The Shellcoder's Handbook: Discovering and Exploiting Security Holes

Jack Koziol
David Litchfield
Dave Aitel
Chris Anley
Sinan "noir" Eren
Neel Mehta
Riley Hassell

Stop hackers from wreaking havoc on your software applications and operating systems. This innovative book provides tools to discover vulnerabilities in C-language-based software, exploit what you find, and prevent new security holes from occurring.
* Examines where security holes come from, how to discover them, how hackers exploit them and take control of systems on a daily basis, and most importantly, how to close these security holes so they never occur again
* A unique author team-a blend of industry and underground experts- explain the techniques that readers can use to uncover security holes in any software or operating system
* Shows how to pinpoint vulnerabilities in popular operating systems (including Windows, Linux, and Solaris) and applications (including MS SQL Server and Oracle databases)
* Details how to deal with discovered vulnerabilities, sharing some previously unpublished advanced exploits and techniques

Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks

Michal Zalewski

Author Michal Zalewski has long been known and respected in the hacking and security communities for his intelligence, curiosity and creativity, and this book is truly unlike anything else out there. In Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks, Zalewski shares his expertise and experience to explain how computers and networks work, how information is processed and delivered, and what security threats lurk in the shadows. No humdrum technical white paper or how-to manual for protecting one's network, this book is a fascinating narrative that explores a variety of unique, uncommon and often quite elegant security challenges that defy classification and eschew the traditional attacker-victim model.

Security Warrior

Anton Chuvakin
Cyrus Peikari

When it comes to network security, many users and administrators are running scared, and justifiably so. The sophistication of attacks against computer systems increases with each new Internet worm.

What's the worst an attacker can do to you? You'd better find out, right? That's what "Security Warrior" teaches you. Based on the principle that the only way to defend yourself is to understand your attacker in depth, "Security Warrior" reveals how your systems can be attacked. Covering everything from reverse engineering to SQL attacks, and including topics like social engineering, antiforensics, and common attacks against UNIX and Windows systems, this book teaches you to know your enemy and how to be prepared to do battle.

"Security Warrior" places particular emphasis on reverse engineering. RE is a fundamental skill for the administrator, who must be aware of all kinds of malware that can be installed on his machines -- trojaned binaries, "spyware" that looks innocuous but that sends private data back to its creator, and more. This is the only book to discuss reverse engineering for Linux or Windows CE. It's also the only book that shows you how SQL injection works, enabling you to inspect your database and web applications for vulnerability.

"Security Warrior" is the most comprehensive and up-to-date book covering the art of computer war: attacks against computer systems and their defenses. It's often scary, and never comforting. If you're on the front lines, defending your site against attackers, you need this book. On your shelf--and in your hands.

Hacker Disassembling Uncovered

Kris Kaspersky

Going beyond the issues of analyzing and optimizing programs as well as creating the means of protecting information, this guide takes on the programming problem of, once having found holes in a program, how to go about disassembling it without its source code. Covered are the hacking methods used to analyze programs using a debugger and disassembler. These methods include virtual functions, local and global variables, branching, loops, objects and their hierarchy, and mathematical operators. Also covered are methods of fighting disassemblers, self-modifying code in operating systems, and executing code in the stack. Advanced disassembler topics such as optimizing compilers and movable code are discussed as well.

Text shows how to analyze programs without its source code, using a debugger and a disassembler. Covers hacking methods including virtual functions, local and global variables, branching, loops, objects and their hierarchy, and mathematical operators. For intermediate to advanced level programmers. Softcover.

Hacking: The Art of Exploitation

Jon Erickson

Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.

Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker's perspective.

The included LiveCD provides a complete Linux programming and debugging environment—all without modifying your current operating system. Use it to follow along with the book's examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to:

* Program computers using C, assembly language, and shell scripts
* Corrupt system memory to run arbitrary code using buffer overflows and format strings
* Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening
* Outsmart common security measures like nonexecutable stacks and intrusion detection systems
* Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence
* Redirect network traffic, conceal open ports, and hijack TCP connections
* Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix

Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don't already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity.

Syndicate content