Gray Hat Hacking : The Ethical Hacker's Handbook,9780072257090

Gray Hat Hacking : The Ethical Hacker's Handbook

by
Edition: 1st
ISBN13: 9780072257090
ISBN10: 0072257091
Format: Paperback
Pub. Date: 2004-11-09
Publisher(s): MCGRAW-HILL PROFESSIONAL
Upgraded Edition: Click here!
List Price: $49.99

Rent Book

Select for Price
Add to Cart
There was a problem. Please try again later.

New Book

We're Sorry
Sold Out

Used Book

We're Sorry
Sold Out

eBook

We're Sorry
Not Available

Buy from our Marketplace starting at $3.29

How Marketplace Works:

  • This item is offered by an independent seller and not shipped from our warehouse
  • Item details like edition and cover design may differ from our description; see seller's comments before ordering.
  • Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
  • Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
  • Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.

Summary

Analyze your company's vulnerability to hacks with expert guidance from Gray Hat Hacking: The Ethical Hacker's Handbook. Discover advanced security tools and techniques such as fuzzing, reverse engineering, and binary scanning. Test systems using both passive and active vulnerability analysis. Learn to benefit from your role as a gray hat. Review ethical and legal issues and case studies. This unique resource provides leading-edge technical information being utilized by the top network engineers, security auditors, programmers, and vulnerability assessors. Plus, the book offers in-depth coverage of ethical disclosure and provides a practical course of action for those who find themselves in a "disclosure decision" position.

Author Biography

Shon Harris (Fairchild Air Force Base, WA) MCSE, CISSP, is a security consultant who provides security assessments and analysis, vulnerability testing, and solutions to a wide range of different businesses.

Allen Harper (Burke, VA) has served in the Marine Corps for 16 years as both enlisted and an officer. Currently, he serves as a security engineer in the US Department of Defense.

Chris Eagle (Monterey, CA) is the Associate Chairman of the Computer Science Department at the Naval Postgraduate School (NPS) in Monterey, CA.

Michael J. Lester (Miami, FL) CISSP, MCSE, MCSA, MCT, CCNP, CCDP, CCSE+, CCI, CCEA, CTT+, Linux+, Security+, Network+, I-net+, A+, holds a Bachelor of Science degree in Information Technology, and is a senior consultant and instructor for MicroLink Corporation.

