Security Warrior (ebook)(audiobook)(audiobook)

Autorzy:: Cyrus Peikari, Anton Chuvakin

Promocja Przejdź

Okładka książki Security Warrior

Wydawnictwo:: O'Reilly Media (Z chęcią przeczytam książkę w języku polskim)
Ocena:: Bądź pierwszym, który oceni tę książkę
Stron:: 556
2w1 w pakiecie:: ePub

Mobi

Ebook

~~149,00 zł~~
126,65 zł

Dodaj do koszyka lub Kup na prezent Kup 1-kliknięciem

Przenieś na półkę

Do przechowalni

When it comes to network security, many users and administrators are running scared, and justifiably so. The sophistication of attacks against computer systems increases with each new Internet worm.What's the worst an attacker can do to you? You'd better find out, right? That's what Security Warrior teaches you. Based on the principle that the only way to defend yourself is to understand your attacker in depth, Security Warrior reveals how your systems can be attacked. Covering everything from reverse engineering to SQL attacks, and including topics like social engineering, antiforensics, and common attacks against UNIX and Windows systems, this book teaches you to know your enemy and how to be prepared to do battle.Security Warrior places particular emphasis on reverse engineering. RE is a fundamental skill for the administrator, who must be aware of all kinds of malware that can be installed on his machines -- trojaned binaries, "spyware" that looks innocuous but that sends private data back to its creator, and more. This is the only book to discuss reverse engineering for Linux or Windows CE. It's also the only book that shows you how SQL injection works, enabling you to inspect your database and web applications for vulnerability.Security Warrior is the most comprehensive and up-to-date book covering the art of computer war: attacks against computer systems and their defenses. It's often scary, and never comforting. If you're on the front lines, defending your site against attackers, you need this book. On your shelf--and in your hands.

Szczegóły książki

ISBN Ebooka:: 978-0-5965-5239-8, 9780596552398
Data wydania ebooka:: 2004-01-12
Język publikacji:: angielski
Rozmiar pliku ePub:: 3.9MB
Rozmiar pliku Mobi:: 3.9MB

Kategorie:
Sieci komputerowe
Hacking » Bezpieczeństwo sieci
Hacking » Bezpieczeństwo systemów
Hacking » Bezpieczeństwo WWW
Hacking » Inne

Spis treści

Security Warrior
- SPECIAL OFFER: Upgrade this ebook with OReilly
- A Note Regarding Supplemental Files
- Preface
  - Organization of This Book
  - Part I: Software Cracking
  - Part II: Network Stalking
  - Part III: Platform Attacks
  - Part IV: Advanced Defense
  - Part V: Appendix
  - Conventions Used in This Book
  - Using Code Examples
  - Comments and Questions
  - Acknowledgments
- I. Software Cracking
  - 1. Assembly Language
    - 1.1. Registers
      - 1.1.1. Understanding the Stack
      - 1.1.2. Addressing
    - 1.2. ASM Opcodes
    - 1.3. References
  - 2. Windows Reverse Engineering
    - 2.1. History of RCE
    - 2.2. Reversing Tools
      - 2.2.1. Hex Editors
      - 2.2.2. Disassemblers
      - 2.2.3. Debuggers
      - 2.2.4. System Monitors
      - 2.2.5. Unpackers
        
        2.2.5.1. The PE file format
        
        2.2.5.2. ProcDump
      - 2.2.6. Personal Firewalls
      - 2.2.7. Install Managers
    - 2.3. Reverse Engineering Examples
      - 2.3.1. Example 1: A Sample Crackme
      - 2.3.2. Example 2: Reversing Malicious Code
    - 2.4. References
  - 3. Linux Reverse Engineering
    - 3.1. Basic Tools and Techniques
      - 3.1.1. Overview of the Target
      - 3.1.2. Debugging
      - 3.1.3. Runtime Monitoring
      - 3.1.4. Disassembly
      - 3.1.5. Hex Dumps
    - 3.2. A Good Disassembly
      - 3.2.1. Identifying Functions
      - 3.2.2. Intermediate Code Generation
      - 3.2.3. Program Control Flow
    - 3.3. Problem Areas
      - 3.3.1. Antidebugging
      - 3.3.2. Antidisassembly
    - 3.4. Writing New Tools
      - 3.4.1. The ELF File Format
        
