Shellcoder's Handbook: Discovering and Exploiting Security Holes

Shellcoder's Handbook: Discovering and Exploiting Security Holes

Paperback(Revised Edition)

$44.99 $49.99 Save 10% Current price is $44.99, Original price is $49.99. You Save 10%.
View All Available Formats & Editions
Eligible for FREE SHIPPING
  • Want it by Thursday, October 18?   Order by 12:00 PM Eastern and choose Expedited Shipping at checkout.
    Same Day shipping in Manhattan. 
    See Details


Shellcoder's Handbook: Discovering and Exploiting Security Holes by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte

  • This much-anticipated revision, written by the ultimate groupof top security experts in the world, features 40 percent newcontent on how to find security holes in any operating system orapplication
  • New material addresses the many new exploitation techniquesthat have been discovered since the first edition, includingattacking "unbreakable" software packages such as McAfee'sEntercept, Mac OS X, XP, Office 2003, and Vista
  • Also features the first-ever published information onexploiting Cisco's IOS, with content that has never before beenexplored
  • The companion Web site features downloadable code files

Product Details

ISBN-13: 9780470080238
Publisher: Wiley
Publication date: 08/13/2007
Edition description: Revised Edition
Pages: 744
Sales rank: 568,919
Product dimensions: 7.00(w) x 9.20(h) x 1.60(d)

About the Author

Chris Anley is a founder and director of NGSSoftware, asecurity software, consultancy, and research company based inLondon, England. He is actively involved in vulnerability researchand has discovered security flaws in a wide variety of platformsincluding Microsoft Windows, Oracle, SQL Server, IBM DB2, SybaseASE, MySQL, and PGP.

John Heasman is the Director of Research at NGSSoftware.He is a prolific security researcher and has published manysecurity advisories in enterprise level software. He has aparticular interest in rootkits and has authored papers on malwarepersistence via device firmware and the BIOS. He is also aco-author of The Database Hacker’s Handbook: DefendingDatabase Servers (Wiley 2005).

Felix “FX” Linder leads SABRE Labs GmbH, aBerlin-based professional consulting company specializing insecurity analysis, system design creation, and verification work.Felix looks back at 18 years of programming and over a decade ofcomputer security consulting for enterprise, carrier, and softwarevendor clients. This experience allows him to rapidly dive intocomplex systems and evaluate them from a security and robustnesspoint of view, even in atypical scenarios and on arcane platforms.In his spare time, FX works with his friends from the Phenoelithacking group on different topics, which have included Cisco IOS,SAP, HP printers, and RIM BlackBerry in the past.

Gerardo Richarte has been doing reverse engineering andexploit development for more than 15 years non-stop. In the past 10years he helped build the technical arm of Core SecurityTechnologies, where he works today. His current duties includedeveloping exploits for Core IMPACT, researching new exploitationtechniques and other low-level subjects, helping other exploitwriters when things get hairy, and teaching internal and externalclasses on assembly and exploit writing. As result of his researchand as a humble thank you to the community, he has published sometechnical papers and open source projects, presented in a fewconferences, and released part of his training material. He reallyenjoys solving tough problems and reverse engineering any piece ofcode that falls in his reach just for the fun of doing it.

Read an Excerpt

Click to read or download

Table of Contents

About the Authors.


Introduction to the Second Edition.

Part I: Introduction to Exploitation: Linux on x86.

Chapter 1: Before You Begin.

Chapter 2: Stack Overflows.

Chapter 3: Shellcode.

Chapter 4: Introduction to Format String Bugs.

Chapter 5: Introduction to Heap Overflows.

Part II: Other Platforms—Windows, Solaris, OS/X, andCisco.

Chapter 6: The Wild World of Windows.

Chapter 7: Windows Shellcode.

Chapter 8: Windows Overflows.

Chapter 9: Overcoming Filters.

Chapter 10: Introduction to Solaris Exploitation.

Chapter 11: Advanced Solaris Exploitation.

Chapter 12: OS X Shellcode.

Chapter 13: Cisco IOS Exploitation.

Chapter 14: Protection Mechanisms.

Part III: Vulnerability Discovery.

Chapter 15: Establishing a Working Environment.

Chapter 16: Fault Injection.

Chapter 17: The Art of Fuzzing.

Chapter 18: Source Code Auditing: Finding Vulnerabilities inC-Based Languages.

Chapter 19: Instrumented Investigation: A Manual Approach.

Chapter 20: Tracing for Vulnerabilities.

Chapter 21: Binary Auditing: Hacking Closed Source Software.

Part IV: Advanced Materials.

Chapter 22: Alternative Payload Strategies.

Chapter 23: Writing Exploits that Work in the Wild.

Chapter 24: Attacking Database Software.

Chapter 25: Unix Kernel Overflows.

Chapter 26: Exploiting Unix Kernel Vulnerabilities.

Chapter 27: Hacking the Windows Kernel.


Customer Reviews

Most Helpful Customer Reviews

See All Customer Reviews