Shellcoders Handbook Discovering and Exploiting Security Holes~tqw~ darksiderg

*******************************************************************************
Shellcoder's Handbook: Discovering and Exploiting Security Holes
*******************************************************************************
General InformationType.................: Ebook
Part Size............: 9,159,460 bytes



Post InformationPosted by............: ~tqw~
Release NotesEvery day, someone discovers a critical new security flaw in software you depend
on. Quite often, those flaws appear first on Bugtraq, the world’s No. 1
vulnerability tracking maillist. Now, some of Bugtraq’s leading contributors
show you exactly how they discover those holes -- and how to exploit them. Along
the way, they reveal some never-before-published bugs -- including holes they
claim are big enough to “take down the Internet.”

The authors cover platforms ranging from Windows to Solaris. They start with
Linux on x86, where it’s easiest to understand the hacks because you can get
inside the source code. Here, they introduce memory management and stack buffer
overflows, format string overflows, and heap-based overflows. They also
introduce basic shellcoding: how to write instructions that directly manipulate
registers and a program’s functions. This can’t be done with high-level
languages: We’re talking hexadecimal opcodes.

Next, the authors move on to Windows. Here, until recently, shellcoding was a
true black art. Win32 doesn’t provide direct access to system calls, so more
complex techniques are required. (As an example, the authors show how to bypass
the vaunted stack protection Microsoft added to Windows 2003 Server.)

The authors then turn to the tools and techniques of vulnerability discovery:
fault injection, fuzzing, source code auditing in C-based languages,
instrumented investigation, tracing, and binary auditing of closed-source
software. The book concludes with several especially sophisticated techniques,
ranging from alternative payload strategies and database attacks to Unix kernel
exploits. This stuff’s the real deal.

Table of Contents
About the authors
Credits
Acknowledgments
Pt. 1 Introduction to exploitation : Linux on x86 1
Ch. 1 Before you begin 3
Ch. 2 Stack overflows 11
Ch. 3 Shellcode 35
Ch. 4 Introduction to format string bugs 55
Ch. 5 Introduction to heap overflows 83
Pt. 2 Exploiting more platforms : Windows, Solaris, and Tru64 103
Ch. 6 The wild world of Windows 105
Ch. 7 Windows Shellcode 123
Ch. 8 Windows overflows 149
Ch. 9 Overcoming filters 197
Ch. 10 Introduction to Solaris exploitation 215
Ch. 11 Advanced Solaris exploitation 269
Ch. 12 HP Tru64 Unix exploitation 301
Pt. 3 Vulnerability discovery 331
Ch. 13 Establishing a working environment 333
Ch. 14 Fault injection 349
Ch. 15 The art of fuzzing 363
Ch. 16 Source code auditing : finding vulnerabilities in C-based languages
383
Ch. 17 Instrumented investigation : a manual approach 405
Ch. 18 Tracing for vulnerabilities 427
Ch. 19 Binary auditing : hacking closed source software 451
Pt. 4 Advanced materials 473
Ch. 20 Alternative payload strategies 475
Ch. 21 Writing exploits that work in the wild 499
Ch. 22 Attacking database software 509
Ch. 23 Kernel overflows 529
Ch. 24 Exploiting kernel vulnerabilities 549
Index 581

Product Details

* ISBN: 047008023X
* ISBN-13: 9780470080238
* Format: Paperback, 800pp
* Publisher: Wiley, John & Sons, Incorporated
* Pub. Date: August 2007
Install NotesAdobe Acrobat Reader