Gray Hat Hacking: The Ethical Hacker's

Handbook, Sixth Edition Daniel

Regalado
Visit to download the full and correct content document:
https://ebookmass.com/product/gray-hat-hacking-the-ethical-hackers-handbook-sixth-
edition-daniel-regalado/
 Praise for Gray Hat Hacking: The Ethical
Hacker’s Handbook, Sixth Edition

“Offensive security covers such a broad array of topics that

it can be extremely difficult to find reference material that
provides even surface-level coverage of it. Gray Hat
Hacking: The Ethical Hacker’s Handbook, Sixth Edition
manages to cover a surprisingly large subset of specialist
areas within the field, all while diving deep enough to shine
a light on some of the more interesting and challenging
nuances of those areas. It’s a worthy addition to the
hacker’s bookshelf.”
—OJ Reeves
Director, Beyond Binary
“This book has been a staple of the development and
careers of many, and its sixth edition delivers on
expectations with fresh material and content to help push
people to the next level. It’s a phenomenal contribution to
anyone’s skill set and written by true experts; Stephen Sims
and the other authors are people that I respect and
routinely read whatever they put out. Readers will find this
to be a practical resource worthy of any bookshelf of any
practitioner in our field.”
—Robert M. Lee
Senior SANS Instructor and CEO/Co-Founder of Dragos, Inc.
“The chapters on Hyper-V in Gray Hat Hacking: The Ethical
Hacker’s Handbook, Sixth Edition are the most complete
public resources I have seen to date. Not only do they
provide a general overview of the architecture, they also
provide in-depth scripts that can be used to understand the
internals very well. I’m very impressed with all of the
resources attached to these chapters. If you are interested
in hypervisors and/or Hyper-V in any form, give this book a
shot.”
—Matt Suiche
Founder, Comae
Copyright © 2022 by McGraw Hill. All rights reserved.
Except as permitted under the United States Copyright Act
of 1976, no part of this publication may be reproduced or
distributed in any form or by any means, or stored in a
database or retrieval system, without the prior written
permission of the publisher, with the exception that the
program listings may be entered, stored, and executed in a
computer system, but they may not be reproduced for
publication.

ISBN: 978-1-26-426895-5
MHID: 1-26-426895-5

The material in this eBook also appears in the print version

of this title: ISBN: 978-1-26-426894-8, MHID: 1-26-426894-7.

eBook conversion by codeMantra

Version 1.0

All trademarks are trademarks of their respective owners.

Rather than put a trademark symbol after every occurrence
of a trademarked name, we use names in an editorial
fashion only, and to the benefit of the trademark owner,
with no intention of infringement of the trademark. Where
such designations appear in this book, they have been
printed with initial caps.

McGraw-Hill Education eBooks are available at special

quantity discounts to use as premiums and sales promotions
or for use in corporate training programs. To contact a
representative, please visit the Contact Us page at
www.mhprofessional.com.

Information has been obtained by McGraw Hill from sources

believed to be reliable. However, because of the possibility
of human or mechanical error by our sources, McGraw Hill,
or others, McGraw Hill does not guarantee the accuracy,
adequacy, or completeness of any information and is not
responsible for any errors or omissions or the results
obtained from the use of such information.

TERMS OF USE

This is a copyrighted work and McGraw-Hill Education and

its licensors reserve all rights in and to the work. Use of this
work is subject to these terms. Except as permitted under
the Copyright Act of 1976 and the right to store and retrieve
one copy of the work, you may not decompile, disassemble,
reverse engineer, reproduce, modify, create derivative
works based upon, transmit, distribute, disseminate, sell,
publish or sublicense the work or any part of it without
McGraw-Hill Education’s prior consent. You may use the
work for your own noncommercial and personal use; any
other use of the work is strictly prohibited. Your right to use
the work may be terminated if you fail to comply with these
terms.

THE WORK IS PROVIDED “AS IS.” McGRAW-HILL EDUCATION

AND ITS LICENSORS MAKE NO GUARANTEES OR
WARRANTIES AS TO THE ACCURACY, ADEQUACY OR
COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM
USING THE WORK, INCLUDING ANY INFORMATION THAT CAN
BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR
OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE. McGraw-Hill Education and its
licensors do not warrant or guarantee that the functions
contained in the work will meet your requirements or that
its operation will be uninterrupted or error free. Neither
McGraw-Hill Education nor its licensors shall be liable to you
or anyone else for any inaccuracy, error or omission,
regardless of cause, in the work or for any damages
resulting therefrom. McGraw-Hill Education has no
responsibility for the content of any information accessed
through the work. Under no circumstances shall McGraw-Hill
Education and/or its licensors be liable for any indirect,
incidental, special, punitive, consequential or similar
damages that result from the use of or inability to use the
work, even if any of them has been advised of the possibility
of such damages. This limitation of liability shall apply to
any claim or cause whatsoever whether such claim or cause
arises in contract, tort or otherwise.
 In Memory of Shon Harris

Each time we write a new edition, all of my memories of

Shon come to the surface. As you know from previous
editions, we lost Shon on October 8, 2014. She was a great
friend, pioneer in the field, and beloved subject matter
expert of cybersecurity. She brought me into the first Gray
Hat Hacking project. We were actually working toward
creating another book at the time, but it did not pan out, so
the Gray Hat Hacking book was born. I owe much of what I
have accomplished in the field to the great start she so
generously gave me, back in 2002 when I first met her at a
CISSP bootcamp. I had no clue who Shon was when I signed
up for the bootcamp, but that chance encounter changed
my life. Her passion for the field and her work ethic were
contagious and inspired me to be the best I could be, as I
tried to live up to her high standard. I will always remember
her and how much I learned from her. Please join me and
the other authors as we continue to honor her memory and
her desire to improve the world through cybersecurity.
We dedicate this book to her memory.

