iOS Hacker's Handbook
Charlie Miller & Dion Blazakis & Dino DaiZovi & Stefan Esser & Vincenzo Iozzo & Ralf-Philip Weinmannقیمت نهایی
- تخفیف زماندار−۵٬۰۰۰ تومان
۵٬۰۰۰ تومان صرفهجویی نسبت به قیمت اصلی
نسخه اصلی و اورجینال
بلافاصله پس از خرید، فایل کتاب روی دستگاه شما آمادهٔ دانلود است.
مشخصات کتاب
- نویسنده
- Charlie Miller & Dion Blazakis & Dino DaiZovi & Stefan Esser & Vincenzo Iozzo & Ralf-Philip Weinmann
- ناشر
- Wiley & Sons
- سال انتشار
- ۲۰۱۲
- فرمت
- EPUB
- زبان
- انگلیسی
- تعداد صفحات
- ۴ صفحه
- حجم فایل
- ۷٫۵ مگابایت
- شابک
- 9780080515892، 9780321446114، 9780321525017، 9781118204122، 9781118228432، 9781118240755، 9781118265543، 9781138436435، 9781282680968، 9781282880078، 9781283927857، 9781482280845، 9781578201341، 9781596932142، 9781596932159، 9781597494861، 9781597494878، 9785932861479، 9788131747797، 0080515894، 0321446119، 0321525019، 1118204123، 111822843X، 1118240758، 1118265548، 1138436437، 128268096X، 1282880071، 1283927853، 1482280841، 1578201349، 1596932147، 1596932155، 1597494860، 1597494879، 5932861479، 8131747794
دربارهٔ کتاب
FUZZING
Master One of Today’s Most Powerful Techniques for Revealing Security Flaws!
Fuzzing has evolved into one of today’s most effective approaches to test software security. To “fuzz,” you attach a program’s inputs to a source of random data, and then systematically identify the failures that arise. Hackers have
relied on fuzzing for years: Now, it’s your turn. In this book, renowned fuzzing experts show you how to use fuzzing to reveal weaknesses in your software before someone else does.
Fuzzing is the first and only book to cover fuzzing from start to finish, bringing disciplined best practices to a technique that has traditionally been implemented informally. The authors begin by reviewing how fuzzing works and outlining its crucial advantages over other security testing methods. Next, they introduce state-of-the-art fuzzing techniques for finding vulnerabilities in network protocols, file formats, and web applications; demonstrate the use of automated fuzzing tools; and present several insightful case histories showing fuzzing at work. Coverage includes:
• Why fuzzing simplifies test design and catches flaws other methods miss
• The fuzzing process: from identifying inputs to assessing “exploitability”
• Understanding the requirements for effective fuzzing
• Comparing mutation-based and generation-based fuzzers
• Using and automating environment variable and argument fuzzing
• Mastering in-memory fuzzing techniques
• Constructing custom fuzzing frameworks and tools
• Implementing intelligent fault detection
Attackers are already using fuzzing. You should, too. Whether you’re a developer, security engineer, tester, or QA specialist, this book teaches you how to build secure software.
Foreword xix
Preface xxi
Acknowledgments xxv
About the Author xxvii
P ARTI B ACKGROUND 1
Chapter 1 Vulnerability Discovery Methodologies 3
Chapter 2 What Is Fuzzing? 21
Chapter 3 Fuzzing Methods and Fuzzer Types 33
Chapter 4 Data Representation and Analysis 45
Chapter 5 Requirements for Effective Fuzzing 61
P ART II T ARGETS AND A UTOMATION 71
Chapter 6 Automation and Data Generation 73
Chapter 7 Environment Variable and Argument Fuzzing 89
Chapter 8 Environment Variable and Argument Fuzzing: Automation 103
Chapter 9 Web Application and Server Fuzzing 113
Chapter 10 Web Application and Server Fuzzing: Automation 137
Chapter 11 File Format Fuzzing 169
Chapter 12 File Format Fuzzing: Automation on UNIX 181
Chapter 13 File Format Fuzzing: Automation on Windows 197
Chapter 14 Network Protocol Fuzzing 223
Chapter 15 Network Protocol Fuzzing: Automation on UNIX 235
Chapter 16 Network Protocol Fuzzing: Automation on Windows 249
Chapter 17 Web Browser Fuzzing 267
Chapter 18 Web Browser Fuzzing: Automation 283
Chapter 19 In-Memory Fuzzing 301
Chapter 20 In-Memory Fuzzing: Automation 315
P ART III A DVANCED F UZZING T ECHNOLOGIES 349
Chapter 21 Fuzzing Frameworks 351
Chapter 22 Automated Protocol Dissection 419
Chapter 23 Fuzzer Tracking 437
Chapter 24 Intelligent Fault Detection 471
P ART IV L OOKING F ORWARD 495
Chapter 25 Lessons Learned 497
Chapter 26 Looking Forward 507
Index 519
"A very interesting book that not only exposes readers to kernel exploitation techniques, but also deeply motivates the study of operating systems internals, moving such study far beyond simple curiosity."--Golden G. Richard III, Ph. D., Professor of Computer Science, University of New Orleans and CTO, Digital Forensics Solutions, LLC The number of security countermeasures against user-land exploitation is on the rise. Because of this, kernel exploitation is becoming much more popular among exploit writers and attackers. Playing with the heart of the operating system can be a dangerous game : This book covers the theoretical techniques and approaches needed to develop reliable and effective kernel level exploits and applies them to different operating systems (UNIX derivatives, Mac OS X, and Windows). Kernel exploits require both art and science to achieve. Every OS has its quirks and so every exploit must be molded to fully exploit its target. This book discusses the most popular OS families-UNIX derivatives, Mac OS X, and Windows-and how to gain complete control over them. Concepts and tactices are presented categorically so that even when a specifically detailed exploit has been patched, the foundational information that you have read will help you to write a newer, better attack or a more concrete design and defensive structure. Covers a