Gray Hat Hacking: The Ethical Hacker's

Handbook 5th Edition Allen Harper -

eBook PDF
Go to download the full and correct content document:
https://ebooksecure.com/download/gray-hat-hacking-the-ethical-hackers-handbook-e
book-pdf/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...

Gray Hat Hacking: The Ethical Hacker's Handbook, Fifth

Edition Daniel Regalado - eBook PDF

https://ebooksecure.com/download/gray-hat-hacking-the-ethical-
hackers-handbook-fifth-edition-ebook-pdf/

Gray Hat Hacking: The Ethical Hacker's Handbook Sixth

Edition Daniel Regalado - eBook PDF

https://ebooksecure.com/download/gray-hat-hacking-the-ethical-
hackers-handbook-sixth-edition-ebook-pdf/

CEH Certified Ethical Hacker Practice Exams, 5th

Edition Matt Walker - eBook PDF

https://ebooksecure.com/download/ceh-certified-ethical-hacker-
practice-exams-5th-edition-ebook-pdf/

(eBook PDF) The Bedford Handbook 10th Edition by Diana

Hacker

http://ebooksecure.com/product/ebook-pdf-the-bedford-
handbook-10th-edition-by-diana-hacker/
(eBook PDF) Hands-On Ethical Hacking and Network
Defense 3rd Edition

http://ebooksecure.com/product/ebook-pdf-hands-on-ethical-
hacking-and-network-defense-3rd-edition/

CEH Certified Ethical Hacker All-in-One Exam Guide 4th

Edition (eBook PDF)

http://ebooksecure.com/product/ceh-certified-ethical-hacker-all-
in-one-exam-guide-4th-edition-ebook-pdf/

Handbook of Dialysis Therapy 6th Edition Allen R.

Nissenson - eBook PDF

https://ebooksecure.com/download/handbook-of-dialysis-therapy-
ebook-pdf/

Hands-On Ethical Hacking and Network Defense Third

Edition Michael T. Simpson - eBook PDF

https://ebooksecure.com/download/hands-on-ethical-hacking-and-
network-defense-ebook-pdf/

(Original PDF) Adult Development and Aging The Canadian

Experience by Lori Harper

http://ebooksecure.com/product/original-pdf-adult-development-
and-aging-the-canadian-experience-by-lori-harper/
 Praise for Gray Hat Hacking: The Ethical Hacker’s Handbook,
Fifth Edition

“The Gray Hat Hacking book series continue to provide an up-to-date and
detailed view on a large variety of offensive IT security disciplines. In this
fifth edition, a group of respected infosec professionals spared no effort to
share their experience and expertise on novel techniques to bypass security
mechanisms.
The exploit development chapters, written by Stephen Sims, reveal in great
detail what it takes to write an exploit for modern applications. In Chapter 14,
Stephen uses a recent vulnerability in a major web browser to demystify the
complexity of writing modern exploits for heap-related memory corruptions,
bypassing memory protections along the road.
This book is a must read for anyone who wants to step up and broaden their
skills in infosec.”
—Peter Van Eeckhoutte
Corelan Team (@corelanc0d3r)

“One of the few book series where I ALWAYS buy the updated version.
Learn updated exploit-dev techniques from the best instructors in the
business. The volume of new information available to the average
information security practitioner is staggering. The authors, who are some of
the best in their respective fields, help us stay up to date with current trends
and techniques. GHH’s updates on Red Team Ops, Bug Bounties,
PowerShell Techniques, and IoT & Embedded Devices are exactly what
infosec practitioners need to add to their tool kits.”
—Chris Gates
Sr. Security Engineer (Uber)

“Never before has there been so much technology to attack nor such high
levels of controls and prevention mechanisms. For example, the
advancements in modern operating systems and applications to protect
against exploitation are very impressive, yet time and time again with the
right conditions they are bypassed. Amongst a litany of modern and up-to-
date techniques, Gray Hat Hacking provides detailed and informative
walkthroughs of vulnerabilities and how controls like ASLR and DEP are
bypassed. Filled with real examples you can follow if you are seeking to
upgrade your understanding of the latest hacking techniques—this is the book
for you.”
—James Lyne
Global Research Advisor (Sophos) and Head of R&D (SANS Institute)
Copyright © 2018 by McGraw-Hill Education. All rights reserved. Except as
permitted under the United States Copyright Act of 1976, no part of this
publication may be reproduced or distributed in any form or by any means, or
stored in a database or retrieval system, without the prior written permission
of the publisher, with the exception that the program listings may be entered,
stored, and executed in a computer system, but they may not be reproduced
for publication.

ISBN: 978-1-26-010842-2
MHID: 1-26-010842-2

The material in this eBook also appears in the print version of this title:
ISBN: 978-1-26-010841-5,
MHID: 1-26-010841-4.

eBook conversion by codeMantra

Version 1.0

All trademarks are trademarks of their respective owners. Rather than put a
trademark symbol after every occurrence of a trademarked name, we use
names in an editorial fashion only, and to the benefit of the trademark owner,
with no intention of infringement of the trademark. Where such designations
appear in this book, they have been printed with initial caps.

McGraw-Hill Education ebooks are available at special quantity discounts to

use as premiums and sales promotions or for use in corporate training
programs. To contact a representative, please visit the Contact Us page at
www.mhprofessional.com.

