چه کسانی این کتاب را می‌خوانند

دانشجوعلاقه‌مند یادگیری
کتابخوان حرفه‌ایلذت مطالعه
نویسندهالهام‌گیری

iOS Hacker's Handbook

Charlie Miller & Dion Blazakis & Dino DaiZovi & Stefan Esser & Vincenzo Iozzo & Ralf-Philip Weinmann

قیمت نهایی

۴۴٬۰۰۰ تومان۴۹٬۰۰۰ تومان۱۰٪ تخفیف
  • تخفیف زمان‌دار−۵٬۰۰۰ تومان

۵٬۰۰۰ تومان صرفه‌جویی نسبت به قیمت اصلی

نسخه اصلی و اورجینال

بلافاصله پس از خرید، فایل کتاب روی دستگاه شما آمادهٔ دانلود است.

تحویل فوری
پرداخت امن
ضمانت فایل
پشتیبانی

مشخصات کتاب

ناشر
Wiley & Sons
سال انتشار
۲۰۱۲
فرمت
EPUB
زبان
انگلیسی
تعداد صفحات
۴ صفحه
حجم فایل
۷٫۵ مگابایت
شابک
9780080515892، 9780321446114، 9780321525017، 9781118204122، 9781118228432، 9781118240755، 9781118265543، 9781138436435، 9781282680968، 9781282880078، 9781283927857، 9781482280845، 9781578201341، 9781596932142، 9781596932159، 9781597494861، 9781597494878، 9785932861479، 9788131747797، 0080515894، 0321446119، 0321525019، 1118204123، 111822843X، 1118240758، 1118265548، 1138436437، 128268096X، 1282880071، 1283927853، 1482280841، 1578201349، 1596932147، 1596932155، 1597494860، 1597494879، 5932861479، 8131747794

دربارهٔ کتاب

**Discover all the security risks and exploits that can threaten iOS-based mobile devices**iOS is Apple's mobile operating system for the iPhone and iPad. With the introduction of iOS5, many security issues have come to light. This book explains and discusses them all. The award-winning author team, experts in Mac and iOS security, examines the vulnerabilities and the internals of iOS to show how attacks can be mitigated. The book explains how the operating system works, its overall security architecture, and the security risks associated with it, as well as exploits, rootkits, and other payloads developed for it. * Covers iOS security architecture, vulnerability hunting, exploit writing, and how iOS jailbreaks work * Explores iOS enterprise and encryption, code signing and memory protection, sandboxing, iPhone fuzzing, exploitation, ROP payloads, and baseband attacks * Also examines kernel debugging and exploitation * Companion website includes source code and tools to facilitate your efforts __iOS Hacker's Handbook__ arms you with the tools needed to identify, understand, and foil iOS attacks.

FUZZING

Master One of Today’s Most Powerful Techniques for Revealing Security Flaws!

Fuzzing has evolved into one of today’s most effective approaches to test software security. To “fuzz,” you attach a program’s inputs to a source of random data, and then systematically identify the failures that arise. Hackers have

relied on fuzzing for years: Now, it’s your turn. In this book, renowned fuzzing experts show you how to use fuzzing to reveal weaknesses in your software before someone else does.

Fuzzing is the first and only book to cover fuzzing from start to finish, bringing disciplined best practices to a technique that has traditionally been implemented informally. The authors begin by reviewing how fuzzing works and outlining its crucial advantages over other security testing methods. Next, they introduce state-of-the-art fuzzing techniques for finding vulnerabilities in network protocols, file formats, and web applications; demonstrate the use of automated fuzzing tools; and present several insightful case histories showing fuzzing at work. Coverage includes:

• Why fuzzing simplifies test design and catches flaws other methods miss

• The fuzzing process: from identifying inputs to assessing “exploitability”

• Understanding the requirements for effective fuzzing

• Comparing mutation-based and generation-based fuzzers

• Using and automating environment variable and argument fuzzing

• Mastering in-memory fuzzing techniques

• Constructing custom fuzzing frameworks and tools

• Implementing intelligent fault detection

Attackers are already using fuzzing. You should, too. Whether you’re a developer, security engineer, tester, or QA specialist, this book teaches you how to build secure software.