—Allen Harper
Lead author and friend of Shon Harris

To my brothers and sisters in Christ, keep running the race.

Let your light shine for Him, that others may be drawn to
Him through you.
—Allen Harper
To my wife, thank you for your constant encouragement and
faith, and for pushing me to push myself.
—Ryan Linn
To my lovely wife Leanne and my daughter Audrey, thank
you for your ongoing support!
 —Stephen Sims
To my daughter Tiernan, thank you for your support and
continuous reminders to enjoy life and learning each and
every day. I look forward to seeing the wonderful woman
you will become.
—Michael Baucom
To my beautiful wife Zoe and our children Alexander and
Axel, thank you for your continuous love and support, and
for always trusting in me and encouraging all my crazy new
ideas.
—Huáscar Tejeda
To my beautiful wife Vanesa and my family for their support
and their patience every time I come up with a new project.
—Daniel Fernandez
To my wife Gina and my daughter Juliet, who I am so proud
of. Thank you for putting up with most of my harebrained
ideas.
—Moses Frost
 ABOUT THE AUTHORS
Dr. Allen Harper, CISSP, retired in 2007 from the military
as a Marine Corps Officer after a tour in Iraq. He has more
than 30 years of IT/security experience. He holds a PhD in IT
with a focus on information assurance and security from
Capella, an MS in computer science from the Naval
Postgraduate School, and a BS in computer engineering
from North Carolina State University. In 2004, Allen led the
development of the GEN III Honeywall CD-ROM, called roo,
for the Honeynet Project. Since then, he has worked as a
security consultant for many Fortune 500 and government
entities. His interests include the Internet of Things, reverse
engineering, vulnerability discovery, and all forms of ethical
hacking. Allen was the founder of N2NetSecurity, Inc.,
served as the EVP and chief hacker at Tangible Security,
program director at Liberty University, and now serves as
EVP of cybersecurity at T-Rex Solutions, LLC, in Greenbelt,
Maryland.
Ryan Linn, CISSP, CSSLP, OSCP, OSCE, GREM, has over
20 years in the security industry, ranging from systems
programmer to corporate security to leading a global
cybersecurity consultancy. Ryan has contributed to a
number of open source projects, including Metasploit, the
Browser Exploitation Framework (BeEF), and Ettercap. Ryan
participates in Twitter as @sussurro, and he has presented
his research at numerous security conferences, including
Black Hat, DEF CON, Thotcon, and Derbycon, and has
provided training in attack techniques and forensics
worldwide.
 Stephen Sims is an industry expert with over 15 years of
experience in information technology and security. Stephen
currently works out of the San Francisco Bay Area as a
consultant. He has spent many years performing security
architecture, exploit development, reverse engineering, and
penetration testing for various Fortune 500 companies, and
he has discovered and responsibly disclosed a wide range of
vulnerabilities in commercial products. Stephen has an MS
in information assurance from Norwich University and
currently leads the Offensive Operations curriculum at the
SANS Institute. He is the author of the SANS Institute’s only
700-level course, SEC760: Advanced Exploit Development
for Penetration Testers, which concentrates on complex
heap overflows, patch diffing, and client-side exploits. He
holds the GIAC Security Expert (GSE) certification as well as
the CISA, Immunity NOP, and many others. In his spare
time, Stephen enjoys snowboarding and writing music.
Michael Baucom has over 25 years of industry
experience, ranging from embedded systems development
to leading the product security and research division at
Tangible Security. With more than 15 years of security
experience, he has performed security assessments of
countless systems across a multitude of areas, including
medical, industrial, networking, and consumer electronics.
Michael has been a trainer at Black Hat, speaker at several
conferences, and both an author and technical editor for
Gray Hat Hacking: The Ethical Hacker’s Handbook. His
current interests are in embedded system security and
development.
Huáscar Tejeda is the co-founder and CEO of F2TC
Cyber Security. He is a seasoned, thoroughly experienced
cybersecurity professional, with more than 20 years and
notable achievements in IT and telecommunications,
developing carrier-grade security solutions and business-
critical components for multiple broadband providers. He is
highly skilled in security research, penetration testing, Linux
kernel hacking, software development, and embedded
hardware design. Huáscar is also a member of the SANS
Latin America Advisory Group, SANS Purple Team Summit
Advisory Board, and contributing author of the SANS
Institute’s most advanced course, SEC760: Advanced Exploit
Development for Penetration Testers.
Daniel Fernandez is a security researcher with over 15
years of industry experience. Over his career, he has
discovered and exploited vulnerabilities in a vast number of
targets. During the last years, his focus had shifted to
hypervisors, where he has found and reported bugs in
products such as Microsoft Hyper-V. He has worked at
several information security companies, including Blue Frost
Security GmbH and Immunity, Inc. Recently, he co-founded
TACITO Security. When not breaking software, Daniel enjoys
training his working dogs.
Moses Frost started his career in designing and
implementing large-scale networks around the year 2000.
He has worked with computers in some form or another
since the early 1990s. His past employers include TLO, Cisco
Systems, and McAfee. At Cisco Systems, he was a lead
architect for its Cyber Defense Clinics. This free information
security dojo was used in educating individuals from the
high school and university levels as well as in many
enterprises. At Cisco, he was asked to work on crucial
security projects such as industry certifications. Moses is an
author and senior instructor at the SANS Institute. His
technology interests include web app penetration testing,
cloud penetration testing, and red team operations. He
currently works as a red team operator at GRIMM.
Disclaimer: The views expressed in this book are
those of the authors and not of the U.S. government
or any company mentioned herein.
About the Contributor
Jaime Geiger currently works for GRIMM Cyber as a senior
software vulnerability research engineer and for SANS as a
certified instructor. He is also an avid snowboarder, climber,
sailor, and skateboarder.