All trademarks or copyrights mentioned herein are the possession of their

respective owners and McGraw-Hill Education makes no claim of ownership
by the mention of products that contain these marks.

Information has been obtained by McGraw-Hill Education from sources

believed to be reliable. However, because of the possibility of human or
mechanical error by our sources, McGraw-Hill Education, or others,
McGraw-Hill Education does not guarantee the accuracy, adequacy, or
completeness of any information and is not responsible for any errors or
omissions or the results obtained from the use of such information.

TERMS OF USE

This is a copyrighted work and McGraw-Hill Education and its licensors

reserve all rights in and to the work. Use of this work is subject to these
terms. Except as permitted under the Copyright Act of 1976 and the right to
store and retrieve one copy of the work, you may not decompile, disassemble,
reverse engineer, reproduce, modify, create derivative works based upon,
transmit, distribute, disseminate, sell, publish or sublicense the work or any
part of it without McGraw-Hill Education’s prior consent. You may use the
work for your own noncommercial and personal use; any other use of the
work is strictly prohibited. Your right to use the work may be terminated if
you fail to comply with these terms.

THE WORK IS PROVIDED “AS IS.” McGRAW-HILL EDUCATION

AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES
AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR
RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING
ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE
WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY
DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
McGraw-Hill Education and its licensors do not warrant or guarantee that the
functions contained in the work will meet your requirements or that its
operation will be uninterrupted or error free. Neither McGraw-Hill Education
nor its licensors shall be liable to you or anyone else for any inaccuracy, error
or omission, regardless of cause, in the work or for any damages resulting
therefrom. McGraw-Hill Education has no responsibility for the content of
any information accessed through the work. Under no circumstances shall
McGraw-Hill Education and/or its licensors be liable for any indirect,
incidental, special, punitive, consequential or similar damages that result
from the use of or inability to use the work, even if any of them has been
advised of the possibility of such damages. This limitation of liability shall
apply to any claim or cause whatsoever whether such claim or cause arises in
contract, tort or otherwise.
 In Memory of Shon Harris
In the previous edition, I spoke in memory of Shon Harris, my friend, mentor,
and a person I credit with jump-starting my career after my time in the
Marine Corps. Simply put, neither this book nor most of my professional
accomplishments would have happened without her. I continue to miss her
and I know I speak on behalf of the other authors that we wish she were still
with us. If you did not know Shon or have never heard of her, you owe it to
yourself to learn about her inspiring story in the last edition and elsewhere.
For those of us who knew her and have our own “Shon” stories, join me in
keeping her memory alive and share her story with anyone who will listen.
She was an amazing person and is loved and missed dearly. We dedicate this
book to her memory.
—Allen Harper
Lead author and friend of Shon Harris

To my brothers and sisters in Christ, keep running the race. Let your light
shine for Him, that others may be drawn to Him through you.
—Allen Harper

Dedicado a ti mamita Adelina Arias Cruz, cuando me pregunto de donde sale

mi garra de no dejarme de nadie o el sacrificio incansable para conseguir mis
metas, solo tengo que voltear a verte, para ti no hay imposibles, te adoro!
—Daniel Regalado

To Mom, who read to me when I was little, so I could achieve the level of
literacy I needed to become an author one day.
—Ryan Linn

To my lovely wife LeAnne and my daughter Audrey, thank you for your
ongoing support!
—Stephen Sims

To my lovely daughter Elysia, thank you for your unconditional love and
support. You inspire me in so many ways. I am, and will always be, your
biggest fan.
—Linda Martinez

To my family and friends for their unconditional support and making this life
funny and interesting.
—Branko Spasojevic

To my daughter Tiernan, thank you for your support and continuous

reminders to enjoy life and learning each and every day. I look forward to
seeing the wonderful woman you will become.
—Michael Baucom

To my son Aaron, thanks for all your love while I spend too much time at the
keyboard, and thanks for sharing your joy on all the projects we work on
together.
—Chris Eagle
 ABOUT THE AUTHORS