        3.4.1.1. Sample ELF reader
      - 3.4.2. Debugging with ptrace
      - 3.4.3. The GNU BFD Library
      - 3.4.4. Disassembling with libopcodes
    - 3.5. References
  - 4. Windows CE Reverse Engineering
    - 4.1. Windows CE Architecture
      - 4.1.1. Processors
      - 4.1.2. Kernel, Processes, and Threads
      - 4.1.3. Memory Architecture
      - 4.1.4. Graphics, Windowing, and Event Subsystem (GWES)
    - 4.2. CE Reverse Engineering Fundamentals
      - 4.2.1. The ARM Processor
      - 4.2.2. ARM Opcodes
        
        4.2.2.1. Branch (B)
        
        4.2.2.2. Branch with Link (BL)
        
        4.2.2.3. Move (MOV)
        
        4.2.2.4. Compare (CMP)
        
        4.2.2.5. Load/Store (LDR/STR)
        
        4.2.2.6. Shifting
    - 4.3. Practical CE Reverse Engineering
      - 4.3.1. Hello, World!
      - 4.3.2. CE Cracking Techniques
        
        4.3.2.1. Predictable system calls
        
        4.3.2.2. strlen and wcslen
        
        4.3.2.3. strcmp and CMP
        
        4.3.2.4. NOP sliding
      - 4.3.3. Disassembling a CE Program
        
        4.3.3.1. Loading the file
      - 4.3.4. Microsofts eMbedded Visual Tools
      - 4.3.5. Using the MVT
      - 4.3.6. Experiencing the MVC Environment
      - 4.3.7. Reverse Engineering test.exe
    - 4.4. Reverse Engineering serial.exe
      - 4.4.1. Overview
        
        4.4.1.1. Loading the target
        
        4.4.1.2. Debugging serial.exe
      - 4.4.2. Step-Through Investigation
      - 4.4.3. Abusing the System
      - 4.4.4. The Cracks
        
        4.4.4.1. Crack 1: Sleight of hand
        
        4.4.4.2. Crack 2: The NOP slide
        
        4.4.4.3. Crack 3: Preventive maintenance
    - 4.5. References
  - 5. Overflow Attacks
    - 5.1. Buffer Overflows
      - 5.1.1. A Sample Overflow
    - 5.2. Understanding Buffers
    - 5.3. Smashing the Stack
    - 5.4. Heap Overflows
    - 5.5. Preventing Buffer Overflows
      - 5.5.1. Automated Source-Code Checking
      - 5.5.2. Compiler Add-Ons
      - 5.5.3. Miscellaneous Protection Methods
    - 5.6. A Live Challenge
    - 5.7. References
- II. Network Stalking
  - 6. TCP/IP Analysis
    - 6.1. A Brief History of TCP/IP
    - 6.2. Encapsulation
    - 6.3. TCP
      - 6.3.1. TCP Features
      - 6.3.2. TCP Packet Field Descriptions
    - 6.4. IP
      - 6.4.1. IP Packet Format
    - 6.5. UDP
    - 6.6. ICMP
    - 6.7. ARP
    - 6.8. RARP
    - 6.9. BOOTP
    - 6.10. DHCP
    - 6.11. TCP/IP Handshaking
    - 6.12. Covert Channels
    - 6.13. IPv6
      - 6.13.1. Features of IPv6
      - 6.13.2. IPv6 Addressing
      - 6.13.3. Security Aspects of IPv6
    - 6.14. Ethereal
    - 6.15. Packet Analysis
    - 6.16. Fragmentation
      - 6.16.1. Fragmentation Variables
      - 6.16.2. Exploiting Fragments
      - 6.16.3. Fragmenting with Nmap
      - 6.16.4. hping
      - 6.16.5. Fragroute
    - 6.17. References
  - 7. Social Engineering
    - 7.1. Background
      - 7.1.1. Less Elite, More Effective
      - 7.1.2. Common Misconceptions
    - 7.2. Performing the Attacks
      - 7.2.1. Active and Passive Attacks
        
