A Bug Hunter's Diary

A Guided Tour Through the Wilds of Software Security

Author: Tobias Klein

Publisher: No Starch Press

ISBN: 1593273851

Category: COMPUTERS

Page: 208

View: 9491

DOWNLOAD NOW »
Klein tracks down and exploits bugs in some of the world's most popular programs. Whether by browsing source code, poring over disassembly, or fuzzing live programs, readers get an over-the-shoulder glimpse into the world of a bug hunter as Klein unearths security flaws and uses them to take control of affected systems.

Sockets, Shellcode, Porting, and Coding: Reverse Engineering Exploits and Tool Coding for Security Professionals

Author: James C Foster

Publisher: Elsevier

ISBN: 9780080489728

Category: Computers

Page: 700

View: 9291

DOWNLOAD NOW »
The book is logically divided into 5 main categories with each category representing a major skill set required by most security professionals: 1. Coding – The ability to program and script is quickly becoming a mainstream requirement for just about everyone in the security industry. This section covers the basics in coding complemented with a slue of programming tips and tricks in C/C++, Java, Perl and NASL. 2. Sockets – The technology that allows programs and scripts to communicate over a network is sockets. Even though the theory remains the same – communication over TCP and UDP, sockets are implemented differently in nearly ever language. 3. Shellcode – Shellcode, commonly defined as bytecode converted from Assembly, is utilized to execute commands on remote systems via direct memory access. 4. Porting – Due to the differences between operating platforms and language implementations on those platforms, it is a common practice to modify an original body of code to work on a different platforms. This technique is known as porting and is incredible useful in the real world environments since it allows you to not “recreate the wheel. 5. Coding Tools – The culmination of the previous four sections, coding tools brings all of the techniques that you have learned to the forefront. With the background technologies and techniques you will now be able to code quick utilities that will not only make you more productive, they will arm you with an extremely valuable skill that will remain with you as long as you make the proper time and effort dedications. *Contains never before seen chapters on writing and automating exploits on windows systems with all-new exploits. *Perform zero-day exploit forensics by reverse engineering malicious code. *Provides working code and scripts in all of the most common programming languages for readers to use TODAY to defend their networks.

Fuzzing

Brute Force Vulnerabilty Discovery

Author: Michael Sutton,Adam Greene,Pedram Amini

Publisher: Pearson Education

ISBN: N.A

Category: Computers

Page: 543

View: 6595

DOWNLOAD NOW »
Provides information on using fuzzing to detect weaknesses in software.

Buffer Overflow Attacks

Detect, Exploit, Prevent

Author: Jason Deckard

Publisher: Elsevier

ISBN: 9780080488424

Category: Computers

Page: 304

View: 7453

DOWNLOAD NOW »
The SANS Institute maintains a list of the "Top 10 Software Vulnerabilities." At the current time, over half of these vulnerabilities are exploitable by Buffer Overflow attacks, making this class of attack one of the most common and most dangerous weapon used by malicious attackers. This is the first book specifically aimed at detecting, exploiting, and preventing the most common and dangerous attacks. Buffer overflows make up one of the largest collections of vulnerabilities in existence; And a large percentage of possible remote exploits are of the overflow variety. Almost all of the most devastating computer attacks to hit the Internet in recent years including SQL Slammer, Blaster, and I Love You attacks. If executed properly, an overflow vulnerability will allow an attacker to run arbitrary code on the victim’s machine with the equivalent rights of whichever process was overflowed. This is often used to provide a remote shell onto the victim machine, which can be used for further exploitation. A buffer overflow is an unexpected behavior that exists in certain programming languages. This book provides specific, real code examples on exploiting buffer overflow attacks from a hacker's perspective and defending against these attacks for the software developer. Over half of the "SANS TOP 10 Software Vulnerabilities" are related to buffer overflows. None of the current-best selling software security books focus exclusively on buffer overflows. This book provides specific, real code examples on exploiting buffer overflow attacks from a hacker's perspective and defending against these attacks for the software developer.

