Gray hat hackers: Ethics, penetration testing, attack methods, and vulnerability analysis technology of just hackers (version 3rd)
Basic Information
Original Title: gray hat hacking: the Ethical hacker's handbook, Third Edition
Author: [us] Shon Harris Allen Harper [Introduction by translators]
Translator: Yang Mingjun Han Zhiwen Cheng Wenjun
Series name: Security Technology classic Translation
Press: Tsinghua University Press
ISBN: 9787302301509
Mounting time:
Published on: February 1, November 2012
Start: 16
Page number: 1
Version: 1-1
Category: Computer> Security> network security/Firewall/hacker
More about "gray hat hackers: Ethics, penetration testing, attack methods, and vulnerability analysis technology of just hackers (version 3rd)"
Introduction
Books
Computer books
Use the latest strategies to reveal today's most destructive attacks
Gray hat hackers: Ethics, penetration testing, attack methods, and vulnerability analysis technology of Justice hackers (version 3rd) were comprehensively updated on the basis of the previous version, nine Chapters are added. This book is rich in content and provides a thorough description of the latest vulnerabilities, repair methods, and legal public channels. It provides detailed information on malware analysis, penetration testing, SCADA, VoIP, Web security, and other topics, analyzes how hackers locate the system, damage the protection scheme, write malicious code, and exploit the defects of Windows and Linux systems. With this book, you will be able to use the latest technology to find and fix security defects, so that you can easily prevent malicious network attacks.
Gray hat hackers: Ethics, penetration testing, attack methods, and vulnerability analysis technology of Justice hackers (version 3rd)
Use backtrack and metasploit to simulate vulnerability attacks
Analysis of penetration, social engineering, and internal attack Technologies
Simulate build Perl, Python, and Ruby scripts used to initiate stack buffer overflow attacks
Understand and block malicious content in Adobe, office, and multimedia files
Detects and blocks client, web server, VoIP, and SCADA attacks
This article introduces reverse engineering, fuzzy processing, and decompilation for Windows and Linux software.
SQL Injection, cross-site scripting, and forgery attacks
Use Honeypot and sandbox technology to capture malware and shelling Software
Directory
Gray hat hackers: Justice hackers' ethics, penetration testing, attack methods and vulnerability analysis technology (version 3rd)
Section I Introduction to "Ethical secrets" 1
Chapter 3 justice hacker ethics 3
1.1 understand the meaning of enemy strategy 3
1.2 understand the gray area of the security field 7
Relationship between 1.3 books and Justice hacker books 8
1.3.1 vulnerability assessment 8
1.3.2 penetration test 9
1.4 Disputes over hacking books and courses 12
1.4.1 tool dual nature 13
1.4.2 identify attacks 14
1.4.3 simulated attack 15
1.5 vulnerabilities most exploited by attackers 15
Chapter 19 ethical and common secrets 19
2.1 different perspectives on the issue 20
2.2 Cert current workflow 21
2.3 completely revealing the policy-rainforest puppy Policy 23
2.4 Internet Security Organization 24
2.4.1 vulnerability 25 discovered
2.4.2 notice 25
. 2.4.3 verification 27
2.4.4 solution 29
2.4.5 release 30
2.5 The dispute will remain at 30
2.6 case analysis 34
2.6.1 advantages and disadvantages of the just-revealing process 35
2.6.2 more vendor attention 38
2.7 what to do next 38
Part II penetration testing and tools 41
Chapter 4 social engineering attacks 43
3.1 social engineering attack principle 43
3.2 Implementation of social engineering attacks 44
3.3 common attack methods used in penetration testing 46
3.3.1 good people 47
3.3.2 meeting room 51
3.3.3 join company 53
3.4 prepare for face-to-face attacks 54
3.5 defense against social engineering attacks 56
Chapter 4 sneak into attack 57