        7.2.1.1. Sample 1: Impersonation
        
        7.2.1.2. Sample 2: Impersonation and authority
        
        7.2.1.3. Sample 3: Blackmail
        
        7.2.1.4. Sample 4: Sympathy
      - 7.2.2. Preparing for an Attack
      - 7.2.3. Social Engineering Action Plan
      - 7.2.4. Social Engineering Information Collection Template
    - 7.3. Advanced Social Engineering
    - 7.4. References
  - 8. Reconnaissance
    - 8.1. Online Reconnaissance
      - 8.1.1. Passive Reconnaissance
        
        8.1.1.1. Utilities
        
        8.1.1.2. Web reconnaissance
      - 8.1.2. Active Reconnaissance
        
        8.1.2.1. Email
        
        8.1.2.2. Web site analysis
        
        8.1.2.3. FTP
        
        8.1.2.4. A word on stealth
        
        8.1.2.5. Human reconnaissance
    - 8.2. Conclusion
    - 8.3. References
  - 9. OS Fingerprinting
    - 9.1. Telnet Session Negotiation
    - 9.2. TCP Stack Fingerprinting
      - 9.2.1. Nmap Test
      - 9.2.2. Nmap Techniques
      - 9.2.3. Defeating Nmap
    - 9.3. Special-Purpose Tools
    - 9.4. Passive Fingerprinting
    - 9.5. Fuzzy Operating System Fingerprinting
      - 9.5.1. Obstacles to Fingerprinting
      - 9.5.2. Fuzzy Solution to Operating System Fingerprinting
    - 9.6. TCP/IP Timeout Detection
    - 9.7. References
  - 10. Hiding the Tracks
    - 10.1. From Whom Are You Hiding?
    - 10.2. Postattack Cleanup
      - 10.2.1. System Logs
        
        10.2.1.1. The exploit attempt itself
        
        10.2.1.2. The attacker's accesses before the exploit
        
        10.2.1.3. Erasing logfiles
      - 10.2.2. Application Logs
      - 10.2.3. Unix Shell History
      - 10.2.4. Unix Binary Logs
      - 10.2.5. Other Records
    - 10.3. Forensic Tracks
      - 10.3.1. File Traces
      - 10.3.2. Timestamps
        
        10.3.2.1. Countermeasures
    - 10.4. Maintaining Covert Access
      - 10.4.1. Hiding
      - 10.4.2. Hidden Access
    - 10.5. References
- III. Platform Attacks
  - 11. Unix Defense
    - 11.1. Unix Passwords
    - 11.2. File Permissions
      - 11.2.1. Attributes and Capabilities
    - 11.3. System Logging
    - 11.4. Network Access in Unix
      - 11.4.1. TCP Wrappers
      - 11.4.2. NFS/NIS
      - 11.4.3. Backups
      - 11.4.4. X Window System
    - 11.5. Unix Hardening
      - 11.5.1. Hardening Areas
        
        11.5.1.1. Checking installed software
        
        11.5.1.2. Patching the system
        
        11.5.1.3. Filesystem permissions
        
        11.5.1.4. Login security
        
        11.5.1.5. User security
        
        11.5.1.6. Physical security
        
        11.5.1.7. Network security
        
        11.5.1.8. Daemon security
        
        11.5.1.9. System logging and accounting
      - 11.5.2. Automated Hardening via Scripts
        
        11.5.2.1. Linux Bastille
        
        11.5.2.2. Kernel-level hardening
        
        11.5.2.3. Pitbull
        
        11.5.2.4. Openwall kernel patch
        
        11.5.2.5. LIDS
        
        11.5.2.6. "Secure Unix"
        