range of operating system families - UNIX derivatives, Mac OS X, Windows Details common scenarios such as generic memory corruption (stack overflow, heap overflow, etc.) issues, logical bugs and race conditions Delivers the reader from user-land exploitation to the world of kernel-land (OS) exploits/attacks, with a particular focus on the steps that lead to the creation of successful techniques, in order to give to the reader something more than just a set of tricks Covers a range of operating system families - UNIX derivatives, Mac OS X, Windows Details common scenarios such as generic memory corruption (stack overflow, heap overflow, etc.) issues, logical bugs and race conditions Delivers the reader from user-land exploitation to the world of kernel-land (OS) exploits/attacks, with a particular focus on the steps that lead to the creation of successful techniques, in order to give to the reader something more than just a set of tricks This is the eBook version of the printed book. If the print book includes a CD-ROM, this content is not included within the eBook version. FUZZING Master One of Today's Most Powerful Techniques for Revealing Security Flaws! Fuzzing has evolved into one of today's most effective approaches to test software security. To “fuzz,” you attach a program's inputs to a source of random data, and then systematically identify the failures that arise. Hackers have relied on fuzzing for years: Now, it's your turn. In this book, renowned fuzzing experts show you how to use fuzzing to reveal weaknesses in your software before someone else does. Fuzzing is the first and only book to cover fuzzing from start to finish, bringing disciplined best practices to a technique that has traditionally been implemented informally. The authors begin by reviewing how fuzzing works and outlining its crucial advantages over other security testing methods. Next, they introduce state-of-the-art fuzzing techniques for finding vulnerabilities in network protocols, file formats, and web applications; demonstrate the use of automated fuzzing tools; and present several insightful case histories showing fuzzing at work. Coverage includes: • Why fuzzing simplifies test design and catches flaws other methods miss • The fuzzing process: from identifying inputs to assessing “exploitability” • Understanding the requirements for effective fuzzing • Comparing mutation-based and generation-based fuzzers • Using and automating environment variable and argument fuzzing • Mastering in-memory fuzzing techniques • Constructing custom fuzzing frameworks and tools • Implementing intelligent fault detection Attackers are already using fuzzing. You should, too. Whether you're a developer, security engineer, tester, or QA specialist, this book teaches you how to build secure software. A Guide to Kernel Exploitation: Attacking the Core discusses the theoretical techniques and approaches needed to develop reliable and effective kernel-level exploits, and applies them to different operating systems, namely, UNIX derivatives, Mac OS X, and Windows. Concepts and tactics are presented categorically so that even when a specifically detailed vulnerability has been patched, the foundational information provided will help hackers in writing a newer, better attack; or help pen testers, auditors, and the like develop a more concrete design and defensive structure.The book is organized into four parts. Part I introduces the kernel and sets out the theoretical basis on which to build the rest of the book. Part II focuses on different operating systems and describes exploits for them that target various bug classes. Part III on remote kernel exploitation analyzes the effects of the remote scenario and presents new techniques to target remote issues. It includes a step-by-step analysis of the development of a reliable, one-shot, remote exploit for a real vulnerabilitya bug affecting the SCTP subsystem found in the Linux kernel. Finally, Part IV wraps up the analysis on kernel exploitation and looks at what the future may hold. Covers a range of operating system families — UNIX derivatives, Mac OS X, Windows Details common scenarios such as generic memory corruption (stack overflow, heap overflow, etc.) issues, logical bugs and race conditions Delivers the reader from user-land exploitation to the world of kernel-land (OS) exploits/attacks, with a particular focus on the steps that lead to the creation of successful techniques, in order to give to the reader something more than just a set of tricksThe number of security countermeasures against user-land exploitation is on the rise. Because of this, kernel exploitation is becoming much more popular among exploit writers and attackers. Playing with the heart of the operating system can be a dangerous game: This book covers the theoretical techniques and approaches needed to develop reliable and effective kernel-level exploits and applies them to different operating systems (Linux, Solaris, Mac OS X, and Windows). Kernel exploits require both art and science to achieve. Every OS has its quirks and so every exploit must be molded to fully exploit its target. This book discusses the most popular OS families—UNIX derivatives, Mac OS X, and Windows—and how to gain complete control over them. Concepts and tactics are presented categorically so that even when a specifically detailed exploit has been patched, the foundational information that you have read will help you to write a newer, better attack or a more concrete design and defensive structure.
