Description |
1 online resource (1 volume) : illustrations |
|
text file |
Bibliography |
Includes bibliographical references and index. |
Summary |
This fourth edition explains the enemy's current weapons, skills, and tactics, and offers field-tested remedies, case studies, and ready-to-deploy testing labs. You will learn how to build and launch spoofing exploits with Ettercap and Evilgrade; induce error conditions and crash software using fuzzers; hack Cisco routers, switches, and network hardware; use advanced reverse engineering to exploit Windows and Linux software; bypass Windows Access Control and memory protection schemes; scan for flaws in Web applications; utilize use-after-free technique used in recent zero days; bypass Web authentication; inject your shellcode into a browser's memory using the latest Heap Spray techniques; hijack Web browsers with Metasploit and the BeEF Injection Framework; neutralize ransomware before it takes control of your desktop; dissect Android malware with JEB and DAD decompilers; and find one-day vulnerabilities with binary diffing. -- Edited summary from book. |
Contents |
Cover -- Title Page -- Copyright Page -- Dedication -- Contents -- Preface -- Acknowledgments -- Introduction -- Part I Crash Course: Preparing for the War -- Chapter 1 Ethical Hacking and the Legal System -- Why You Need to Understand Your Enemy's Tactics -- Recognizing Trouble When It Happens -- The Ethical Hacking Process -- The Penetration Testing Process -- What Would an Unethical Hacker Do Differently? -- The Rise of Cyberlaw -- Understanding Individual Cyberlaws -- The Controversy of "Hacking" Tools -- Vulnerability Disclosure -- Different Teams and Points of View |
|
How Did We Get Here? -- CERT's Current Process -- Organization for Internet Safety -- Conflicts Will Still Exist -- "No More Free Bugs" -- Bug Bounty Programs -- Summary -- References -- For Further Reading -- Chapter 2 Programming Survival Skills -- C Programming Language -- Basic C Language Constructs -- Sample Program -- Compiling with gcc -- Computer Memory -- Random Access Memory (RAM) -- Endian -- Segmentation of Memory -- Programs in Memory -- Buffers -- Strings in Memory -- Pointers -- Putting the Pieces of Memory Together -- Intel Processors -- Registers -- Assembly Language Basics |
|
Machine vs. Assembly vs. C -- AT&T vs. NASM -- Addressing Modes -- Assembly File Structure -- Assembling -- Debugging with gdb -- gdb Basics -- Disassembly with gdb -- Python Survival Skills -- Getting Python -- Hello World in Python -- Python Objects -- Strings -- Numbers -- Lists -- Dictionaries -- Files with Python -- Sockets with Python -- Summary -- References -- For Further Reading -- Chapter 3 Static Analysis -- Ethical Reverse Engineering -- Why Bother with Reverse Engineering? -- Reverse Engineering Considerations -- Source Code Analysis -- Source Code Auditing Tools |
|
The Utility of Source Code Auditing Tools -- Manual Source Code Auditing -- Automated Source Code Analysis -- Binary Analysis -- Manual Auditing of Binary Code -- Automated Binary Analysis Tools -- Summary -- For Further Reading -- Chapter 4 Advanced Analysis with IDA Pro -- Static Analysis Challenges -- Stripped Binaries -- Statically Linked Programs and FLAIR -- Data Structure Analysis -- Quirks of Compiled C++ Code -- Extending IDA Pro -- Scripting in IDAPython -- Example 4-1: Decrypting Strings in Place -- Executing Python Code -- Summary -- For Further Reading -- Chapter 5 World of Fuzzing |
|
Introduction to Fuzzing -- Choosing a Target -- Input Types -- Ease of Automation -- Complexity -- Types of Fuzzers -- Mutation Fuzzers -- Generation Fuzzers -- Getting Started -- Finding the Fuzzing Templates -- Lab 5-1: Collecting Samples from the Internet Archive -- Choosing the Optimal Template Set with Code Coverage -- Lab 5-2: Selecting the Best Samples for Fuzzing -- Peach Fuzzing Framework -- Peach Fuzzing Strategies -- Speed Does Matter -- Crash Analysis -- Lab 5-3: Mutation Fuzzing with Peach -- Other Mutation Fuzzers -- Generation Fuzzers -- Summary -- For Further Reading |
Language |
English. |
Subject |
Computer security.
|
|
Hackers.
|
|
Hacking.
|
|
Computer Security |
|
Sécurité informatique. |
|
Pirates informatiques. |
|
Piratage informatique. |
|
Computer security |
|
Hackers |
|
Hacking |
|
Engineering & Applied Sciences. |
|
Computer Science. |
|
Computing & information technology. |
|
Computer networking & communications. |
|
Ethical & social aspects of IT. |
|
Computer fraud & hacking. |
|
Network security. |
|
Computers and IT. |
Added Title |
Ethical hacker's handbook |
Other Form: |
Print version: Regalado, Daniel. Gray hat hacking. Fourth edition. New York : McGraw-Hill, [2015] 9780071832380 (OCoLC)900478166 |
ISBN |
9780071838504 electronic bk. |
|
0071838503 electronic bk. |
|