Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition, 3rd Edition

Book description

THE LATEST STRATEGIES FOR UNCOVERING TODAY'S MOST DEVASTATING ATTACKS

Thwart malicious network intrusion by using cutting-edge techniques for finding and fixing security flaws. Fully updated and expanded with nine new chapters, Gray Hat Hacking: The Ethical Hacker's Handbook, Third Edition details the most recent vulnerabilities and remedies along with legal disclosure methods. Learn from the experts how hackers target systems, defeat production schemes, write malicious code, and exploit flaws in Windows and Linux systems. Malware analysis, penetration testing, SCADA, VoIP, and Web security are also covered in this comprehensive resource.

  • Develop and launch exploits using BackTrack and Metasploit
  • Employ physical, social engineering, and insider attack techniques
  • Build Perl, Python, and Ruby scripts that initiate stack buffer overflows
  • Understand and prevent malicious content in Adobe, Office, and multimedia files
  • Detect and block client-side, Web server, VoIP, and SCADA attacks
  • Reverse engineer, fuzz, and decompile Windows and Linux software
  • Develop SQL injection, cross-site scripting, and forgery exploits
  • Trap malware and rootkits using honeypots and SandBoxes

Table of contents

  1. Contents (1/3)
  2. Contents (2/3)
  3. Contents (3/3)
  4. Preface
  5. Acknowledgments
  6. Introduction
  7. Part I: Introduction to Ethical Disclosure
    1. Chapter 1 Ethics of Ethical Hacking
      1. Why You Need to Understand Your Enemy's Tactics
      2. Recognizing the Gray Areas in Security
      3. How Does This Stuff Relate to an Ethical Hacking Book?
      4. The Controversy of Hacking Books and Classes
      5. Where Do Attackers Have Most of Their Fun?
    2. Chapter 2 Ethical Hacking and the Legal System
      1. The Rise of Cyberlaw
      2. Understanding Individual Cyberlaws (1/5)
      3. Understanding Individual Cyberlaws (2/5)
      4. Understanding Individual Cyberlaws (3/5)
      5. Understanding Individual Cyberlaws (4/5)
      6. Understanding Individual Cyberlaws (5/5)
    3. Chapter 3 Proper and Ethical Disclosure
      1. Different Teams and Points of View
      2. CERT's Current Process
      3. Full Disclosure Policy—the RainForest Puppy Policy
      4. Organization for Internet Safety (OIS) (1/2)
      5. Organization for Internet Safety (OIS) (2/2)
      6. Conflicts Will Still Exist
      7. Case Studies
      8. So What Should We Do from Here on Out?
  8. Part II: Penetration Testing and Tools
    1. Chapter 4 Social Engineering Attacks
      1. How a Social Engineering Attack Works
      2. Conducting a Social Engineering Attack
      3. Common Attacks Used in Penetration Testing (1/2)
      4. Common Attacks Used in Penetration Testing (2/2)
      5. Preparing Yourself for Face-to-Face Attacks
      6. Defending Against Social Engineering Attacks
    2. Chapter 5 Physical Penetration Attacks
      1. Why a Physical Penetration Is Important
      2. Conducting a Physical Penetration
      3. Common Ways into a Building (1/3)
      4. Common Ways into a Building (2/3)
      5. Common Ways into a Building (3/3)
      6. Defending Against Physical Penetrations
    3. Chapter 6 Insider Attacks
      1. Why Simulating an Insider Attack Is Important
      2. Conducting an Insider Attack (1/3)
      3. Conducting an Insider Attack (2/3)
      4. Conducting an Insider Attack (3/3)
      5. Defending Against Insider Attacks
    4. Chapter 7 Using the BackTrack Linux Distribution
      1. BackTrack: The Big Picture
      2. Installing BackTrack to DVD or USB Thumb Drive
      3. Using the BackTrack ISO Directly Within a Virtual Machine
      4. Persisting Changes to Your BackTrack Installation (1/2)
      5. Persisting Changes to Your BackTrack Installation (2/2)
      6. Exploring the BackTrack Boot Menu
      7. Updating BackTrack
