Gray Hat Hacking the Ethical Hacker Handbook 3rd Edition by Allen Harper, Shon Harris, Jonathan Ness, Chris Eagle, Gideon Lenkey, Terron Williams ISBN 9780071742566 0071742565

Gray Hat Hacking the Ethical Hacker Handbook 3rd Edition by Allen Harper, Shon Harris, Jonathan Ness, Chris Eagle, Gideon Lenkey, Terron Williams – Ebook PDF Instant Download/Delivery. 9780071742566 ,0071742565
Full download Gray Hat Hacking the Ethical Hacker Handbook 3rd Edition after payment

Product details:
ISBN 10: 0071742565
ISBN 13: 9780071742566
Author: Allen Harper, Shon Harris, Jonathan Ness, Chris Eagle, Gideon Lenkey, Terron Williams

Gray Hat Hacking the Ethical Hacker Handbook 3rd Edition Table of contents:

Part I Introduction to Ethical Disclosure

Chapter 1 Ethics of Ethical Hacking

Why You Need to Understand Your Enemy’s Tactics

Recognizing the Gray Areas in Security

How Does This Stuff Relate to an Ethical Hacking Book?

Vulnerability Assessment

Penetration Testing

The Controversy of Hacking Books and Classes

The Dual Nature of Tools

Recognizing Trouble When It Happens

Emulating the Attack

Where Do Attackers Have Most of Their Fun?

Security Does Not Like Complexity

Chapter 2 Ethical Hacking and the Legal System

The Rise of Cyberlaw

Understanding Individual Cyberlaws

18 USC Section 1029: The Access Device Statute

18 USC Section 1030 of the Computer Fraud and Abuse Act

18 USC Sections 2510, et. Seq., and 2701, et. Seq., of the Electronic Communication Privacy Act

Digital Millennium Copyright Act (DMCA)

Cyber Security Enhancement Act of 2002

Securely Protect Yourself Against Cyber Trespass Act (SPY Act)

Chapter 3 Proper and Ethical Disclosure

Different Teams and Points of View

How Did We Get Here?

CERT’s Current Process

Full Disclosure Policy—the RainForest Puppy Policy

Organization for Internet Safety (OIS)

Discovery

Notification

Validation

Resolution

Release

Conflicts Will Still Exist

“No More Free Bugs”

Case Studies

Pros and Cons of Proper Disclosure Processes

Vendors Paying More Attention

So What Should We Do from Here on Out?