Table of Contents

Foreward xvii
Introduction ixx
Part I Introduction to Ethical Disclosure
1(70)
Ethics of Ethical Hacking
3(20)
References
8(1)
How Does This Stuff Relate to an Ethical Hacking Book?
8(3)
Vulnerability Assessment
9(1)
Penetration Testing
10(1)
References
11(1)
The Controversy of Hacking Books and Classes
11(5)
The Dual Nature of Tools
12(2)
References
14(1)
Recognizing Trouble When It Happens
14(1)
Emulating the Attack
15(1)
Where Do Attackers Have Most of Their Fun?
16(2)
Security Does Not Like Complexity
16(1)
References
17(1)
Summary
18(5)
Questions
18(2)
Answers
20(3)
Ethical Hacking and the Legal System
23(22)
References
24(1)
Addressing Individual Laws
24(15)
18 USC Section 1029
24(3)
References
27(1)
18 USC Section 1030
27(5)
References
32(1)
A State Law Alternative
32(2)
References
34(1)
18 USC Sections 2510 and 2701
34(2)
References
36(1)
Digital Millennium Copyright Act
37(1)
References
38(1)
Cyber Security Enhancement Act of 2002
38(1)
Summary
39(6)
Questions
40(2)
Answers
42(3)
Proper and Ethical Disclosure
45(26)
Different Teams and Points of View
46(2)
How Did We Get Here?
47(1)
CERT's Current Process
48(2)
Full Disclosure Policy (RainForest Puppy Policy)
50(1)
Organization for Internet Safety (OIS)
51(8)
Discovery
52(1)
Notification
53(2)
Validation
55(3)
Resolution
58(1)
Release
59(1)
Conflicts Will Still Exist
59(1)
Case Studies
60(5)
Pros and Cons of Proper Disclosure Processes
60(4)
Vendors Paying More Attention
64(1)
So What Should We Do from Here on Out?
65(6)
iDefense
66(1)
References
66(1)
Summary
67(1)
Questions
67(2)
Answers
69(2)
Part II Penetration Testing and Tools
71(110)
Pen-Testing Process
73(22)
Types of Tests
73(2)
References
75(1)
Ramping Up
75(3)
Building a Team
75(1)
Building a Lab
76(1)
Contracts, Safety, and Staying Out of Jail
77(1)
Assessment Process
78(12)
Assessment Planning
78(1)
On-Site Meeting with the Customer to Kick Off Assessment
79(1)
Penetration Test Process
79(2)
References
81(1)
Red Teaming Process
81(3)
System Test Process
84(2)
Footprinting with Isof
86(3)
References
89(1)
Reporting Out
89(1)
Summary
90(5)
Questions
91(1)
Answers
92(3)
Beyond Hacking Exposed: Advanced Tools for Today's Hacker
95(58)
Scanning in the ``Good Old Days''
96(12)
Paketto Keiretsu (scanrand, paratrace)
96(11)
References
107(1)
Past and Present Forms of Fingerprinting
108(17)
xprobe2
109(5)
References
114(1)
pOf
114(4)
References
118(1)
amap
118(4)
References
122(1)
Winfingerprint
122(3)
Sniffing Tools
125(15)
libpcap and WinPcap
126(1)
References
127(1)
Passive Sniffing vs. Active Sniffing
127(7)
References
134(3)
References
137(1)
Defenses Against Active Sniffing
137(1)
Sniffing for Usernames and Passwords
138(1)
References
139(1)
Sniffing and Hacking LAN Manager Logon Credentials
140(8)
Using the Challenge and Hashes (the Hard Way)
143(1)
Using ettercap (the Easy Way)
144(2)
References
146(1)
Sniffing and Cracking Kerberos
146(2)
Summary
148(5)
Questions
150(1)
Answers
151(2)
Automated Penetration Testing
153(28)
Python Survival Skills
154(7)
Getting Python
154(1)
Hello, World
154(1)
Python Objects
155(5)
References
160(1)
Automated Penetration Testing Tools
161(16)
Core IMPACT
161(3)
References
164(1)
Immunity CANVAS
165(4)
References
169(1)
Metasploit
169(8)
References
177(1)
Summary
177(4)
Questions
177(2)
Answers
179(2)
Part III Exploits 101
181(136)
Programming Survival Skills
183(30)
Programming
184(4)
The Problem-Solving Process
184(1)
Pseudo-code
185(2)
Programmers vs. Hackers
187(1)
References
188(1)
C Programming Language
188(6)
Basic C Language Constructs
188(5)
Sample Program
193(1)
Compiling with gcc
193(1)
References
194(1)
Computer Memory
194(5)
Random Access Memory (RAM)
195(1)
Endian
195(1)
Segmentation of Memory
195(1)
Programs in Memory
196(1)
Buffers
197(1)
Strings in Memory
197(1)
Pointers
197(1)
Putting the Pieces of Memory Together
198(1)
References
198(1)
Intel Processors
199(3)
Registers
199(1)
Arithmetic Logic Unit (ALU)
199(1)
Program Counter
200(1)
Control Unit
200(1)
Buses
200(2)
References
202(1)
Assembly Language Basics
202(4)
Machine vs. Assembly vs. C
202(1)
AT&T vs. NASM
202(2)
Addressing Modes
204(1)
Assembly File Structure
205(1)
Assembling
206(1)
References
206(1)
Debugging with gdb
206(3)
gdb Basics
206(2)
Disassembly with gdb
208(1)
References
209(1)
Summary
209(4)
Questions
210(2)