About the Technical Editor

Heather Linn is a red teamer, penetration tester, threat
hunter, and cybersecurity strategist with more than 20
years of experience in the security industry. During her
career, she has consulted as a penetration tester and digital
forensics investigator and has operated as a senior red team
engineer inside Fortune 50 environments. In addition to
being an accomplished technical editor, Heather has written
and delivered training for multiple security conferences and
organizations, including Black Hat USA and Girls Who Code,
and she has published exam guides for the CompTIA
Pentest+ certification. She holds or has held various
certifications, including OSCP, CISSP, GREM, GCFA, GNFA,
and CompTIA Pentest+.
 CONTENTS AT A GLANCE
Part I Preparation
Chapter 1 Gray Hat Hacking
Chapter 2 Programming Survival Skills
Chapter 3 Linux Exploit Development Tools
Chapter 4 Introduction to Ghidra
Chapter 5 IDA Pro

Part II Ethical Hacking

Chapter 6 Red and Purple Teams
Chapter 7 Command and Control (C2)
Chapter 8 Building a Threat Hunting Lab
Chapter 9 Introduction to Threat Hunting

Part III Hacking Systems

Chapter 10 Basic Linux Exploits
Chapter 11 Advanced Linux Exploits
Chapter 12 Linux Kernel Exploits
Chapter 13 Basic Windows Exploitation
Chapter 14 Windows Kernel Exploitation
Chapter 15 PowerShell Exploitation
Chapter 16 Getting Shells Without Exploits
Chapter 17 Post-Exploitation in Modern Windows
Environments
Chapter 18 Next-Generation Patch Exploitation

Part IV Hacking IoT

Chapter 19 Internet of Things to Be Hacked
Chapter 20 Dissecting Embedded Devices
Chapter 21 Exploiting Embedded Devices
Chapter 22 Software-Defined Radio

Part V Hacking Hypervisors

Chapter 23 Hypervisors 101
Chapter 24 Creating a Research Framework
Chapter 25 Inside Hyper-V
Chapter 26 Hacking Hypervisors Case Study

Part VI Hacking the Cloud

Chapter 27 Hacking in Amazon Web Services
Chapter 28 Hacking in Azure
Chapter 29 Hacking Containers
Chapter 30 Hacking on Kubernetes

Index
 CONTENTS
Preface
Acknowledgments
Introduction

Part I Preparation

Chapter 1 Gray Hat Hacking

Gray Hat Hacking Overview

History of Hacking
Ethics and Hacking
Definition of Gray Hat Hacking
History of Ethical Hacking
History of Vulnerability Disclosure
Bug Bounty Programs
Know the Enemy: Black Hat Hacking
Advanced Persistent Threats
Lockheed Martin Cyber Kill Chain
Courses of Action for the Cyber Kill Chain
MITRE ATT&CK Framework
Summary
For Further Reading
References

Chapter 2 Programming Survival Skills

C Programming Language
Basic C Language Constructs
 Lab 2-1: Format Strings
Lab 2-2: Loops
Lab 2-3: if/else
Sample Programs
Lab 2-4: hello.c
Lab 2-5: meet.c
Compiling with gcc
Lab 2-6: Compiling meet.c
Computer Memory
Random Access Memory
Endian
Segmentation of Memory
Programs in Memory
Buffers
Strings in Memory
Pointers
Putting the Pieces of Memory Together
Lab 2-7: memory.c
Intel Processors
Registers
Assembly Language Basics
Machine vs. Assembly vs. C
AT&T vs. NASM
Addressing Modes
Assembly File Structure
Lab 2-8: Simple Assembly Program
Debugging with gdb
gdb Basics
Lab 2-9: Debugging
Lab 2-10: Disassembly with gdb
Python Survival Skills
Getting Python
Lab 2-11: Launching Python
 Lab 2-12: “Hello, World!” in Python
Python Objects
Lab 2-13: Strings
Lab 2-14: Numbers
Lab 2-15: Lists
Lab 2-16: Dictionaries
Lab 2-17: Files with Python
Lab 2-18: Sockets with Python
Summary
For Further Reading
References

Chapter 3 Linux Exploit Development Tools

Binary, Dynamic Information-Gathering Tools

Lab 3-1: Hello.c
Lab 3-2: ldd
Lab 3-3: objdump
Lab 3-4: strace
Lab 3-5: ltrace
Lab 3-6: checksec
Lab 3-7: libc-database
Lab 3-8: patchelf
Lab 3-9: one_gadget
Lab 3-10: Ropper
Extending gdb with Python
Pwntools CTF Framework and Exploit Development
Library
Summary of Features
Lab 3-11: leak-bof.c
HeapME (Heap Made Easy) Heap Analysis and
Collaboration Tool
Installing HeapME
Lab 3-12: heapme_demo.c
 Summary
For Further Reading
References

Chapter 4 Introduction to Ghidra

Creating Our First Project

Installation and QuickStart
Setting the Project Workspace
Functionality Overview
Lab 4-1: Improving Readability with
Annotations
Lab 4-2: Binary Diffing and Patch Analysis
Summary
For Further Reading
References