iDefense and ZDI

Part II Penetration Testing and Tools

Chapter 4 Social Engineering Attacks

How a Social Engineering Attack Works

Conducting a Social Engineering Attack

Common Attacks Used in Penetration Testing

The Good Samaritan

The Meeting

Join the Company

Preparing Yourself for Face-to-Face Attacks

Defending Against Social Engineering Attacks

Chapter 5 Physical Penetration Attacks

Why a Physical Penetration Is Important

Conducting a Physical Penetration

Reconnaissance

Mental Preparation

Common Ways into a Building

The Smokers’ Door

Manned Checkpoints

Locked Doors

Physically Defeating Locks

Once You Are Inside

Defending Against Physical Penetrations

Chapter 6 Insider Attacks

Why Simulating an Insider Attack Is Important

Conducting an Insider Attack

Tools and Preparation

Orientation

Gaining Local Administrator Privileges

Disabling Antivirus

Raising Cain

Defending Against Insider Attacks

Chapter 7 Using the BackTrack Linux Distribution

BackTrack: The Big Picture

Installing BackTrack to DVD or USB Thumb Drive

Using the BackTrack ISO Directly Within a Virtual Machine

Creating a BackTrack Virtual Machine with VirtualBox

Booting the BackTrack LiveDVD System

Exploring the BackTrack X Windows Environment

Starting Network Services

Persisting Changes to Your BackTrack Installation

Installing Full BackTrack to Hard Drive or USB Thumb Drive

Creating a New ISO with Your One-time Changes

Using a Custom File that Automatically Saves and Restores Changes

Exploring the BackTrack Boot Menu

Updating BackTrack

Chapter 8 Using Metasploit

Metasploit: The Big Picture

Getting Metasploit

Using the Metasploit Console to Launch Exploits

Exploiting Client-Side Vulnerabilities with Metasploit

Penetration Testing with Metasploit’s Meterpreter

Automating and Scripting Metasploit

Going Further with Metasploit

Chapter 9 Managing a Penetration Test

Planning a Penetration Test

Types of Penetration Tests

Scope of a Penetration Test

Locations of the Penetration Test

Organization of the Penetration Testing Team

Methodologies and Standards

Phases of the Penetration Test

Testing Plan for a Penetration Test

Structuring a Penetration Testing Agreement

Statement of Work

Get-Out-of-Jail-Free Letter

Execution of a Penetration Test

Kickoff Meeting

Access During the Penetration Test

Managing Expectations

Managing Problems

Steady Is Fast

External and Internal Coordination

Information Sharing During a Penetration Test

Dradis Server

Reporting the Results of a Penetration Test

Format of the Report

Out Brief of the Report

Part III Exploiting

Chapter 10 Programming Survival Skills

C Programming Language

Basic C Language Constructs

Sample Program

Compiling with gcc

Computer Memory

Random Access Memory (RAM)

Endian

Segmentation of Memory

Programs in Memory

Buffers

Strings in Memory

Pointers

Putting the Pieces of Memory Together

Intel Processors

Registers

Assembly Language Basics

Machine vs. Assembly vs C

AT&T vs. NASM

Addressing Modes

Assembly File Structure

Assembling

Debugging with gdb

gdb Basics

Disassembly with gdb

Python Survival Skills

Getting Python

Hello World in Python

Python Objects

Strings

Numbers

Lists

Dictionaries

Files with Python

Sockets with Python

Chapter 11 Basic Linux Exploits

Stack Operations

Function Calling Procedure

Buffer Overflows

Overflow of meet.c

Ramifications of Buffer Overflows

Local Buffer Overflow Exploits

Components of the Exploit

Exploiting Stack Overflows from the Command Line

Exploiting Stack Overflows with Generic Exploit Code

Exploiting Small Buffers

Exploit Development Process

Control eip

Determine the Offset(s)

Determine the Attack Vector

Build the Exploit Sandwich

Test the Exploit

Chapter 12 Advanced Linux Exploits

Format String Exploits

The Problem

Reading from Arbitrary Memory

Writing to Arbitrary Memory

Taking dtors to root

Memory Protection Schemes

Compiler Improvements

Kernel Patches and Scripts

Return to libc Exploits

Bottom Line

Chapter 13 Shellcode Strategies

User Space Shellcode

System Calls

Basic Shellcode

Port Binding Shellcode

Reverse Shellcode

Find Socket Shellcode

Command Execution Code

File Transfer Code

Multistage Shellcode

System Call Proxy Shellcode

Process Injection Shellcode

Other Shellcode Considerations

Shellcode Encoding

Self-Corrupting Shellcode

Disassembling Shellcode

Kernel Space Shellcode

Kernel Space Considerations

Chapter 14 Writing Linux Shellcode

Basic Linux Shellcode

System Calls

System Calls by C

System Calls by Assembly

Exit System Call

setreuid System Call

Shell-Spawning Shellcode with execve

Implementing Port-Binding Shellcode

Linux Socket Programming

Assembly Program to Establish a Socket

Test the Shellcode

Implementing Reverse Connecting Shellcode

Reverse Connecting C Program

Reverse Connecting Assembly Program

Encoding Shellcode

Simple XOR Encoding

Structure of Encoded Shellcode

JMP/CALL XOR Decoder Example

FNSTENV XOR Example

Putting the Code Together

Automating Shellcode Generation with Metasploit

Generating Shellcode with Metasploit

Encoding Shellcode with Metasploit

Chapter 15 Windows Exploits

Compiling and Debugging Windows Programs

Compiling on Windows

Debugging on Windows with OllyDbg

Writing Windows Exploits

Exploit Development Process Review

ProSSHD Server

Control eip

Determine the Offset(s)