4.1 why is the attack so important? 57
4.2 launching sneak attacks 58
4.2.1 reconnaissance 58
4.2.2 thought preparation 60
4.3 common methods for accessing the target building 60
4.3.1 smoking area entrance 61
4.3.2 manual checkpoint 62
4.3.3 locked door 64
4.3.4 physical unlocking 66
4.3.5 69 after entering the target
4.4 defense sneak attack 69
Chapter 1 internal attack 71
5.1 importance of simulating internal attacks 71
5.2 Internal attacks 72
5.2.1 tools and preparations 72
5.2.2 understanding 72
5.2.3 obtain local administrator permissions 73
5.2.4 disable anti-virus software 76
5.2.5 use Cain 77
5.3 defense against internal attacks 83
Chapter 85 using backtrack Linux
6.1 backtrack overview 85
6.2 install backtrack on a DVD or USB flash drive 86
6.3 use the back track ISO image file directly in the Virtual Machine 87
6.3.1 use virtualbox to create a backtrack VM 88
6.3.2 guide backtrack livedvd system 88
6.3.3 explore backtrack X Window environment 89
6.3.4 start network service 90
6.4 permanent change of backtrack90
6.4.1 complete backtrack installation on hard disk or USB disk 91
6.4.2 create an ISO file containing permanent change information 92
6.4.3 use a custom file to automatically save and restore changes 94
6.5 study backtrack boot menu 95
6.6 update backtrack 97
Chapter 4 Use metasploit 99
7.1 metasploit Introduction 99
7.2 get metasploit 99
7.3 use the metasploit console to load the attack tool 100
7.4 use metasploit to attack client vulnerabilities 105
7.5 use metasploit meterpreter for penetration testing 107
7.5.1 use meterpreter to record the keyboard 110
7.5.2 use meterpreter to run code 110 as different logged-on users
7.5.3 use meterpreter's hashdump command, metasploit's external xec command, and shared password to log on to 112
7.6 metasploit automation and scripting 113
7.7 further exploration of metasploit 115
Chapter 1 Penetration Test Management 8th
8.1 develop a penetration test plan 117
8.1.1 penetration test type 117
8.1.2 Penetration Test Range: 118
8.1.3 penetration test position: 118
8.1.4 penetration test team members: 118
8.1.5 method and standard 118
8.1.6 each stage of penetration testing 119
8.1.7 Penetration Test Plan 120
8.2 sign penetration test protocol 121
8.2.1 Statement of Work 121
8.2.2 bail letter 121
8.3 conduct penetration testing 122
8.3.1 Test kickoff meeting 122
8.3.2 access to resources in the penetration test 122
8.3.3 Test expected values management 123
8.3.4 test problem management 123
8.3.5 speed cannot reach 123
8.3.6 external and internal collaboration 123
8.4 information sharing in penetration testing 124
8.5 generate the penetration test result report 128
8.5.1 report 128
8.5.2 report summary 128
Part III vulnerability attack 129
Chapter 2 programming skills 9th
9.1 C programming language 131
9.1.1 C language structure 131
9.1.2 sample code 135
9.1.3 use GCC for compilation 136
9.2 computer memory 137
9.2.1 random access memory (RAM) 137
9.2.2 collation 137
9.2.3 memory segment 138
9.2.4 program 138 in memory
9.2.5 buffer 139
9.2.6 memory string 139
9.2.7 pointer 139
9.2.8 memory overview 140
9.3 intel processor 141
9.3.1 register 141
9.4 assembly language basics 142
9.4.1 machine commands, assembly language and C language 142
9.4.2 at&t and NASM 142
9.4.3 addressing mode 144
9.4.4 Assembly file structure 145
9.4.5 assembly process 146
9.5 use GDB for debugging 146
9.5.1 basic GDB 146
9.5.2 use GDB for disassembly 148
9.6 Python programming skills 149
9.6.1 obtain Python 149
9.6.2 Hello World Program 149 in Python
9.6.3 Python 150
9.6.4 character string 150
9.6.5 digit 151
9.6.6 list 152
9.6.7 dictionary 153
9.6.8 Python file operation 154
9.6.9 Python socket programming 155
Chapter 4 Basic Linux vulnerability attacks 10th
10.1 stack operations 157
10.1.1 function call process 158
10.2 Buffer Overflow 159
10.2.1 meet. c overflow 160
10.2.2 consequence of buffer overflow 163