Dr. Allen Harper, CISSP. In 2007, Allen Harper retired from the military as
a Marine Corps Officer after a tour in Iraq. He has more than 30 years of
IT/security experience. He holds a PhD in IT with a focus in Information
Assurance and Security from Capella, an MS in Computer Science from the
Naval Postgraduate School, and a BS in Computer Engineering from North
Carolina State University. Allen led the development of the GEN III
honeywall CD-ROM, called roo, for the Honeynet Project. He has worked as
a security consultant for many Fortune 500 and government entities. His
interests include the Internet of Things, reverse engineering, vulnerability
discovery, and all forms of ethical hacking. Allen was the founder of
N2NetSecurity, Inc., served as the EVP and chief hacker at Tangible
Security, and now serves the Lord at Liberty University in Lynchburg,
Virginia.
Daniel Regalado, aka Danux, is a Mexican security researcher with more
than 16 years in the security field, dissecting or pen-testing malware, 0-day
exploits, ATMs, IoT devices, IV pumps, and car infotainment systems. He is
a former employee of widely respected companies like FireEye and Symantec
and is currently a principal security researcher at Zingbox. Daniel is probably
best known for his multiple discoveries and dissection of ATM malware
attacking banks worldwide, with the most notorious findings being Ploutus,
Padpin, and Ripper.
Ryan Linn has over 20 years in the security industry, ranging from
systems programmer to corporate security, to leading a global cybersecurity
consultancy. Ryan has contributed to a number of open source projects,
including Metasploit and the Browser Exploitation Framework (BeEF). Ryan
participates in Twitter as @sussurro, and he has presented his research at
numerous security conferences, including Black Hat and DEF CON, and has
provided training in attack techniques and forensics worldwide.
Stephen Sims is an industry expert with over 15 years of experience in
information technology and security. He currently works out of San
Francisco as a consultant performing reverse engineering, exploit
development, threat modeling, and penetration testing. Stephen has an MS in
information assurance from Norwich University and is a course author,
fellow, and curriculum lead for the SANS Institute, authoring courses on
advanced exploit development and penetration testing. He has spoken at
numerous conferences, including RSA, BSides, OWASP AppSec,
ThaiCERT, AISA, and many others. He may be reached on twitter:
@Steph3nSims
Branko Spasojevic is a security engineer on Google’s Detection and
Response team. Before that he worked as a reverse engineer for Symantec
and analyzed various threats and APT groups.
Linda Martinez is the Chief Information Security Officer (CISO) and Vice
President of Commercial Service Delivery at Tangible Security. Linda is a
proven information security executive and industry expert with over 18 years
of experience leading technical teams, developing technical business lines,
and providing high-quality consulting services to clients. She is responsible
for Tangible Security’s Commercial Division, where she leads the following
business lines: penetration testing, including red and purple team operations;
hardware hacking; product and supply chain security; governance, risk
management, and compliance; incident response and digital forensics. Linda
also leads a team of virtual Chief Information Security Officers (CISOs) in
providing expert guidance to many organizations. Prior to her current
position, Linda was the Vice President of Operations for N2 Net Security.
Before that, she co-founded and served as Chief Operating Officer (COO) for
Executive Instruments, an information security research and consulting firm.
Michael Baucom currently works for Tangible Security as the VP of
Tangible Labs. While at Tangible he has worked on a wide variety of
projects, including software security assessments, SDLC consulting, tool
development, and penetration tests. Prior to working at Tangible Security, he
served in the Marine Corps as a ground radio repairman. Additionally, he
worked for IBM, Motorola, and Broadcom in several capacities, including
test engineering, device driver development, and system software
development for embedded systems. In addition to his work activities,
Michael has been a trainer at Black Hat, speaker at several conferences, and
technical editor for Gray Hat Hacking: The Ethical Hacker’s Handbook. His
current interests are in automating pen-test activities, embedded system
security, and mobile phone security.
Chris Eagle is a senior lecturer in the computer science department at the
Naval Postgraduate School in Monterey, California. A computer
engineer/scientist for more than 30 years, he has authored several books,
served as the chief architect for DARPA’s Cyber Grand Challenge,
frequently speaks at security conferences, and has contributed several popular
open source tools to the security community.
The late Shon Harris is greatly missed. She was the president of Logical
Security, a security consultant, a former engineer in the Air Force’s
Information Warfare unit, an instructor, and an author. She authored the best-
selling CISSP Exam Guide (currently in its seventh edition), along with many
other books. Shon consulted for a variety of companies in many different
industries. Shon taught computer and information security to a wide range of
clients, including RSA, Department of Defense, Department of Energy, West
Point, National Security Agency (NSA), Bank of America, Defense
Information Systems Agency (DISA), BMC, and many more. Shon was
recognized as one of the top 25 women in the Information Security field by
Information Security Magazine.

Disclaimer: The views expressed in this book are those of the authors
and not of the U.S. government or any company mentioned herein.

About the Technical Editor

Heather Linn has over 20 years in the security industry and has held roles in
corporate security, penetration testing, and as part of a hunt team. She has
contributed to open source frameworks, including Metasploit, and has
contributed to course materials on forensics, penetration testing, and
information security taught around the globe.
Heather has presented at many security conferences, including multiple
BSides conferences, local ISSA chapter conferences, and student events
aimed at providing realistic expectations for new students entering the
information security field.
 CONTENTS AT A GLANCE

Part I Preparation
Chapter 1 Why Gray Hat Hacking? Ethics and Law
Chapter 2 Programming Survival Skills
Chapter 3 Next-Generation Fuzzing
Chapter 4 Next-Generation Reverse Engineering
Chapter 5 Software-Defined Radio

Part II Business of Hacking

Chapter 6 So You Want to Be a Pen Tester?
Chapter 7 Red Teaming Operations
Chapter 8 Purple Teaming
Chapter 9 Bug Bounty Programs

Part III Exploiting Systems

Chapter 10 Getting Shells Without Exploits
Chapter 11 Basic Linux Exploits
Chapter 12 Advanced Linux Exploits
Chapter 13 Windows Exploits
Chapter 14 Advanced Windows Exploitation
Chapter 15 PowerShell Exploitation
Chapter 16 Next-Generation Web Application Exploitation
Chapter 17 Next-Generation Patch Exploitation

Part IV Advanced Malware Analysis

Chapter 18 Dissecting Mobile Malware
Chapter 19 Dissecting Ransomware
Chapter 20 ATM Malware
Chapter 21 Deception: Next-Generation Honeypots

Part V Internet of Things

Chapter 22 Internet of Things to Be Hacked
Chapter 23 Dissecting Embedded Devices
Chapter 24 Exploiting Embedded Devices
Chapter 25 Fighting IoT Malware

