Book description
Examines where security holes come from, how to discover them, how hackers exploit them and take control of systems on a daily basis, and most importantly, how to close these security holes so they never occur again
A unique author team-a blend of industry and underground experts- explain the techniques that readers can use to uncover security holes in any software or operating system
Shows how to pinpoint vulnerabilities in popular operating systems (including Windows, Linux, and Solaris) and applications (including MS SQL Server and Oracle databases)
Details how to deal with discovered vulnerabilities, sharing some previously unpublished advanced exploits and techniques
Table of contents
- Copyright
- About the Authors
- Credits
- Acknowledgments
- I. Introduction to Exploitation: Linux on x86
-
II. Exploiting More Platforms: Windows, Solaris, and Tru64
- 6. The Wild World of Windows
- 7. Windows Shellcode
-
8. Windows Overflows
- 8.1. Stack-Based Buffer Overflows
- 8.2. Stack Protection and Windows 2003 Server
- 8.3. Heap-Based Buffer Overflows
-
8.4. Exploiting Heap-Based Overflows
- 8.4.1. Overwrite Pointer to RtlEnterCriticalSection in the PEB
- 8.4.2. Overwrite Pointer to First Vectored Handler at 77FC3210
- 8.4.3. Overwrite Pointer to Unhandled Exception Filter
- 8.4.4. Overwrite Pointer to Exception Handler in Thread Environment Block
- 8.4.5. Repairing the Heap
- 8.4.6. Other Aspects of Heap-Based Overflows
- 8.4.7. Wrapping Up the Heap
- 8.5. Other Overflows
- 8.6. Exploiting Buffer Overflows and Non-Executable Stacks
- 8.7. Conclusion
- 9. Overcoming Filters
-
10. Introduction to Solaris Exploitation
- 10.1. Introduction to the SPARC Architecture
- 10.2. Solaris/SPARC Shellcode Basics
- 10.3. Solaris/SPARC Stack Frame Introduction
- 10.4. Stack-Based Overflow Methodologies
- 10.5. Stack Overflow Exploitation In Action
- 10.6. Heap-Based Overflows on Solaris/SPARC
- 10.7. Basic Exploit Methodology (t_delete)
- 10.8. Other Heap-Related Vulnerabilities
- 10.9. Heap Overflow Example
- 10.10. Other Solaris Exploitation Techniques
- 10.11. Conclusion
- 11. Advanced Solaris Exploitation
-
12. HP Tru64 Unix Exploitation
- 12.1. The Alpha Architecture
- 12.2. Retrieving the Program Counter (GetPC)
- 12.3. System Call Invocation
- 12.4. XOR Decoder for Shellcode
- 12.5. .end main setuid + execve Shellcode
- 12.6. Connect-Back Shellcode
- 12.7. Find-Socket Shellcode
- 12.8. Bind-Socket Shellcode
- 12.9. Stack Overflow Exploitation
- 12.10. Exploiting rpc.ttdbserver
- 12.11. Conclusion
-
III. Vulnerability Discovery
- 13. Establishing a Working Environment
- 14. Fault Injection
- 15. The Art of Fuzzing
-
16. Source Code Auditing: Finding Vulnerabilities in C-Based Languages
- 16.1. Tools
- 16.2. Automated Source Code Analysis Tools
- 16.3. Methodology
-
16.4. Vulnerability Classes
- 16.4.1. Generic Logic Errors
- 16.4.2. (Almost) Extinct Bug Classes
- 16.4.3. Format Strings
- 16.4.4. Generic Incorrect Bounds-Checking
- 16.4.5. Loop Constructs
- 16.4.6. Off-by-One Vulnerabilities
- 16.4.7. Non-Null Termination Issues
- 16.4.8. Skipping Null-Termination Issues
- 16.4.9. Signed Comparison Vulnerabilities
- 16.4.10. Integer-Related Vulnerabilities
- 16.4.11. Different-Sized Integer Conversions
- 16.4.12. Double Free Vulnerabilities
- 16.4.13. Out-of-Scope Memory Usage Vulnerabilities
- 16.4.14. Uninitialized Variable Usage
- 16.4.15. Use After Free Vulnerabilities
- 16.4.16. Multithreaded Issues and Re-Entrant Safe Code
- 16.5. Beyond Recognition: A Real Vulnerability versus a Bug
- 16.6. Conclusion
-
17. Instrumented Investigation: A Manual Approach
- 17.1. Philosophy
- 17.2. Oracle extproc Overflow
- 17.3. Common Architectural Failures
- 17.4. Bypassing Input Validation and Attack Detection
- 17.5. Windows 2000 SNMP DOS
- 17.6. Finding DOS Attacks
- 17.7. SQL-UDP
- 17.8. Conclusion
- 18. Tracing for Vulnerabilities
-
19. Binary Auditing: Hacking Closed Source Software
- 19.1. Binary versus Source-Code Auditing: The Obvious Differences
- 19.2. IDA Pro—The Tool of the Trade
- 19.3. Binary Auditing Introduction
- 19.4. Reconstructing Class Definitions
- 19.5. Manual Binary Analysis
- 19.6. Binary Vulnerability Examples
- 19.7. Conclusion
-
IV. Advanced Materials
- 20. Alternative Payload Strategies
- 21. Writing Exploits that Work in the Wild
- 22. Attacking Database Software
- 23. Kernel Overflows
-
24. Exploiting Kernel Vulnerabilities
- 24.1. The exec_ibcs2_coff_prep_zmagic() Vulnerability
- 24.2. Solaris vfs_getvfssw() Loadable Kernel Module Path Traversal Exploit
- 24.3. Conclusion
Product information
- Title: The Shellcoder's Handbook: Discovering and Exploiting Security Holes
- Author(s):
- Release date: April 2004
- Publisher(s): Wiley
- ISBN: 9780764544682
You might also like
book
The Shellcoder's Handbook: Discovering and Exploiting Security Holes, Second Edition
This much-anticipated revision, written by the ultimate group of top security experts in the world, features …
book
The Practice of Network Security Monitoring
Network security is not simply about building impenetrable walls — determined attackers will eventually overcome traditional …
book
Network Security Assessment, 3rd Edition
How secure is your network? The best way to find out is to attack it, using …
book
Hack the Cybersecurity Interview
Get your dream job and set off on the right path to achieving success in the …