- Covers a range of operating system families — UNIX derivatives, Mac OS X, Windows
- Details common scenarios such as generic memory corruption (stack overflow, heap overflow, etc.) issues, logical bugs and race conditions
- Delivers the reader from user-land exploitation to the world of kernel-land (OS) exploits/attacks, with a particular focus on the steps that lead to the creation of successful techniques, in order to give to the reader something more than just a set of tricks
Discover all the security risks and exploits that can threaten iOS-based mobile devices
iOS is Apple's mobile operating system for the iPhone and iPad. With the introduction of iOS5, many security issues have come to light. This book explains and discusses them all. The award-winning author team, experts in Mac and iOS security, examines the vulnerabilities and the internals of iOS to show how attacks can be mitigated. The book explains how the operating system works, its overall security architecture, and the security risks associated with it, as well as exploits, rootkits, and other payloads developed for it.
- Covers iOS security architecture, vulnerability hunting, exploit writing, and how iOS jailbreaks work
- Explores iOS enterprise and encryption, code signing and memory protection, sandboxing, iPhone fuzzing, exploitation, ROP payloads, and baseband attacks
- Also examines kernel debugging and exploitation
- Companion website includes source code and tools to facilitate your efforts
iOS Hacker's Handbook arms you with the tools needed to identify, understand, and foil iOS attacks.
Discover all the security risks and exploits that can threaten iOS-based mobile devices
iOS is Apple's mobile operating system for the iPhone and iPad. With the introduction of iOS5, many security issues have come to light. This book explains and discusses them all. The award-winning author team, experts in Mac and iOS security, examines the vulnerabilities and the internals of iOS to show how attacks can be mitigated. The book explains how the operating system works, its overall security architecture, and the security risks associated with it, as well as exploits, rootkits, and other payloads developed for it.
- Covers iOS security architecture, vulnerability hunting, exploit writing, and how iOS jailbreaks work
- Explores iOS enterprise and encryption, code signing and memory protection, sandboxing, iPhone fuzzing, exploitation, ROP payloads, and baseband attacks
- Also examines kernel debugging and exploitation
- Companion website includes source code and tools to facilitate your efforts
iOS Hacker's Handbook arms you with the tools needed to identify, understand, and foil iOS attacks.
کتابهای مشابه
iOS Hacker's Handbook
۴۹٬۰۰۰ تومان
iOS Hacker's Handbook
۴۹٬۰۰۰ تومان
iOS Hacker's Handbook
۴۹٬۰۰۰ تومان
The hacker's handbook
۴۹٬۰۰۰ تومان
AndroidTM Hacker's Handbook
۴۹٬۰۰۰ تومان
The Antivirus Hacker's Handbook
۴۹٬۰۰۰ تومان
The Antivirus Hacker's Handbook
۴۹٬۰۰۰ تومان
The Antivirus Hacker's Handbook
۴۹٬۰۰۰ تومان
AndroidTM Hacker's Handbook
۴۹٬۰۰۰ تومان

راهنمای هکرها - نوتیسبلوک
۴۹٬۰۰۰ تومان
The browser hacker’s handbook
۴۹٬۰۰۰ تومان
The Antivirus Hacker's Handbook
۴۹٬۰۰۰ تومان
قیمت نهایی
۴۴٬۰۰۰ تومان