Index
 CONTENTS

Preface
Acknowledgments
Introduction

Part I Preparation
Chapter 1 Why Gray Hat Hacking? Ethics and Law
Know Your Enemy
The Current Security Landscape
Recognizing an Attack
The Gray Hat Way
Emulating the Attack
Frequency and Focus of Testing
Evolution of Cyberlaw
Understanding Individual Cyberlaws
Summary
References
Chapter 2 Programming Survival Skills
C Programming Language
Basic C Language Constructs
Sample Program
Compiling with gcc
Computer Memory
Random Access Memory
Endian
Segmentation of Memory
Programs in Memory
 Buffers
Strings in Memory
Pointers
Putting the Pieces of Memory Together
Intel Processors
Registers
Assembly Language Basics
Machine vs. Assembly vs. C
AT&T vs. NASM
Addressing Modes
Assembly File Structure
Assembling
Debugging with gdb
gdb Basics
Disassembly with gdb
Python Survival Skills
Getting Python
“Hello, World!” in Python
Python Objects
Strings
Numbers
Lists
Dictionaries
Files with Python
Sockets with Python
Summary
For Further Reading
References
Chapter 3 Next-Generation Fuzzing
Introduction to Fuzzing
Types of Fuzzers
Mutation Fuzzers
Generation Fuzzers
 Genetic Fuzzing
Mutation Fuzzing with Peach
Lab 3-1: Mutation Fuzzing with Peach
Generation Fuzzing with Peach
Crash Analysis
Lab 3-2: Generation Fuzzing with Peach
Genetic or Evolutionary Fuzzing with AFL
Lab 3-3: Genetic Fuzzing with AFL
Summary
For Further Reading
Chapter 4 Next-Generation Reverse Engineering
Code Annotation
IDB Annotation with IDAscope
C++ Code Analysis
Collaborative Analysis
Leveraging Collaborative Knowledge Using FIRST
Collaboration with BinNavi
Dynamic Analysis
Automated Dynamic Analysis with Cuckoo Sandbox
Bridging the Static-Dynamic Tool Gap with Labeless
Summary
For Further Reading
References
Chapter 5 Software-Defined Radio
Getting Started with SDR
What to Buy
Not So Quick: Know the Rules
Learn by Example
Search
Capture
Replay
Analyze
Preview
 Execute
Summary
For Further Reading

Part II Business of Hacking

Chapter 6 So You Want to Be a Pen Tester?
The Journey from Novice to Expert
Pen Tester Ethos
Pen Tester Taxonomy
The Future of Hacking
Know the Tech
Know What Good Looks Like
Pen Tester Training
Practice
Degree Programs
Knowledge Transfer
Pen Tester Tradecraft
Personal Liability
Being the Trusted Advisor
Managing a Pen Test
Summary
For Further Reading
Chapter 7 Red Teaming Operations
Red Team Operations
Strategic, Operational, and Tactical Focus
Assessment Comparisons
Red Teaming Objectives
What Can Go Wrong
Limited Scope
Limited Time
Limited Audience
Overcoming Limitations
Communications
 Planning Meetings
Defining Measurable Events
Understanding Threats
Attack Frameworks
Testing Environment
Adaptive Testing
External Assessment
Physical Security Assessment
Social Engineering
Internal Assessment
Lessons Learned
Summary
References
Chapter 8 Purple Teaming
Introduction to Purple Teaming
Blue Team Operations
Know Your Enemy
Know Yourself
Security Program
Incident Response Program
Common Blue Teaming Challenges
Purple Teaming Operations
Decision Frameworks
Disrupting the Kill Chain
Kill Chain Countermeasure Framework
Communication
Purple Team Optimization
Summary
For Further Reading
References
Chapter 9 Bug Bounty Programs
History of Vulnerability Disclosure
Full Vendor Disclosure
 Full Public Disclosure
Responsible Disclosure
No More Free Bugs
Bug Bounty Programs
Types of Bug Bounty Programs
Incentives
Controversy Surrounding Bug Bounty Programs
Popular Bug Bounty Program Facilitators
Bugcrowd in Depth
Program Owner Web Interface
Program Owner API Example
Researcher Web Interface
Earning a Living Finding Bugs
Selecting a Target
Registering (If Required)
Understanding the Rules of the Game
Finding Vulnerabilities
Reporting Vulnerabilities
Cashing Out
Incident Response
Communication
Triage
Remediation
Disclosure to Users
Public Relations
Summary
For Further Reading
References