10.3 local buffer overflow vulnerability attack 164
10.3.1 vulnerability attack section 165
10.3.2 Stack Overflow Vulnerability attack 167 on the command line
10.3.3 Stack Overflow Vulnerability attack by using common vulnerability attack code 168
10.3.4 small buffer zone vulnerability attack 170
10.4 vulnerability attack development process 173
10.4.1 EIP control 173
10.4.2 determine the offset of 173
10.4.3 determine attack path 176
10.4.4 vulnerability attack sandwich 176
10.4.5 test the vulnerability attack 177
Chapter 2 advanced Linux vulnerability attack 11th
11.1 formatting String Vulnerability attack 179
11.1.1 question 179
11.1.2 read 183 from any memory
11.1.3 write arbitrary memory 184
11.1.4 use. dtors to obtain the root privilege level 186
11.2 memory protection mechanism 189
11.2.1 compiler improvement 190
11.2.2 kernel patch and script 193
11.2.3 "return to libc" vulnerability attack 194
11.2.4 comprehensive comparison 202
Chapter 2 shellcode POLICY 12th
12.1 user space shellcode 203
12.1.1 System Call 203
12.1.2 basic shellcode 204
12.1.3 port binding shellcode 205
12.1.4 reverse shellcode 206
12.1.5 search for socket shellcode 207
12.1.6 run code 208
12.1.7 file transfer code 208
12.1.8 multilevel shellcode 209
12.1.9 System Call proxy shellcode 209
12.1.10 process injection shellcode 210
12.2 Other shellcode considerations 211
12.2.1 shellcode code 211
12.2.2 self-destruction shellcode 212
12.2.3 disassembly of shellcode 213
12.3 kernel space shellcode 214
12.3.1 kernel space considerations: 214
Chapter 2 compiling Linux shellcode 13th
13.1 basic Linux shellcode 217
13.1.1 System Call 217
13.1.2 use C for System Call 218
13.1.3 use assembly language for system call 219
13.1.4 System Call exit 219
13.1.5 the system calls setreuid 221.
13.1.6 use execve to create shell shellcode 222
13.2 implement port binding shellcode 226
13.2.1 Linux socket programming 226
13.2.2 establish a socket 228 by programming in assembly language
13.2.3 test shellcode 231.
13.3 implement reverse connection shellcode 234
13.3.1 reverse connection C language programming 234
13.3.2 reverse connection assembler 235
13.4 shellcode Code 237
13.4.1 simple XOR encoding 237
13.4.2 structure of shellcode 238 after Encoding
13.4.3 JMP/call XOR decoder example 238
13.4.4 fnstenv XOR 239
13.4.5 combine the code 241
13.5 use metasploit to automatically generate shellcode 244
13.5.1 generate shellcode 244 using metasploit
13.5.2 use metasploit to encode shellcode 245
Chapter 2 Windows vulnerability attack 14th
14.1 windows program compilation and debugging 247
14.1.1 compile 247 on Windows
14.1.2 use ollydbg on Windows for debugging 249
14.2 write a Windows vulnerability attack program 253
14.2.1 vulnerability attack program development process review 254
14.2.2 prosshd server 254
14.2.3 EIP 255 Control
14.2.4 determine the offset of 257
14.2.5 determine attack path 258
14.2.6 construct an attack sandwich 261
14.2.7 debug the vulnerability attack program as needed 262
14.3 understand seh 264
14.3.1 seh 264
14.4 understand Windows Memory protection (XP SP3, Vista, 7, and Server 2008) 266
14.4.1 stack-based buffer overflow detection (/GS) 266
14.4.2 safeseh 268
14.5.1 sehop 268
14.4.4 stack protection 268
14.4.5 Dep 268
14.4.6 aslr 269
14.5 bypassing Windows Memory protection 270
14.5.1 bypass/GS 270
14.5.2 bypassing safeseh 271
14.5.3 bypassing aslr 272
14.2.4 bypassing dep272
14.5.5 bypasses sehop 278
14.5.6 memory protection Bypass Method summary 285
Chapter 2 Principles and detection of Content-Type attacks 15th
15.1 Content-Type attack principle 287
15.2 file formats currently vulnerable: 289
15.3 PDF File Format overview 290
15.4 Malicious PDF vulnerability attack analysis 293
15.5 malicious PDF file detection tool 296
15.5.1 container ID 296
15.5.2 pdf-parser.py 300
15.6 Content-Type AttacK Defense Test Tool 303
15.7 Content-Type AttacK Defense method 304
15.7.1 install all security updates 304