Chapter 5 IDA Pro

Introduction to IDA Pro for Reverse Engineering

What Is Disassembly?
Navigating IDA Pro
IDA Pro Features and Functionality
Cross-References (Xrefs)
Function Calls
Proximity Browser
Opcodes and Addressing
Shortcuts
Comments
Debugging with IDA Pro
Summary
For Further Reading
References
 Part II Ethical Hacking

Chapter 6 Red and Purple Teams

Introduction to Red Teams

Vulnerability Scanning
Validated Vulnerability Scanning
Penetration Testing
Threat Simulation and Emulation
Purple Team
Making Money with Red Teaming
Corporate Red Teaming
Consultant Red Teaming
Purple Team Basics
Purple Team Skills
Purple Team Activities
Summary
For Further Reading
References

Chapter 7 Command and Control (C2)

Command and Control Systems

Metasploit
Lab 7-1: Creating a Shell with Metasploit
PowerShell Empire
Covenant
Lab 7-2: Using Covenant C2
Payload Obfuscation
msfvenom and Obfuscation
Lab 7-3: Obfuscating Payloads with
msfvenom
Creating C# Launchers
 Lab 7-4: Compiling and Testing C#
Launchers
Creating Go Launchers
Lab 7-5: Compiling and Testing Go Launchers
Creating Nim Launchers
Lab 7-6: Compiling and Testing Nim
Launchers
Network Evasion
Encryption
Alternate Protocols
C2 Templates
EDR Evasion
Killing EDR Products
Bypassing Hooks
Summary
For Further Reading

Chapter 8 Building a Threat Hunting Lab

Threat Hunting and Labs

Options of Threat Hunting Labs
Method for the Rest of this Chapter
Basic Threat Hunting Lab: DetectionLab
Prerequisites
Lab 8-1: Install the Lab on Your Host
Lab 8-2: Install the Lab in the Cloud
Lab 8-3: Looking Around the Lab
Extending Your Lab
HELK
Lab 8-4: Install HELK
Lab 8-5: Install Winlogbeat
Lab 8-6: Kibana Basics
Lab 8-7: Mordor
Summary
 For Further Reading
References

Chapter 9 Introduction to Threat Hunting

Threat Hunting Basics

Types of Threat Hunting
Workflow of a Threat Hunt
Normalizing Data Sources with OSSEM
Data Sources
OSSEM to the Rescue
Data-Driven Hunts Using OSSEM
MITRE ATT&CK Framework Refresher:
T1003.002
Lab 9-1: Visualizing Data Sources with
OSSEM
Lab 9-2: AtomicRedTeam Attacker Emulation
Exploring Hypothesis-Driven Hunts
Lab 9-3: Hypothesis that Someone Copied a
SAM File
Crawl, Walk, Run
Enter Mordor
Lab 9-4: Hypothesis that Someone Other
than an Admin Launched PowerShell
Threat Hunter Playbook
Departure from HELK for Now
Spark and Jupyter
Lab 9-5: Automated Playbooks and Sharing
of Analytics
Summary
For Further Reading
References

Part III Hacking Systems

Chapter 10 Basic Linux Exploits

Stack Operations and Function-Calling Procedures

Buffer Overflows
Lab 10-1: Overflowing meet.c
Ramifications of Buffer Overflows
Local Buffer Overflow Exploits
Lab 10-2: Components of the Exploit
Lab 10-3: Exploiting Stack Overflows from
the Command Line
Lab 10-4: Writing the Exploit with Pwntools
Lab 10-5: Exploiting Small Buffers
Exploit Development Process
Lab 10-6: Building Custom Exploits
Summary
For Further Reading

Chapter 11 Advanced Linux Exploits

Lab 11-1: Vulnerable Program and

Environment Setup
Lab 11-2: Bypassing Non-Executable Stack
(NX) with Return-Oriented Programming
(ROP)
Lab 11-3: Defeating Stack Canaries
Lab 11-4: ASLR Bypass with an Information
Leak
Lab 11-5: PIE Bypass with an Information
Leak
Summary
For Further Reading
References

Chapter 12 Linux Kernel Exploits

 Lab 12-1: Environment Setup and Vulnerable
procfs Module
Lab 12-2: ret2usr
Lab 12-3: Defeating Stack Canaries
Lab 12-4: Bypassing Supervisor Mode
Execution Protection (SMEP) and Kernel
Page-Table Isolation (KPTI)
Lab 12-5: Bypassing Supervisor Mode Access
Prevention (SMAP)
Lab 12-6: Defeating Kernel Address Space
Layout Randomization (KASLR)
Summary
For Further Reading
References

Chapter 13 Basic Windows Exploitation

Compiling and Debugging Windows Programs

Lab 13-1: Compiling on Windows
Debugging on Windows with Immunity
Debugger
Lab 13-2: Crashing the Program
Writing Windows Exploits
Exploit Development Process Review
Lab 13-3: Exploiting ProSSHD Server
Understanding Structured Exception Handling
Understanding and Bypassing Common
Windows Memory Protections
Safe Structured Exception Handling
Bypassing SafeSEH
Data Execution Prevention
Return-Oriented Programming
Gadgets
Building the ROP Chain
 Summary
For Further Reading
References

Chapter 14 Windows Kernel Exploitation

The Windows Kernel

Kernel Drivers
Kernel Debugging
Lab 14-1: Setting Up Kernel Debugging
Picking a Target
Lab 14-2: Obtaining the Target Driver
Lab 14-3: Reverse Engineering the Driver
Lab 14-4: Interacting with the Driver
Token Stealing
Lab 14-5: Arbitrary Pointer Read/Write
Lab 14-6: Writing a Kernel Exploit
Summary
For Further Reading
References

