Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition

Home >
Browse >
Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition

Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition

Authors: Allen Harper, Shon Harris, Jonathan Ness, Chris Eagle, Gideon Lenkey and Terron Williams

Published: January 2011

eISBN: 9780071742566 0071742565 | ISBN: 9780071742559

Contents

Preface

Acknowledgments

Introduction

Part I: Introduction to Ethical Disclosure

Chapter 1 Ethics of Ethical Hacking

Why You Need to Understand Your Enemy's Tactics

Recognizing the Gray Areas in Security

How Does This Stuff Relate to an Ethical Hacking Book?

The Controversy of Hacking Books and Classes

Where Do Attackers Have Most of Their Fun?

Chapter 2 Ethical Hacking and the Legal System

The Rise of Cyberlaw

Understanding Individual Cyberlaws

Chapter 3 Proper and Ethical Disclosure

Different Teams and Points of View

CERT's Current Process

Full Disclosure Policy—the RainForest Puppy Policy

Organization for Internet Safety (OIS)

Conflicts Will Still Exist

Case Studies

So What Should We Do from Here on Out?

Part II: Penetration Testing and Tools

Chapter 4 Social Engineering Attacks

How a Social Engineering Attack Works

Conducting a Social Engineering Attack

Common Attacks Used in Penetration Testing

Preparing Yourself for Face-to-Face Attacks

Defending Against Social Engineering Attacks

Chapter 5 Physical Penetration Attacks

Why a Physical Penetration Is Important

Conducting a Physical Penetration

Common Ways into a Building

Defending Against Physical Penetrations

Chapter 6 Insider Attacks

Why Simulating an Insider Attack Is Important

Conducting an Insider Attack

Defending Against Insider Attacks

Chapter 7 Using the BackTrack Linux Distribution

BackTrack: The Big Picture

Installing BackTrack to DVD or USB Thumb Drive

Using the BackTrack ISO Directly Within a Virtual Machine

Persisting Changes to Your BackTrack Installation

Exploring the BackTrack Boot Menu

Updating BackTrack

Chapter 8 Using Metasploit

Metasploit: The Big Picture

Getting Metasploit

Using the Metasploit Console to Launch Exploits

Exploiting Client-Side Vulnerabilities with Metasploit

Penetration Testing with Metasploit's Meterpreter

Automating and Scripting Metasploit

Going Further with Metasploit

Chapter 9 Managing a Penetration Test

Planning a Penetration Test

Structuring a Penetration Testing Agreement

Execution of a Penetration Test

Information Sharing During a Penetration Test

Reporting the Results of a Penetration Test

Part III: Exploiting

Chapter 10 Programming Survival Skills

C Programming Language

Computer Memory

Intel Processors

Assembly Language Basics

Debugging with gdb

Python Survival Skills

Chapter 11 Basic Linux Exploits

Stack Operations

Buffer Overflows

Local Buffer Overflow Exploits

Exploit Development Process

Chapter 12 Advanced Linux Exploits

Format String Exploits

Memory Protection Schemes

Chapter 13 Shellcode Strategies

User Space Shellcode

Other Shellcode Considerations

Kernel Space Shellcode

Chapter 14 Writing Linux Shellcode

Basic Linux Shellcode

Implementing Port-Binding Shellcode

Implementing Reverse Connecting Shellcode

Encoding Shellcode

Automating Shellcode Generation with Metasploit

Chapter 15 Windows Exploits

Compiling and Debugging Windows Programs

Writing Windows Exploits

Understanding Structured Exception Handling (SEH)

Understanding Windows Memory Protections (XP SP3, Vista, 7, and Server 2008)

Bypassing Windows Memory Protections

Chapter 16 Understanding and Detecting Content-Type Attacks

How Do Content-Type Attacks Work?

Which File Formats Are Being Exploited Today?

Intro to the PDF File Format

Analyzing a Malicious PDF Exploit

Tools to Detect Malicious PDF Files

Tools to Test Your Protections Against Content-type Attacks

How to Protect Your Environment from Content-type Attacks

Chapter 17 Web Application Security Vulnerabilities

Overview of Top Web Application Security Vulnerabilities

SQL Injection Vulnerabilities

Cross-Site Scripting Vulnerabilities

Chapter 18 VoIP Attacks

What Is VoIP?

Protocols Used by VoIP

Types of VoIP Attacks

How to Protect Against VoIP Attacks

Chapter 19 SCADA Attacks

What Is SCADA?

Which Protocols Does SCADA Use?

SCADA Fuzzing

Stuxnet Malware (The New Wave in Cyberterrorism)

How to Protect Against SCADA Attacks

Part IV: Vulnerability Analysis

Chapter 20 Passive Analysis

Ethical Reverse Engineering

Why Bother with Reverse Engineering?

Source Code Analysis

Binary Analysis

Chapter 21 Advanced Static Analysis with IDA Pro

Static Analysis Challenges

Extending IDA Pro

Chapter 22 Advanced Reverse Engineering

Why Try to Break Software?

Overview of the Software Development Process

Instrumentation Tools

Fuzzing

Instrumented Fuzzing Tools and Techniques

Chapter 23 Client-Side Browser Exploits

Why Client-Side Vulnerabilities Are Interesting

Internet Explorer Security Concepts

History of Client-Side Exploits and Latest Trends

Finding New Browser-Based Vulnerabilities

Heap Spray to Exploit

Protecting Yourself from Client-Side Exploits

Chapter 24 Exploiting the Windows Access Control Model

Why Access Control Is Interesting to a Hacker

How Windows Access Control Works

Tools for Analyzing Access Control Configurations

Special SIDs, Special Access, and "Access Denied"

Analyzing Access Control for Elevation of Privilege

Attack Patterns for Each Interesting Object Type

What Other Object Types Are Out There?

Chapter 25 Intelligent Fuzzing with Sulley

Protocol Analysis

Sulley Fuzzing Framework

Chapter 26 From Vulnerability to Exploit

Exploitability

Understanding the Problem

Payload Construction Considerations

Documenting the Problem

Chapter 27 Closing the Holes: Mitigation

Mitigation Alternatives

Patching

Part V: Malware Analysis

Chapter 28 Collecting Malware and Initial Analysis

Malware

Latest Trends in Honeynet Technology

Catching Malware: Setting the Trap

Initial Analysis of Malware

Chapter 29 Hacking Malware

Trends in Malware

De-obfuscating Malware

Reverse-Engineering Malware

Index