Foreword xix

Preface xxi

Acknowledgments xxv

About the Author xxvii

P ARTI B ACKGROUND 1

Chapter 1 Vulnerability Discovery Methodologies 3

Chapter 2 What Is Fuzzing? 21

Chapter 3 Fuzzing Methods and Fuzzer Types 33

Chapter 4 Data Representation and Analysis 45

Chapter 5 Requirements for Effective Fuzzing 61

P ART II T ARGETS AND A UTOMATION 71

Chapter 6 Automation and Data Generation 73

Chapter 7 Environment Variable and Argument Fuzzing 89

Chapter 8 Environment Variable and Argument Fuzzing: Automation 103

Chapter 9 Web Application and Server Fuzzing 113

Chapter 10 Web Application and Server Fuzzing: Automation 137

Chapter 11 File Format Fuzzing 169

Chapter 12 File Format Fuzzing: Automation on UNIX 181

Chapter 13 File Format Fuzzing: Automation on Windows 197

Chapter 14 Network Protocol Fuzzing 223

Chapter 15 Network Protocol Fuzzing: Automation on UNIX 235

Chapter 16 Network Protocol Fuzzing: Automation on Windows 249

Chapter 17 Web Browser Fuzzing 267

Chapter 18 Web Browser Fuzzing: Automation 283

Chapter 19 In-Memory Fuzzing 301

Chapter 20 In-Memory Fuzzing: Automation 315

P ART III A DVANCED F UZZING T ECHNOLOGIES 349

Chapter 21 Fuzzing Frameworks 351

Chapter 22 Automated Protocol Dissection 419

Chapter 23 Fuzzer Tracking 437

Chapter 24 Intelligent Fault Detection 471

P ART IV L OOKING F ORWARD 495

Chapter 25 Lessons Learned 497

Chapter 26 Looking Forward 507

Index 519

"A very interesting book that not only exposes readers to kernel exploitation techniques, but also deeply motivates the study of operating systems internals, moving such study far beyond simple curiosity."--Golden G. Richard III, Ph. D., Professor of Computer Science, University of New Orleans and CTO, Digital Forensics Solutions, LLC The number of security countermeasures against user-land exploitation is on the rise. Because of this, kernel exploitation is becoming much more popular among exploit writers and attackers. Playing with the heart of the operating system can be a dangerous game : This book covers the theoretical techniques and approaches needed to develop reliable and effective kernel level exploits and applies them to different operating systems (UNIX derivatives, Mac OS X, and Windows). Kernel exploits require both art and science to achieve. Every OS has its quirks and so every exploit must be molded to fully exploit its target. This book discusses the most popular OS families-UNIX derivatives, Mac OS X, and Windows-and how to gain complete control over them. Concepts and tactices are presented categorically so that even when a specifically detailed exploit has been patched, the foundational information that you have read will help you to write a newer, better attack or a more concrete design and defensive structure. Covers a range of operating system families - UNIX derivatives, Mac OS X, Windows Details common scenarios such as generic memory corruption (stack overflow, heap overflow, etc.) issues, logical bugs and race conditions Delivers the reader from user-land exploitation to the world of kernel-land (OS) exploits/attacks, with a particular focus on the steps that lead to the creation of successful techniques, in order to give to the reader something more than just a set of tricks Covers a range of operating system families - UNIX derivatives, Mac OS X, Windows Details common scenarios such as generic memory corruption (stack overflow, heap overflow, etc.) issues, logical bugs and race conditions Delivers the reader from user-land exploitation to the world of kernel-land (OS) exploits/attacks, with a particular focus on the steps that lead to the creation of successful techniques, in order to give to the reader something more than just a set of tricks This is the eBook version of the printed book. If the print book includes a CD-ROM, this content is not included within the eBook version. FUZZING Master One of Today's Most Powerful Techniques for Revealing Security Flaws! Fuzzing has evolved into one of today's most effective approaches to test software security. To “fuzz,” you attach a program's inputs to a source of random data, and then systematically identify the failures that arise. Hackers have relied on fuzzing for years: Now, it's your turn. In this book, renowned fuzzing experts show you how to use fuzzing to reveal weaknesses in your software before someone else does. Fuzzing is the first and only book to cover fuzzing from start to finish, bringing disciplined best practices to a technique that has traditionally been implemented informally. The authors begin by reviewing how fuzzing works and outlining its crucial advantages over other security testing methods. Next, they introduce state-of-the-art fuzzing techniques for finding vulnerabilities in network protocols, file formats, and web applications; demonstrate the use of automated fuzzing tools; and present several insightful case histories showing fuzzing at work. Coverage includes: • Why fuzzing simplifies test design and catches flaws other methods miss • The fuzzing process: from identifying inputs to assessing “exploitability” • Understanding the requirements for effective fuzzing • Comparing mutation-based and generation-based fuzzers • Using and automating environment variable and argument fuzzing • Mastering in-memory fuzzing techniques • Constructing custom fuzzing frameworks and tools • Implementing intelligent fault detection Attackers are already using fuzzing. You should, too. Whether you're a developer, security engineer, tester, or QA specialist, this book teaches you how to build secure software. A Guide to Kernel Exploitation: Attacking the Core discusses the theoretical techniques and approaches needed to develop reliable and effective kernel-level exploits, and applies them to different operating systems, namely, UNIX derivatives, Mac OS X, and Windows. Concepts and tactics are presented categorically so that even when a specifically detailed vulnerability has been patched, the foundational information provided will help hackers in writing a newer, better attack; or help pen testers, auditors, and the like develop a more concrete design and defensive structure.The book is organized into four parts. Part I introduces the kernel and sets out the theoretical basis on which to build the rest of the book. Part II focuses on different operating systems and describes exploits for them that target various bug classes. Part III on remote kernel exploitation analyzes the effects of the remote scenario and presents new techniques to target remote issues. It includes a step-by-step analysis of the development of a reliable, one-shot, remote exploit for a real vulnerabilitya bug affecting the SCTP subsystem found in the Linux kernel. Finally, Part IV wraps up the analysis on kernel exploitation and looks at what the future may hold. Covers a range of operating system families — UNIX derivatives, Mac OS X, Windows Details common scenarios such as generic memory corruption (stack overflow, heap overflow, etc.) issues, logical bugs and race conditions Delivers the reader from user-land exploitation to the world of kernel-land (OS) exploits/attacks, with a particular focus on the steps that lead to the creation of successful techniques, in order to give to the reader something more than just a set of tricks