Chapter 15 PowerShell Exploitation

Why PowerShell
Living off the Land
PowerShell Logging
PowerShell Portability
Loading PowerShell Scripts
Lab 15-1: The Failure Condition
Lab 15-2: Passing Commands on the
Command Line
Lab 15-3: Encoded Commands
Lab 15-4: Bootstrapping via the Web
Exploitation and Post-Exploitation with PowerSploit
 Lab 15-5: Setting Up PowerSploit
Lab 15-6: Running Mimikatz Through
PowerShell
Using PowerShell Empire for C2
Lab 15-7: Setting Up Empire
Lab 15-8: Staging an Empire C2
Lab 15-9: Using Empire to Own the System
Lab 15-10: Using WinRM to Launch Empire
Summary
For Further Reading
Reference

Chapter 16 Getting Shells Without Exploits

Capturing Password Hashes

Understanding LLMNR and NBNS
Understanding Windows NTLMv1 and NTLMv2
Authentication
Using Responder
Lab 16-1: Getting Passwords with Responder
Using Winexe
Lab 16-2: Using Winexe to Access Remote
Systems
Lab 16-3: Using Winexe to Gain Elevated
Privileges
Using WMI
Lab 16-4: Querying System Information with
WMI
Lab 16-5: Executing Commands with WMI
Taking Advantage of WinRM
Lab 16-6: Executing Commands with WinRM
Lab 16-7: Using Evil-WinRM to Execute Code
Summary
For Further Reading
 Reference

Chapter 17 Post-Exploitation in Modern Windows

Environments

Post-Exploitation
Host Recon
Lab 17-1: Using whoami to Identify Privileges
Lab 17-2: Using Seatbelt to Find User
Information
Lab 17-3: System Recon with PowerShell
Lab 17-4: System Recon with Seatbelt
Lab 17-5: Getting Domain Information with
PowerShell
Lab 17-6: Using PowerView for AD Recon
Lab 17-7: Gathering AD Data with
SharpHound
Escalation
Lab 17-8: Profiling Systems with winPEAS
Lab 17-9: Using SharpUp to Escalate
Privileges
Lab 17-10: Searching for Passwords in User
Objects
Lab 17-11: Abusing Kerberos to Gather
Credentials
Lab 17-12: Abusing Kerberos to Escalate
Privileges
Active Directory Persistence
Lab 17-13: Abusing AdminSDHolder
Lab 17-14: Abusing SIDHistory
Summary
For Further Reading

Chapter 18 Next-Generation Patch Exploitation

 Introduction to Binary Diffing
Application Diffing
Patch Diffing
Binary Diffing Tools
BinDiff
turbodiff
Lab 18-1: Our First Diff
Patch Management Process
Microsoft Patch Tuesday
Obtaining and Extracting Microsoft Patches
Summary
For Further Reading
References

Part IV Hacking IoT

Chapter 19 Internet of Things to Be Hacked

Internet of Things (IoT)

Types of Connected Things
Wireless Protocols
Communication Protocols
Security Concerns
Shodan IoT Search Engine
Web Interface
Shodan Command-Line Interface
Lab 19-1: Using the Shodan Command Line
Shodan API
Lab 19-2: Testing the Shodan API
Lab 19-3: Playing with MQTT
Implications of this Unauthenticated Access to
MQTT
IoT Worms: It Was a Matter of Time
Prevention
 Summary
For Further Reading
References

Chapter 20 Dissecting Embedded Devices

CPU
Microprocessor
Microcontrollers
System on Chip
Common Processor Architectures
Serial Interfaces
UART
SPI
I2C
Debug Interfaces
JTAG
SWD
Software
Bootloader
No Operating System
Real-Time Operating System
General Operating System
Summary
For Further Reading
References

Chapter 21 Exploiting Embedded Devices

Static Analysis of Vulnerabilities in Embedded

Devices
Lab 21-1: Analyzing the Update Package
Lab 21-2: Performing Vulnerability Analysis
Dynamic Analysis with Hardware
Another random document with
no related content on Scribd:
 The Project Gutenberg eBook of A system of
practical medicine. By American authors. Vol. 5
This ebook is for the use of anyone anywhere in the United States
and most other parts of the world at no cost and with almost no
restrictions whatsoever. You may copy it, give it away or re-use it
under the terms of the Project Gutenberg License included with this
ebook or online at www.gutenberg.org. If you are not located in the
United States, you will have to check the laws of the country where
you are located before using this eBook.

Title: A system of practical medicine. By American authors. Vol. 5

Diseases of the nervous system

Editor: William Pepper

Louis Starr

Release date: October 16, 2023 [eBook #71892]

Language: English

Original publication: Philadelphia: Lea Brothers & Co, 1886

Credits: Ron Swanson

*** START OF THE PROJECT GUTENBERG EBOOK A SYSTEM

OF PRACTICAL MEDICINE. BY AMERICAN AUTHORS. VOL. 5 ***
 A

SYSTEM
OF

PRACTICAL MEDICINE.

BY

AMERICAN AUTHORS.

EDITED BY

WILLIAM PEPPER, M.D., LL.D.,

PROVOST AND PROFESSOR OF THE THEORY AND PRACTICE OF MEDICINE AND
OF
CLINICAL MEDICINE IN THE UNIVERSITY OF PENNSYLVANIA.