The Tangled Web

A Guide to Securing Modern Web Applications

Author: Michal Zalewski

Publisher: No Starch Press

ISBN: 1593273886

Category: Computers

Page: 320

View: 4109

DOWNLOAD NOW »
Modern web applications are built on a tangle of technologies that have been developed over time and then haphazardly pieced together. Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape. In The Tangled Web, Michal Zalewski, one of the world's top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they're fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. You'll learn how to: * Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization * Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing * Leverage many variants of the same-origin policy to safely compartmentalize complex web applications and protect user credentials in case of XSS bugs * Build mashups and embed gadgets without getting stung by the tricky frame navigation policy * Embed or host user-supplied content without running into the trap of content sniffing For quick reference, "Security Engineering Cheat Sheets" at the end of each chapter offer ready solutions to problems you're most likely to encounter. With coverage extending as far as planned HTML5 features, The Tangled Web will help you create secure web applications that stand the test of time.

Silence on the Wire

A Field Guide to Passive Reconnaissance and Indirect Attacks

Author: Michal Zalewski

Publisher: No Starch Press

ISBN: 1593270461

Category: Computers

Page: 312

View: 7875

DOWNLOAD NOW »
"This book will be riveting reading for security professionals and students, as well as technophiles interested in learning about how computer security fits into the big picture and high-level hackers seeking to broaden their understanding of their craft."--BOOK JACKET.

The Art of Software Security Assessment

Identifying and Preventing Software Vulnerabilities

Author: Mark Dowd,John McDonald,Justin Schuh

Publisher: Addison-Wesley Professional

ISBN: 9780321444424

Category: Computers

Page: 1174

View: 3584

DOWNLOAD NOW »
Solid code auditing methodologies and secrets of the trade from two very successful security researchers.

Linux Shell Scripting Cookbook

Author: Sarath Lakshman

Publisher: Packt Publishing Ltd

ISBN: 1849513775

Category: Computers

Page: 360

View: 8469

DOWNLOAD NOW »
This book is written in cookbook style and it offers learning through recipes with examples and illustrations. Each recipe contains step-by-step instructions about everything necessary to execute a particular task. The book is designed so that you can read it from start to end for beginner's or just open up any chapter and start following the recipes as a reference for advanced users.If you are a beginner or an intermediate user who wants to master the skill of quickly writing scripts to perform various tasks without reading the entire man pages, this book is for you. You can start writing scripts and one-liners by simply looking at the similar recipe and its descriptions without any working knowledge of shell scripting or Linux. Intermediate/advanced users as well as system adminstrators/ developers and programmers can use this book as a reference when they face problems while coding.

The Computer Incident Response Planning Handbook: Executable Plans for Protecting Information at Risk

Author: N. K. McCarthy,Matthew Todd,Jeff Klaben

Publisher: McGraw Hill Professional

ISBN: 0071790403

Category: Computers

Page: 528

View: 6392

DOWNLOAD NOW »
Uncertainty and risk, meet planning and action. Reinforce your organization’s security posture using the expert information contained in this tactical guide. The Computer Incident Response Planning Handbook: Executable Plans for Protecting Information at Risk shows you how to build and manage successful response plans for the cyber incidents that have become inevitable for organizations of any size. Find out why these plans work. Learn the step-by-step process for developing and managing plans built to address the wide range of issues organizations face in times of crisis. Contains the essentials for developing both data breach and malware outbreak response plans—and best practices for maintaining those plans Features ready-to-implement CIRPs—derived from living incident response plans that have survived the rigors of repeated execution and numerous audits Clearly explains how to minimize the risk of post-event litigation, brand impact, fines and penalties—and how to protect shareholder value Supports corporate compliance with industry standards and requirements, including PCI, HIPAA, SOX, and CA SB-24

Practical Malware Analysis

The Hands-On Guide to Dissecting Malicious Software

Author: Michael Sikorski,Andrew Honig

Publisher: No Starch Press

ISBN: 1593272901

Category: Computers

Page: 800

View: 4258

DOWNLOAD NOW »
Introduces tools and techniques for analyzing and debugging malicious software, discussing how to set up a safe virtual environment, overcome malware tricks, and use five of the most popular packers.