The number of security countermeasures against user-land exploitation is on the rise. Because of this, kernel exploitation is becoming much more popular among exploit writers and attackers. Playing with the heart of the operating system can be a dangerous game: This book covers the theoretical techniques and approaches needed to develop reliable and effective kernel-level exploits and applies them to different operating systems (Linux, Solaris, Mac OS X, and Windows). Kernel exploits require both art and science to achieve. Every OS has its quirks and so every exploit must be molded to fully exploit its target. This book discusses the most popular OS families—UNIX derivatives, Mac OS X, and Windows—and how to gain complete control over them. Concepts and tactics are presented categorically so that even when a specifically detailed exploit has been patched, the foundational information that you have read will help you to write a newer, better attack or a more concrete design and defensive structure.



  • Covers a range of operating system families — UNIX derivatives, Mac OS X, Windows
  • Details common scenarios such as generic memory corruption (stack overflow, heap overflow, etc.) issues, logical bugs and race conditions
  • Delivers the reader from user-land exploitation to the world of kernel-land (OS) exploits/attacks, with a particular focus on the steps that lead to the creation of successful techniques, in order to give to the reader something more than just a set of tricks
A Guide to Kernel Attacking the Core discusses the theoretical techniques and approaches needed to develop reliable and effective kernel-level exploits, and applies them to different operating systems, namely, UNIX derivatives, Mac OS X, and Windows. Concepts and tactics are presented categorically so that even when a specifically detailed vulnerability has been patched, the foundational information provided will help hackers in writing a newer, better attack; or help pen testers, auditors, and the like develop a more concrete design and defensive structure. The book is organized into four parts. Part I introduces the kernel and sets out the theoretical basis on which to build the rest of the book. Part II focuses on different operating systems and describes exploits for them that target various bug classes. Part III on remote kernel exploitation analyzes the effects of the remote scenario and presents new techniques to target remote issues. It includes a step-by-step analysis of the development of a reliable, one-shot, remote exploit for a real vulnerabilitya bug affecting the SCTP subsystem found in the Linux kernel. Finally, Part IV wraps up the analysis on kernel exploitation and looks at what the future may hold.

Discover all the security risks and exploits that can threaten iOS-based mobile devices

iOS is Apple's mobile operating system for the iPhone and iPad. With the introduction of iOS5, many security issues have come to light. This book explains and discusses them all. The award-winning author team, experts in Mac and iOS security, examines the vulnerabilities and the internals of iOS to show how attacks can be mitigated. The book explains how the operating system works, its overall security architecture, and the security risks associated with it, as well as exploits, rootkits, and other payloads developed for it.

  • Covers iOS security architecture, vulnerability hunting, exploit writing, and how iOS jailbreaks work
  • Explores iOS enterprise and encryption, code signing and memory protection, sandboxing, iPhone fuzzing, exploitation, ROP payloads, and baseband attacks
  • Also examines kernel debugging and exploitation
  • Companion website includes source code and tools to facilitate your efforts

iOS Hacker's Handbook arms you with the tools needed to identify, understand, and foil iOS attacks.

