8. Exploiting Software - How To Break Code

Author: Myanmar Ebook Store Genre: » Programming

Rating

Acknowledgments
Greg's Acknowledgments
Gary's Acknowledgments

Chapter 1. Software—The Root of the Problem
A Brief History of Software
Bad Software Is Ubiquitous
The Trinity of Trouble
The Future of Software
What Is Software Security?
Conclusion

Chapter 2. Attack Patterns
A Taxonomy
An Open-Systems View
Tour of an Exploit
Attack Patterns: Blueprints for Disaster
An Example Exploit: Microsoft's Broken C++ Compiler
Applying Attack Patterns
Attack Pattern Boxes
Conclusion

Chapter 3. Reverse Engineering and Program Understanding
Into the House of Logic
Should Reverse Engineering Be Illegal?
Reverse Engineering Tools and Concepts
Approaches to Reverse Engineering
Methods of the Reverser
Writing Interactive Disassembler (IDA) Plugins
Decompiling and Disassembling Software
Decompilation in Practice: Reversing helpctr.exe
Automatic, Bulk Auditing for Vulnerabilities
Writing Your Own Cracking Tools
Building a Basic Code Coverage Tool
Conclusion

Chapter 4. Exploiting Server Software
The Trusted Input Problem
The Privilege Escalation Problem
Finding Injection Points
Input Path Tracing
Exploiting Trust through Configuration
Specific Techniques and Attacks for Server Software
Conclusion

Chapter 5. Exploiting Client Software
Client-side Programs as Attack Targets
In-band Signals
Cross-site Scripting (XSS)
Client Scripts and Malicious Code
Content-Based Attacks
Backwash Attacks: Leveraging Client-side Buffer Overflows
Conclusion

Chapter 6. Crafting (Malicious) Input
The Defender's Dilemma
Intrusion Detection (Not)
Partition Analysis
Tracing Code
Reversing Parser Code
Example: Reversing I-Planet Server 6.0 through the Front Door
Misclassification
Building "Equivalent" Requests
Audit Poisoning
Conclusion

Chapter 7. Buffer Overflow
Buffer Overflow 101
Injection Vectors: Input Rides Again
Buffer Overflows and Embedded Systems
Database Buffer Overflows
Buffer Overflows and Java?!
Content-Based Buffer Overflow
Audit Truncation and Filters with Buffer Overflow
Causing Overflow with Environment Variables
The Multiple Operation Problem
Finding Potential Buffer Overflows
Stack Overflow
Arithmetic Errors in Memory Management
Format String Vulnerabilities
Heap Overflows
Buffer Overflows and C++
Payloads
Payloads on RISC Architectures
Multiplatform Payloads
Prolog/Epilog Code to Protect Functions
Conclusion

Chapter 8. Rootkits
Subversive Programs
A Simple Windows XP Kernel Rootkit
Call Hooking
Trojan Executable Redirection
Hiding Files and Directories
Patching Binary Code
The Hardware Virus
Low-Level Disk Access
Adding Network Support to a Driver
Interrupts
Key Logging
Advanced Rootkit Topics
Conclusion

References
Index

Posted by Myanmar Ebook Store Posted on

Myanmar Ebook Store

8. Exploiting Software - How To Break Code

Leave a Reply

Category List

Blog Archive

Blogger templates

Blogger news

Blogroll