ASSISTED BY

LOUIS STARR, M.D.,

 CLINICAL PROFESSOR OF DISEASES OF CHILDREN
IN THE HOSPITAL OF THE UNIVERSITY OF PENNSYLVANIA.

VOLUME V.
DISEASES OF THE NERVOUS
SYSTEM.

PHILADELPHIA:
LEA BROTHERS & CO.
1886.
 Entered according to Act of Congress, in the year 1886, by

LEA BROTHERS & CO.,

in the Office of the Librarian of Congress at Washington. All rights reserved.

WESTCOTT & THOMSON,

Stereotypers and Electrotypers, Philada.

WILLIAM J. DORNAN,
Printer, Philada.
 VALEDICTORY.

In presenting to the profession the fifth and concluding volume of the

“SYSTEM OF PRACTICAL MEDICINE BY AMERICAN AUTHORS,” the Editor
may be permitted to refer briefly to labors which for years have
called forth his strenuous endeavors. The original prospectus of the
work was issued in 1881. The first volume was published in January,
1885; the second, in May, 1885; the third, in September, 1885; and
the fourth, in February, 1886. In view of the delays inevitable in large
and complicated literary enterprises, such unusual punctuality
reflects credit alike on the zeal of the contributors and the energy
and resources of the publishers. The duties of the Editor have been
lightened and rendered agreeable by the unvarying courtesy and
cordial co-operation of all connected with him in the undertaking; and
he has been amply rewarded by the realization of his hopes in the
favorable reception accorded to the successive volumes by the
profession on both sides of the Atlantic. The plan of the work has
been strictly adhered to, and the articles promised have been
furnished without exception, although in a very few cases
circumstances required a change in the authorship. Special mention
is due to Dr. Louis Starr and to Dr. Judson Daland for the very
valuable assistance they have rendered.

The only alloy to the pleasure which the Editor has had in the
progress of the work has been the removal by death of so many of
his distinguished collaborators: such men as Flint, Van Buren, Armor,
Bemiss, and Elsberg will long be mourned by the profession.

The number of articles is 185, written by 99 authors, covering, with

indexes, about 5600 pages, and throughout its whole extent the
original purpose has been kept constantly in view, that the practical
character of the work should adapt it specially to the needs of the
general practitioner. In conclusion, the Editor feels that it is a subject
of congratulation that through the combination of so many leading
members of the profession it has been rendered possible to present
in this work, for the first time, the entire subject of practical medicine
treated in a manner truly representative of the American School.

PHILADELPHIA, JUNE, 1886.

 CONTENTS OF VOLUME V.

DISEASES OF THE NERVOUS SYSTEM.

GENERAL SEMEIOLOGY OF DISEASES OF THE NERVOUS

SYSTEM; DATA OF DIAGNOSIS. By E. C. SEGUIN, M.D.

THE LOCALIZATION OF LESIONS IN THE NERVOUS SYSTEM.

By E. C. SEGUIN, M.D.

MENTAL DISEASES. By CHARLES F. FOLSOM, M.D.

HYSTERIA. By CHARLES K. MILLS, A.M., M.D.

HYSTERO-EPILEPSY. By CHARLES K. MILLS, A.M., M.D.

CATALEPSY. By CHARLES K. MILLS, A.M., M.D.

ECSTASY. By CHARLES K. MILLS, A.M., M.D.

NEURASTHENIA. By H. C. WOOD, M.D., LL.D.

SLEEP, AND ITS DISORDERS. By HENRY M. LYMAN, A.M., M.D.

ACUTE AFFECTIONS PRODUCED BY EXPOSURE TO HEAT. By

H. C. WOOD, M.D., LL.D.

HEADACHE. By WHARTON SINKLER, M.D.

VERTIGO. By S. WEIR MITCHELL, M.D.

TREMOR. By WHARTON SINKLER, M.D.

PARALYSIS AGITANS. By WHARTON SINKLER, M.D.

CHOREA. By WHARTON SINKLER, M.D.

ATHETOSIS. By WHARTON SINKLER, M.D.

LOCAL CONVULSIVE DISORDERS. By ALLAN MCLANE HAMILTON,

M.D.

EPILEPSY. By ALLAN MCLANE HAMILTON, M.D.

THE NEURAL DISORDERS OF WRITERS AND ARTISANS. By

MORRIS J. LEWIS, M.D.

TETANUS. By P. S. CONNER, M.D.

DISORDERS OF SPEECH. By EDWARD P. DAVIS, A.M., M.D.

ALCOHOLISM. By JAMES C. WILSON, A.M., M.D.

THE OPIUM HABIT AND KINDRED AFFECTIONS. By JAMES C.

WILSON, A.M., M.D.

CHRONIC LEAD-POISONING. By JAMES C. WILSON, A.M., M.D.

PROGRESSIVE UNILATERAL FACIAL ATROPHY. By CHARLES K.

MILLS, A.M., M.D.

DISEASES OF THE MEMBRANES OF THE BRAIN AND SPINAL

CORD. By FRANCIS MINOT, M.D.

TUBERCULAR MENINGITIS. By FRANCIS MINOT, M.D.

CHRONIC HYDROCEPHALUS. By FRANCIS MINOT, M.D.

CONGESTION, INFLAMMATION, AND HEMORRHAGE OF THE

MEMBRANES OF THE SPINAL CORD. By FRANCIS MINOT, M.D.

SPINA BIFIDA. By JOHN ASHHURST, JR., M.D.

ANÆMIA AND HYPERÆMIA OF THE BRAIN AND SPINAL CORD.
By E. C. SPITZKA, M.D.

