Professional Documents
Culture Documents
ebook download Gray Hat Hacking: The Ethical Hacker's Handbook 5th Edition Allen Harper - eBook PDF all chapter
ebook download Gray Hat Hacking: The Ethical Hacker's Handbook 5th Edition Allen Harper - eBook PDF all chapter
https://ebooksecure.com/download/gray-hat-hacking-the-ethical-
hackers-handbook-fifth-edition-ebook-pdf/
https://ebooksecure.com/download/gray-hat-hacking-the-ethical-
hackers-handbook-sixth-edition-ebook-pdf/
https://ebooksecure.com/download/ceh-certified-ethical-hacker-
practice-exams-5th-edition-ebook-pdf/
http://ebooksecure.com/product/ebook-pdf-the-bedford-
handbook-10th-edition-by-diana-hacker/
(eBook PDF) Hands-On Ethical Hacking and Network
Defense 3rd Edition
http://ebooksecure.com/product/ebook-pdf-hands-on-ethical-
hacking-and-network-defense-3rd-edition/
http://ebooksecure.com/product/ceh-certified-ethical-hacker-all-
in-one-exam-guide-4th-edition-ebook-pdf/
https://ebooksecure.com/download/handbook-of-dialysis-therapy-
ebook-pdf/
https://ebooksecure.com/download/hands-on-ethical-hacking-and-
network-defense-ebook-pdf/
http://ebooksecure.com/product/original-pdf-adult-development-
and-aging-the-canadian-experience-by-lori-harper/
Praise for Gray Hat Hacking: The Ethical Hacker’s Handbook,
Fifth Edition
“The Gray Hat Hacking book series continue to provide an up-to-date and
detailed view on a large variety of offensive IT security disciplines. In this
fifth edition, a group of respected infosec professionals spared no effort to
share their experience and expertise on novel techniques to bypass security
mechanisms.
The exploit development chapters, written by Stephen Sims, reveal in great
detail what it takes to write an exploit for modern applications. In Chapter 14,
Stephen uses a recent vulnerability in a major web browser to demystify the
complexity of writing modern exploits for heap-related memory corruptions,
bypassing memory protections along the road.
This book is a must read for anyone who wants to step up and broaden their
skills in infosec.”
—Peter Van Eeckhoutte
Corelan Team (@corelanc0d3r)
“One of the few book series where I ALWAYS buy the updated version.
Learn updated exploit-dev techniques from the best instructors in the
business. The volume of new information available to the average
information security practitioner is staggering. The authors, who are some of
the best in their respective fields, help us stay up to date with current trends
and techniques. GHH’s updates on Red Team Ops, Bug Bounties,
PowerShell Techniques, and IoT & Embedded Devices are exactly what
infosec practitioners need to add to their tool kits.”
—Chris Gates
Sr. Security Engineer (Uber)
“Never before has there been so much technology to attack nor such high
levels of controls and prevention mechanisms. For example, the
advancements in modern operating systems and applications to protect
against exploitation are very impressive, yet time and time again with the
right conditions they are bypassed. Amongst a litany of modern and up-to-
date techniques, Gray Hat Hacking provides detailed and informative
walkthroughs of vulnerabilities and how controls like ASLR and DEP are
bypassed. Filled with real examples you can follow if you are seeking to
upgrade your understanding of the latest hacking techniques—this is the book
for you.”
—James Lyne
Global Research Advisor (Sophos) and Head of R&D (SANS Institute)
Copyright © 2018 by McGraw-Hill Education. All rights reserved. Except as
permitted under the United States Copyright Act of 1976, no part of this
publication may be reproduced or distributed in any form or by any means, or
stored in a database or retrieval system, without the prior written permission
of the publisher, with the exception that the program listings may be entered,
stored, and executed in a computer system, but they may not be reproduced
for publication.
ISBN: 978-1-26-010842-2
MHID: 1-26-010842-2
The material in this eBook also appears in the print version of this title:
ISBN: 978-1-26-010841-5,
MHID: 1-26-010841-4.
All trademarks are trademarks of their respective owners. Rather than put a
trademark symbol after every occurrence of a trademarked name, we use
names in an editorial fashion only, and to the benefit of the trademark owner,
with no intention of infringement of the trademark. Where such designations
appear in this book, they have been printed with initial caps.
TERMS OF USE
To my brothers and sisters in Christ, keep running the race. Let your light
shine for Him, that others may be drawn to Him through you.
—Allen Harper
To Mom, who read to me when I was little, so I could achieve the level of
literacy I needed to become an author one day.
—Ryan Linn
To my lovely wife LeAnne and my daughter Audrey, thank you for your
ongoing support!
—Stephen Sims
To my lovely daughter Elysia, thank you for your unconditional love and
support. You inspire me in so many ways. I am, and will always be, your
biggest fan.
