Table of Contents for
Gray Hat Hacking The Ethical Hacker's Handbook, Fourth Edition, 4th Edition

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition Gray Hat Hacking The Ethical Hacker's Handbook, Fourth Edition, 4th Edition by Stephen Sims Published by McGraw-Hill Osborne Media, 2015
  1. Cover
  2. Gray Hat Hacking The Ethical Hacker’s Handbook, Fourth Edition
  3. Title Page
  4. Copyright Page
  5. Dedication
  6. Gray Hat Hacking The Ethical Hacker’s Handbook, Fourth Edition
  7. Gray Hat Hacking The Ethical Hacker’s Handbook, Fourth Edition
  8. Gray Hat Hacking The Ethical Hacker’s Handbook, Fourth Edition
  9. Contents
  10. Preface
  11. Acknowledgments
  12. Introduction
  13. Part I Crash Course: Preparing for the War
  14. Chapter 1 Ethical Hacking and the Legal System
  15. Chapter 2 Programming Survival Skills
  16. Chapter 3 Static Analysis
  17. Chapter 4 Advanced Analysis with IDA Pro
  18. Chapter 5 World of Fuzzing
  19. Chapter 6 Shellcode Strategies
  20. Chapter 7 Writing Linux Shellcode
  21. Part II From Vulnerability to Exploit
  22. Chapter 8 Spoofing-Based Attacks
  23. Chapter 9 Exploiting Cisco Routers
  24. Chapter 10 Basic Linux Exploits
  25. Chapter 11 Advanced Linux Exploits
  26. Chapter 12 Windows Exploits
  27. Chapter 13 Bypassing Windows Memory Protections
  28. Chapter 14 Exploiting the Windows Access Control Model
  29. Chapter 15 Exploiting Web Applications
  30. Chapter 16 Exploiting IE: Smashing the Heap
  31. Chapter 17 Exploiting IE: Use-After-Free Technique
  32. Chapter 18 Advanced Client-Side Exploitation with BeEF
  33. Chapter 19 One-Day Exploitation with Patch Diffing
  34. Part III Advanced Malware Analysis
  35. Chapter 20 Dissecting Android Malware
  36. Chapter 21 Dissecting Ransomware
  37. Chapter 22 Analyzing 64-bit Malware
  38. Chapter 23 Next-Generation Reverse Engineering
  39. Appendix About the Download
  40. Index
  41. Gray Hat Hacking The Ethical Hacker’s Handbook, Fourth Edition

 

 

INTRODUCTION

             I have seen enough of one war never to wish to see another.

—Thomas Jefferson

             I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones.

—Albert Einstein

             The art of war is simple enough. Find out where your enemy is. Get at him as soon as you can. Strike him as hard as you can, and keep moving on.

—Ulysses S. Grant

The goal of this book is to help produce more highly skilled security professionals who are dedicated to protecting against malicious hacking activity. It has been proven over and over again that it is important to understand one’s enemies, including their tactics, skills, tools, and motivations. Corporations and nations have enemies that are very dedicated and talented. We must work together to understand the enemies’ processes and procedures to ensure we can properly thwart their destructive and malicious behavior.

The authors of this book want to provide you, the reader, with something we believe the industry needs: a holistic review of ethical hacking that is responsible and truly ethical in its intentions and material. This is why we keep releasing new editions of this book with a clear definition of what ethical hacking is and is not—something society is very confused about.

We have updated the material from the third edition and have attempted to deliver the most comprehensive and up-to-date assembly of techniques, procedures, and material with real hands-on labs that can be replicated by the readers. Twelve new chapters are presented and the other chapters have been updated.

In Part I, we prepare the readers for the war with all the necessary tools and techniques to get the best understanding of the more advanced topics. This section covers the following:

         •  White, black, and gray hat definitions and characteristics

         •  The slippery ethical issues that should be understood before carrying out any type of ethical hacking activities

         •  Programming, which is a must-have skill for a gray hat hacker to be able to create exploits or review source code

         •  Reverse engineering, which is a mandatory skill when dissecting malware or researching vulnerabilities

         •  Fuzzing, which is a wonderful skill for finding 0-day exploits

         •  Shellcodes, creating these from scratch will enable you to dissect them when you find them in the wild

In Part II, we explain advanced penetration methods and exploits that no other books cover today, with hands-on labs for testing. Many existing books cover the same old tools and methods that have been rehashed numerous times, but we have chosen to go deeper into the advanced mechanisms that hackers have used in recent 0-days. We created hands-on labs for the following topics in this section:

image

 

image NOTE To ensure your system is properly configured to perform the labs, we have provided a README file for each lab as well as any files you will need to perform the labs. These files are available for download from the McGraw-Hill Professional Computing Downloads page: www.mhprofessional.com/getpage.php?c=computing_downloads.php&cat=112. Please see the Appendix for more information.

         •  Network attacks against Cisco routers

         •  ARP, DNS, NetBIOS, and LLMNR spoofing

         •  Advanced Linux and Windows vulnerabilities and how they are exploited

         •  Windows exploits updated with the monay.py PyCommand plug-in from the Corelan team

         •  Exploiting web applications, but instead of looking at well-known attacks (SQLi, XSS, and so on), focusing on bypassing techniques like MD5 injection, MySQL type conversion flaws, and Unicode Normalization Form attacks

         •  The latest working heap spray techniques with proof-of-concept source code available for replication

         •  Use-After-Free (UAF), which is the attacker’s vulnerability of choice when exploiting browsers in 2014, dissecting every single step of the techniques used for this real 0-day

         •  The Browser Exploitation Framework (BeEF) and how to hook and exploit browsers in an automated way

         •  Patch diffing to find nonpublic vulnerabilities by dissecting Microsoft patches

In Part III, we dedicate a full chapter to each of the latest advanced techniques for dissecting malware. We cover the following topics in this section:

         •  Android malware Now that this malicious code has been ported to smartphones, understanding the process for reversing and emulating this malware in a secure environment is mandatory.

         •  Ransomware One of the most sophisticated threats, ransomware can take full control of your Desktop or encrypt your personal information until you pay a ransom. It is imperative that you know how it works and, most importantly, how to deactivate it.

         •  64-bit malware With malware being ported to 64-bit operating systems, you need to know how to reverse these kinds of binaries and the challenges that you’ll have to overcome.

         •  Next-generation reverse engineering The latest and greatest reverse engineering techniques are discussed as an extra bonus for readers.

If you are ready to take the next step to advance and deepen your understanding of ethical hacking, this is the book for you.