This much-anticipated revision, written by the ultimate group of top security experts in the world, features 40 percent new content on how to find security holes in any operating system or application
New material addresses the many new exploitation techniques that have been discovered since the first edition, including attacking "unbreakable" software packages such as McAfee's Entercept, Mac OS X, XP, Office 2003, and Vista
Also features the first-ever published information on exploiting Cisco's IOS, with content that has never before been explored
The companion Web site features downloadable code files
**
From the Back Cover
The black hats have kept up with security enhancements. Haveyou?
In the technological arena, three years is a lifetime. Since thefirst edition of this book was published in 2004, built-in securitymeasures on compilers and operating systems have becomecommonplace, but are still far from perfect. Arbitrary-codeexecution vulnerabilities still allow attackers to run code oftheir choice on your system—with disastrous results.
In a nutshell, this book is about code and data and what happenswhen the two become confused. You'll work with the basic buildingblocks of security bugs—assembler, source code, the stack,the heap, and so on. You'll experiment, explore, and understand thesystems you're running—and how to better protect them.
Become familiar with security holes in Windows, Linux, Solaris,Mac OS X, and Cisco's IOS
Learn how to write customized tools to protect your systems, notjust how to use ready-made ones
Use a working exploit to verify your assessment when auditing anetwork
Use proof-of-concept exploits to rate the significance of bugsin software you're developing
Assess the quality of purchased security products by performingpenetration tests based on the information in this book
Understand how bugs are found and how exploits work at thelowest level
About the Author
Chris Anley is a founder and director of NGSSoftware, asecurity software, consultancy, and research company based inLondon, England. He is actively involved in vulnerability researchand has discovered security flaws in a wide variety of platformsincluding Microsoft Windows, Oracle, SQL Server, IBM DB2, SybaseASE, MySQL, and PGP.
John Heasman is the Director of Research at NGSSoftware.He is a prolific security researcher and has published manysecurity advisories in enterprise level software. He has aparticular interest in rootkits and has authored papers on malwarepersistence via device firmware and the BIOS. He is also aco-author of The Database Hacker’s Handbook: DefendingDatabase Servers (Wiley 2005).
Felix “FX” Linder leads SABRE Labs GmbH, aBerlin-based professional consulting company specializing insecurity analysis, system design creation, and verification work.Felix looks back at 18 years of programming and over a decade ofcomputer security consulting for enterprise, carrier, and softwarevendor clients. This experience allows him to rapidly dive intocomplex systems and evaluate them from a security and robustnesspoint of view, even in atypical scenarios and on arcane platforms.In his spare time, FX works with his friends from the Phenoelithacking group on different topics, which have included Cisco IOS,SAP, HP printers, and RIM BlackBerry in the past.
Gerardo Richarte has been doing reverse engineering andexploit development for more than 15 years non-stop. In the past 10years he helped build the technical arm of Core SecurityTechnologies, where he works today. His current duties includedeveloping exploits for Core IMPACT, researching new exploitationtechniques and other low-level subjects, helping other exploitwriters when things get hairy, and teaching internal and externalclasses on assembly and exploit writing. As result of his researchand as a humble thank you to the community, he has published sometechnical papers and open source projects, presented in a fewconferences, and released part of his training material. He reallyenjoys solving tough problems and reverse engineering any piece ofcode that falls in his reach just for the fun of doing it.
Description:
**
From the Back Cover
The black hats have kept up with security enhancements. Haveyou?
In the technological arena, three years is a lifetime. Since thefirst edition of this book was published in 2004, built-in securitymeasures on compilers and operating systems have becomecommonplace, but are still far from perfect. Arbitrary-codeexecution vulnerabilities still allow attackers to run code oftheir choice on your system—with disastrous results.
In a nutshell, this book is about code and data and what happenswhen the two become confused. You'll work with the basic buildingblocks of security bugs—assembler, source code, the stack,the heap, and so on. You'll experiment, explore, and understand thesystems you're running—and how to better protect them.
Learn how to write customized tools to protect your systems, notjust how to use ready-made ones
Use a working exploit to verify your assessment when auditing anetwork
Use proof-of-concept exploits to rate the significance of bugsin software you're developing
Assess the quality of purchased security products by performingpenetration tests based on the information in this book
Understand how bugs are found and how exploits work at thelowest level
About the Author
Chris Anley is a founder and director of NGSSoftware, asecurity software, consultancy, and research company based inLondon, England. He is actively involved in vulnerability researchand has discovered security flaws in a wide variety of platformsincluding Microsoft Windows, Oracle, SQL Server, IBM DB2, SybaseASE, MySQL, and PGP.
John Heasman is the Director of Research at NGSSoftware.He is a prolific security researcher and has published manysecurity advisories in enterprise level software. He has aparticular interest in rootkits and has authored papers on malwarepersistence via device firmware and the BIOS. He is also aco-author of The Database Hacker’s Handbook: DefendingDatabase Servers (Wiley 2005).
Felix “FX” Linder leads SABRE Labs GmbH, aBerlin-based professional consulting company specializing insecurity analysis, system design creation, and verification work.Felix looks back at 18 years of programming and over a decade ofcomputer security consulting for enterprise, carrier, and softwarevendor clients. This experience allows him to rapidly dive intocomplex systems and evaluate them from a security and robustnesspoint of view, even in atypical scenarios and on arcane platforms.In his spare time, FX works with his friends from the Phenoelithacking group on different topics, which have included Cisco IOS,SAP, HP printers, and RIM BlackBerry in the past.
Gerardo Richarte has been doing reverse engineering andexploit development for more than 15 years non-stop. In the past 10years he helped build the technical arm of Core SecurityTechnologies, where he works today. His current duties includedeveloping exploits for Core IMPACT, researching new exploitationtechniques and other low-level subjects, helping other exploitwriters when things get hairy, and teaching internal and externalclasses on assembly and exploit writing. As result of his researchand as a humble thank you to the community, he has published sometechnical papers and open source projects, presented in a fewconferences, and released part of his training material. He reallyenjoys solving tough problems and reverse engineering any piece ofcode that falls in his reach just for the fun of doing it.