—Linda Martinez
To my family and friends for their unconditional support and making this life
funny and interesting.
—Branko Spasojevic
To my son Aaron, thanks for all your love while I spend too much time at the
keyboard, and thanks for sharing your joy on all the projects we work on
together.
—Chris Eagle
ABOUT THE AUTHORS
Dr. Allen Harper, CISSP. In 2007, Allen Harper retired from the military as
a Marine Corps Officer after a tour in Iraq. He has more than 30 years of
IT/security experience. He holds a PhD in IT with a focus in Information
Assurance and Security from Capella, an MS in Computer Science from the
Naval Postgraduate School, and a BS in Computer Engineering from North
Carolina State University. Allen led the development of the GEN III
honeywall CD-ROM, called roo, for the Honeynet Project. He has worked as
a security consultant for many Fortune 500 and government entities. His
interests include the Internet of Things, reverse engineering, vulnerability
discovery, and all forms of ethical hacking. Allen was the founder of
N2NetSecurity, Inc., served as the EVP and chief hacker at Tangible
Security, and now serves the Lord at Liberty University in Lynchburg,
Virginia.
Daniel Regalado, aka Danux, is a Mexican security researcher with more
than 16 years in the security field, dissecting or pen-testing malware, 0-day
exploits, ATMs, IoT devices, IV pumps, and car infotainment systems. He is
a former employee of widely respected companies like FireEye and Symantec
and is currently a principal security researcher at Zingbox. Daniel is probably
best known for his multiple discoveries and dissection of ATM malware
attacking banks worldwide, with the most notorious findings being Ploutus,
Padpin, and Ripper.
Ryan Linn has over 20 years in the security industry, ranging from
systems programmer to corporate security, to leading a global cybersecurity
consultancy. Ryan has contributed to a number of open source projects,
including Metasploit and the Browser Exploitation Framework (BeEF). Ryan
participates in Twitter as @sussurro, and he has presented his research at
numerous security conferences, including Black Hat and DEF CON, and has
provided training in attack techniques and forensics worldwide.
Stephen Sims is an industry expert with over 15 years of experience in
information technology and security. He currently works out of San
Francisco as a consultant performing reverse engineering, exploit
development, threat modeling, and penetration testing. Stephen has an MS in
information assurance from Norwich University and is a course author,
fellow, and curriculum lead for the SANS Institute, authoring courses on
advanced exploit development and penetration testing. He has spoken at
numerous conferences, including RSA, BSides, OWASP AppSec,
ThaiCERT, AISA, and many others. He may be reached on twitter:
@Steph3nSims
Branko Spasojevic is a security engineer on Google’s Detection and
Response team. Before that he worked as a reverse engineer for Symantec
and analyzed various threats and APT groups.
Linda Martinez is the Chief Information Security Officer (CISO) and Vice
President of Commercial Service Delivery at Tangible Security. Linda is a
proven information security executive and industry expert with over 18 years
of experience leading technical teams, developing technical business lines,
and providing high-quality consulting services to clients. She is responsible
for Tangible Security’s Commercial Division, where she leads the following
business lines: penetration testing, including red and purple team operations;
hardware hacking; product and supply chain security; governance, risk
management, and compliance; incident response and digital forensics. Linda
also leads a team of virtual Chief Information Security Officers (CISOs) in
providing expert guidance to many organizations. Prior to her current
position, Linda was the Vice President of Operations for N2 Net Security.
Before that, she co-founded and served as Chief Operating Officer (COO) for
Executive Instruments, an information security research and consulting firm.
Michael Baucom currently works for Tangible Security as the VP of
Tangible Labs. While at Tangible he has worked on a wide variety of
projects, including software security assessments, SDLC consulting, tool
development, and penetration tests. Prior to working at Tangible Security, he
served in the Marine Corps as a ground radio repairman. Additionally, he
worked for IBM, Motorola, and Broadcom in several capacities, including
test engineering, device driver development, and system software
development for embedded systems. In addition to his work activities,
Michael has been a trainer at Black Hat, speaker at several conferences, and
technical editor for Gray Hat Hacking: The Ethical Hacker’s Handbook. His
current interests are in automating pen-test activities, embedded system
security, and mobile phone security.
Chris Eagle is a senior lecturer in the computer science department at the
Naval Postgraduate School in Monterey, California. A computer
engineer/scientist for more than 30 years, he has authored several books,
served as the chief architect for DARPA’s Cyber Grand Challenge,
frequently speaks at security conferences, and has contributed several popular
open source tools to the security community.