Determine the Attack Vector

Build the Exploit Sandwich

Debug the Exploit if Needed

Understanding Structured Exception Handling (SEH)

Implementation of SEH

Understanding Windows Memory Protections (XP SP3, Vista, 7, and Server 2008)

Stack-Based Buffer Overrun Detection (/GS)

Safe Structured Exception Handling (SafeSEH)

SEH Overwrite Protection (SEHOP)

Heap Protections

Data Execution Prevention (DEP)

Address Space Layout Randomization (ASLR)

Bypassing Windows Memory Protections

Bypassing /GS

Bypassing SafeSEH

Bypassing ASLR

Bypassing DEP

Bypassing SEHOP

Summary of Memory Bypass Methods

Chapter 16 Understanding and Detecting Content-Type Attacks

How Do Content-Type Attacks Work?

Which File Formats Are Being Exploited Today?

Intro to the PDF File Format

Analyzing a Malicious PDF Exploit

Implementing Safeguards in Your Analysis Environment

Tools to Detect Malicious PDF Files

PDFiD

pdf-parserpy

Tools to Test Your Protections Against Content-type Attacks

How to Protect Your Environment from Content-type Attacks

Apply All Security Updates

Disable JavaScript in Adobe Reader

Enable DEP for Microsoft Office Application and Adobe Reader

Chapter 17 Web Application Security Vulnerabilities

Overview of Top Web Application Security Vulnerabilities

Injection Vulnerabilities

Cross-Site Scripting Vulnerabilities

The Rest of the OWASP Top Ten

SQL Injection Vulnerabilities

SQL Databases and Statements

Testing Web Applications to Find SQL Injection Vulnerabilities

Cross-Site Scripting Vulnerabilities

Explaining “Scripting”

Explaining Cross-Site Scripting

Chapter 18 VoIP Attacks

What Is VoIP?

Protocols Used by VoIP

SIP

Megaco H.248

H.323

TLS and DTLS

SRTP

ZRTP

Types of VoIP Attacks

Enumeration

SIP Password Cracking

Eavesdropping/Packet Capture

Denial of Service

How to Protect Against VoIP Attacks

Chapter 19 SCADA Attacks

What Is SCADA?

Which Protocols Does SCADA Use?

OPC

ICCP

Modbus

DNP3

SCADA Fuzzing

SCADA Fuzzing with Autodafé

SCADA Fuzzing with TFTP Daemon Fuzzer

Stuxnet Malware (The New Wave in Cyberterrorism)

How to Protect Against SCADA Attacks

Part IV Vulnerability Analysis

Chapter 20 Passive Analysis

Ethical Reverse Engineering

Why Bother with Reverse Engineering?

Reverse Engineering Considerations

Source Code Analysis

Source Code Auditing Tools

The Utility of Source Code Auditing Tools

Manual Source Code Auditing

Automated Source Code Analysis

Binary Analysis

Manual Auditing of Binary Code

Automated Binary Analysis Tools

Chapter 21 Advanced Static Analysis with IDA Pro

Static Analysis Challenges

Stripped Binaries

Statically Linked Programs and FLAIR

Data Structure Analysis

Quirks of Compiled C++ Code

Extending IDA Pro

Scripting with IDC

IDA Pro Plug-In Modules and the IDA Pro SDK

Building IDA Pro Plug-Ins

IDA Pro Loaders and Processor Modules

Chapter 22 Advanced Reverse Engineering

Why Try to Break Software?

