Gray Hat Hacking The Ethical Hacker's Handbook, Fourth Edition
- 8h 44m
- Daniel Regalado, et al.
Cutting-edge techniques for finding and fixing critical security flaws
Fortify your network and avert digital catastrophe with proven strategies from a team of security experts. Completely updated and featuring 12 new chapters, Gray Hat Hacking: The Ethical Hacker's Handbook, Fourth Edition explains the enemy’s current weapons, skills, and tactics and offers field-tested remedies, case studies, and ready-to-deploy testing labs. Find out how hackers gain access, overtake network devices, script and inject malicious code, and plunder Web applications and browsers. Android-based exploits, reverse engineering techniques, and cyber law are thoroughly covered in this state-of-the-art resource.
- Build and launch spoofing exploits with Ettercap and Evilgrade
- Induce error conditions and crash software using fuzzers
- Hack Cisco routers, switches, and network hardware
- Use advanced reverse engineering to exploit Windows and Linux software
- Bypass Windows Access Control and memory protection schemes
- Scan for flaws in Web applications using Fiddler and the x5 plugin
- Learn the use-after-free technique used in recent zero days
- Bypass Web authentication via MySQL type conversion and MD5 injection attacks
- Inject your shellcode into a browser's memory using the latest Heap Spray techniques
- Hijack Web browsers with Metasploit and the BeEF Injection Framework
- Neutralize ransomware before it takes control of your desktop
- Dissect Android malware with JEB and DAD decompilers
- Find one-day vulnerabilities with binary diffing
About the Authors
Daniel Regalado, aka Danux, CISSP, OSCP, OSCE, CREA, is a senior malware and vulnerability researcher at FireEye.
Shon Harris, CISSP, was the CEO and founder of Logical Security.
Allen Harper, CISSP, PCI QSA, is the executive vice president of Tangible Security.
Chris Eagle is a senior lecturer in the Computer Science Department at the Naval Postgraduate School.
Jonathan Ness, CHFI™, is a lead software security engineer in Microsoft’s Security Response Center.
Branko Spasojevic is a security engineer at Google.
Ryan Linn, CISSP, CSSLP, OSCE, is a managing consultant working on network penetration testing.
Stephen Sims is a senior instructor and course author with the SANS Institute.
In this Book
Ethical Hacking and the Legal System
Programming Survival Skills
Advanced Analysis with IDA Pro
World of Fuzzing
Writing Linux Shellcode
Exploiting Cisco Routers
Basic Linux Exploits
Advanced Linux Exploits
Bypassing Windows Memory Protections
Exploiting the Windows Access Control Model
Exploiting Web Applications
Exploiting IE: Smashing the Heap
Exploiting IE: Use-After-Free Technique
Advanced Client-Side Exploitation with BeEF
One-Day Exploitation with Patch Diffing
Dissecting Android Malware
Analyzing 64-bit Malware
Next-Generation Reverse Engineering
Appendix—About the Download