    5. Chapter 8 Using Metasploit
      1. Metasploit: The Big Picture
      2. Getting Metasploit
      3. Using the Metasploit Console to Launch Exploits
      4. Exploiting Client-Side Vulnerabilities with Metasploit
      5. Penetration Testing with Metasploit's Meterpreter (1/2)
      6. Penetration Testing with Metasploit's Meterpreter (2/2)
      7. Automating and Scripting Metasploit
      8. Going Further with Metasploit
    6. Chapter 9 Managing a Penetration Test
      1. Planning a Penetration Test
      2. Structuring a Penetration Testing Agreement
      3. Execution of a Penetration Test
      4. Information Sharing During a Penetration Test
      5. Reporting the Results of a Penetration Test
  9. Part III: Exploiting
    1. Chapter 10 Programming Survival Skills
      1. C Programming Language
      2. Computer Memory
      3. Intel Processors
      4. Assembly Language Basics
      5. Debugging with gdb
      6. Python Survival Skills (1/2)
      7. Python Survival Skills (2/2)
    2. Chapter 11 Basic Linux Exploits
      1. Stack Operations
      2. Buffer Overflows (1/2)
      3. Buffer Overflows (2/2)
      4. Local Buffer Overflow Exploits (1/2)
      5. Local Buffer Overflow Exploits (2/2)
      6. Exploit Development Process (1/2)
      7. Exploit Development Process (2/2)
    3. Chapter 12 Advanced Linux Exploits
      1. Format String Exploits
      2. Memory Protection Schemes (1/3)
      3. Memory Protection Schemes (2/3)
      4. Memory Protection Schemes (3/3)
    4. Chapter 13 Shellcode Strategies
      1. User Space Shellcode
      2. Other Shellcode Considerations
      3. Kernel Space Shellcode
    5. Chapter 14 Writing Linux Shellcode
      1. Basic Linux Shellcode
      2. Implementing Port-Binding Shellcode (1/2)
      3. Implementing Port-Binding Shellcode (2/2)
      4. Implementing Reverse Connecting Shellcode
      5. Encoding Shellcode (1/2)
      6. Encoding Shellcode (2/2)
      7. Automating Shellcode Generation with Metasploit
    6. Chapter 15 Windows Exploits
      1. Compiling and Debugging Windows Programs
      2. Writing Windows Exploits (1/3)
      3. Writing Windows Exploits (2/3)
      4. Writing Windows Exploits (3/3)
      5. Understanding Structured Exception Handling (SEH)
      6. Understanding Windows Memory Protections (XP SP3, Vista, 7, and Server 2008)
      7. Bypassing Windows Memory Protections (1/4)
      8. Bypassing Windows Memory Protections (2/4)
      9. Bypassing Windows Memory Protections (3/4)
      10. Bypassing Windows Memory Protections (4/4)
    7. Chapter 16 Understanding and Detecting Content-Type Attacks
      1. How Do Content-Type Attacks Work?
      2. Which File Formats Are Being Exploited Today?
      3. Intro to the PDF File Format
      4. Analyzing a Malicious PDF Exploit
      5. Tools to Detect Malicious PDF Files (1/2)
      6. Tools to Detect Malicious PDF Files (2/2)
      7. Tools to Test Your Protections Against Content-type Attacks
      8. How to Protect Your Environment from Content-type Attacks
    8. Chapter 17 Web Application Security Vulnerabilities
      1. Overview of Top Web Application Security Vulnerabilities
      2. SQL Injection Vulnerabilities (1/3)
      3. SQL Injection Vulnerabilities (2/3)
      4. SQL Injection Vulnerabilities (3/3)
      5. Cross-Site Scripting Vulnerabilities (1/2)
      6. Cross-Site Scripting Vulnerabilities (2/2)
    9. Chapter 18 VoIP Attacks
      1. What Is VoIP?
      2. Protocols Used by VoIP
      3. Types of VoIP Attacks (1/2)
      4. Types of VoIP Attacks (2/2)
      5. How to Protect Against VoIP Attacks
    10. Chapter 19 SCADA Attacks
      1. What Is SCADA?
      2. Which Protocols Does SCADA Use?
      3. SCADA Fuzzing (1/2)
      4. SCADA Fuzzing (2/2)
      5. Stuxnet Malware (The New Wave in Cyberterrorism)
      6. How to Protect Against SCADA Attacks
  10. Part IV: Vulnerability Analysis
