Skip to content

Gray Hat Hacking The Ethical Hacker's Handbook

ISBN-10: 0072257091

ISBN-13: 9780072257090

Edition: 2005

Authors: Shon Harris, Allen Harper, Chris Eagle, Michael Lester, Jonathan Ness

List price: $49.99
Blue ribbon 30 day, 100% satisfaction guarantee!
what's this?
Rush Rewards U
Members Receive:
Carrot Coin icon
XP icon
You have reached 400 XP and carrot coins. That is the daily max!

Description:

Analyze your company’s vulnerability to hacks with expert guidance from Gray Hat Hacking: The Ethical Hacker’s Handbook. Discover advanced security tools and techniques such as fuzzing, reverse engineering, and binary scanning. Test systems using both passive and active vulnerability analysis. Learn to benefit from your role as a gray hat. Review ethical and legal issues and case studies. This unique resource provides leading-edge technical information being utilized by the top network engineers, security auditors, programmers, and vulnerability assessors. Plus, the book offers in-depth coverage of ethical disclosure and provides a practical course of action for those who find themselves in a "disclosure decision" position.
Customers also bought

Book details

List price: $49.99
Copyright year: 2005
Publisher: McGraw-Hill Osborne
Binding: Paperback
Pages: 434
Size: 7.25" wide x 9.00" long x 1.00" tall
Weight: 1.628
Language: English

Shon Harris, CISSP, is the founder and CEO of Logical Security LLC, an information security consultant, a former engineer in the Air Force’s Information Warfare unit, an instructor, and an author. She has authored several international bestselling books on information security published by McGraw-Hill Education and Pearson which have sold over a million copies and have been translated into six languages. Ms. Harris authors academic textbooks, security articles for publication, and is a technical editor for Information Security Magazine. Ms. Harris has consulted for a large number of organizations in every business sector (financial, medical, retail, entertainment, utility) and several U.S. government agencies over the last 18 years. Ms. Harris provides high-end, advanced, and specialized consulting for organizations globally. She also works directly with law firms as a technical and expert witness on cases that range from patent infringement, criminal investigations, civil lawsuits and she specializes in cryptographic technologies. Ms. Harris has taught information security to a wide range of clients over the last 18 years, some of which have included; West Point, Microsoft, DHS, DoD, DoE, NSA, FBI, NASA, CDC, PWC, DISA, RSA, Visa, Intel, Cisco, Oracle, HP, Boeing, Northrop Grumman, Shell, Verizon, Citi, BoA, HSBC, Morgan Stanley, Symantec, Warner Brothers, Bridgestone, American Express, etc. Ms. Harris was recognized as one of the top 25 women in the Information Security field by Information Security Magazine.

Chris Eagle (PhD, University of California, Berkeley) is Research Lecturer in the Writing and Society Research Centre at the University of Western Sydney, Australia.

