Gray Hat Hacking The Ethical Hacker's Handbook, Fourth Edition

  • 8h 44m
  • Daniel Regalado, et al.
  • McGraw-Hill/Osborne
  • 2015

Cutting-edge techniques for finding and fixing critical security flaws

Fortify your network and avert digital catastrophe with proven strategies from a team of security experts. Completely updated and featuring 12 new chapters, Gray Hat Hacking: The Ethical Hacker's Handbook, Fourth Edition explains the enemy’s current weapons, skills, and tactics and offers field-tested remedies, case studies, and ready-to-deploy testing labs. Find out how hackers gain access, overtake network devices, script and inject malicious code, and plunder Web applications and browsers. Android-based exploits, reverse engineering techniques, and cyber law are thoroughly covered in this state-of-the-art resource.

  • Build and launch spoofing exploits with Ettercap and Evilgrade
  • Induce error conditions and crash software using fuzzers
  • Hack Cisco routers, switches, and network hardware
  • Use advanced reverse engineering to exploit Windows and Linux software
  • Bypass Windows Access Control and memory protection schemes
  • Scan for flaws in Web applications using Fiddler and the x5 plugin
  • Learn the use-after-free technique used in recent zero days
  • Bypass Web authentication via MySQL type conversion and MD5 injection attacks
  • Inject your shellcode into a browser's memory using the latest Heap Spray techniques
  • Hijack Web browsers with Metasploit and the BeEF Injection Framework
  • Neutralize ransomware before it takes control of your desktop
  • Dissect Android malware with JEB and DAD decompilers
  • Find one-day vulnerabilities with binary diffing

About the Authors

Daniel Regalado, aka Danux, CISSP, OSCP, OSCE, CREA, is a senior malware and vulnerability researcher at FireEye.

Shon Harris, CISSP, was the CEO and founder of Logical Security.

Allen Harper, CISSP, PCI QSA, is the executive vice president of Tangible Security.

Chris Eagle is a senior lecturer in the Computer Science Department at the Naval Postgraduate School.

Jonathan Ness, CHFI™, is a lead software security engineer in Microsoft’s Security Response Center.

Branko Spasojevic is a security engineer at Google.

Ryan Linn, CISSP, CSSLP, OSCE, is a managing consultant working on network penetration testing.

Stephen Sims is a senior instructor and course author with the SANS Institute.

In this Book

  • Ethical Hacking and the Legal System
  • Programming Survival Skills
  • Static Analysis
  • Advanced Analysis with IDA Pro
  • World of Fuzzing
  • Shellcode Strategies
  • Writing Linux Shellcode
  • Spoofing-Based Attacks
  • Exploiting Cisco Routers
  • Basic Linux Exploits
  • Advanced Linux Exploits
  • Windows Exploits
  • Bypassing Windows Memory Protections
  • Exploiting the Windows Access Control Model
  • Exploiting Web Applications
  • Exploiting IE: Smashing the Heap
  • Exploiting IE: Use-After-Free Technique
  • Advanced Client-Side Exploitation with BeEF
  • One-Day Exploitation with Patch Diffing
  • Dissecting Android Malware
  • Dissecting Ransomware
  • Analyzing 64-bit Malware
  • Next-Generation Reverse Engineering
  • Appendix—About the Download