Overview of the Software Development Process

Instrumentation Tools

Debuggers

Code Coverage Analysis Tools

Profiling Tools

Flow Analysis Tools

Memory Use Monitoring Tools

Fuzzing

Instrumented Fuzzing Tools and Techniques

A Simple URL Fuzzer

Fuzzing Unknown Protocols

SPIKE

SPIKE Static Content Primitives

SPIKE Proxy

Sharefuzz

Chapter 23 Client-Side Browser Exploits

Why Client-Side Vulnerabilities Are Interesting

Client-Side Vulnerabilities Bypass Firewall Protections

Client-Side Applications Are Often Running with Administrative Privileges

Client-Side Vulnerabilities Can Easily Target Specific People or Organizations

Internet Explorer Security Concepts

ActiveX Controls

Internet Explorer Security Zones

History of Client-Side Exploits and Latest Trends

Client-Side Vulnerabilities Rise to Prominence

Notable Vulnerabilities in the History of Client-Side Attacks

Finding New Browser-Based Vulnerabilities

mangleme

Mozilla Security Team Fuzzers

AxEnum

AxFuzz

AxMan

Heap Spray to Exploit

InternetExploiter

Protecting Yourself from Client-Side Exploits

Keep Up-to-Date on Security Patches

Stay Informed

Run Internet-Facing Applications with Reduced Privileges

Chapter 24 Exploiting the Windows Access Control Model

Why Access Control Is Interesting to a Hacker

Most People Don’t Understand Access Control

Vulnerabilities You Find Are Easy to Exploit

You’ll Find Tons of Security Vulnerabilities

How Windows Access Control Works

Security Identifier

Access Token

Security Descriptor

The Access Check

Tools for Analyzing Access Control Configurations

Dumping the Process Token

Dumping the Security Descriptor

Special SIDs, Special Access, and “Access Denied”

Special SIDs

Special Access

Investigating “Access Denied”

Analyzing Access Control for Elevation of Privilege

Attack Patterns for Each Interesting Object Type

Attacking Services

Attacking Weak DACLs in the Windows Registry

Attacking Weak Directory DACLs

Attacking Weak File DACLs

What Other Object Types Are Out There?

Enumerating Shared Memory Sections

Enumerating Named Pipes

Enumerating Processes

Enumerating Other Named Kernel Objects (Semaphores, Mutexes, Events, Devices)

Chapter 25 Intelligent Fuzzing with Sulley

Protocol Analysis

Sulley Fuzzing Framework

Installing Sulley

Powerful Fuzzer

Blocks

Monitoring the Process for Faults

Monitoring the Network Traffic

Controlling VMware

Putting It All Together

Postmortem Analysis of Crashes

Analysis of Network Traffic

Exploring Further

Chapter 26 From Vulnerability to Exploit

Exploitability

Debugging for Exploitation

Initial Analysis

Understanding the Problem

Preconditions and Postconditions

Repeatability

Payload Construction Considerations

Payload Protocol Elements

Buffer Orientation Problems

Self-Destructive Shellcode

Documenting the Problem

Background Information

Circumstances

Research Results

Chapter 27 Closing the Holes: Mitigation

Mitigation Alternatives

Port Knocking

Migration

Patching

Source Code Patching Considerations

Binary Patching Considerations

Binary Mutation

Third-Party Patching Initiatives

Part V Malware Analysis

Chapter 28 Collecting Malware and Initial Analysis

Malware

Types of Malware

Malware Defensive Techniques

Latest Trends in Honeynet Technology

Honeypots

Honeynets

Why Honeypots Are Used

Limitations of Honeypots

Low-Interaction Honeypots

High-Interaction Honeypots

Types of Honeynets

Thwarting VMware Detection Technologies

Catching Malware: Setting the Trap

VMware Host Setup

VMware Guest Setup

Using Nepenthes to Catch a Fly

Initial Analysis of Malware

Static Analysis

Live Analysis

Norman SandBox Technology

Chapter 29 Hacking Malware

Trends in Malware

Embedded Components

Use of Encryption

User Space Hiding Techniques

Use of Rootkit Technology

Persistence Measures

De-obfuscating Malware

Packer Basics

Unpacking Binaries

Reverse-Engineering Malware

Malware Setup Phase

Malware Operation Phase

Automated Malware Analysis

Index

People also search for Gray Hat Hacking the Ethical Hacker Handbook 3rd Edition:

gray hat hacking the ethical hacker’s handbook 3rd edition

is grey hat hacking ethical

grey hat hacker vs black hat hacker

difference between grey hat hackers and black hat hackers