Backtrack 5 Wireless Penetration Testing

Beginner's Guide

Author: Vivek Ramachandran

Publisher: Packt Publishing Ltd

ISBN: 184951559X

Category: Computers

Page: 220

View: 4429

DOWNLOAD NOW »
Wireless has become ubiquitous in today’s world. The mobility and flexibility provided by it makes our lives more comfortable and productive. But this comes at a cost – Wireless technologies are inherently insecure and can be easily broken. BackTrack is a penetration testing and security auditing distribution that comes with a myriad of wireless networking tools used to simulate network attacks and detect security loopholes. Backtrack 5 Wireless Penetration Testing Beginner’s Guide will take you through the journey of becoming a Wireless hacker. You will learn various wireless testing methodologies taught using live examples, which you will implement throughout this book. The engaging practical sessions very gradually grow in complexity giving you enough time to ramp up before you get to advanced wireless attacks. This book will take you through the basic concepts in Wireless and creating a lab environment for your experiments to the business of different lab sessions in wireless security basics, slowly turn on the heat and move to more complicated scenarios, and finally end your journey by conducting bleeding edge wireless attacks in your lab. There are many interesting and new things that you will learn in this book – War Driving, WLAN packet sniffing, Network Scanning, Circumventing hidden SSIDs and MAC filters, bypassing Shared Authentication, Cracking WEP and WPA/WPA2 encryption, Access Point MAC spoofing, Rogue Devices, Evil Twins, Denial of Service attacks, Viral SSIDs, Honeypot and Hotspot attacks, Caffe Latte WEP Attack, Man-in-the-Middle attacks, Evading Wireless Intrusion Prevention systems and a bunch of other cutting edge wireless attacks. If you were ever curious about what wireless security and hacking was all about, then this book will get you started by providing you with the knowledge and practical know-how to become a wireless hacker. Hands-on practical guide with a step-by-step approach to help you get started immediately with Wireless Penetration Testing

A Guide to Kernel Exploitation

Attacking the Core

Author: Enrico Perla,Massimiliano Oldani

Publisher: Elsevier

ISBN: 9781597494878

Category: Computers

Page: 464

View: 4463

DOWNLOAD NOW »
A Guide to Kernel Exploitation: Attacking the Core discusses the theoretical techniques and approaches needed to develop reliable and effective kernel-level exploits, and applies them to different operating systems, namely, UNIX derivatives, Mac OS X, and Windows. Concepts and tactics are presented categorically so that even when a specifically detailed vulnerability has been patched, the foundational information provided will help hackers in writing a newer, better attack; or help pen testers, auditors, and the like develop a more concrete design and defensive structure. The book is organized into four parts. Part I introduces the kernel and sets out the theoretical basis on which to build the rest of the book. Part II focuses on different operating systems and describes exploits for them that target various bug classes. Part III on remote kernel exploitation analyzes the effects of the remote scenario and presents new techniques to target remote issues. It includes a step-by-step analysis of the development of a reliable, one-shot, remote exploit for a real vulnerabilitya bug affecting the SCTP subsystem found in the Linux kernel. Finally, Part IV wraps up the analysis on kernel exploitation and looks at what the future may hold. Covers a range of operating system families — UNIX derivatives, Mac OS X, Windows Details common scenarios such as generic memory corruption (stack overflow, heap overflow, etc.) issues, logical bugs and race conditions Delivers the reader from user-land exploitation to the world of kernel-land (OS) exploits/attacks, with a particular focus on the steps that lead to the creation of successful techniques, in order to give to the reader something more than just a set of tricks

How We Test Software at Microsoft

Author: Alan Page,Ken Johnston,Bj Rollison

Publisher: Microsoft Press

ISBN: 0735638314

Category: Computers

Page: 448

View: 6462

DOWNLOAD NOW »
It may surprise you to learn that Microsoft employs as many software testers as developers. Less surprising is the emphasis the company places on the testing discipline—and its role in managing quality across a diverse, 150+ product portfolio. This book—written by three of Microsoft’s most prominent test professionals—shares the best practices, tools, and systems used by the company’s 9,000-strong corps of testers. Learn how your colleagues at Microsoft design and manage testing, their approach to training and career development, and what challenges they see ahead. Most important, you’ll get practical insights you can apply for better results in your organization. Discover how to: Design effective tests and run them throughout the product lifecycle Minimize cost and risk with functional tests, and know when to apply structural techniques Measure code complexity to identify bugs and potential maintenance issues Use models to generate test cases, surface unexpected application behavior, and manage risk Know when to employ automated tests, design them for long-term use, and plug into an automation infrastructure Review the hallmarks of great testers—and the tools they use to run tests, probe systems, and track progress efficiently Explore the challenges of testing services vs. shrink-wrapped software

Spam Nation

The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door

Author: Brian Krebs

Publisher: Sourcebooks, Inc.