Forewardp. xvii
Introductionp. ixx
Introduction to Ethical Disclosurep. 1
Ethics of Ethical Hackingp. 3
Referencesp. 8
How Does This Stuff Relate to an Ethical Hacking Book?p. 8
Vulnerability Assessmentp. 9
Penetration Testingp. 10
Referencesp. 11
The Controversy of Hacking Books and Classesp. 11
The Dual Nature of Toolsp. 12
Referencesp. 14
Recognizing Trouble When It Happensp. 14
Emulating the Attackp. 15
Where Do Attackers Have Most of Their Fun?p. 16
Security Does Not Like Complexityp. 16
Referencesp. 17
Summaryp. 18
Questionsp. 18
Answersp. 20
Ethical Hacking and the Legal Systemp. 23
Referencesp. 24
Addressing Individual Lawsp. 24
18 USC Section 1029p. 24
Referencesp. 27
18 USC Section 1030p. 27
Referencesp. 32
A State Law Alternativep. 32
Referencesp. 34
18 USC Sections 2510 and 2701p. 34
Referencesp. 36
Digital Millennium Copyright Actp. 37
Referencesp. 38
Cyber Security Enhancement Act of 2002p. 38
Summaryp. 39
Questionsp. 40
Answersp. 42
Proper and Ethical Disclosurep. 45
Different Teams and Points of Viewp. 46
How Did We Get Here?p. 47
CERT's Current Processp. 48
Full Disclosure Policy (RainForest Puppy Policy)p. 50
Organization for Internet Safety (OIS)p. 51
Discoveryp. 52
Notificationp. 53
Validationp. 55
Resolutionp. 58
Releasep. 59
Conflicts Will Still Existp. 59
Case Studiesp. 60
Pros and Cons of Proper Disclosure Processesp. 60
Vendors Paying More Attentionp. 64
So What Should We Do from Here on Out?p. 65
iDefensep. 66
Referencesp. 66
Summaryp. 67
Questionsp. 67
Answersp. 69
Penetration Testing and Toolsp. 71
Pen-Testing Processp. 73
Types of Testsp. 73
Referencesp. 75
Ramping Upp. 75
Building a Teamp. 75
Building a Labp. 76
Contracts, Safety, and Staying Out of Jailp. 77
Assessment Processp. 78
Assessment Planningp. 78
On-Site Meeting with the Customer to Kick Off Assessmentp. 79
Penetration Test Processp. 79
Referencesp. 81
Red Teaming Processp. 81
System Test Processp. 84
Footprinting with Isofp. 86
Referencesp. 89
Reporting Outp. 89
Summaryp. 90
Questionsp. 91
Answersp. 92
Beyond Hacking Exposed: Advanced Tools for Today's Hackerp. 95
Scanning in the "Good Old Days"p. 96
Paketto Keiretsu (scanrand, paratrace)p. 96
Referencesp. 107
Past and Present Forms of Fingerprintingp. 108
xprobe2p. 109
Referencesp. 114
p0fp. 114
Referencesp. 118
amapp. 118
Referencesp. 122
Winfingerprintp. 122
Sniffing Toolsp. 125
libpcap and WinPcapp. 126
Referencesp. 127
Passive Sniffing vs. Active Sniffingp. 127
Referencesp. 134
Referencesp. 137
Defenses Against Active Sniffingp. 137
Sniffing for Usernames and Passwordsp. 138
Referencesp. 139
Sniffing and Hacking LAN Manager Logon Credentialsp. 140
Using the Challenge and Hashes (the Hard Way)p. 143
Using ettercap (the Easy Way)p. 144
Referencesp. 146
Sniffing and Cracking Kerberosp. 146
Summaryp. 148
Questionsp. 150
Answersp. 151
Automated Penetration Testingp. 153
Python Survival Skillsp. 154
Getting Pythonp. 154
Hello, Worldp. 154
Python Objectsp. 155
Referencesp. 160
Automated Penetration Testing Toolsp. 161
Core IMPACTp. 161
Referencesp. 164
Immunity CANVASp. 165
Referencesp. 169
Metasploitp. 169
Referencesp. 177
Summaryp. 177
Questionsp. 177
Answersp. 179
Exploits 101p. 181
Programming Survival Skillsp. 183
Programmingp. 184
The Problem-Solving Processp. 184
Pseudo-codep. 185
Programmers vs. Hackersp. 187
Referencesp. 188
C Programming Languagep. 188
Basic C Language Constructsp. 188
Sample Programp. 193
Compiling with gccp. 193
Referencesp. 194
Computer Memoryp. 194
Random Access Memory (RAM)p. 195
Endianp. 195
Segmentation of Memoryp. 195
Programs in Memoryp. 196
Buffersp. 197
Strings in Memoryp. 197
Pointersp. 197
Putting the Pieces of Memory Togetherp. 198
Referencesp. 198
Intel Processorsp. 199
Registersp. 199
Arithmetic Logic Unit (ALU)p. 199
Program Counterp. 200
Control Unitp. 200
Busesp. 200
Referencesp. 202
Assembly Language Basicsp. 202
Machine vs. Assembly vs. Cp. 202
AT&T vs. NASMp. 202
Addressing Modesp. 204
