You are previewing Gray Hat Hacking, Second Edition, 2nd Edition.
O'Reilly logo
Gray Hat Hacking, Second Edition, 2nd Edition

Book Description

"A fantastic book for anyone looking to learn the tools and techniques needed to break in and stay in." --Bruce Potter, Founder, The Shmoo Group

"Very highly recommended whether you are a seasoned professional or just starting out in the security business." --Simple Nomad, Hacker

Table of Contents

  1. Copyright
  2. Preface
  3. Acknowledgments
  4. Introduction
  5. Introduction to Ethical Disclosure
    1. Ethics of Ethical Hacking
      1. References
      2. How Does This Stuff Relate to an Ethical Hacking Book?
      3. Security Does Not Like Complexity
    2. Ethical Hacking and the Legal System
      1. References
      2. Addressing Individual Laws
    3. Proper and Ethical Disclosure
      1. You Were Vulnerable for How Long?
      2. Different Teams and Points of View
      3. CERT’s Current Process
      4. Full Disclosure Policy (RainForest Puppy Policy)
      5. Organization for Internet Safety (OIS)
      6. Conflicts Will Still Exist
      7. Case Studies
      8. Zero Day Initiative
      9. So What Should We Do from Here on Out?
  6. Penetration Testing and Tools
    1. Using Metasploit
      1. Metasploit: The Big Picture
      2. Getting Metasploit
      3. Exploiting Client-Side Vulnerabilities with Metasploit
      4. Using Metasploit as a Man-in-the-Middle Password Stealer
      5. Using Metasploit to Auto-Attack
      6. Inside Metasploit Modules
    2. Using the BackTrack LiveCD Linux Distribution
      1. BackTrack: The Big Picture
      2. Creating the BackTrack CD
      3. Booting BackTrack
      4. Exploring the BackTrack X-Windows Environment
      5. Writing BackTrack to Your USB Memory Stick
      6. Saving Your BackTrack Configurations
      7. Creating a Directory-Based or File-Based Module with dir2lzm
      8. Creating a New Base Module with All the Desired Directory Contents
      9. Cheat Codes and Selectively Loading Modules
      10. Metasploit db_autopwn
      11. Tools
  7. Exploits 101
    1. Programming Survival Skills
      1. C Programming Language
      2. Computer Memory
      3. Intel Processors
      4. Assembly Language Basics
      5. Debugging with gdb
      6. Python Survival Skills
    2. Basic Linux Exploits
      1. Stack Operations
      2. Buffer Overflows
      3. Local Buffer Overflow Exploits
      4. Exploit Development Process
    3. Advanced Linux Exploits
      1. Format String Exploits
      2. Heap Overflow Exploits
      3. Memory Protection Schemes
    4. Shellcode Strategies
      1. User Space Shellcode
      2. Other Shellcode Considerations
      3. Kernel Space Shellcode
    5. Writing Linux Shellcode
      1. Basic Linux Shellcode
      2. Implementing Port-Binding Shellcode
      3. Implementing Reverse Connecting Shellcode
      4. Encoding Shellcode
      5. Automating Shellcode Generation with Metasploit
    6. Basic Windows Exploits
      1. Compiling and Debugging Windows Programs
      2. Windows Exploits
  8. Vulnerability Analysis
    1. Passive Analysis
      1. Ethical Reverse Engineering
      2. Why Reverse Engineering?
      3. Source Code Analysis
      4. Binary Analysis
    2. Advanced Static Analysis with IDA Pro
      1. Static Analysis Challenges
      2. Extending IDA
    3. Advanced Reverse Engineering
      1. Why Try to Break Software?
      2. The Software Development Process
      3. Instrumentation Tools
      4. Fuzzing
      5. Instrumented Fuzzing Tools and Techniques
    4. Client-Side Browser Exploits
      1. Why Client-Side Vulnerabilities Are Interesting
      2. Internet Explorer Security Concepts
      3. History of Client-Side Exploits and Latest Trends
      4. Finding New Browser-Based Vulnerabilities
      5. Heap Spray to Exploit
      6. Protecting Yourself from Client-Side Exploits
    5. Exploiting Windows Access Control Model for Local Elevation of Privilege
      1. Why Access Control Is Interesting to a Hacker
      2. How Windows Access Control Works
      3. Tools for Analyzing Access Control Configurations
      4. Special SIDs, Special Access, and “Access Denied”
      5. Analyzing Access Control for Elevation of Privilege
      6. Attack Patterns for Each Interesting Object Type
      7. What Other Object Types Are out There?
    6. Intelligent Fuzzing with Sulley
      1. Protocol Analysis
      2. Sulley Fuzzing Framework
    7. From Vulnerability to Exploit
      1. Exploitability
      2. Understanding the Problem
      3. Payload Construction Considerations
      4. Documenting the Problem
    8. Closing the Holes: Mitigation
      1. Mitigation Alternatives
      2. Patching
  9. Malware Analysis
    1. Collecting Malware and Initial Analysis
      1. Malware
      2. Latest Trends in Honeynet Technology
      3. Catching Malware: Setting the Trap
      4. Initial Analysis of Malware
    2. Hacking Malware
      1. Trends in Malware
      2. Peeling Back the Onion—De-obfuscation
      3. Reverse Engineering Malware
  10. Index