The late Shon Harris is greatly missed. She was the president of Logical
Security, a security consultant, a former engineer in the Air Force’s
Information Warfare unit, an instructor, and an author. She authored the best-
selling CISSP Exam Guide (currently in its seventh edition), along with many
other books. Shon consulted for a variety of companies in many different
industries. Shon taught computer and information security to a wide range of
clients, including RSA, Department of Defense, Department of Energy, West
Point, National Security Agency (NSA), Bank of America, Defense
Information Systems Agency (DISA), BMC, and many more. Shon was
recognized as one of the top 25 women in the Information Security field by
Information Security Magazine.
Disclaimer: The views expressed in this book are those of the authors
and not of the U.S. government or any company mentioned herein.
Part I Preparation
Chapter 1 Why Gray Hat Hacking? Ethics and Law
Chapter 2 Programming Survival Skills
Chapter 3 Next-Generation Fuzzing
Chapter 4 Next-Generation Reverse Engineering
Chapter 5 Software-Defined Radio
Index
CONTENTS
Preface
Acknowledgments
Introduction
Part I Preparation
Chapter 1 Why Gray Hat Hacking? Ethics and Law
Know Your Enemy
The Current Security Landscape
Recognizing an Attack
The Gray Hat Way
Emulating the Attack
Frequency and Focus of Testing
Evolution of Cyberlaw
Understanding Individual Cyberlaws
Summary
References
Chapter 2 Programming Survival Skills
C Programming Language
Basic C Language Constructs
Sample Program
Compiling with gcc
Computer Memory
Random Access Memory
Endian
Segmentation of Memory
Programs in Memory
Buffers
Strings in Memory
Pointers
Putting the Pieces of Memory Together
Intel Processors
Registers
Assembly Language Basics
Machine vs. Assembly vs. C
AT&T vs. NASM
Addressing Modes
Assembly File Structure
Assembling
Debugging with gdb
gdb Basics
Disassembly with gdb
Python Survival Skills
Getting Python
“Hello, World!” in Python
Python Objects
Strings
Numbers
Lists
Dictionaries
Files with Python
Sockets with Python
Summary
For Further Reading
References
Chapter 3 Next-Generation Fuzzing
Introduction to Fuzzing
Types of Fuzzers
Mutation Fuzzers
Generation Fuzzers
Genetic Fuzzing
Mutation Fuzzing with Peach
Lab 3-1: Mutation Fuzzing with Peach
Generation Fuzzing with Peach
Crash Analysis
Lab 3-2: Generation Fuzzing with Peach
Genetic or Evolutionary Fuzzing with AFL
Lab 3-3: Genetic Fuzzing with AFL
Summary
For Further Reading
Chapter 4 Next-Generation Reverse Engineering
Code Annotation
IDB Annotation with IDAscope
C++ Code Analysis
Collaborative Analysis
Leveraging Collaborative Knowledge Using FIRST
Collaboration with BinNavi
Dynamic Analysis
Automated Dynamic Analysis with Cuckoo Sandbox
Bridging the Static-Dynamic Tool Gap with Labeless
Summary
For Further Reading
References
Chapter 5 Software-Defined Radio
Getting Started with SDR
What to Buy
Not So Quick: Know the Rules
Learn by Example
Search
Capture
Replay
Analyze
Preview
Execute
Summary
For Further Reading
1.D. The copyright laws of the place where you are located also
govern what you can do with this work. Copyright laws in most
countries are in a constant state of change. If you are outside the
United States, check the laws of your country in addition to the terms
of this agreement before downloading, copying, displaying,
performing, distributing or creating derivative works based on this
work or any other Project Gutenberg™ work. The Foundation makes
no representations concerning the copyright status of any work in
any country other than the United States.
• You pay a royalty fee of 20% of the gross profits you derive from
the use of Project Gutenberg™ works calculated using the
method you already use to calculate your applicable taxes. The
fee is owed to the owner of the Project Gutenberg™ trademark,
but he has agreed to donate royalties under this paragraph to
the Project Gutenberg Literary Archive Foundation. Royalty
payments must be paid within 60 days following each date on
which you prepare (or are legally required to prepare) your
periodic tax returns. Royalty payments should be clearly marked
as such and sent to the Project Gutenberg Literary Archive
Foundation at the address specified in Section 4, “Information
about donations to the Project Gutenberg Literary Archive
Foundation.”
• You comply with all other terms of this agreement for free
distribution of Project Gutenberg™ works.
1.F.
1.F.4. Except for the limited right of replacement or refund set forth in
paragraph 1.F.3, this work is provided to you ‘AS-IS’, WITH NO
OTHER WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR ANY PURPOSE.
Please check the Project Gutenberg web pages for current donation
methods and addresses. Donations are accepted in a number of
other ways including checks, online payments and credit card
donations. To donate, please visit: www.gutenberg.org/donate.
Most people start at our website which has the main PG search
facility: www.gutenberg.org.