| |
| |
| |
Introduction | |
| |
| |
| |
Programming | |
| |
| |
| |
What Is Programming? | |
| |
| |
| |
Program Exploitation | |
| |
| |
| |
Generalized Exploit Techniques | |
| |
| |
| |
Multi-User File Permissions | |
| |
| |
| |
Memory | |
| |
| |
| |
Memory Declaration | |
| |
| |
| |
Null Byte Termination | |
| |
| |
| |
Program Memory Segmentation | |
| |
| |
| |
Buffer Overflows | |
| |
| |
| |
Stack-Based Overflows | |
| |
| |
| |
Exploiting Without Exploit Code | |
| |
| |
| |
Using the Environment | |
| |
| |
| |
Heap- and bss-Based Overflows | |
| |
| |
| |
A Basic Heap-Based Overflow | |
| |
| |
| |
Overflowing Function Pointers | |
| |
| |
| |
Format Strings | |
| |
| |
| |
Format Strings and printf() | |
| |
| |
| |
The Format-String Vulnerability | |
| |
| |
| |
Reading from Arbitrary Memory Addresses | |
| |
| |
| |
Writing to Arbitrary Memory Addresses | |
| |
| |
| |
Direct Parameter Access | |
| |
| |
| |
Detours with dtors | |
| |
| |
| |
Overwriting the Global Offset Table | |
| |
| |
| |
Writing Shellcode | |
| |
| |
| |
Common Assembly Instructions | |
| |
| |
| |
Linux System Calls | |
| |
| |
| |
Hello, World! | |
| |
| |
| |
Shell-Spawning Code | |
| |
| |
| |
Avoiding Using Other Segments | |
| |
| |
| |
Removing Null Bytes | |
| |
| |
| |
Even Smaller Shellcode Using the Stack | |
| |
| |
| |
Printable ASCII Instructions | |
| |
| |
| |
Polymorphic Shellcode | |
| |
| |
| |
ASCII Printable Polymorphic Shellcode | |
| |
| |
| |
Dissembler | |
| |
| |
| |
Returning into libc | |
| |
| |
| |
Returning into system() | |
| |
| |
| |
Chaining Return into libc Calls | |
| |
| |
| |
Using a Wrapper | |
| |
| |
| |
Writing Nulls with Return into libc | |
| |
| |
| |
Writing Multiple Words with a Single Call | |
| |
| |
| |
Networking | |
| |
| |
| |
What Is Networking? | |
| |
| |
| |
OSI Model | |
| |
| |
| |
Interesting Layers in Detail | |
| |
| |
| |
Network Layer | |
| |
| |
| |
Transport Layer | |
| |
| |
| |
Data-Link Layer | |
| |
| |
| |
Network Sniffing | |
| |
| |
| |
Active Sniffing | |
| |
| |
| |
TCP/IP Hijacking | |
| |
| |
| |
RST Hijacking | |
| |
| |
| |
Denial of Service | |
| |
| |
| |
The Ping of Death | |
| |
| |
| |
Teardrop | |
| |
| |
| |
Ping Flooding | |
| |
| |
| |
Amplification Attacks | |
| |
| |
| |
Distributed DoS Flooding | |
| |
| |
| |
SYN Flooding | |
| |
| |
| |
Port Scanning | |
| |
| |
| |
Stealth SYN Scan | |
| |
| |
| |
FIN, X-mas, and Null Scans | |
| |
| |
| |
Spoofing Decoys | |
| |
| |
| |
Idle Scanning | |
| |
| |
| |
Proactive Defense (Shroud) | |
| |
| |
| |
Cryptology | |
| |
| |
| |
Information Theory | |
| |
| |
| |
Unconditional Security | |
| |
| |
| |
One-Time Pads | |
| |
| |
| |
Quantum Key Distribution | |
| |
| |
| |
Computational Security | |
| |
| |
| |
Algorithmic Runtime | |
| |
| |
| |
Asymptotic Notation | |
| |
| |
| |
Symmetric Encryption | |
| |
| |
| |
Lov Grover's Quantum Search Algorithm | |
| |
| |
| |
Asymmetric Encryption | |
| |
| |
| |
RSA | |
| |
| |
| |
Peter Shor's Quantum Factoring Algorithm | |
| |
| |
| |
Hybrid Ciphers | |
| |
| |
| |
Man-in-the-Middle Attacks | |
| |
| |
| |
Differing SSH Protocol Host Fingerprints | |
| |
| |
| |
Fuzzy Fingerprints | |
| |
| |
| |
Password Cracking | |
| |
| |
| |
Dictionary Attacks | |
| |
| |
| |
Exhaustive Brute-Force Attacks | |
| |
| |
| |
Hash Lookup Table | |
| |
| |
| |
Password Probability Matrix | |
| |
| |
| |
Wireless 802.11 b Encryption | |
| |
| |
| |
Wired Equivalent Privacy (WEP) | |
| |
| |
| |
RC4 Stream Cipher | |
| |
| |
| |
WEP Attacks | |
| |
| |
| |
Offline Brute-Force Attacks | |
| |
| |
| |
Keystream Reuse | |
| |
| |
| |
IV-Based Decryption Dictionary Tables | |
| |
| |
| |
IP Redirection | |
| |
| |
| |
Fluhrer, Mantin, and Shamir (FMS) Attack | |
| |
| |
| |
Conclusion | |
| |
| |
References | |
| |
| |
Index | |