Discover all the security risks and exploits that can threaten iOS-based mobile devices

iOS is Apple's mobile operating system for the iPhone and iPad. With the introduction of iOS5, many security issues have come to light. This book explains and discusses them all. The award-winning author team, experts in Mac and iOS security, examines the vulnerabilities and the internals of iOS to show how attacks can be mitigated. The book explains how the operating system works, its overall security architecture, and the security risks associated with it, as well as exploits, rootkits, and other payloads developed for it.

  • Covers iOS security architecture, vulnerability hunting, exploit writing, and how iOS jailbreaks work
  • Explores iOS enterprise and encryption, code signing and memory protection, sandboxing, iPhone fuzzing, exploitation, ROP payloads, and baseband attacks
  • Also examines kernel debugging and exploitation
  • Companion website includes source code and tools to facilitate your efforts

iOS Hacker's Handbook arms you with the tools needed to identify, understand, and foil iOS attacks.

"The number of security countermeasures against user-land exploitation is on the rise. Because of this, kernel exploitation is becoming much more popular among exploit writers and attackers. Playing with the heart of the operating system can be a dangerous game : this book covers the theoretical techniques and approaches needed to develop reliable and effective kernel level exploits and applies them to different operating systems (UNIX derivatives, Mac OS X, and Windows). Kernel exploits require both art and science to achieve. Every SO has to quirks and so every exploit must be molded to fully exploit this target. This book discusses the most popular OS families - UNIX derivatives, Mac OS X, and Windows - and how to gain complete control over them. Concepts and tactics are presented categorically so that even when a specifically detailed exploit has been patched, the foundational information that you have read will help you to write a newer, better attack or a more concrete design and defensive structure." (source : 4ème de couverture) Fuzzing for Software Security Testing and Quality Assurance gives software developers a powerful new tool to build secure, high-quality software, and takes a weapon from the malicious hackers' arsenal. This practical resource helps developers think like a software cracker, so they can find and patch flaws in software before harmful viruses, worms, and Trojans can use these vulnerabilities to rampage systems. Traditional software programmers and testers learn how to make fuzzing a standard practice that integrates seamlessly with all development activities. The book progresses through each phase of software development and points out where testing and auditing can tighten security. It surveys all popular commercial fuzzing tools and explains how to select the right one for a software development project. The book also covers those cases where commercial tools fall short and developers need to build their own custom fuzzing tools "Fuzzing is the first and only book to cover fuzzing from start to finish, bringing disciplined best practices to a technique that has traditionally been implemented informally. The authors begin by reviewing how fuzzing works and outlining its crucial advantages over other security testing methods. Next, they introduce state-of-the-art fuzzing techniques for finding vulnerabilities in network protocols, file formats, and web applications; demonstrate the use of automated fuzzing tools; and present several insightful case histories showing fuzzing at work."--Jacket A complete guide for the developer or student, this text provides an overview of general concepts and terminology, investigates the salient features of the reference processor, thoroughly explores the services and features of the reference RTOS, and culminates with a major case study. Perfect for embedded systems programmers, software engineers, electrical engineers, or firmware engineers with a programming background in C or C++. This comprehensive reference goes through each phase of software development and points out where testing and auditing can tighten security. It surveys all popular commercial fuzzing tools and explains how to select the right one for a software development project. The book also identifies those cases where commercial tools fall short and when there is a need for building your own fuzzing tools. Offers software developers a tool to build secure, high-quality software, and takes a weapon from the malicious hackers' arsenal. This book helps developers think like a software cracker, so they can find and patch flaws in software before harmful viruses, worms, and Trojans can use these vulnerabilities to rampage systems. "The world loves iOS. Users love the convenience. Black hats love the vulnerability. This book arms you with the knowledge and tools to protect your organization's iOS devices. If you're a developer, it will also help you create hack-resistant applications."--P. [4] of cover-- Source other than Library of Congress "The world loves iOS. Users love the convenience. Black hats love the vulnerability. This book arms you with the knowledge and tools to protect your organization's iOS devices. If you're a developer, it will also help you create hack-resistant applications."--Page 4 of cover IOS security basics -- iOS in the enterprise -- Encryption -- Code signing and memory protections -- Sanboxing -- Fuzzing iOS applications -- Exploitation -- Return-oriented programming -- Kernel debugging and exploitation -- Jailbreaking -- Baseband attacks Use the industry's most popular RTOS/processor combination to develop embedded applications that are small, fast, reliable, and deterministic. Beginning with a discussion of embedded and real-time concepts and terminology, this book uses a specific demon A guide to embedded applications covers such topics as the ARM processor, RTOS, threads, memory management, internal system clock services, and counting semaphores.

قیمت نهایی

۴۴٬۰۰۰ تومان