Assembly File Structurep. 205
Assemblingp. 206
Referencesp. 206
Debugging with gdbp. 206
gdb Basicsp. 206
Disassembly with gdbp. 208
Referencesp. 209
Summaryp. 209
Questionsp. 210
Answersp. 212
Basic Linux Exploitsp. 213
Stack Operationsp. 213
Stack Data Structurep. 214
Operational Implementationp. 214
Function Calling Procedurep. 214
Referencesp. 215
Buffer Overflowsp. 216
Example Buffer Overflowp. 216
Overflow of meet.cp. 217
Ramifications of Buffer Overflowsp. 220
Referencesp. 221
Local Buffer Overflow Exploitsp. 221
Components of the Exploitp. 222
Exploiting Stack Overflows by Command Linep. 223
Exploiting Stack Overflows with Generic Exploit Codep. 225
Exploitation of meet.cp. 226
Exploiting Small Buffersp. 227
Referencesp. 229
Remote Buffer Overflow Exploitsp. 229
Client/Server Modelp. 229
Determining the Remote esp Valuep. 232
Manual Brute Force with Perlp. 232
Referencesp. 234
Summaryp. 234
Questionsp. 235
Answersp. 237
Advance Linux Exploitsp. 239
Format String Exploitsp. 239
The Problemp. 240
Reading from Arbitrary Memoryp. 243
Writing to Arbitrary Memoryp. 245
Taking .dtors to rootp. 247
Referencesp. 250
Heap Overflow Exploitsp. 250
Heap Overflowsp. 251
Memory Allocators (malloc)p. 252
dlmallocp. 253
Exploiting Heap Overflowsp. 257
Alternative Exploitsp. 261
Referencesp. 261
Memory Protection Schemesp. 262
Libsafep. 262
GRSecurity Kernel Patches and Scriptsp. 262
Stackshieldp. 263
Bottom Linep. 263
Referencesp. 264
Summaryp. 264
Questionsp. 265
Answersp. 267
Writing Linux Shellcodep. 269
Basic Linux Shellcodep. 269
System Callsp. 270
Exit System Callp. 272
setreuid System Callp. 274
Shell-Spawning Shellcode with execvep. 276
Referencesp. 279
Port-Binding Shellcodep. 279
Linux Socket Programmingp. 279
Assembly Program to Establish a Socketp. 282
Test the Shellcodep. 284
Referencesp. 287
Reverse Connecting Shellcodep. 287
Reverse Connecting C Programp. 287
Reverse Connecting Assembly Programp. 288
Referencesp. 290
Summaryp. 290
Questionsp. 292
Answersp. 294
Writing a Basic Windows Exploitp. 295
Compiling and Debugging Windows Programsp. 295
Compiling on Windowsp. 295
Debugging on Windowsp. 297
Building a Basic Windows Exploitp. 306
Summaryp. 313
Questionsp. 314
Answersp. 315
Vulnerability Analysisp. 317
Passive Analysisp. 319
Ethical Reverse Engineeringp. 319
Referencesp. 320
Why Reverse Engineering?p. 320
Reverse Engineering Considerationsp. 321
Source Code Analysisp. 321
Source Code Auditing Toolsp. 322
The Utility of Source Code Auditing Toolsp. 323
Manual Source Code Auditingp. 325
Referencesp. 329
Binary Analysisp. 329
Automated Binary Analysis Toolsp. 329
Referencesp. 332
Manual Auditing of Binary Codep. 332
Referencesp. 345
Summaryp. 345
Questionsp. 346
Answersp. 347
Advanced Reverse Engineeringp. 349
Why Try to Break Software?p. 350
The Software Development Processp. 350
Instrumentation Toolsp. 351
Debuggersp. 352
Code Coverage Toolsp. 354
Profiling Toolsp. 354
Flow Analysis Toolsp. 354
Memory Monitoring Toolsp. 356
Referencesp. 361
Fuzzingp. 361
Instrumented Fuzzing Tools and Techniquesp. 362
A Simple URL Fuzzerp. 362
Fuzzing Unknown Protocolsp. 365
SPIKEp. 365
SPIKE Proxyp. 369
Sharefuzzp. 369
Referencesp. 370
Summaryp. 371
Questionsp. 371
Answersp. 373
From Vulnerability to Exploitp. 375
Exploitabilityp. 376
Debugging for Exploitationp. 376
Referencesp. 380
Understanding the Problemp. 380
Preconditions and Postconditionsp. 380
Repeatabilityp. 381
Referencesp. 390
Documenting the Problemp. 390
Background Informationp. 390
Circumstancesp. 391
Research Resultsp. 391
Summaryp. 391
Questionsp. 392
Answersp. 394
Closing the Holes: Mitigationp. 397
Mitigation Alternativesp. 397
Port Knockingp. 398
Referencesp. 398
Migrationp. 398
Referencesp. 399
Patchingp. 400
Source Code Patching Considerationsp. 400
Binary Patching Considerationsp. 402
Referencesp. 406
Summaryp. 406
Questionsp. 406
Answersp. 408
Indexp. 411
Table of Contents provided by Ingram. All Rights Reserved.