Tous nos rayons

Déjà client ? Identifiez-vous

Mot de passe oublié ?

Nouveau client ?

CRÉER VOTRE COMPTE
Writing Security Tools and Exploits
Ajouter à une liste

Librairie Eyrolles - Paris 5e
Indisponible

Writing Security Tools and Exploits

Writing Security Tools and Exploits

James C. Foster - Collection 4 Free Booklets Your Solutions Membership

650 pages, parution le 15/01/2006

Résumé

Learn to Write the Security Tools the Other Books Only Teach You to Use Exploits. In information technology circles, the term exploits has become synonymous with vulnerabilities. It is a scary word that can keep you up at night wondering if you have purchased the best firewalls, configured your new host-based intrusion prevention system correctly, and patched your entire environment. It's also a topic that can enter the security water-cooler discussions faster than McAfee's new wicked antivirus software or Symantec's latest acquisition. Exploits are proof that the computer science or software programming community still does not have an understanding of how to design, create, and implement secure code.

  • Write Solid Shellcode
    Learn the techniques used to make the most out of vulnerabilities by employing the correct shellcode.
  • Reverse Connection Shellcode
    See how reverse connection shellcode makes a connection from a hacked system to a different system where it can be caught using network tools such as netcat.
  • Buffer Overflow Exploits
    Find techniques to protect against buffer overflows such as allocating buffers for string operations dynamically on the heap.
  • Heap Overflows
    Heap overflows have become the most prominent software security bugs. See how they can have varying exploitation techniques and consequences.
  • Format Strings
    Format string vulnerabilities occur when programmers pass externally supplied data to a printf function (or similar) as part of the format string argument.
  • Race Conditions
    Nearly all race condition exploits are written from a local attacker's perspective and have the potential to escalate privileges, overwrite files, or compromise protected data.
  • Exploitable Integer Bugs
    See how integer bugs are harder for a researcher to spot than stack overflow vulnerabilities and learn why the implications of integer calculation errors are less understood by developers as a whole.
  • Code for Nessus
    Use NASLs to check for security vulnerabilities or misconfigurations.
  • Metasploit Framework (MSF)
    Use MSF and its components, msfweb, msfconsole, and msfcli, as an exploitation platform.
  • Meterpreter Extensions
    Use the power of the Meterpreter payload system to load custom-written DLLs into an exploited process's address space.

L'auteur - James C. Foster

James C. Foster, Fellow is the Deputy Director of Global Security Solution Development for Computer Sciences Corporation where he is responsible for the vision and development of physical, personnel, and data security solutions. Prior to CSC, Foster was the Director of Research and Development for Foundstone Inc. (acquired by McAfee) and was responsible for all aspects of product, consulting, and corporate R&D initiatives. Prior to joining Foundstone, Foster was an Executive Advisor and Research Scientist with Guardent Inc. (acquired by Verisign) and an adjunct author at Information Security Magazine (acquired byTechTarget), subsequent to working as Security Research Specialist for the Department of Defense. With his core competencies residing in high-tech remote management, international expansion, application security, protocol analysis, and search algorithm technology, Foster has conducted numerous code reviews for commercial OS components, Win32 application assessments, and reviews on commercial-grade cryptography implementations.

Foster is a seasoned speaker and has presented throughout North America at conferences, technology forums, security summits, and research symposiums with highlights at the Microsoft Security Summit, Black Hat USA, Black Hat Windows, MIT Wireless Research Forum, SANS, MilCon, TechGov, InfoSec World 2001, and the Thomson Security Conference. He also is commonly asked to comment on pertinent security issues and has been sited in USAToday, Information Security Magazine, Baseline, Computer World, Secure Computing, and the MIT Technologist. Foster holds an A.S., B.S., MBA and numerous technology and management certifications and has attended or conducted research at the Yale School of Business, Harvard University, the University of Maryland, and is currently a Fellow at University of Pennsylvania's Wharton School of Business.

Foster is also a well published author with multiple commercial and educational papers; and has authored, contributed, or edited for major publications to include Snort 2.1 Intrusion Detection (Syngress Publishing, ISBN: 1-931836-04-3), Hacking Exposed, Fourth Edition, Anti-Hacker Toolkit, Second Edition, Advanced Intrusion Detection, Hacking the Code: ASP NET Web Application Security (Syngress, ISBN: 1-932266-65-8), Anti-Spam Toolkit, and the forthcoming Google Hacking for Penetration Techniques (Syngress, ISBN: 1-931836-36-1) .

Sommaire

  • Writing exploits and security tools
  • Assembly and shellcode
  • Exploits : stack
  • Exploits : heap
  • Exploits : format strings
  • Writing Exploits I
  • Writing Exploits II
  • Coding for Ethereal
  • Coding for Nessus
  • Extending Metasploit I
  • Extending Metasploit II
  • Extending Metasploit III
Voir tout
Replier

Caractéristiques techniques

  PAPIER
Éditeur(s) Syngress
Auteur(s) James C. Foster
Collection 4 Free Booklets Your Solutions Membership
Parution 15/01/2006
Nb. de pages 650
Format 18 x 23
Couverture Broché
Poids 935g
Intérieur Noir et Blanc
EAN13 9781597499972
ISBN13 978-1-59749-997-2

Avantages Eyrolles.com

Livraison à partir de 0,01 en France métropolitaine
Paiement en ligne SÉCURISÉ
Livraison dans le monde
Retour sous 15 jours
+ d'un million et demi de livres disponibles
satisfait ou remboursé
Satisfait ou remboursé
Paiement sécurisé
modes de paiement
Paiement à l'expédition
partout dans le monde
Livraison partout dans le monde
Service clients sav@commande.eyrolles.com
librairie française
Librairie française depuis 1925
Recevez nos newsletters
Vous serez régulièrement informé(e) de toutes nos actualités.
Inscription