        11.5.2.7. Encrypted filesystems
    - 11.6. Unix Network Defense
      - 11.6.1. Advanced TCP Wrappers
        
        11.6.1.1. tcpd
        
        11.6.1.2. libwrap
      - 11.6.2. Application-Specific Access Controls
        
        11.6.2.1. BIND (DNS daemon)
        
        11.6.2.2. sendmail (some versions)
        
        11.6.2.3. SSH daemon (sshd)
        
        11.6.2.4. Apache web server
      - 11.6.3. System Configuration Changes
        
        11.6.3.1. Security from eavesdropping
        
        11.6.3.2. Secure Shell
      - 11.6.4. Host-Based Firewalls
        
        11.6.4.1. Linux iptables and ipchains
    - 11.7. References
  - 12. Unix Attacks
    - 12.1. Local Attacks
      - 12.1.1. Physical Abuses
      - 12.1.2. Boot Prompt Attacks
      - 12.1.3. Boot Interrupt
      - 12.1.4. Screensaver Attacks
      - 12.1.5. Path Abuse
      - 12.1.6. Password Attacks
      - 12.1.7. SUID Abuse
      - 12.1.8. /tmp and Symlink/Hardlink Abuse
      - 12.1.9. Breaking Out of chroot Jail
    - 12.2. Remote Attacks
      - 12.2.1. TCP
      - 12.2.2. UDP
      - 12.2.3. Top Unix Vulnerabilities
    - 12.3. Unix Denial-of-Service Attacks
      - 12.3.1. Local Attacks
        
        12.3.1.1. Destruction of resources
        
        12.3.1.2. Resource exhaustion
        
        12.3.1.3. Filling kernel data structures
      - 12.3.2. Network Attacks
      - 12.3.3. Distributed Denial-of-Service Attacks
        
        12.3.3.1. Coordinated and reflexive denial-of-service attacks
        
        12.3.3.2. Application-level denial-of-service attacks
    - 12.4. References
  - 13. Windows Client Attacks
    - 13.1. Denial-of-Service Attacks
      - 13.1.1. SMB Attack
      - 13.1.2. Universal Plug and Play Attack
      - 13.1.3. Help Center Attack
    - 13.2. Remote Attacks
    - 13.3. Remote Desktop/Remote Assistance
      - 13.3.1. Abusing the Remote Desktop
        
        13.3.1.1. tscrack
      - 13.3.2. Abusing Remote Assistance
    - 13.4. References
  - 14. Windows Server Attacks
    - 14.1. Release History
    - 14.2. Kerberos Authentication Attacks
    - 14.3. Kerberos Authentication Review
      - 14.3.1. Accessing Cross-Domain Network Resources
      - 14.3.2. Weaknesses in the Kerberos Protocol
        
