A Guide to Kernel Exploitation: Attacking the Core

A Guide to Kernel Exploitation: Attacking the CoreThe number of security countermeasures against user-land exploitation is on the rise. Because of this, kernel exploitation is becoming much more popular among exploit writers and attackers. Playing with the heart of the operating system can be a dangerous game: This book covers the theoretical techniques and approaches needed to develop reliable and effective kernel-level exploits and applies them to different operating systems (Linux, Solaris, Mac OS X, and Windows). Kernel exploits require both art and science to achieve. Every OS has its quirks and so every exploit must be molded to fully exploit its target. This book discusses the most popular OS families-UNIX derivatives, Mac OS X, and Windows-and how to gain complete control over them. Concepts and tactics are presented categorically so that even when a specifically detailed exploit has been patched, the foundational information that you have read will help you to write a newer, better attack or a more concrete design and defensive structure.

  • Covers a range of operating system families – UNIX derivatives, Mac OS X, Windows
  • Details common scenarios such as generic memory corruption (stack overflow, heap overflow, etc.) issues, logical bugs and race conditions
  • Delivers the reader from user-land exploitation to the world of kernel-land (OS) exploits/attacks, with a particular focus on the steps that lead to the creation of successful techniques, in order to give to the reader something more than just a set of tricks

Price: $49.95

Click here to buy from Amazon

Chained Exploits: Advanced Hacking Attacks from Start to Finish

Chained Exploits: Advanced Hacking Attacks from Start to FinishThe complete guide to today’s hard-to-defend chained attacks: performing them and preventing them

Nowadays, it’s rare for malicious hackers to rely on just one exploit or tool; instead, they use “chained” exploits that integrate multiple forms of attack to achieve their goals. Chained exploits are far more complex and far more difficult to defend. Few security or hacking books cover them well and most don’t cover them at all. Now there’s a book that brings together start-to-finish information about today’s most widespread chained exploits–both how to perform them and how to prevent them.

Chained Exploits demonstrates this advanced hacking attack technique through detailed examples that reflect real-world attack strategies, use today’s most common attack tools, and focus on actual high-value targets, including credit card and healthcare data. Relentlessly thorough and realistic, this book covers the full spectrum of attack avenues, from wireless networks to physical access and social engineering.

Writing for security, network, and other IT professionals, the authors take you through each attack, one step at a time, and then introduce today’s most effective countermeasures— both technical and human. Coverage includes:

  • Constructing convincing new phishing attacks
  • Discovering which sites other Web users are visiting
  • Wreaking havoc on IT security via wireless networks
  • Disrupting competitors’ Web sites
  • Performing–and preventing–corporate espionage
  • Destroying secure files
  • Gaining access to private healthcare records
  • Attacking the viewers of social networking pages
  • Creating entirely new exploits
  • and more

Andrew Whitaker, Director of Enterprise InfoSec and Networking for Training Camp, has been featured in The Wall Street Journal and BusinessWeek. He coauthored Penetration Testing and Network Defense. Andrew was a winner of EC Council’s Instructor of Excellence Award.

Keatron Evans is President and Chief Security Consultant of Blink Digital Security, LLC, a trainer for Training Camp, and winner of EC Council’s Instructor of Excellence Award.

Jack B. Voth specializes in penetration testing, vulnerability assessment, and perimeter security. He co-owns The Client Server, Inc., and teaches for Training Camp throughout the United States and abroad.

informit.com/aw

Cover photograph © Corbis /

Jupiter Images

$49.99 US

$59.99 CANADA

Price: $49.99

Click here to buy from Amazon

Mobile Malware Attacks and Defense

Mobile Malware Attacks and DefenseMalware has gone mobile, and the security landscape is changing quickly with emerging attacks on cell phones, PDAs, and other mobile devices. This first book on the growing threat covers a wide range of malware targeting operating systems like Symbian and new devices like the iPhone. Examining code in past, current, and future risks, protect your banking, auctioning, and other activities performed on mobile devices.

* Visual Payloads
View attacks as visible to the end user, including notation of variants.

* Timeline of Mobile Hoaxes and Threats
Understand the history of major attacks and horizon for emerging threates.

* Overview of Mobile Malware Families
Identify and understand groups of mobile malicious code and their variations.

* Taxonomy of Mobile Malware
Bring order to known samples based on infection, distribution, and payload strategies.

* Phishing, SMishing, and Vishing Attacks
Detect and mitigate phone-based phishing (vishing) and SMS phishing (SMishing) techniques.

* Operating System and Device Vulnerabilities
Analyze unique OS security issues and examine offensive mobile device threats.

* Analyze Mobile Malware
Design a sandbox for dynamic software analysis and use MobileSandbox to analyze mobile malware.

* Forensic Analysis of Mobile Malware
Conduct forensic analysis of mobile devices and learn key differences in mobile forensics.

* Debugging and Disassembling Mobile Malware
Use IDA and other tools to reverse-engineer samples of malicious code for analysis.

* Mobile Malware Mitigation Measures
Qualify risk, understand threats to mobile assets, defend against attacks, and remediate incidents.

* Understand the History and Threat Landscape of Rapidly Emerging Mobile Attacks

* Analyze Mobile Device/Platform Vulnerabilities and Exploits

* Mitigate Current and Future Mobile Malware Threats

Price: $59.95

Click here to buy from Amazon

Attacks on Wireless LANs About the security of IEEE 802.11 based wireless networks

Attacks on Wireless LANs  About the security of IEEE 802.11 based wireless networksWireless LANs can be found nearly everywhere today. Most mobile computers ship with built-in wireless LAN hardware by default and most other computers can be equipped with additional hardware. Because all data is transmitted wirelessly, extra security is needed in these networks. This was a concern to the creators of the IEEE 802.11 standard, who designed a simple protocol called WEP which stands for Wired Equivalent Privacy to protect such networks. Unfortunately, the WEP protocol has some serious design flaws and various attacks are possible against WEP protected networks. This book presents nearly all currently known attacks on the WEP protocol, including their theoretical background and their implementation. This book is intended for network operators, who want to learn more about wireless security, and also for cryptographers, who want to understand the theoretical background of these attacks.

 

Price: $76.00

Click here to buy from Amazon