ISBN: 1402295634

Category: Political Science

Page: 256

View: 7661

DOWNLOAD NOW »
Now a New York Times bestseller! There is a Threat Lurking Online with the Power to Destroy Your Finances, Steal Your Personal Data, and Endanger Your Life. In Spam Nation, investigative journalist and cybersecurity expert Brian Krebs unmasks the criminal masterminds driving some of the biggest spam and hacker operations targeting Americans and their bank accounts. Tracing the rise, fall, and alarming resurrection of the digital mafia behind the two largest spam pharmacies-and countless viruses, phishing, and spyware attacks-he delivers the first definitive narrative of the global spam problem and its threat to consumers everywhere. Blending cutting-edge research, investigative reporting, and firsthand interviews, this terrifying true story reveals how we unwittingly invite these digital thieves into our lives every day. From unassuming computer programmers right next door to digital mobsters like "Cosma"-who unleashed a massive malware attack that has stolen thousands of Americans' logins and passwords-Krebs uncovers the shocking lengths to which these people will go to profit from our data and our wallets. Not only are hundreds of thousands of Americans exposing themselves to fraud and dangerously toxic products from rogue online pharmacies, but even those who never open junk messages are at risk. As Krebs notes, spammers can-and do-hack into accounts through these emails, harvest personal information like usernames and passwords, and sell them on the digital black market. The fallout from this global epidemic doesn't just cost consumers and companies billions, it costs lives too. Fast-paced and utterly gripping, Spam Nation ultimately proposes concrete solutions for protecting ourselves online and stemming this tidal wave of cybercrime-before it's too late. "Krebs's talent for exposing the weaknesses in online security has earned him respect in the IT business and loathing among cybercriminals... His track record of scoops...has helped him become the rare blogger who supports himself on the strength of his reputation for hard-nosed reporting." -Bloomberg Businessweek

Hacking the Xbox

An Introduction to Reverse Engineering

Author: Andrew Huang

Publisher: N.A

ISBN: 9781593270292

Category: Computers

Page: 272

View: 1323

DOWNLOAD NOW »
Provides step-by-step instructions on basic hacking techniques and reverse engineering skills along with information on Xbox security, hardware, and software.

Reversing

Secrets of Reverse Engineering

Author: Eldad Eilam

Publisher: John Wiley & Sons

ISBN: 1118079760

Category: Computers

Page: 624

View: 6712

DOWNLOAD NOW »
Beginning with a basic primer on reverse engineering-including computer internals, operating systems, and assembly language-and then discussing the various applications of reverse engineering, this book provides readers with practical, in-depth techniques for software reverse engineering. The book is broken into two parts, the first deals with security-related reverse engineering and the second explores the more practical aspects of reverse engineering. In addition, the author explains how to reverse engineer a third-party software library to improve interfacing and how to reverse engineer a competitor's software to build a better product. * The first popular book to show how software reverse engineering can help defend against security threats, speed up development, and unlock the secrets of competitive products * Helps developers plug security holes by demonstrating how hackers exploit reverse engineering techniques to crack copy-protection schemes and identify software targets for viruses and other malware * Offers a primer on advanced reverse-engineering, delving into "disassembly"-code-level reverse engineering-and explaining how to decipher assembly language

Thinking Security

Stopping Next Year's Hack

Author: Steve Bellovin

Publisher: Addison-Wesley Professional

ISBN: 9780134277547

Category:

Page: 400

View: 7420

DOWNLOAD NOW »
You already know the endless list of security "do's and don'ts": run AV software and firewalls, lock everything down, encrypt everything, watch all your network traffic, follow checklists... But even if you're spending a fortune doing all that, you're at greater risk than ever: even the world's most security-focused organizations are being victimized by massive attacks. Something is terribly wrong. We're protecting the wrong things, damaging productivity, and making it way too hard for our people to help us. Today, getting security right requires more than checklists; it requires careful thinking about your actual threats and technologies. That's what this book is about: how to think about security. Most security books just give you "do's and don'ts." Thinking Security tells you why, and helps you design a security architecture that truly fits your organization. Written by Steve Bellovin, one of the world's most respected security consultants, this guide is for professionals who know all the basics: working security specialists, admins, IT managers, architects, and chief security officers. Bellovin will help you take a deeper look at what you're doing, understand security as a "systems problem," recognize the implications of your environment, and "think like the enemy." Bellovin shares usable and up-to-date insights and recommendations on issues ranging from SSO and federated authentication to clouds, BYOD, and virtualization. You'll also find a full section on secure operations, covering everything from hiring, vendor selection, and patch management to emerging risks associated with the Internet of Things. Perfect security is impossible - but Thinking Security will help you get it about as right as anyone can.

Bitcoin for the Befuddled

Author: Conrad Barski,Chris Wilmer

Publisher: No Starch Press

ISBN: 1593275730

Category: Business & Economics

Page: 256

View: 7781

DOWNLOAD NOW »
Unless you’ve been living under a rock for the last couple of years, you’ve probably heard of Bitcoin—the game-changing digital currency used by millions worldwide. But Bitcoin isn't just another way to buy stuff. It’s an anonymous, revolutionary, cryptographically secure currency that functions without the oversight of a central authority or government. If you want to get into the Bitcoin game but find yourself a little confused, Bitcoin for the ­Befuddled may be just what you’re looking for. Learn what Bitcoin is; how it works; and how to acquire, store, and spend bitcoins safely and securely. You'll also learn: Bitcoin’s underlying cryptographic principles, and how bitcoins are createdThe history of Bitcoin and its potential impact on trade and commerceAll about the blockchain, the public ledger of Bitcoin transactionsHow to choose a bitcoin wallet that’s safe and easy to useHow to accept bitcoins as payment in your physical store or on your websiteAdvanced topics, including Bitcoin mining and Bitcoin programming With its non-technical language and patient, step-by-step approach to this fascinating currency, Bitcoin for the Befuddled is your ticket to getting started with Bitcoin. Get out from under the rock and get in the Bitcoin game. Just make sure not to lose your shirt.

Engineering a Compiler

Author: Keith Cooper,Linda Torczon

Publisher: Elsevier

ISBN: 9780080916613

Category: Computers

Page: 824

View: 9291

DOWNLOAD NOW »
This entirely revised second edition of Engineering a Compiler is full of technical updates and new material covering the latest developments in compiler technology. In this comprehensive text you will learn important techniques for constructing a modern compiler. Leading educators and researchers Keith Cooper and Linda Torczon combine basic principles with pragmatic insights from their experience building state-of-the-art compilers. They will help you fully understand important techniques such as compilation of imperative and object-oriented languages, construction of static single assignment forms, instruction scheduling, and graph-coloring register allocation. In-depth treatment of algorithms and techniques used in the front end of a modern compiler Focus on code optimization and code generation, the primary areas of recent research and development Improvements in presentation including conceptual overviews for each chapter, summaries and review questions for sections, and prominent placement of definitions for new terms Examples drawn from several different programming languages

The Art of Deception

Controlling the Human Element of Security

Author: Kevin D. Mitnick,William L. Simon

Publisher: John Wiley & Sons

ISBN: 076453839X

Category: Computers

Page: 368

View: 7872

DOWNLOAD NOW »
The world's most infamous hacker offers an insider's view of the low-tech threats to high-tech security Kevin Mitnick's exploits as a cyber-desperado and fugitive form one of the most exhaustive FBI manhunts in history and have spawned dozens of articles, books, films, and documentaries. Since his release from federal prison, in 1998, Mitnick has turned his life around and established himself as one of the most sought-after computer security experts worldwide. Now, in The Art of Deception, the world's most notorious hacker gives new meaning to the old adage, "It takes a thief to catch a thief." Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. With the help of many fascinating true stories of successful attacks on business and government, he illustrates just how susceptible even the most locked-down information systems are to a slick con artist impersonating an IRS agent. Narrating from the points of view of both the attacker and the victims, he explains why each attack was so successful and how it could have been prevented in an engaging and highly readable style reminiscent of a true-crime novel. And, perhaps most importantly, Mitnick offers advice for preventing these types of social engineering hacks through security protocols, training programs, and manuals that address the human element of security.