Book description
This much-anticipated revision, written by the ultimate group of top security experts in the world, features 40 percent new content on how to find security holes in any operating system or application
New material addresses the many new exploitation techniques that have been discovered since the first edition, including attacking "unbreakable" software packages such as McAfee's Entercept, Mac OS X, XP, Office 2003, and Vista
Also features the first-ever published information on exploiting Cisco's IOS, with content that has never before been explored
The companion Web site features downloadable code files
Table of contents
- Copyright
- About the Authors
- Credits
- Acknowledgments
- Introduction to the Second Edition
-
I. Introduction to Exploitation: Linux on x86
- 1. Before You Begin
- 2. Stack Overflows
- 3. Shellcode
- 4. Introduction to Format String Bugs
- 5. Introduction to Heap Overflows
-
II. Other Platforms—Windows, Solaris, OS/X, and Cisco
- 6. The Wild World of Windows
- 7. Windows Shellcode
-
8. Windows Overflows
- 8.1. Stack-Based Buffer Overflows
- 8.2. Frame-Based Exception Handlers
- 8.3. Abusing Frame-Based Exception Handling on Windows 2003 Server
- 8.4. Stack Protection and Windows 2003 Server
- 8.5. Heap-Based Buffer Overflows
- 8.6. The Process Heap
- 8.7. Exploiting Heap-Based Overflows
- 8.8. Other Overflows
- 8.9. Exploiting Buffer Overflows and Non-Executable Stacks
- 8.10. Conclusion
- 9. Overcoming Filters
-
10. Introduction to Solaris Exploitation
- 10.1. Introduction to the SPARC Architecture
- 10.2. Solaris/SPARC Shellcode Basics
- 10.3. Solaris/SPARC Stack Frame Introduction
- 10.4. Stack-Based Overflow Methodologies
- 10.5. Stack Overflow Exploitation In Action
- 10.6. Heap-Based Overflows on Solaris/SPARC
- 10.7. Basic Exploit Methodology (t_delete)
- 10.8. Other Heap-Related Vulnerabilities
- 10.9. Heap Overflow Example
- 10.10. Other Solaris Exploitation Techniques
- 10.11. Conclusion
- 11. Advanced Solaris Exploitation
-
12. OS X Shellcode
- 12.1. OS X Is Just BSD, Right?
- 12.2. Is OS X Open Source?
- 12.3. OS X for the Unix-aware
- 12.4. OS X PowerPC Shellcode
- 12.5. OS X Intel Shellcode
- 12.6. OS X Cross-Platform Shellcode
- 12.7. OS X Heap Exploitation
- 12.8. Bug Hunting on OS X
- 12.9. Some Interesting Bugs
- 12.10. Essential Reading for OS X Exploits
- 12.11. Conclusion
- 13. Cisco IOS Exploitation
-
14. Protection Mechanisms
- 14.1. Protections
- 14.2. Implementation Differences
- 14.3. Conclusion
-
III. Vulnerability Discovery
- 15. Establishing a Working Environment
- 16. Fault Injection
- 17. The Art of Fuzzing
-
18. Source Code Auditing: Finding Vulnerabilities in C-Based Languages
- 18.1. Tools
- 18.2. Automated Source Code Analysis Tools
- 18.3. Methodology
-
18.4. Vulnerability Classes
- 18.4.1. Generic Logic Errors
- 18.4.2. (Almost) Extinct Bug Classes
- 18.4.3. Format Strings
- 18.4.4. Generic Incorrect Bounds-Checking
- 18.4.5. Loop Constructs
- 18.4.6. Off-by-One Vulnerabilities
- 18.4.7. Non-Null Termination Issues
- 18.4.8. Skipping Null-Termination Issues
- 18.4.9. Signed Comparison Vulnerabilities
- 18.4.10. Integer-Related Vulnerabilities
- 18.4.11. Different-Sized Integer Conversions
- 18.4.12. Double Free Vulnerabilities
- 18.4.13. Out-of-Scope Memory Usage Vulnerabilities
- 18.4.14. Uninitialized Variable Usage
- 18.4.15. Use After Free Vulnerabilities
- 18.4.16. Multithreaded Issues and Re-Entrant Safe Code
- 18.5. Beyond Recognition: A Real Vulnerability versus a Bug
- 18.6. Conclusion
-
19. Instrumented Investigation: A Manual Approach
- 19.1. Philosophy
- 19.2. Oracle extproc Overflow
- 19.3. Common Architectural Failures
- 19.4. Bypassing Input Validation and Attack Detection
- 19.5. Windows 2000 SNMP DOS
- 19.6. Finding DOS Attacks
- 19.7. SQL-UDP
- 19.8. Conclusion
- 20. Tracing for Vulnerabilities
-
21. Binary Auditing: Hacking Closed Source Software
- 21.1. Binary versus Source-Code Auditing: The Obvious Differences
- 21.2. IDA Pro—The Tool of the Trade
- 21.3. Binary Auditing Introduction
- 21.4. Reconstructing Class Definitions
- 21.5. Manual Binary Analysis
- 21.6. Binary Vulnerability Examples
- 21.7. Conclusion
-
IV. Advanced Materials
- 22. Alternative Payload Strategies
- 23. Writing Exploits that Work in the Wild
- 24. Attacking Database Software
- 25. Unix Kernel Overflows
-
26. Exploiting Unix Kernel Vulnerabilities
- 26.1. The exec_ibcs2_coff_prep_zmagic() Vulnerability
- 26.2. Solaris vfs_getvfssw() Loadable Kernel Module Path Traversal Exploit
- 26.3. Conclusion
-
27. Hacking the Windows Kernel
- 27.1. Windows Kernel Mode Flaws—An Increasingly Hunted Species
- 27.2. Introduction to the Windows Kernel
- 27.3. Common Kernel-Mode Programming Flaws
- 27.4. Windows System Calls
- 27.5. Communicating with Device Drivers
- 27.6. Kernel-Mode Payloads
- 27.7. Essential Reading for Kernel Shellcoders
- 27.8. Conclusion
Product information
- Title: The Shellcoder's Handbook: Discovering and Exploiting Security Holes, Second Edition
- Author(s):
- Release date: August 2007
- Publisher(s): Wiley
- ISBN: 9780470080238
You might also like
book
Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions
Learn to defend crucial ICS/SCADA infrastructure from devastating attacks the tried-and-true Hacking Exposed way This practical …
book
Mastering Linux Security and Hardening - Second Edition
A comprehensive guide to securing your Linux system against cyberattacks and intruders Key Features Deliver a …
book
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
“There are a number of secure programming books on the market, but none that go as …
book
The Web Application Hacker's Handbook, 2nd Edition
The highly successful security book returns with a new edition, completely updated Web applications are the …