THE CHRONIC INFLAMMATORY AND DEGENERATIVE

AFFECTIONS OF THE SPINAL CORD. By E. C. SPITZKA, M.D.

CONCUSSION OF THE BRAIN AND SPINAL CORD. By WILLIAM

HUNT, M.D.

INTRACRANIAL HEMORRHAGE AND OCCLUSION OF THE

CEREBRAL VESSELS, APOPLEXY, SOFTENING OF THE BRAIN,
CEREBRAL PARALYSIS. By ROBERT T. EDES, M.D.

ATROPHY AND HYPERTROPHY OF THE BRAIN. By H. D.

SCHMIDT, M.D.

SYPHILITIC AFFECTIONS OF THE NERVE-CENTRES. By H. C.

WOOD, M.D., LL.D.

TUMORS OF THE BRAIN AND ITS ENVELOPES. By CHARLES K.

MILLS, A.M., M.D., and JAMES HENDRIE LLOYD, A.M., M.D.

TUMORS OF THE SPINAL CORD AND ITS ENVELOPES. By

CHARLES K. MILLS, A.M., M.D., and JAMES HENDRIE LLOYD, A.M., M.D.

INFANTILE SPINAL PARALYSIS. By MARY PUTNAM JACOBI, M.D.

DISEASE OF ONE LATERAL HALF OF THE SPINAL CORD. By H.

D. SCHMIDT, M.D.

PROGRESSIVE LABIO-GLOSSO-LARYNGEAL PARALYSIS. By H.

D. SCHMIDT, M.D.

DISEASES OF THE PERIPHERAL NERVES. By FRANCIS T. MILES,

M.D.

NEURALGIA. By JAMES J. PUTNAM, M.D.

VASO-MOTOR AND TROPHIC NEUROSES. By M. ALLEN STARR,
M.D., PH.D.

INDEX
 CONTRIBUTORS TO VOLUME V.

ASHHURST, JOHN, JR., M.D.,

Professor of Clinical Surgery in the University of Pennsylvania.

CONNER, P. S., M.D.,

Professor of Anatomy and Clinical Surgery in the Medical

College of Ohio; Professor of Surgery, Dartmouth Medical
College; Surgeon to Cincinnati and Good Samaritan Hospitals,
Cincinnati.

DAVIS, EDWARD P., A.M., M.D.,

Lecturer on Physiology, Rush Medical College, Chicago, and

lately Medical Superintendent of the Presbyterian Hospital,
Chicago.

EDES, ROBERT T., M.D.,

Jackson Professor of Clinical Medicine in Harvard University,

Boston, Mass.

FOLSOM, CHARLES F., M.D.,

Visiting Physician for Nervous and Renal Diseases, Boston City

Hospital; formerly Assistant Professor of Mental Diseases in
Harvard University, Boston.

HAMILTON, ALLAN MCLANE, M.D.,

 Consulting Physician to the New York City Male and Female
Insane Asylums; Hudson River State Asylum for the Insane;
Consulting Neurologist to Hospital for Ruptured and Crippled;
Attending Physician to Hospital for Nervous Diseases; Member
of the New York Neurological Society.

HUNT, WILLIAM, M.D.,

Surgeon to the Pennsylvania Hospital, and to the Philadelphia

Orthopædic Hospital and Infirmary for Nervous Diseases.

JACOBI, MARY PUTNAM, M.D.,

Professor of Therapeutics at the Women's Medical College,

New York.

LEWIS, MORRIS J., M.D.,

Physician to the Episcopal Hospital and to the Children's

Hospital; Assistant Physician to the Orthopædic Hospital and
Infirmary for Nervous Diseases, Philada.

LLOYD, JAMES HENDRIE, A.M., M.D.,

Instructor in Electro-Therapeutics in the University of

Pennsylvania.

LYMAN, HENRY M., A.M., M.D.,

Professor of Physiology and of Diseases of the Nervous System

in Rush Medical College, Chicago; Professor of Theory and
Practice of Medicine in the Woman's Hospital Medical College,
Chicago; one of the Attending Physicians to the Presbyterian
Hospital, Chicago, Ill.

MILES, FRANCIS T., M.D.,

Professor of Physiology and Clinical Professor of Diseases of

the Nervous System, University of Maryland, Baltimore.
MILLS, CHARLES K., A.M., M.D.,

Professor of Diseases of the Mind and Nervous System in the

Philadelphia Polyclinic and College for Graduates in Medicine;
Lecturer on Mental Diseases in the University of Pennsylvania;
Neurologist to the Philadelphia Hospital.

MINOT, FRANCIS, M.D.,

Hersey Professor of the Theory and Practice of Physic in

Harvard University; Physician to Massachusetts General
Hospital.

MITCHELL, S. WEIR, M.D.,

Member of the National Academy of Sciences; President of the

College of Physicians of Philadelphia.

PUTNAM, JAMES J., A.B. (Harv.), M.D. (Harv.),

Physician to Out-patients at the Massachusetts General

Hospital; Clinical Instructor at Harvard Medical College.

SCHMIDT, H. D., M.D.,

Pathologist to the Charity Hospital of New Orleans.

SEGUIN, EDWARD C., M.D.,

Clinical Professor of Diseases of the Mind and Nervous System

in the College of Physicians and Surgeons, New York City.

SINKLER, WHARTON, M.D.,

Physician to the Philadelphia Orthopædic Hospital, and

Infirmary for Nervous Diseases.