Part III Exploiting Systems

Chapter 10 Getting Shells Without Exploits
Capturing Password Hashes
Understanding LLMNR and NBNS
 Understanding Windows NTLMv1 and NTLMv2
Authentication
Using Responder
Lab 10-1: Getting Passwords with Responder
Using Winexe
Lab 10-2: Using Winexe to Access Remote Systems
Lab 10-3: Using Winexe to Gain Elevated Privileges
Using WMI
Lab 10-4 : Querying System Information with WMI
Lab 10-5: Executing Commands with WMI
Taking Advantage of WinRM
Lab 10-6: Executing Commands with WinRM
Lab 10-7: Using WinRM to Run PowerShell
Remotely
Summary
For Further Reading
Reference
Chapter 11 Basic Linux Exploits
Stack Operations and Function-Calling Procedures
Buffer Overflows
Lab 11-1: Overflowing meet.c
Ramifications of Buffer Overflows
Local Buffer Overflow Exploits
Lab 11-2: Components of the Exploit
Lab 11-3: Exploiting Stack Overflows from the
Command Line
Lab 11-4: Exploiting Stack Overflows with Generic
Exploit Code
Lab 11-5: Exploiting Small Buffers
Exploit Development Process
Lab 11-6: Building Custom Exploits
Summary
For Further Reading
Chapter 12 Advanced Linux Exploits
Format String Exploits
Format Strings
Lab 12-1: Reading from Arbitrary Memory
Lab 12-2: Writing to Arbitrary Memory
Lab 12-3: Changing Program Execution
Memory Protection Schemes
Compiler Improvements
Lab 11-4: Bypassing Stack Protection
Kernel Patches and Scripts
Lab 12-5: Return to libc Exploits
Lab 12-6: Maintaining Privileges with ret2libc
Bottom Line
Summary
For Further Reading
References
Chapter 13 Windows Exploits
Compiling and Debugging Windows Programs
Lab 13-1: Compiling on Windows
Windows Compiler Options
Debugging on Windows with Immunity Debugger
Lab 13-2: Crashing the Program
Writing Windows Exploits
Exploit Development Process Review
Lab 13-3: Exploiting ProSSHD Server
Understanding Structured Exception Handling (SEH)
Understanding and Bypassing Windows Memory
Protections
Safe Structured Exception Handling (SafeSEH)
Bypassing SafeSEH
SEH Overwrite Protection (SEHOP)
Bypassing SEHOP
Stack-Based Buffer Overrun Detection (/GS)
 Bypassing /GS
Heap Protections
Summary
For Further Reading
References
Chapter 14 Advanced Windows Exploitation
Data Execution Prevention (DEP)
Address Space Layout Randomization (ASLR)
Enhanced Mitigation Experience Toolkit (EMET) and
Windows Defender Exploit Guard
Bypassing ASLR
Bypassing DEP and Avoiding ASLR
VirtualProtect
Return-Oriented Programming
Gadgets
Building the ROP Chain
Defeating ASLR Through a Memory Leak
Triggering the Bug
Tracing the Memory Leak
Weaponizing the Memory Leak
Building the RVA ROP Chain
Summary
For Further Reading
References
Chapter 15 PowerShell Exploitation
Why PowerShell
Living Off the Land
PowerShell Logging
PowerShell Portability
Loading PowerShell Scripts
Lab 15-1: The Failure Condition
Lab 15-2: Passing Commands on the Command Line
Lab 15-3: Encoded Commands
 Lab 15-4: Bootstrapping via the Web
Exploitation and Post-Exploitation with PowerSploit
Lab 15-5: Setting Up PowerSploit
Lab 15-6: Running Mimikatz Through PowerShell
Lab 15-7: Creating a Persistent Meterpreter Using
PowerSploit
Using PowerShell Empire for C2
Lab 15-8: Setting Up Empire
Lab 15-9: Staging an Empire C2
Lab 15-10: Using Empire to Own the System
Summary
For Further Reading
References
Chapter 16 Next-Generation Web Application Exploitation
The Evolution of Cross-Site Scripting (XSS)
Setting Up the Environment
Lab 16-1: XSS Refresher
Lab 16-2: XSS Evasion from Internet Wisdom
Lab 16-3: Changing Application Logic with XSS
Lab 16-4: Using the DOM for XSS
Framework Vulnerabilities
Setting Up the Environment
Lab 16-5: Exploiting CVE-2017-5638
Lab 16-6: Exploiting CVE-2017-9805
Padding Oracle Attacks
Lab 16-7: Changing Data with the Padding Oracle
Attack
Summary
For Further Reading
References
Chapter 17 Next-Generation Patch Exploitation
Introduction to Binary Diffing
Application Diffing
 Patch Diffing
Binary Diffing Tools
BinDiff
turbodiff
Lab 17-1: Our First Diff
Patch Management Process
Microsoft Patch Tuesday
Obtaining and Extracting Microsoft Patches
Lab 17-2: Diffing MS17-010
Patch Diffing for Exploitation
DLL Side-Loading Bugs
Lab 17-3: Diffing MS16-009
Summary
For Further Reading
References

Part IV Advanced Malware Analysis

Chapter 18 Dissecting Mobile Malware
The Android Platform
Android Application Package
Application Manifest
Analyzing DEX
Java Decompilation
DEX Decompilation
DEX Disassembling
Example 18-1: Running APK in Emulator
Malware Analysis
The iOS Platform
iOS Security
iOS Applications
Summary
For Further Reading
References
Chapter 19 Dissecting Ransomware
The Beginnings of Ransomware
Options for Paying the Ransom
Dissecting Ransomlock
Example 19-1: Dynamic Analysis
Example 19-2: Static Analysis
Wannacry
Example 19-3: Analyzing Wannacry Ransomware
Summary
For Further Reading
Chapter 20 ATM Malware
ATM Overview
XFS Overview
XFS Architecture
XFS Manager
ATM Malware Analysis
Types of ATM Malware
Techniques for Installing Malware on ATMs
Techniques for Dissecting the Malware
ATM Malware Countermeasures
Summary
For Further Reading
References
Chapter 21 Deception: Next-Generation Honeypots
Brief History of Deception
Honeypots as a Form of Deception
Deployment Considerations
Setting Up a Virtual Machine
Open Source Honeypots
Lab 21-1: Dionaea
Lab 21-2: ConPot
Lab 21-3: Cowrie
 Lab 21-4: T-Pot
Commercial Alternative: TrapX
Summary
For Further Reading
References