15.7.2 disable javascript 305 in Adobe Reader
15.7.3 enable Dep 305 for Microsoft Office applications and Adobe Reader
Chapter 2 Web Application Security Vulnerabilities 16th
16.1 overview of the most popular Web Application Security Vulnerabilities 307
16.1.1 injection vulnerability 307
16.1.2 cross-site scripting 308
16.1.3 other content of OWASP's top ten risks 308
16.2 SQL injection vulnerability attack 308
16.2.1 SQL database and statement 310
16.2.2 Test web applications and search for SQL injection vulnerability 312
16.3 XSS vulnerability attacks 317
16.3.1 Meaning of "script" 317
16.3.2 meaning of Cross-Site Scripting 318
Chapter 4 OIP attack 17th
17.1 what is VoIP 323
17.2 protocol used by VoIP 324
17.2.1 session 324
17.2.2 Megaco H.248 325
17.2.3 H.323 325
17.2.4 TLS and dtls 326
17.2.5 SRTP 327
17.2.6 zrtp 327
17.3 VoIP attack type 327
17.3.1 enumerative 328
17.3.2 sip password cracking 328
17.3.3 eavesdropping and group capture 329
17.3.4 dos 329
17.4 how to prevent VoIP attacks 335
Chapter 4 SCADA attack 18th
18.1 meaning of SCADA 337
18.2 protocols used by SCADA 338
18.2.1 OPC 338
18.2.2 ICCP 338
18.2.3 Modbus 338
18.2.4 DNP3 339
18.3 SCADA fuzzing test 340
18.3.1 use autodafé to test SCADA fuzzing 340
18.3.2 use TFTP daemon fuzzer for SCADA fuzzing test 346
18.4 Stuxnet malware (new wave of cyber terrorism) 349
18.5 defense against SCADA attacks 349
Part IV vulnerability analysis 351
Chapter 2 Passive Analysis 19th
19.1 ethical reverse engineering 353
19.2 reasons for using reverse engineering 354
19.2.1 considerations of reverse engineering 354
19.3 source code analysis 355
19.3.1 source code audit tool 355
19.3.2 practicality of source code audit tool 357
19.3.3 manual source code audit 359
19.3.4 automated source code analysis 363
19.4 binary analysis 365
19.4.1 manual audit of binary code 365
19.4.2 automated binary analysis tool 376
Chapter 4 Advanced static analysis using IDA pro 20th
20.1 static analysis difficulties 381
Optional 1.1 binary files stripped 381
V1.1.2 static link program and FLAIR 383
4.1.1.3 Data Structure Analysis 389
Statement 1.4 What's strange about compiled C ++ code 393
20.2 extended Ida pro 396
Ipv2.1 IDC Script Programming 396
20.2.2 Ida pro plug-in module and IDA pro SDK 398
20.2.3 build Ida pro plug-in 400
20.2.4 Ida pro loader and processor module 402
Chapter 2 advanced reverse engineering technology 21st
21.1 purpose of software attacks 405
21.2 software development process overview 406
21.3 detection tool 407
21.3.1 debugger 407
21.3.2 code coverage analysis tool 409
21.3.3 statistical analysis tool 410
21.3.4 Process Analysis Tool 410
21.3.5 memory usage monitoring tool 412
21.4 fuzzy testing 416
21.5 customized fuzzy testing tools and technologies 417
21.5.1 a simple URL fuzzy testing tool 417
21.5.2 perform fuzzy testing on unknown protocols 420
21.5.3 spike 421
21.5.4 spike static content source 421
21.5.5 spike proxy 424
21.5.6 running fuzz 424
Chapter 4 client browser vulnerability attack 22nd
22.1 importance of client software vulnerabilities 427
22.1.1 client vulnerabilities can circumvent firewall protection 427
22.1.2 client applications often run 428 under management Permissions
22.1.3 client vulnerabilities are easy to target specific groups or organizations by 428
22.2 Internet Explorer security concept 429
22.2.1 ActiveX Control 429
22.2.2 Internet Explorer security zone 430
22.3 Client Vulnerability attack History and Development Trend 431
22.3.1 Client Vulnerability prevalence 431
22.3.2 famous client-side Attack Vulnerability 431 in history
22.4 explore new browser-based vulnerabilities 437
22.4.1 mangleme 437
22.4.2 Mozilla security team's fuzzy testing tool 440
22.4.3 axenum 441
22.4.4 axfu ZZ 446
22.4.5 axman 446
22.5 available heap injection technology 451
2.5.1 internetexploiter 451
22.6 prevent Client Vulnerability attacks 452
22.6.1 synchronously update the Security Patch 452.