Answers
212(1)
Basic Linux Exploits
213(26)
Stack Operations
213(3)
Stack Data Structure
214(1)
Operational Implementation
214(1)
Function Calling Procedure
214(1)
References
215(1)
Buffer Overflows
216(5)
Example Buffer Overflow
216(1)
Overflow of meet.c
217(3)
Ramifications of Buffer Overflows
220(1)
References
221(1)
Local Buffer Overflow Exploits
221(8)
Components of the Exploit
222(1)
Exploiting Stack Overflows by Command Line
223(2)
Exploiting Stack Overflows with Generic Exploit Code
225(1)
Exploitation of meet.c
226(1)
Exploiting Small Buffers
227(2)
References
229(1)
Remote Buffer Overflow Exploits
229(5)
Client/Server Model
229(3)
Determining the Remote esp Value
232(1)
Manual Brute Force with Perl
232(2)
References
234(1)
Summary
234(5)
Questions
235(2)
Answers
237(2)
Advance Linux Exploits
239(30)
Format String Exploits
239(11)
The Problem
240(3)
Reading from Arbitrary Memory
243(2)
Writing to Arbitrary Memory
245(2)
Taking .dtors to root
247(3)
References
250(1)
Heap Overflow Exploits
250(12)
Heap Overflows
251(1)
Memory Allocators (malloc)
252(1)
dlmalloc
253(4)
Exploiting Heap Overflows
257(4)
Alternative Exploits
261(1)
References
261(1)
Memory Protection Schemes
262(2)
Libsafe
262(1)
GRSecurity Kernel Patches and Scripts
262(1)
Stackshield
263(1)
Bottom Line
263(1)
References
264(1)
Summary
264(5)
Questions
265(2)
Answers
267(2)
Writing Linux Shellcode
269(26)
Basic Linux Shellcode
269(10)
System Calls
270(2)
Exit System Call
272(2)
setreuid System Call
274(2)
Shell-Spawning Shellcode with execve
276(3)
References
279(1)
Port-Binding Shellcode
279(8)
Linux Socket Programming
279(3)
Assembly Program to Establish a Socket
282(2)
Test the Shellcode
284(3)
References
287(1)
Reverse Connecting Shellcode
287(3)
Reverse Connecting C Program
287(1)
Reverse Connecting Assembly Program
288(2)
References
290(1)
Summary
290(5)
Questions
292(2)
Answers
294(1)
Writing a Basic Windows Exploit
295(22)
Compiling and Debugging Windows Programs
295(18)
Compiling on Windows
295(2)
Debugging on Windows
297(9)
Building a Basic Windows Exploit
306(7)
Summary
313(4)
Questions
314(1)
Answers
315(2)
Part IV Vulnerability Analysis
317(94)
Passive Analysis
319(30)
Ethical Reverse Engineering
319(1)
References
320(1)
Why Reverse Engineering?
320(1)
Reverse Engineering Considerations
321(1)
Source Code Analysis
321(8)
Source Code Auditing Tools
322(1)
The Utility of Source Code Auditing Tools
323(2)
Manual Source Code Auditing
325(4)
References
329(1)
Binary Analysis
329(1)
Automated Binary Analysis Tools
329(16)
References
332(1)
Manual Auditing of Binary Code
332(13)
References
345(1)
Summary
345(4)
Questions
346(1)
Answers
347(2)
Advanced Reverse Engineering
349(26)
Why Try to Break Software?
350(1)
The Software Development Process
350(1)
Instrumentation Tools
351(10)
Debuggers
352(2)
Code Coverage Tools
354(1)
Profiling Tools
354(1)
Flow Analysis Tools
354(2)
Memory Monitoring Tools
356(5)
References
361(1)
Fuzzing
361(1)
Instrumented Fuzzing Tools and Techniques
362(9)
A Simple URL Fuzzer
362(3)
Fuzzing Unknown Protocols
365(1)
SPIKE
365(4)
SPIKE Proxy
369(1)
Sharefuzz
369(1)
References
370(1)
Summary
371(4)
Questions
371(2)
Answers
373(2)
From Vulnerability to Exploit
375(22)
Exploitability
376(4)
Debugging for Exploitation
376(4)
References
380(1)
Understanding the Problem
380(10)
Preconditions and Postconditions
380(1)
Repeatability
381(9)
References
390(1)
Documenting the Problem
390(1)
Background Information
390(1)
Circumstances
391(1)
Research Results
391(1)
Summary
391(6)
Questions
392(2)
Answers
394(3)
Closing the Holes: Mitigation
397(14)
Mitigation Alternatives
397(3)
Port Knocking
398(1)
References
398(1)
Migration
398(1)
References
399(1)
Patching
400(11)
Source Code Patching Considerations
400(2)
Binary Patching Considerations
402(4)
References
406(1)
Summary
406(1)
Questions
406(2)
Answers
408(3)
Index 411

An electronic version of this book is available through VitalSource.

This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.

By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.

Digital License

You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.

More details can be found here.

A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.

Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.

Please view the compatibility matrix prior to purchase.