作者:Shon Harris, Allen Harper, Chris Eagle, Jonathan Ness
出版日期:December 20, 2007
出版社:McGraw-Hill
页数:550
ISBN:ISBN-10: 0071495681 ISBN-13: 978-0071495684
文件格式:PDF
Product Description
“A fantastic book for anyone looking to learn the toolsand techniques needed to break in and stay in.” –Bruce Potter, Founder,The Shmoo Group“Very highly recommended whether you are a seasonedprofessional or just starting out in the security business.” –SimpleNomad, HackerFrom the Back Cover
Uncover, plug, and ethically disclose security flaws
Prevent catastrophic network attacks by exposing security flaws,fixing them, and ethically reporting them to the software author. Fullyexpanded to cover the hacker’s latest devious methods, Gray Hat Hacking: The Ethical Hacker’s Handbook, Second Editionlays out each exploit alongside line-by-line code samples, detailedcountermeasures, and moral disclosure procedures. Find out how toexecute effective penetration tests, use fuzzers and sniffers, performreverse engineering, and find security holes in Windows and Linuxapplications. You’ll also learn how to trap and autopsy stealth worms,viruses, rootkits, adware, and malware.
Implement vulnerability testing, discovery, and reporting procedures that comply with applicable lawsLearn the basics of programming, stack operations, buffer overflow and heap vulnerabilities, and exploit developmentTest and exploit systems using Metasploit and other toolsBreak in to Windows and Linux systems with perl scripts, Python scripts, and customized C programsAnalyze source code using ITS4, RATS, FlawFinder, PREfast, Splint, and decompilersUnderstand the role of IDA Pro scripts, FLAIR tools, and third-party plug-ins in discovering software vulnerabilitiesReverse-engineer software using decompiling, profiling, memory monitoring, and data flow analysis toolsReveal client-side web browser vulnerabilities with MangleMe, AxEnum, and AxManProbe Windows Access Controls to discover insecure access tokens, security descriptors, DACLs, and ACEsFind and examine malware and rootkits using honeypots, honeynets, and Norman SandBox technology