in to Windows and Linux systems with perl scripts, Python scripts, and customized C programs
- Analyze source code using ITS4, RATS, FlawFinder, PREfast, Splint, and decompilers
- Understand the role of IDA Pro scripts, FLAIR tools, and third-party plug-ins in discovering software vulnerabilities
- Reverse-engineer software using decompiling, profiling, memory monitoring, and data flow analysis tools
- Reveal client-side web browser vulnerabilities with MangleMe, AxEnum, and AxMan
- Probe Windows Access Controls to discover insecure access tokens, security descriptors, DACLs, and ACEs
- Find and examine malware and rootkits using honeypots, honeynets, and Norman SandBox technology
Synopsis
Analyze your companys vulnerability to hacks with expert guidance from Gray Hat Hacking: The Ethical Hackers Handbook. Discover advanced security tools and techniques such as fuzzing, reverse engineering, and binary scanning. Test systems using both passive and active vulnerability analysis. Learn to benefit from your role as a gray hat. Review ethical and legal issues and case studies. This unique resource provides leading-edge technical information being utilized by the top network engineers, security auditors, programmers, and vulnerability assessors. Plus, the book offers in-depth coverage of ethical disclosure and provides a practical course of action for those who find themselves in a "disclosure decision" position.
Synopsis
"A fantastic book for anyone looking to learn the tools and techniques needed to break in and stay in." --Bruce Potter, Founder, The Shmoo Group
"Very highly recommended whether you are a seasoned professional or just starting out in the security business." --Simple Nomad, Hacker
About the Author
Shon Harris, CISSP, MCSE, is the president of Logical Security, a security consultant, a former engineer in the Air Forces Information Warfare unit, an instructor and an author. She has authored two best selling CISSP books, was a contributing author to the book, Hackers Challenge, and a contributing author to the book Gray Hat Hacking. Shon has consulted for a variety of companies in many different industries. Shon has taught computer and information security to a wide range of clients, some of which have included RSA, Department of Defense, Department of Energy, West Point, National Security Agency (NSA), Bank of America, Defense Information Systems Agency (DISA), BMC, Intel, and many more.Shon was recognized as one of the top 25 women in the Information Security field by Information Security Magazine. She has been asked by McGraw-Hill to develop McGraw-Hills new security textbook series that will be sold to universities, colleges, and technical schools throughout the world. Shon is currently writing a CISA book to be published by McGraw-Hill in 2008.Additionally, Shon writes security articles for Information Security Magazine and Windows 2000 Magazine and other leading industry journals.
Table of Contents
Part I: Introduction to Ethical Disclosure Chapter 1. Ethics of Ethical Hacking
Chapter 2. Ethical Hacking and the Legal System
Chapter 3. Proper and Ethical Disclosure
Part II: Penetration Testing and Tools
Chapter 4. Using Metasploit
Chapter 5. Using the BackTrack LiveCD Linux Distribution
Part III: Exploits 101
Chapter 6. Programming Survival Skills
Chapter 7. Basic Linux Exploits
Chapter 8. Advanced Linux Exploits
Chapter 9. Shellcode Strategies
Chapter 10. Writing Linux Shellcode
Chapter 11. Basic Windows Exploits
Part IV: Vulnerability Analysis
Chapter 12. Passive Analysis
Chapter 13. Advanced Static Analysis with IDA Pro
Chapter 14. Advanced Reverse Engineering
Chapter 15. Client-Side Browser Exploits
Chapter 16. Exploiting Windows Access Control Model for Local Elevation of Privilege
Chapter 17. Intelligent Fuzzing with Sulley
Chapter 18. From Vulnerability to Exploit
Chapter 19. Closing the Holes: Mitigation
Part V: Malware Analysis
Chapter 20. Collecting Malware and Initial Analysis
Chapter 21. Hacking Malware
Index