        14.3.2.1. Vulnerability
        
        14.3.2.2. Obtaining the password-verification material
        
        14.3.2.3. Decrypting the timestamp
    - 14.4. Defeating Buffer Overflow Prevention
    - 14.5. Active Directory Weaknesses
    - 14.6. Hacking PKI
    - 14.7. Smart Card Hacking
      - 14.7.1. Smart Card Advantages
      - 14.7.2. Hardware Reverse Engineering
      - 14.7.3. EEPROM Trapping
      - 14.7.4. Power Consumption Analysis
    - 14.8. Encrypting File System Changes
      - 14.8.1. Background
      - 14.8.2. User Interaction
      - 14.8.3. Data Recovery on Standalone Machines
    - 14.9. Third-Party Encryption
      - 14.9.1. Summary of Functionality
      - 14.9.2. One-Time Password
      - 14.9.3. Local and Corporate Administrator Recovery
      - 14.9.4. Authenti-Check Self-Service Password Reset Tool
      - 14.9.5. User Program Configuration Options
      - 14.9.6. Network Installation and Updating of User Programs
      - 14.9.7. Single Sign-On
    - 14.10. References
  - 15. SOAP XML Web Services Security
    - 15.1. XML Encryption
    - 15.2. XML Signatures
    - 15.3. Reference
  - 16. SQL Injection
    - 16.1. Introduction to SQL
      - 16.1.1. SQL Commands
      - 16.1.2. Use of SQL
    - 16.2. SQL Injection Attacks
      - 16.2.1. Attack Types
        
        16.2.1.1. Unauthorized data access
        
        16.2.1.2. Authentication bypass
        
        16.2.1.3. Database modification
        
        16.2.1.4. Escape from a database
      - 16.2.2. Looking for Errors
    - 16.3. SQL Injection Defenses
      - 16.3.1. Obfuscation Defenses
      - 16.3.2. External Defenses
      - 16.3.3. Coding Defenses
      - 16.3.4. Conclusion
    - 16.4. PHP-Nuke Examples
      - 16.4.1. Installing PHP-Nuke
      - 16.4.2. Attacks
      - 16.4.3. Defenses
    - 16.5. References
  - 17. Wireless Security
    - 17.1. Reducing Signal Drift
    - 17.2. Problems with WEP
    - 17.3. Cracking WEP
      - 17.3.1. Data Analysis
      - 17.3.2. Wireless Sniffing
        
        17.3.2.1. Extracting the keystream
      - 17.3.3. IV Collision
    - 17.4. Practical WEP Cracking
    - 17.5. VPNs
      - 17.5.1. RADIUS
    - 17.6. TKIP
    - 17.7. SSL
    - 17.8. Airborne Viruses
      - 17.8.1. Embedded Malware Countermeasures
    - 17.9. References
- IV. Advanced Defense
  - 18. Audit Trail Analysis
    - 18.1. Log Analysis Basics
    - 18.2. Log Examples
      - 18.2.1. Unix
        
        18.2.1.1. Analysis of Unix logging
      - 18.2.2. Windows
      - 18.2.3. Remote Covert Logging
      - 18.2.4. Other Logging Variations
    - 18.3. Logging States
    - 18.4. When to Look at the Logs
    - 18.5. Log Overflow and Aggregation
    - 18.6. Challenge of Log Analysis
    - 18.7. Security Information Management
    - 18.8. Global Log Aggregation
    - 18.9. References
  - 19. Intrusion Detection Systems
    - 19.1. IDS Examples
      - 19.1.1. Host IDSs
        
        19.1.1.1. Logfile monitors
        
        19.1.1.2. Integrity monitors
      - 19.1.2. Network IDSs
        
        19.1.2.1. Signature matchers
        
        19.1.2.2. Anomaly detectors
    - 19.2. Bayesian Analysis
      - 19.2.1. Sensitivity Versus Specificity
        
        19.2.1.1. Sensitivity
        
        19.2.1.2. Specificity
        
        19.2.1.3. Accuracy
      - 19.2.2. Positive and Negative Predictive Values
      - 19.2.3. Likelihood Ratios
    - 19.3. Hacking Through IDSs
      - 19.3.1. Fragmentation
      - 19.3.2. Spoofing
      - 19.3.3. Protocol Mutation
      - 19.3.4. Attacking Integrity Checkers
    - 19.4. The Future of IDSs
      - 19.4.1. Embedded IDS
      - 19.4.2. Strict Anomaly Detection
      - 19.4.3. Host- Versus Network-Based IDSs
      - 19.4.4. Visual Display of Data
    - 19.5. Snort IDS Case Study
      - 19.5.1. System Setup
      - 19.5.2. Alert Viewing Setup
      - 19.5.3. IDS Rule Tuning
    - 19.6. IDS Deployment Issues
    - 19.7. References
  - 20. Honeypots
    - 20.1. Motivation
    - 20.2. Building the Infrastructure
      - 20.2.1. Procedure
        