Part V Internet of Things

Chapter 22 Internet of Things to Be Hacked
Internet of Things (IoT)
Types of Connected Things
Wireless Protocols
Communication Protocols
Security Concerns
Shodan IoT Search Engine
Web Interface
Shodan Command-Line Interface
Lab 22-1: Using the Shodan Command Line
Shodan API
Lab 22-2: Testing the Shodan API
Lab 22-3: Playing with MQTT
Implications of This Unauthenticated Access to
MQTT
IoT Worms: It Was a Matter of Time
Lab 22-4: Mirai Lives
Prevention
Summary
For Further Reading
References
Chapter 23 Dissecting Embedded Devices
CPU
Microprocessor
Microcontrollers
System on Chip (SoC)
 Common Processor Architectures
Serial Interfaces
UART
SPI
I2C
Debug Interfaces
JTAG
SWD (Serial Wire Debug)
Software
Bootloader
No Operating System
Real-Time Operating System
General Operating System
Summary
For Further Reading
References
Chapter 24 Exploiting Embedded Devices
Static Analysis of Vulnerabilities in Embedded Devices
Lab 24-1: Analyzing the Update Package
Lab 24-2: Performing Vulnerability Analysis
Dynamic Analysis with Hardware
The Test Environment Setup
Ettercap
Dynamic Analysis with Emulation
FIRMADYNE
Lab 24-3: Setting Up FIRMADYNE
Lab 24-4: Emulating Firmware
Lab 24-5: Exploiting Firmware
Summary
Further Reading
References
Chapter 25 Fighting IoT Malware
Physical Access to the Device
Another random document with
no related content on Scribd:
 PLEASE READ THIS BEFORE YOU DISTRIBUTE OR USE THIS WORK

To protect the Project Gutenberg™ mission of promoting the free

distribution of electronic works, by using or distributing this work (or
any other work associated in any way with the phrase “Project
Gutenberg”), you agree to comply with all the terms of the Full
Project Gutenberg™ License available with this file or online at
www.gutenberg.org/license.

Section 1. General Terms of Use and

Redistributing Project Gutenberg™
electronic works
1.A. By reading or using any part of this Project Gutenberg™
electronic work, you indicate that you have read, understand, agree
to and accept all the terms of this license and intellectual property
(trademark/copyright) agreement. If you do not agree to abide by all
the terms of this agreement, you must cease using and return or
destroy all copies of Project Gutenberg™ electronic works in your
possession. If you paid a fee for obtaining a copy of or access to a
Project Gutenberg™ electronic work and you do not agree to be
bound by the terms of this agreement, you may obtain a refund from
the person or entity to whom you paid the fee as set forth in
paragraph 1.E.8.

1.B. “Project Gutenberg” is a registered trademark. It may only be

used on or associated in any way with an electronic work by people
who agree to be bound by the terms of this agreement. There are a
few things that you can do with most Project Gutenberg™ electronic
works even without complying with the full terms of this agreement.
See paragraph 1.C below. There are a lot of things you can do with
Project Gutenberg™ electronic works if you follow the terms of this
agreement and help preserve free future access to Project
Gutenberg™ electronic works. See paragraph 1.E below.
1.C. The Project Gutenberg Literary Archive Foundation (“the
Foundation” or PGLAF), owns a compilation copyright in the
collection of Project Gutenberg™ electronic works. Nearly all the
individual works in the collection are in the public domain in the
United States. If an individual work is unprotected by copyright law in
the United States and you are located in the United States, we do
not claim a right to prevent you from copying, distributing,
performing, displaying or creating derivative works based on the
work as long as all references to Project Gutenberg are removed. Of
course, we hope that you will support the Project Gutenberg™
mission of promoting free access to electronic works by freely
sharing Project Gutenberg™ works in compliance with the terms of
this agreement for keeping the Project Gutenberg™ name
associated with the work. You can easily comply with the terms of
this agreement by keeping this work in the same format with its
attached full Project Gutenberg™ License when you share it without
charge with others.

1.D. The copyright laws of the place where you are located also
govern what you can do with this work. Copyright laws in most
countries are in a constant state of change. If you are outside the
United States, check the laws of your country in addition to the terms
of this agreement before downloading, copying, displaying,
performing, distributing or creating derivative works based on this
work or any other Project Gutenberg™ work. The Foundation makes
no representations concerning the copyright status of any work in
any country other than the United States.

1.E. Unless you have removed all references to Project Gutenberg:

1.E.1. The following sentence, with active links to, or other

immediate access to, the full Project Gutenberg™ License must
appear prominently whenever any copy of a Project Gutenberg™
work (any work on which the phrase “Project Gutenberg” appears, or
with which the phrase “Project Gutenberg” is associated) is
accessed, displayed, performed, viewed, copied or distributed:
 This eBook is for the use of anyone anywhere in the United
States and most other parts of the world at no cost and with
almost no restrictions whatsoever. You may copy it, give it away
or re-use it under the terms of the Project Gutenberg License
included with this eBook or online at www.gutenberg.org. If you
are not located in the United States, you will have to check the
laws of the country where you are located before using this
eBook.