    1. Chapter 20 Passive Analysis
      1. Ethical Reverse Engineering
      2. Why Bother with Reverse Engineering?
      3. Source Code Analysis (1/3)
      4. Source Code Analysis (2/3)
      5. Source Code Analysis (3/3)
      6. Binary Analysis (1/4)
      7. Binary Analysis (2/4)
      8. Binary Analysis (3/4)
      9. Binary Analysis (4/4)
    2. Chapter 21 Advanced Static Analysis with IDA Pro
      1. Static Analysis Challenges
      2. Extending IDA Pro (1/2)
      3. Extending IDA Pro (2/2)
    3. Chapter 22 Advanced Reverse Engineering
      1. Why Try to Break Software?
      2. Overview of the Software Development Process
      3. Instrumentation Tools (1/3)
      4. Instrumentation Tools (2/3)
      5. Instrumentation Tools (3/3)
      6. Fuzzing
      7. Instrumented Fuzzing Tools and Techniques
    4. Chapter 23 Client-Side Browser Exploits
      1. Why Client-Side Vulnerabilities Are Interesting
      2. Internet Explorer Security Concepts
      3. History of Client-Side Exploits and Latest Trends (1/2)
      4. History of Client-Side Exploits and Latest Trends (2/2)
      5. Finding New Browser-Based Vulnerabilities (1/3)
      6. Finding New Browser-Based Vulnerabilities (2/3)
      7. Finding New Browser-Based Vulnerabilities (3/3)
      8. Heap Spray to Exploit
      9. Protecting Yourself from Client-Side Exploits
    5. Chapter 24 Exploiting the Windows Access Control Model
      1. Why Access Control Is Interesting to a Hacker
      2. How Windows Access Control Works (1/3)
      3. How Windows Access Control Works (2/3)
      4. How Windows Access Control Works (3/3)
      5. Tools for Analyzing Access Control Configurations
      6. Special SIDs, Special Access, and "Access Denied" (1/2)
      7. Special SIDs, Special Access, and "Access Denied" (2/2)
      8. Analyzing Access Control for Elevation of Privilege
      9. Attack Patterns for Each Interesting Object Type (1/4)
      10. Attack Patterns for Each Interesting Object Type (2/4)
      11. Attack Patterns for Each Interesting Object Type (3/4)
      12. Attack Patterns for Each Interesting Object Type (4/4)
      13. What Other Object Types Are Out There? (1/2)
      14. What Other Object Types Are Out There? (2/2)
    6. Chapter 25 Intelligent Fuzzing with Sulley
      1. Protocol Analysis
      2. Sulley Fuzzing Framework (1/3)
      3. Sulley Fuzzing Framework (2/3)
      4. Sulley Fuzzing Framework (3/3)
    7. Chapter 26 From Vulnerability to Exploit
      1. Exploitability
      2. Understanding the Problem (1/2)
      3. Understanding the Problem (2/2)
      4. Payload Construction Considerations
      5. Documenting the Problem
    8. Chapter 27 Closing the Holes: Mitigation
      1. Mitigation Alternatives
      2. Patching (1/3)
      3. Patching (2/3)
      4. Patching (3/3)
  11. Part V: Malware Analysis
    1. Chapter 28 Collecting Malware and Initial Analysis
      1. Malware
      2. Latest Trends in Honeynet Technology (1/2)
      3. Latest Trends in Honeynet Technology (2/2)
      4. Catching Malware: Setting the Trap
      5. Initial Analysis of Malware (1/3)
      6. Initial Analysis of Malware (2/3)
      7. Initial Analysis of Malware (3/3)
    2. Chapter 29 Hacking Malware
      1. Trends in Malware
      2. De-obfuscating Malware (1/2)
      3. De-obfuscating Malware (2/2)
      4. Reverse-Engineering Malware
  12. Index
    1. A
    2. B
    3. C
    4. D
    5. E
    6. F
    7. G
    8. H
    9. I
    10. J
    11. K
    12. L
    13. M
    14. N
    15. O
    16. P
    17. R
    18. S
    19. T
    20. U
    21. V
    22. W
    23. X
    24. Y
    25. Z

Product information

  • Title: Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition, 3rd Edition
  • Author(s): Terron Williams, Allen Harper, Gideon Lenkey, Shon Harris, Chris Eagle, Jonathan Ness
  • Release date: February 2011
  • Publisher(s): McGraw-Hill
  • ISBN: 9780071742566