Table of Contents for
Gray Hat Hacking The Ethical Hacker's Handbook, Fourth Edition, 4th Edition

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition Gray Hat Hacking The Ethical Hacker's Handbook, Fourth Edition, 4th Edition by Stephen Sims Published by McGraw-Hill Osborne Media, 2015
  1. Cover
  2. Gray Hat Hacking The Ethical Hacker’s Handbook, Fourth Edition
  3. Title Page
  4. Copyright Page
  5. Dedication
  6. Gray Hat Hacking The Ethical Hacker’s Handbook, Fourth Edition
  7. Gray Hat Hacking The Ethical Hacker’s Handbook, Fourth Edition
  8. Gray Hat Hacking The Ethical Hacker’s Handbook, Fourth Edition
  9. Contents
  10. Preface
  11. Acknowledgments
  12. Introduction
  13. Part I Crash Course: Preparing for the War
  14. Chapter 1 Ethical Hacking and the Legal System
  15. Chapter 2 Programming Survival Skills
  16. Chapter 3 Static Analysis
  17. Chapter 4 Advanced Analysis with IDA Pro
  18. Chapter 5 World of Fuzzing
  19. Chapter 6 Shellcode Strategies
  20. Chapter 7 Writing Linux Shellcode
  21. Part II From Vulnerability to Exploit
  22. Chapter 8 Spoofing-Based Attacks
  23. Chapter 9 Exploiting Cisco Routers
  24. Chapter 10 Basic Linux Exploits
  25. Chapter 11 Advanced Linux Exploits
  26. Chapter 12 Windows Exploits
  27. Chapter 13 Bypassing Windows Memory Protections
  28. Chapter 14 Exploiting the Windows Access Control Model
  29. Chapter 15 Exploiting Web Applications
  30. Chapter 16 Exploiting IE: Smashing the Heap
  31. Chapter 17 Exploiting IE: Use-After-Free Technique
  32. Chapter 18 Advanced Client-Side Exploitation with BeEF
  33. Chapter 19 One-Day Exploitation with Patch Diffing
  34. Part III Advanced Malware Analysis
  35. Chapter 20 Dissecting Android Malware
  36. Chapter 21 Dissecting Ransomware
  37. Chapter 22 Analyzing 64-bit Malware
  38. Chapter 23 Next-Generation Reverse Engineering
  39. Appendix About the Download
  40. Index
  41. Gray Hat Hacking The Ethical Hacker’s Handbook, Fourth Edition

 

 

ABOUT THE AUTHORS

Daniel Regalado, aka Danux, is a Mexican senior malware and vulnerability researcher at FireEye and a former reverse engineer for Symantec. With more than 12 years in the security field, he has received several certifications such as CISSP, ISO 27001 Lead Author, OSCP, OSCE, and CREA, giving him the penetration testing and reverse engineering skills needed when dissecting Advanced Persistent Threats (APTs). He likes to give talks about his research; his most recent talk was presented at BsidesLV 2014. He also enjoys documenting interesting findings on his personal blog at danuxx.blogspot.com.

Shon Harris was the CEO and founder of Logical Security, as well as an author, educator, and security consultant. She was a former engineer with the U.S. Air Force Information Warfare unit and published several books on different disciplines within information security. Shon was also recognized as one of the top 25 women in information security by Information Security Magazine.

Allen Harper, CISSP, PCI QSA, is the executive vice president of Tangible Security, Inc. and lives in North Carolina. He retired from the Marine Corps after 20 years and a tour in Iraq. Prior to Tangible, he owned and operated a company, N2 Net Security, Inc. Additionally, he has served as a security analyst for the U.S. Department of the Treasury, Internal Revenue Service, and Computer Security Incident Response Center (CSIRC). He regularly speaks and teaches at events such as InfraGard, ISSA, Black Hat, and Techno.

Chris Eagle is a senior lecturer in the Computer Science Department at the Naval Postgraduate School (NPS) in Monterey, California. A computer engineer/scientist for 29 years, his research interests include computer network attack and defense, computer forensics, and reverse/anti-reverse engineering. He can often be found teaching at Black Hat or spending late nights working on capture the flag at Defcon.

Jonathan Ness, CHFI, is a lead software security engineer in Microsoft’s Security Response Center (MSRC). He and his coworkers ensure that Microsoft’s security updates comprehensively address reported vulnerabilities. He also leads the technical response of Microsoft’s incident response process that is engaged to address publicly disclosed vulnerabilities and exploits targeting Microsoft software. He serves one weekend each month as a security engineer in a reserve military unit.

Branko Spasojevic is a security engineer at Google. Before that he worked as a reverse engineer for Symantec where he analyzed various threats and APT groups.

Ryan Linn, CISSP, CSSLP, MCSE, CCNP-Security, OSCE, has more than 15 years of experience in information security. He has worked as a technical team leader, database administrator, Windows and UNIX systems administrator, network engineer, web application developer, systems programmer, information security engineer, and is currently a managing consultant doing network penetration testing. Ryan has delivered his research about ATM security, network protocol attacks, and penetration testing tactics at numerous conferences, including Black Hat, Defcon, DerbyCon, Shmoocon, and SecTor to name a few. He is also an open source project contributor for projects such as Metasploit, Ettercap, and the Browser Exploitation Framework.

Stephen Sims is a senior instructor and course author with the SANS Institute. He has written multiple courses on penetration testing, exploit development, and reverse engineering, and currently lives in the San Francisco Bay Area working as a consultant. He regularly speaks internationally at conferences and organizations ranging from RSA and OWASP AppSec to the ThaiCERT and Australian Information Security Association (AISA). Previously, Stephen spent many years working as a security architect and engineer at various Fortune 500 companies.

Disclaimer: The views expressed in this book are those of the authors and not of the U.S. government, the Microsoft Corporation, or any other Company mentioned herein.

About the Technical Editors

Rudolph Araujo is a director of product marketing at FireEye, where he focuses on defining the messaging and go-to-market strategies for the various FireEye security products and services. Rudolph has many years of software development experience on UNIX and Windows. Prior to joining FireEye, he was a director of professional services at McAfee. As part of that role, he led McAfee and Foundstone Professional Services in a number of regions, including, most recently, the Western United States. He was also responsible for leading the software and application security service lines and led some of the largest security assessment projects such as audits of automobile and farm equipment electronic security, telematics security assessments, and security reviews of software systems such as virtualization hypervisors and hardware diagnostics. Rudolph has a master’s degree from Carnegie Mellon University specializing in information security. He is a contributor to a number of industry journals such as Software Magazine, where he writes a column on security. His work has also been published in academic journals as well as IEEE’s Security & Privacy Magazine. He has been honored for the last 10 years in a row with the Microsoft Security MVP Award in recognition of his thought leadership and contributions to the security communities.

Sergio Humberto Lopez Lopez is the founder and CEO of White Hat Consultores. For the past 12 years, he has focused on leading information security projects and services for Mexican and Latin-American companies, specifically for financial, government, and national security institutions. He is a professional consultant who holds the CISSP, CISM, and OSCP certifications, and has worked with several technology manufacturers such as CISCO, 3Com, and HP. He likes to spend his time pursuing business endeavors, researching hacking techniques, playing chess, and studying mathematics. Sergio holds a bachelor’s degree in physics and mathematics in ESFM, IPN and a master’s degree in electrical engineering from CINVESTAV in Mexico City.