1.E.2. If an individual Project Gutenberg™ electronic work is derived

from texts not protected by U.S. copyright law (does not contain a
notice indicating that it is posted with permission of the copyright
holder), the work can be copied and distributed to anyone in the
United States without paying any fees or charges. If you are
redistributing or providing access to a work with the phrase “Project
Gutenberg” associated with or appearing on the work, you must
comply either with the requirements of paragraphs 1.E.1 through
1.E.7 or obtain permission for the use of the work and the Project
Gutenberg™ trademark as set forth in paragraphs 1.E.8 or 1.E.9.

1.E.3. If an individual Project Gutenberg™ electronic work is posted

with the permission of the copyright holder, your use and distribution
must comply with both paragraphs 1.E.1 through 1.E.7 and any
additional terms imposed by the copyright holder. Additional terms
will be linked to the Project Gutenberg™ License for all works posted
with the permission of the copyright holder found at the beginning of
this work.

1.E.4. Do not unlink or detach or remove the full Project

Gutenberg™ License terms from this work, or any files containing a
part of this work or any other work associated with Project
Gutenberg™.

1.E.5. Do not copy, display, perform, distribute or redistribute this

electronic work, or any part of this electronic work, without
prominently displaying the sentence set forth in paragraph 1.E.1 with
active links or immediate access to the full terms of the Project
Gutenberg™ License.
1.E.6. You may convert to and distribute this work in any binary,
compressed, marked up, nonproprietary or proprietary form,
including any word processing or hypertext form. However, if you
provide access to or distribute copies of a Project Gutenberg™ work
in a format other than “Plain Vanilla ASCII” or other format used in
the official version posted on the official Project Gutenberg™ website
(www.gutenberg.org), you must, at no additional cost, fee or expense
to the user, provide a copy, a means of exporting a copy, or a means
of obtaining a copy upon request, of the work in its original “Plain
Vanilla ASCII” or other form. Any alternate format must include the
full Project Gutenberg™ License as specified in paragraph 1.E.1.

1.E.7. Do not charge a fee for access to, viewing, displaying,

performing, copying or distributing any Project Gutenberg™ works
unless you comply with paragraph 1.E.8 or 1.E.9.

1.E.8. You may charge a reasonable fee for copies of or providing

access to or distributing Project Gutenberg™ electronic works
provided that:

• You pay a royalty fee of 20% of the gross profits you derive from
the use of Project Gutenberg™ works calculated using the
method you already use to calculate your applicable taxes. The
fee is owed to the owner of the Project Gutenberg™ trademark,
but he has agreed to donate royalties under this paragraph to
the Project Gutenberg Literary Archive Foundation. Royalty
payments must be paid within 60 days following each date on
which you prepare (or are legally required to prepare) your
periodic tax returns. Royalty payments should be clearly marked
as such and sent to the Project Gutenberg Literary Archive
Foundation at the address specified in Section 4, “Information
about donations to the Project Gutenberg Literary Archive
Foundation.”

• You provide a full refund of any money paid by a user who

notifies you in writing (or by e-mail) within 30 days of receipt that
s/he does not agree to the terms of the full Project Gutenberg™
License. You must require such a user to return or destroy all
 copies of the works possessed in a physical medium and
discontinue all use of and all access to other copies of Project
Gutenberg™ works.

• You provide, in accordance with paragraph 1.F.3, a full refund of

any money paid for a work or a replacement copy, if a defect in
the electronic work is discovered and reported to you within 90
days of receipt of the work.

• You comply with all other terms of this agreement for free
distribution of Project Gutenberg™ works.

1.E.9. If you wish to charge a fee or distribute a Project Gutenberg™

electronic work or group of works on different terms than are set
forth in this agreement, you must obtain permission in writing from
the Project Gutenberg Literary Archive Foundation, the manager of
the Project Gutenberg™ trademark. Contact the Foundation as set
forth in Section 3 below.

1.F.

1.F.1. Project Gutenberg volunteers and employees expend

considerable effort to identify, do copyright research on, transcribe
and proofread works not protected by U.S. copyright law in creating
the Project Gutenberg™ collection. Despite these efforts, Project
Gutenberg™ electronic works, and the medium on which they may
be stored, may contain “Defects,” such as, but not limited to,
incomplete, inaccurate or corrupt data, transcription errors, a
copyright or other intellectual property infringement, a defective or
damaged disk or other medium, a computer virus, or computer
codes that damage or cannot be read by your equipment.

1.F.2. LIMITED WARRANTY, DISCLAIMER OF DAMAGES - Except

for the “Right of Replacement or Refund” described in paragraph
1.F.3, the Project Gutenberg Literary Archive Foundation, the owner
of the Project Gutenberg™ trademark, and any other party
distributing a Project Gutenberg™ electronic work under this
agreement, disclaim all liability to you for damages, costs and
expenses, including legal fees. YOU AGREE THAT YOU HAVE NO
REMEDIES FOR NEGLIGENCE, STRICT LIABILITY, BREACH OF
WARRANTY OR BREACH OF CONTRACT EXCEPT THOSE
PROVIDED IN PARAGRAPH 1.F.3. YOU AGREE THAT THE
FOUNDATION, THE TRADEMARK OWNER, AND ANY
DISTRIBUTOR UNDER THIS AGREEMENT WILL NOT BE LIABLE
TO YOU FOR ACTUAL, DIRECT, INDIRECT, CONSEQUENTIAL,
PUNITIVE OR INCIDENTAL DAMAGES EVEN IF YOU GIVE
NOTICE OF THE POSSIBILITY OF SUCH DAMAGE.

