Shellcoder's Handbook: Discovering and Exploiting Security Holes

Shellcoder's Handbook: Discovering and Exploiting Security Holes

by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte
     
 

View All Available Formats & Editions

  • This much-anticipated revision, written by the ultimate group of top security experts in the world, features 40 percent new content on how to find security holes in any operating system or application
  • New material addresses the many new exploitation techniques that have been discovered since the first edition, including attacking "unbreakable"

Overview

  • This much-anticipated revision, written by the ultimate group of top security experts in the world, features 40 percent new content on how to find security holes in any operating system or application
  • New material addresses the many new exploitation techniques that have been discovered since the first edition, including attacking "unbreakable" software packages such as McAfee's Entercept, Mac OS X, XP, Office 2003, and Vista
  • Also features the first-ever published information on exploiting Cisco's IOS, with content that has never before been explored
  • The companion Web site features downloadable code files

Editorial Reviews

bn.com
The Barnes & Noble Review
Every day, someone discovers a critical new security flaw in software you depend on. Quite often, those flaws appear first on Bugtraq, the world’s No. 1 vulnerability tracking maillist. Now, some of Bugtraq’s leading contributors show you exactly how they discover those holes -- and how to exploit them. Along the way, they reveal some never-before-published bugs -- including holes they claim are big enough to “take down the Internet.”

The authors cover platforms ranging from Windows to Solaris. They start with Linux on x86, where it’s easiest to understand the hacks because you can get inside the source code. Here, they introduce memory management and stack buffer overflows, format string overflows, and heap-based overflows. They also introduce basic shellcoding: how to write instructions that directly manipulate registers and a program’s functions. This can’t be done with high-level languages: We’re talking hexadecimal opcodes.

Next, the authors move on to Windows. Here, until recently, shellcoding was a true black art. Win32 doesn’t provide direct access to system calls, so more complex techniques are required. (As an example, the authors show how to bypass the vaunted stack protection Microsoft added to Windows 2003 Server.)

The authors then turn to the tools and techniques of vulnerability discovery: fault injection, fuzzing, source code auditing in C-based languages, instrumented investigation, tracing, and binary auditing of closed-source software. The book concludes with several especially sophisticated techniques, ranging from alternative payload strategies and database attacks to Unix kernel exploits. This stuff’s the real deal. Bill Camarda

Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2003 and Upgrading & Fixing Networks for Dummies, Second Edition.

Product Details

ISBN-13:
9780470080238
Publisher:
Wiley
Publication date:
08/13/2007
Edition description:
Revised Edition
Pages:
744
Sales rank:
87,283
Product dimensions:
7.30(w) x 9.20(h) x 1.70(d)

Related Subjects

Meet the Author

Chris Anley is a founder and director of NGSSoftware, a security software, consultancy, and research company based in London, England. He is actively involved in vulnerability research and has discovered security flaws in a wide variety of platforms including Microsoft Windows, Oracle, SQL Server, IBM DB2, Sybase ASE, MySQL, and PGP.

John Heasman is the Director of Research at NGSSoftware. He is a prolific security researcher and has published many security advisories in enterprise level software. He has a particular interest in rootkits and has authored papers on malware persistence via device firmware and the BIOS. He is also a co-author of The Database Hacker’s Handbook: Defending Database Servers (Wiley 2005).

Felix “FX” Linder leads SABRE Labs GmbH, a Berlin-based professional consulting company specializing in security analysis, system design creation, and verification work. Felix looks back at 18 years of programming and over a decade of computer security consulting for enterprise, carrier, and software vendor clients. This experience allows him to rapidly dive into complex systems and evaluate them from a security and robustness point of view, even in atypical scenarios and on arcane platforms. In his spare time, FX works with his friends from the Phenoelit hacking group on different topics, which have included Cisco IOS, SAP, HP printers, and RIM BlackBerry in the past.

Gerardo Richarte has been doing reverse engineering and exploit development for more than 15 years non-stop. In the past 10 years he helped build the technical arm of Core Security Technologies, where he works today. His current duties include developing exploits for Core IMPACT, researching new exploitation techniques and other low-level subjects, helping other exploit writers when things get hairy, and teaching internal and external classes on assembly and exploit writing. As result of his research and as a humble thank you to the community, he has published some technical papers and open source projects, presented in a few conferences, and released part of his training material. He really enjoys solving tough problems and reverse engineering any piece of code that falls in his reach just for the fun of doing it.

Customer Reviews

Average Review:

Write a Review

and post it to your social network

     

Most Helpful Customer Reviews

See all customer reviews >