        20.2.1.1. Preparation
        
        20.2.1.2. Infrastructure systems installation
        
        20.2.1.3. Victim machine installation
        
        20.2.1.4. Final steps
    - 20.3. Capturing Attacks
    - 20.4. References
  - 21. Incident Response
    - 21.1. Case Study: Worm Mayhem
    - 21.2. Definitions
    - 21.3. Incident Response Framework
      - 21.3.1. Preparation
      - 21.3.2. Identification
      - 21.3.3. Containment
      - 21.3.4. Eradication
      - 21.3.5. Recovery
      - 21.3.6. Follow-Up
        
        21.3.6.1. Benefits of the SANS framework
    - 21.4. Small Networks
    - 21.5. Medium-Sized Networks
    - 21.6. Large Networks
      - 21.6.1. Incident Identification
      - 21.6.2. Aggressive Response
      - 21.6.3. Recovery
    - 21.7. References
  - 22. Forensics and Antiforensics
    - 22.1. Hardware Review
      - 22.1.1. Hard Drives
      - 22.1.2. RAM
    - 22.2. Information Detritus
    - 22.3. Forensics Tools
      - 22.3.1. WinHex
    - 22.4. Bootable Forensics CD-ROMs
      - 22.4.1. Biatchux/FIRE
      - 22.4.2. ForensiX
    - 22.5. Evidence Eliminator
      - 22.5.1. Swap Files
      - 22.5.2. Temporary Files
      - 22.5.3. Windows Registry Streams
      - 22.5.4. Clipboard
      - 22.5.5. Chat Logs
      - 22.5.6. Browser Garbage (Internet Explorer)
      - 22.5.7. Options for Netscape Navigator Users
        
        22.5.7.1. Setting up Netscape paths
    - 22.6. Forensics Case Study: FTP Attack
      - 22.6.1. Introduction
      - 22.6.2. The Investigation
    - 22.7. References
- V. Appendix
  - A. Useful SoftICE Commands and Breakpoints
    - A.1. SoftICE Commands
    - A.2. Breakpoints
      - A.2.1. General
        
        A.2.1.1. Time-related
        
        A.2.1.2. Disk access
        
        A.2.1.3. File-related
        
        A.2.1.4. INI files-related
        
        A.2.1.5. Registry-related
- About the Authors
- Colophon
- SPECIAL OFFER: Upgrade this ebook with OReilly

pokaż cały spis treści

Security Warrior (ebook)(audiobook)(audiobook)

Ebook

Opis książki

Podobne produkty

Atak na sieć okiem hakera. Wykrywanie i eksploa...

Kliknij tutaj, aby zabić wszystkich. Bezpieczeń...

Blockchain. Podstawy technologii łańcucha blokó...

Sztuka podstępu. Łamałem ludzi, nie hasła. Wyda...

Kali Linux. Testy penetracyjne. Wydanie III

Bezpieczeństwo systemów informatycznych. Zasady...

Oceny i opinie klientów (0)

Szczegóły książki

Spis treści

Przenieś na półkę

Dodano produkt na półkę

Usunięto produkt z półki

Przeniesiono produkt do archiwum

Przeniesiono produkt do biblioteki

Security Warrior (ebook)(audiobook)(audiobook)

Ebook

Opis książki

Podobne produkty

Oceny i opinie klientów (0)

Szczegóły książki

Spis treści

Poinformuj mnie

Twoje uwagi do kursu

Wybierz metodę płatności

Przenieś na półkę

Dodano produkt na półkę

Usunięto produkt z półki

Przeniesiono produkt do archiwum

Przeniesiono produkt do biblioteki