1.F.3. LIMITED RIGHT OF REPLACEMENT OR REFUND - If you

discover a defect in this electronic work within 90 days of receiving it,
you can receive a refund of the money (if any) you paid for it by
sending a written explanation to the person you received the work
from. If you received the work on a physical medium, you must
return the medium with your written explanation. The person or entity
that provided you with the defective work may elect to provide a
replacement copy in lieu of a refund. If you received the work
electronically, the person or entity providing it to you may choose to
give you a second opportunity to receive the work electronically in
lieu of a refund. If the second copy is also defective, you may
demand a refund in writing without further opportunities to fix the
problem.

1.F.4. Except for the limited right of replacement or refund set forth in
paragraph 1.F.3, this work is provided to you ‘AS-IS’, WITH NO
OTHER WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR ANY PURPOSE.

1.F.5. Some states do not allow disclaimers of certain implied

warranties or the exclusion or limitation of certain types of damages.
If any disclaimer or limitation set forth in this agreement violates the
law of the state applicable to this agreement, the agreement shall be
interpreted to make the maximum disclaimer or limitation permitted
by the applicable state law. The invalidity or unenforceability of any
provision of this agreement shall not void the remaining provisions.
1.F.6. INDEMNITY - You agree to indemnify and hold the
Foundation, the trademark owner, any agent or employee of the
Foundation, anyone providing copies of Project Gutenberg™
electronic works in accordance with this agreement, and any
volunteers associated with the production, promotion and distribution
of Project Gutenberg™ electronic works, harmless from all liability,
costs and expenses, including legal fees, that arise directly or
indirectly from any of the following which you do or cause to occur:
(a) distribution of this or any Project Gutenberg™ work, (b)
alteration, modification, or additions or deletions to any Project
Gutenberg™ work, and (c) any Defect you cause.

Section 2. Information about the Mission of

Project Gutenberg™
Project Gutenberg™ is synonymous with the free distribution of
electronic works in formats readable by the widest variety of
computers including obsolete, old, middle-aged and new computers.
It exists because of the efforts of hundreds of volunteers and
donations from people in all walks of life.

Volunteers and financial support to provide volunteers with the

assistance they need are critical to reaching Project Gutenberg™’s
goals and ensuring that the Project Gutenberg™ collection will
remain freely available for generations to come. In 2001, the Project
Gutenberg Literary Archive Foundation was created to provide a
secure and permanent future for Project Gutenberg™ and future
generations. To learn more about the Project Gutenberg Literary
Archive Foundation and how your efforts and donations can help,
see Sections 3 and 4 and the Foundation information page at
www.gutenberg.org.

Section 3. Information about the Project

Gutenberg Literary Archive Foundation
The Project Gutenberg Literary Archive Foundation is a non-profit
501(c)(3) educational corporation organized under the laws of the
state of Mississippi and granted tax exempt status by the Internal
Revenue Service. The Foundation’s EIN or federal tax identification
number is 64-6221541. Contributions to the Project Gutenberg
Literary Archive Foundation are tax deductible to the full extent
permitted by U.S. federal laws and your state’s laws.

The Foundation’s business office is located at 809 North 1500 West,

Salt Lake City, UT 84116, (801) 596-1887. Email contact links and up
to date contact information can be found at the Foundation’s website
and official page at www.gutenberg.org/contact

Section 4. Information about Donations to

the Project Gutenberg Literary Archive
Foundation
Project Gutenberg™ depends upon and cannot survive without
widespread public support and donations to carry out its mission of
increasing the number of public domain and licensed works that can
be freely distributed in machine-readable form accessible by the
widest array of equipment including outdated equipment. Many small
donations ($1 to $5,000) are particularly important to maintaining tax
exempt status with the IRS.

The Foundation is committed to complying with the laws regulating

charities and charitable donations in all 50 states of the United
States. Compliance requirements are not uniform and it takes a
considerable effort, much paperwork and many fees to meet and
keep up with these requirements. We do not solicit donations in
locations where we have not received written confirmation of
compliance. To SEND DONATIONS or determine the status of
compliance for any particular state visit www.gutenberg.org/donate.

While we cannot and do not solicit contributions from states where

we have not met the solicitation requirements, we know of no
prohibition against accepting unsolicited donations from donors in
such states who approach us with offers to donate.

International donations are gratefully accepted, but we cannot make

any statements concerning tax treatment of donations received from
outside the United States. U.S. laws alone swamp our small staff.

Please check the Project Gutenberg web pages for current donation
methods and addresses. Donations are accepted in a number of
other ways including checks, online payments and credit card
donations. To donate, please visit: www.gutenberg.org/donate.

Section 5. General Information About Project

Gutenberg™ electronic works
Professor Michael S. Hart was the originator of the Project
Gutenberg™ concept of a library of electronic works that could be
freely shared with anyone. For forty years, he produced and
distributed Project Gutenberg™ eBooks with only a loose network of
volunteer support.

Project Gutenberg™ eBooks are often created from several printed

editions, all of which are confirmed as not protected by copyright in
the U.S. unless a copyright notice is included. Thus, we do not
necessarily keep eBooks in compliance with any particular paper
edition.

Most people start at our website which has the main PG search
facility: www.gutenberg.org.

This website includes information about Project Gutenberg™,

including how to make donations to the Project Gutenberg Literary
Archive Foundation, how to help produce our new eBooks, and how
to subscribe to our email newsletter to hear about new eBooks.