The shellcoder's handbook [electronic resource] : discovering and exploiting security holes / Chris Anley ... [et al.].
- 2nd ed.
- Indianapolis, IN : Wiley Technology Pub., 2007.
1 online resource (1140 p.)
- Computer security.
- Electronic books.
- System Details:
- text file
- This much-anticipated revision, written by the ultimate group of top security experts in the world, features 40 percent new content on how to find security holes in any operating system or applicationNew material addresses the many new exploitation techniques that have been discovered since the first edition, including attacking ""unbreakable"" software packages such as McAfee's Entercept, Mac OS X, XP, Office 2003, and VistaAlso features the first-ever published information on exploiting Cisco's IOS, with content that has never before been exploredThe companion Web site fe
- Cover; Title Page; Copyright; Dedication; About the Authors; Credits; Acknowledgments; Introduction to the Second Edition; Part I: Introduction to Exploitation: Linux on x86; Chapter 1: Before You Begin; Basic Concepts; Recognizing C and C++ Code Constructs in Assembly; Conclusion; Chapter 2: Stack Overflows; Buffers; The Stack; Overflowing Buffers on the Stack; An Interesting Diversion; Using an Exploit to Get Root Privileges; Defeating a Non-Executable Stack; Conclusion; Chapter 3: Shellcode; Understanding System Calls; Writing Shellcode for the exit() Syscall; Injectable Shellcode
Spawning a ShellConclusion; Chapter 4: Introduction to Format String Bugs; Prerequisites; What Is a Format String?; What Is a Format String Bug?; Format String Exploits; Controlling Execution for Exploitation; Why Did This Happen?; Format String Technique Roundup; Conclusion; Chapter 5: Introduction to Heap Overflows; What Is a Heap?; Finding Heap Overflows; Conclusion; Part II: Other Platforms-Windows, Solaris, OS/X, and Cisco; Chapter 6: The Wild World of Windows; How Does Windows Differ from Linux?; Heaps; The Genius and Idiocy of the Distributed Common Object Model and DCE-RPC
Debugging WindowsConclusion; Chapter 7: Windows Shellcode; Syntax and Filters; Setting Up; Popping a Shell; Why You Should Never Pop a Shell on Windows; Conclusion; Chapter 8: Windows Overflows; Stack-Based Buffer Overflows; Frame-Based Exception Handlers; Abusing Frame-Based Exception Handling on Windows 2003 Server; Stack Protection and Windows 2003 Server; Heap-Based Buffer Overflows; The Process Heap; Exploiting Heap-Based Overflows; Other Overflows; Exploiting Buffer Overflows and Non-Executable Stacks; Conclusion; Chapter 9: Overcoming Filters
Writing Exploits for Use with an Alphanumeric FilterWriting Exploits for Use with a Unicode Filter; Exploiting Unicode-Based Vulnerabilities; The Venetian Method; Decoder and Decoding; Conclusion; Chapter 10: Introduction to Solaris Exploitation; Introduction to the SPARC Architecture; Solaris/SPARC Shellcode Basics; Solaris/SPARC Stack Frame Introduction; Stack-Based Overflow Methodologies; Stack Overflow Exploitation In Action; Heap-Based Overflows on Solaris/SPARC; Basic Exploit Methodology (t_delete); Other Heap-Related Vulnerabilities; Heap Overflow Example
Other Solaris Exploitation TechniquesConclusion; Chapter 11: Advanced Solaris Exploitation; Single Stepping the Dynamic Linker; Various Style Tricks for Solaris SPARC Heap Overflows; Advanced Solaris/SPARC Shellcode; Conclusion; Chapter 12: OS X Shellcode; OS X Is Just BSD, Right?; Is OS X Open Source?; OS X for the Unix-aware; OS X PowerPC Shellcode; OS X Intel Shellcode; OS X Cross-Platform Shellcode; OS X Heap Exploitation; Bug Hunting on OS X; Some Interesting Bugs; Essential Reading for OS X Exploits; Conclusion; Chapter 13: Cisco IOS Exploitation; An Overview of Cisco IOS
Vulnerabilities in Cisco IOS
- Includes index.
- Anley, Chris.
|Location||Notes||Your Loan Policy|
|Description||Status||Barcode||Your Loan Policy|