22.6.2 get the latest information 453
22.6.3 run Internet application 453 with reduced Permissions
Chapter 3 attack Windows Access Control Model 23rd
23.1 reasons for the access control mechanism 455
23.1.1 most people do not understand the access control mechanism 455
23.1.2 access control vulnerabilities are easy to attack 456
23.1.3 huge number of access control vulnerabilities: 456
23.2 how Windows Access Control Works 456
23.2.1 Security Identifier 456
23.2.2 access token 457
23.2.3 security descriptor 460
23.2.4 access check 463
23.3 Access Control Configuration Analysis Tool 465
23.3.1 dump process token 466
23.3.2 dump security descriptor 468
23.4 special Sid, special access permissions, and "forbidden access" issue 469
23.4.1 special sid469
471 Special Access Permissions
23.4.3 principle of "Access prohibited" 472
23.5 privilege escalation vulnerability caused by Access Control 477
23.6 attack modes of various object types 478
23.6.1 Service Attack 478
23.6.2 Windows Registry DACL attack 484
23.6.3 directory DACL attack 488
23.6.4 file DACL attack 493
23.7 enumeration methods for other object types 497
23.7.1 shared memory segment 497
23.7.2 Named Pipe 498
23.7.3 process 499
23.7.4 other named kernel objects (semaphores, mutex locks, events, devices) 500
Chapter 2 smart fuzzy testing framework Sulley 24th
24.1 protocol analysis 503
24.2 Sulley fuzzy testing framework 504
24.2.1 install Sulley 505.
24.2.2 powerful fuzzy testing tool 505
24.2.3 block structure 507
24.2.4 error 511 in monitoring process
24.2.5 monitoring network traffic 512
24.2.6 control VMware 512
24.2.7 summary 513
24.2.8 post-event analysis of crash events 515
24.2.9 network use analysis 516
24.2.10 further study 517
Chapter 1 vulnerability availability and attack procedures 25th
25.1 vulnerability availability 519
25.1.1 availability through debugging and analysis 520
25.1.2 initial analysis 520
25.2 understanding vulnerability attack problems 524
25.2.1 prerequisites and post conditions 524
25.2.2 repeatability 525
25.3 considerations for constructing a vulnerability attack program payload 533
25.3.1 protocol element 533 of the vulnerability attack program Payload
25.3.2 buffer direction 534
25.3.3 self-destruction shellcode 534
25.4 archiving problems 535
25.4.1 background knowledge 535
25.4.2 environment 536
25.4.3 study result 536
Chapter 4 close vulnerabilities: mitigate problems 26th
26.1 various mitigation 537
26.1.1 port collision technology 537
26.1.2 migrate 538
26.2 patch 539
26.2.1 precautions for patching source code 539
26.2.2 precautions for patching binary programs 541
26.2.3 binary variation 545
26.2.4 third-party patching solution 549
Section V malware analysis 551
Chapter 1 malware collection and preliminary analysis 27th
27.1 malware 553
27.1.1 type of malware 553
27.1.2 Malware Protection Technology 554
27.2 The Latest Development Trend of honey Network Technology 555
27.2.1 honeypot 555
27.2.2 honey network 555
27.2.3 why use honeypot 555
27.2.4 limitations of honeypot 556
27.2.5 low interaction honeypot 556
27.2.6 highly interactive honeypot 557
27.2.7 557
27.2.8 circumvent VMware Detection Technology 559
27.3 capture malware: Set trap 561
27.3.1 VMware Host Machine setting 561
27.3.2 VMware client settings 561
27.3.3 capture with nepenthes 562
27.4 initial analysis of malware 563
27.4.1 static analysis 563
27.4.2 dynamic analysis 565
27.4.3 Norman sandbox technology 569
Chapter 4 cracking malware 28th
28.1 malware Development Trend 573
28.1.1 embedded component 573
28.1.2 encryption 574
28.1.3 user space hiding technology 574
28.1.4 application of Rootkit Technology 574
28.1.5 persistence measure 575
28.2 deobfuscation of malware 575
28.2.1 shell program base 576
28.2.2 shelling binary files 577
28.3 reverse engineering of malware 584
28.3.1 malware setup stage 584
28.3.2 stage 584 of malware operation
28.3.3 automated malware analytics 585
Source of this book: China Interactive publishing network