Table of Contents for
Gray Hat Hacking The Ethical Hacker’s Handbook

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition Gray Hat Hacking The Ethical Hacker’s Handbook by Jonathan Ness Published by McGraw-Hill, 2011
  1. Cover Page
  2. Gray Hat Hacking the Ethical Hacker’s Handbook
  3. Gray Hat Hacking the Ethical Hacker’s Handbook
  4. Copyright Page
  5. Gray Hat Hacking the Ethical Hacker’s Handbook
  6. Gray Hat Hacking the Ethical Hacker’s Handbook
  7. Gray Hat Hacking the Ethical Hacker’s Handbook
  8. Gray Hat Hacking the Ethical Hacker’s Handbook
  9. Contents
  10. Preface
  11. Acknowledgments
  12. Introduction
  13. Part I Introduction to Ethical Disclosure
  14. Chapter 1 Ethics of Ethical Hacking
  15. Chapter 2 Ethical Hacking and the Legal System
  16. Chapter 3 Proper and Ethical Disclosure
  17. Part II Penetration Testing and Tools
  18. Chapter 4 Social Engineering Attacks
  19. Chapter 5 Physical Penetration Attacks
  20. Chapter 6 Insider Attacks
  21. Chapter 7 Using the BackTrack Linux Distribution
  22. Chapter 8 Using Metasploit
  23. Chapter 9 Managing a Penetration Test
  24. Part III Exploiting
  25. Chapter 10 Programming Survival Skills
  26. Chapter 11 Basic Linux Exploits
  27. Chapter 12 Advanced Linux Exploits
  28. Chapter 13 Shellcode Strategies
  29. Chapter 14 Writing Linux Shellcode
  30. Chapter 15 Windows Exploits
  31. Chapter 16 Understanding and Detecting Content-Type Attacks
  32. Chapter 17 Web Application Security Vulnerabilities
  33. Chapter 18 VoIP Attacks
  34. Chapter 19 SCADA Attacks
  35. Part IV Vulnerability Analysis
  36. Chapter 20 Passive Analysis
  37. Chapter 21 Advanced Static Analysis with IDA Pro
  38. Chapter 22 Advanced Reverse Engineering
  39. Chapter 23 Client-Side Browser Exploits
  40. Chapter 24 Exploiting the Windows Access Control Model
  41. Chapter 25 Intelligent Fuzzing with Sulley
  42. Chapter 26 From Vulnerability to Exploit
  43. Chapter 27 Closing the Holes: Mitigation
  44. Part V Malware Analysis
  45. Chapter 28 Collecting Malware and Initial Analysis
  46. Chapter 29 Hacking Malware
  47. Index

INTRODUCTION

I have seen enough of one war never to wish to see another.

—Thomas Jefferson

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones.

—Albert Einstein

The art of war is simple enough. Find out where your enemy is. Get at him as soon as you can. Strike him as hard as you can, and keep moving on.

—Ulysses S. Grant

The goal of this book is to help produce more highly skilled security professionals who are dedicated to protecting against malicious hacking activity. It has been proven over and over again that it is important to understand one’s enemies, including their tactics, skills, tools, and motivations. Corporations and nations have enemies that are very dedicated and talented. We must work together to understand the enemies’ processes and procedures to ensure that we can properly thwart their destructive and malicious behavior.

The authors of this book want to provide the readers with something we believe the industry needs: a holistic review of ethical hacking that is responsible and truly ethical in its intentions and material. This is why we are starting this book with a clear definition of what ethical hacking is and is not—something society is very confused about.

We have updated the material from the first and second editions and have attempted to deliver the most comprehensive and up-to-date assembly of techniques, procedures, and material. Nine new chapters are presented and the other chapters have been updated.

In Part I of this book we lay down the groundwork of the necessary ethics and expectations of a gray hat hacker. This section:

• Clears up the confusion about white, black, and gray hat definitions and characteristics

• Reviews the slippery ethical issues that should be understood before carrying out any type of ethical hacking activities

• Reviews vulnerability discovery reporting challenges and the models that can be used to deal with those challenges

• Surveys legal issues surrounding hacking and many other types of malicious activities

• Walks through proper vulnerability discovery processes and current models that provide direction

In Part II, we introduce more advanced penetration methods and tools that no other books cover today. Many existing books cover the same old tools and methods that have been rehashed numerous times, but we have chosen to go deeper into the advanced mechanisms that real gray hats use today. We discuss the following topics in this section:

• Automated penetration testing methods and advanced tools used to carry out these activities

• The latest tools used for penetration testing

• Physical, social engineering, and insider attacks

In Part III, we dive right into the underlying code and teach the reader how specific components of every operating system and application work, and how they can be exploited. We cover the following topics in this section:

• Program Coding 101 to introduce you to the concepts you will need to understand for the rest of the sections

• How to exploit stack operations and identify and write buffer overflows

• How to identify advanced Linux and Windows vulnerabilities and how they are exploited

• How to create different types of shellcode to develop your own proof-of-concept exploits and necessary software to test and identify vulnerabilities

• The latest types of attacks, including client-based, web server, VoIP, and SCADA attacks

In Part IV, we go even deeper, by examining the most advanced topics in ethical hacking that many security professionals today do not understand. In this section, we examine the following:

• Passive and active analysis tools and methods

• How to identify vulnerabilities in source code and binary files

• How to reverse-engineer software and disassemble the components

• Fuzzing and debugging techniques

• Mitigation steps of patching binary and source code

In Part V, we have provided a section on malware analysis. At some time or another, the ethical hacker will come across a piece of malware and may need to perform basic analysis. In this section, you will learn about the following topics:

• Collection of your own malware specimen

• Analysis of malware, including a discussion of de-obfuscation techniques

If you are ready to take the next step to advance and deepen your understanding of ethical hacking, this is the book for you.

We’re interested in your thoughts and comments. Please send us an e-mail at book@grayhathackingbook.com. Also, for additional technical information and resources related to this book and ethical hacking, browse to www.grayhathackingbook.com or www.mhprofessional.com/product.php?cat=112&isbn=0071742557.