SPITZKA, E. C., M.D.,

 Consulting Neurologist to the North-eastern Dispensary, and
Physician to the Department for Nervous Diseases of the
German Poliklinik.

STARR, M. ALLEN, M.D., PH.D.,

Professor of Diseases of the Mind and Nervous System, New

York Polyclinic; Attending Physician to Department of Nervous
Diseases, Demilt Dispensary.

WILSON, JAMES C., A.M., M.D.,

Physician to the Philadelphia Hospital, and to the Hospital of the

Jefferson College; President of the Pathological Society of
Philadelphia.

WOOD, HORATIO C., M.D., LL.D.,

Clinical Professor of Diseases of the Nervous System and

Professor of Materia Medica and Therapeutics in the University
of Pennsylvania; Neurologist to the Philadelphia Hospital;
Member of the National Academy of Sciences.
 ILLUSTRATIONS.

FIGURE
1.DIAGRAM SHOWING THE ARC FOR REFLEX ACTION
2.DIAGRAM AND TABLE SHOWING THE APPROXIMATE RELATION TO THE
SPINAL NERVES OF THE VARIOUS SENSORY AND REFLEX FUNCTIONS OF
THE SPINAL CORD
3.CONTRACTION OF NORMAL ABDUCTOR INDICIS WITH STRONG CURRENT
(AMIDON)
4.CONTRACTION OF PARALYED MUSCLE ON THIRTY-FIRST DAY OF BELL'S
PALSY OF THE FACE (AMIDON)
5.DIAGRAM OF A TRANSVERSE SECTION OF THE SPINAL CORD THROUGH
THE CERVICAL ENLARGEMENT
6.DIAGRAM OF A TRANSVERSE SECTION OF THE SPINAL CORD THROUGH
THE LUMBAR ENLARGEMENT
7.HORIZONTAL SECTION THROUGH THE CENTRE OF THE RIGHT CEREBRAL
HEMISPHERE
8.DIAGRAM OF VISUAL PATHS, DESIGNED TO ILLUSTRATE SPECIALLY LEFT
LATERAL HEMIANOPSIA FROM ANY LESION
9.LONGITUDINAL (SAGITTAL) SECTION THROUGH THE BRAIN, TO SHOW THE
DISTRIBUTION OF THE FASCICULI OF THE INTERNAL CAPSULE
10.DIAGRAM OF THE LATERAL ASPECT OF THE CEREBRAL HEMISPHERE
11.DIAGRAM OF THE MESAL ASPECT OF THE CEREBRAL HEMISPHERE
12.TOPOGRAPHICAL LINES APPLIED TO THE EXTERNAL CONTOUR OF THE
HEAD
13.TOPOGRAPHICAL LINES APPLIED TO HENLE'S FIGURE OF THE SKULL
14.THE SAME TOPOGRAPHICAL LINES APPLIED TO THE LEFT CEREBRAL
HEMISPHERE IN HENLE'S SKULL
15.SPECIMENS OF HANDWRITING IN TWO CASES OF GENERAL PARALYSIS
 OF THE INSANE
16.FEET OF A PATIENT WITH ACUTE MYELITIS
17.FEET OF A PATIENT WITH HYSTERICAL PARAPLEGIA
18.POSITION ASSUMED BY A HYSTERO-EPILEPTIC
19.POSITION OF CRUCIFIXION ASSUMED BY A HYSTERO-EPILEPTIC (SAME
CASE AS FIG. 18)
20.POSITION ASSUMED BY A HYSTERO-EPILEPTIC (SAME CASE AS FIG. 18)
21.EXTREME OPISTHOTONOS IN A HYSTERO-EPILEPTIC (SAME CASE AS FIG.
18)
22.PRINCIPAL HYSTEROGENIC ZONES, ANTERIOR SURFACE OF THE BODY
(AFTER RICHER)
23.PRINCIPAL HYSTEROGENIC ZONES, POSTERIOR SURFACE OF THE BODY
(AFTER RICHER)
24.POSITION ASSUMED BY A HYSTERO-EPILEPTIC
25.OPISTHOTONOS OF TETANUS
26.CASE OF ATHETOSIS
27.LOWER FACE OF RIGHT HEMISPHERE
28.MOVEMENTS OF WRIST IN TELEGRAPHING)
29.METHOD OF WRITING ADOPTED BY A PATIENT WHO HAS MARKED SPASM
OF FLEXORS OF FINGERS AND THUMB
30.TEMPERATURE CHART OF A CASE OF TUBERCULAR MENINGITIS IN A
BOY EIGHT YEARS OLD
31.TRANS-SECTION OF UPPER LUMBAR CORD OF A PATIENT MODERATELY
ADVANCED IN TABES DORSALIS
32.CHANGES IN THE CORD IN A CASE OF DIFFUSE SPINAL SCLEROSIS
33.CHANGES IN THE CELLS OF THE ANTERIOR HORN IN DIFFUSE SPINAL
SCLEROSIS (SAME CASE AS FIG. 32)
34.SECONDARY DEGENERATION OF INTEROLIVARY LAYER
35.SECONDARY DEGENERATION OF INTEROLIVARY LAYER, CAUDAL OR
DESCENDING PORTION
36.DECUSSATING DEGENERATION OF INTEROLIVARY LAYER
37.TEMPERATURE CHART OF A CASE OF CEREBRAL HEMORRHAGE
38.TEMPERATURE CHART OF A RAPID CASE OF CEREBRAL HEMORRHAGE
39.CHART SHOWING THE EXCESS OF TEMPERATURE IN A CASE OF
MENINGEAL HEMORRHAGE