Gray Hat Hacking, Second Edition: The Ethical Hacker's Handbook
"A fantastic book for anyone looking to learn the tools and techniques needed to break in and stay in." —Bruce Potter, Founder, The Shmoo Group\ "Very highly recommended whether you are a seasoned professional or just starting out in the security business." —Simple Nomad, Hacker
Search in google:
Uncover, plug, and ethically disclose security flawsPrevent catastrophic network attacks by exposing security flaws, fixing them, and ethically reporting them to the software author. Fully expanded to cover the hacker's latest devious methods, Gray Hat Hacking: The Ethical Hacker's Handbook, Second Edition lays out each exploit alongside line-by-line code samples, detailed countermeasures, and moral disclosure procedures. Find out how to execute effective penetration tests, use fuzzers and sniffers, perform reverse engineering, and find security holes in Windows and Linux applications. You'll also learn how to trap and autopsy stealth worms, viruses, rootkits, adware, and malware. Implement vulnerability testing, discovery, and reporting procedures that comply with applicable lawsLearn the basics of programming, stack operations, buffer overflow and heap vulnerabilities, and exploit developmentTest and exploit systems using Metasploit and other toolsBreak in to Windows and Linux systems with perl scripts, Python scripts, and customized C programsAnalyze source code using ITS4, RATS, FlawFinder, PREfast, Splint, and decompilersUnderstand the role of IDA Pro scripts, FLAIR tools, and third-party plug-ins in discovering software vulnerabilitiesReverse-engineer software using decompiling, profiling, memory monitoring, and data flow analysis toolsReveal client-side web browser vulnerabilities with MangleMe, AxEnum, and AxManProbe Windows Access Controls to discover insecure access tokens, security descriptors, DACLs, and ACEsFind and examine malware and rootkits using honeypots, honeynets, and Norman SandBox technologyShon Harris, MCSE, CISSP, is the president of Logical Security, an educator, and a security consultant.Allen Harper, CISSP, is the president and owner of n2netsecurity, Inc., in North Carolina.Chris Eagle is the associate chairman of the Computer Science Department at the Naval Postgraduate School (NPS) in Monterey, California.Jonathan Ness, CHFI, is a lead software security engineer at Microsoft.
Part I: Introduction to Ethical DisclosureChapter 1. Ethics of Ethical Hacking Chapter 2. Ethical Hacking and the Legal System Chapter 3. Proper and Ethical DisclosurePart II: Penetration Testing and ToolsChapter 4. Using Metasploit Chapter 5. Using the BackTrack LiveCD Linux DistributionPart III: Exploits 101Chapter 6. Programming Survival Skills Chapter 7. Basic Linux Exploits Chapter 8. Advanced Linux Exploits Chapter 9. Shellcode Strategies Chapter 10. Writing Linux Shellcode Chapter 11. Basic Windows ExploitsPart IV: Vulnerability AnalysisChapter 12. Passive Analysis Chapter 13. Advanced Static Analysis with IDA Pro Chapter 14. Advanced Reverse Engineering Chapter 15. Client-Side Browser Exploits Chapter 16. Exploiting Windows Access Control Model for Local Elevation of Privilege Chapter 17. Intelligent Fuzzing with Sulley Chapter 18. From Vulnerability to Exploit Chapter 19. Closing the Holes: MitigationPart V: Malware AnalysisChapter 20. Collecting Malware and Initial Analysis Chapter 21. Hacking Malware Index
