Extreme Exploits: Advanced Defenses Against Hardcore Hacks (Hacking Exposed)

Extreme Exploits: Advanced Defenses Against Hardcore Hacks (Hacking Exposed)This cutting-edge volume takes network security professionals to the next level in protecting networks and web sites. Never-before-published advanced security techniques and concise explanations of core Internet infrastructure explain how to defend against devastating vulnerabilities in systems and the underlying network. With the authors' winning methodology for attack profiling and the theatre of war concept, you'll learn how to architect and prepare your network for threats that don’t yet exist.
By explaining specific in-depth technologies in use by not only the attackers, but also inside the applications they target, this book enables the reader to make better use of the tools available today, and to design new tools, techniques, and operational policies for the future.

Price: $54.95

Click here to buy from Amazon

Gray Hat Python: Python Programming for Hackers and Reverse Engineers

Gray Hat Python: Python Programming for Hackers and Reverse EngineersPython is fast becoming the programming language of choice for hackers, reverse engineers, and software testers because it's easy to write quickly, and it has the low-level support and libraries that make hackers happy. But until now, there has been no real manual on how to use Python for a variety of hacking tasks. You had to dig through forum posts and man pages, endlessly tweaking your own code to get everything working. Not anymore.

Gray Hat Python explains the concepts behind hacking tools and techniques like debuggers, trojans, fuzzers, and emulators. But author Justin Seitz goes beyond theory, showing you how to harness existing Python-based security tools – and how to build your own when the pre-built ones won't cut it.

You'll learn how to:

  • Automate tedious reversing and security tasks
  • Design and program your own debugger
  • Learn how to fuzz Windows drivers and create powerful fuzzers from scratch
  • Have fun with code and library injection, soft and hard hooking techniques, and other software trickery
  • Sniff secure traffic out of an encrypted web browser session
  • Use PyDBG, Immunity Debugger, Sulley, IDAPython, PyEMU, and more

The world's best hackers are using Python to do their handiwork. Shouldn't you?

Price: $39.95

Click here to buy from Amazon

Sockets, Shellcode, Porting, Coding: Reverse Engineering Exploits Tool Coding

Sockets, Shellcode, Porting, and Coding: Reverse Engineering Exploits and Tool Coding for Security ProfessionalsThe book is logically divided into 5 main categories with each category representing a major skill set required by most security professionals:

1. Coding – The ability to program and script is quickly becoming a mainstream requirement for just about everyone in the security industry. This section covers the basics in coding complemented with a slue of programming tips and tricks in C/C++, Java, Perl and NASL.

2. Sockets – The technology that allows programs and scripts to communicate over a network is sockets. Even though the theory remains the same – communication over TCP and UDP, sockets are implemented differently in nearly ever language.

3. Shellcode – Shellcode, commonly defined as bytecode converted from Assembly, is utilized to execute commands on remote systems via direct memory access.

4. Porting – Due to the differences between operating platforms and language implementations on those platforms, it is a common practice to modify an original body of code to work on a different platforms. This technique is known as porting and is incredible useful in the real world environments since it allows you to not “recreate the wheel.”

5. Coding Tools – The culmination of the previous four sections, coding tools brings all of the techniques that you have learned to the forefront. With the background technologies and techniques you will now be able to code quick utilities that will not only make you more productive, they will arm you with an extremely valuable skill that will remain with you as long as you make the proper time and effort dedications.

*Contains never before seen chapters on writing and automating exploits on windows systems with all-new exploits.

*Perform zero-day exploit forensics by reverse engineering malicious code.

*Provides working code and scripts in all of the most common programming languages for readers to use TODAY to defend their networks.

Price: $51.95

Click here to buy from Amazon

Metasploit Toolkit for Penetration Test, Exploit Devel, Vulnerability Research

Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability ResearchThis is the first book available for the Metasploit Framework (MSF), which is the attack platform of choice for one of the fastest growing careers in IT security: Penetration Testing. The book and companion Web site will provide professional penetration testers and security researchers with a fully integrated suite of tools for discovering, running, and testing exploit code.

This book discusses how to use the Metasploit Framework (MSF) as an exploitation platform. The book begins with a detailed discussion of the three MSF interfaces: msfweb, msfconsole, and msfcli .This chapter demonstrates all of the features offered by the MSF as an exploitation platform. With a solid understanding of MSF's capabilities, the book then details techniques for dramatically reducing the amount of time required for developing functional exploits.
By working through a real-world vulnerabilities against popular closed source applications, the reader will learn how to use the tools and MSF to quickly build reliable attacks as standalone exploits. The section will also explain how to integrate an exploit directly into the Metasploit Framework by providing a line-by-line analysis of an integrated exploit module. Details as to how the Metasploit engine drives the behind-the-scenes exploitation process will be covered, and along the way the reader will come to understand the advantages of exploitation frameworks. The final section of the book examines the Meterpreter payload system and teaches readers to develop completely new extensions that will integrate fluidly with the Metasploit Framework.

· A November 2004 survey conducted by “CSO Magazine” stated that 42% of chief security officers considered penetration testing to be a security priority for their organizations

· The Metasploit Framework is the most popular open source exploit platform, and there are no competing books

· The book's companion Web site offers all of the working code and exploits contained within the book

Price: $62.95

Click here to buy from Amazon

Fuzzing: Brute Force Vulnerability Discovery

Fuzzing: Brute Force Vulnerability DiscoveryFUZZING

Master One of Today’s Most Powerful Techniques for Revealing Security Flaws!

Fuzzing has evolved into one of today’s most effective approaches to test software security. To “fuzz,” you attach a program’s inputs to a source of random data, and then systematically identify the failures that arise. Hackers have relied on fuzzing for years: Now, it’s your turn. In this book, renowned fuzzing experts show you how to use fuzzing to reveal weaknesses in your software before someone else does.

Fuzzing is the first and only book to cover fuzzing from start to finish, bringing disciplined best practices to a technique that has traditionally been implemented informally. The authors begin by reviewing how fuzzing works and outlining its crucial advantages over other security testing methods. Next, they introduce state-of-the-art fuzzing techniques for finding vulnerabilities in network protocols, file formats, and web applications; demonstrate the use of automated fuzzing tools; and present several insightful case histories showing fuzzing at work. Coverage includes:

• Why fuzzing simplifies test design and catches flaws other methods miss

• The fuzzing process: from identifying inputs to assessing “exploitability”

• Understanding the requirements for effective fuzzing

• Comparing mutation-based and generation-based fuzzers

• Using and automating environment variable and argument fuzzing

• Mastering in-memory fuzzing techniques

• Constructing custom fuzzing frameworks and tools

• Implementing intelligent fault detection

Attackers are already using fuzzing. You should, too. Whether you’re a developer, security engineer, tester, or QA specialist, this book teaches you how to build secure software.

Foreword     xix

Preface        xxi

Acknowledgments  xxv

About the Author   xxvii

PARTI         BACKGROUND     1

Chapter 1    Vulnerability Discovery Methodologies  3

Chapter 2    What Is Fuzzing?   21

Chapter 3    Fuzzing Methods and Fuzzer Types     33

Chapter 4    Data Representation and Analysis        45

Chapter 5    Requirements for Effective Fuzzing      61


Chapter 6    Automation and Data Generation        73

Chapter 7    Environment Variable and Argument Fuzzing 89

Chapter 8    Environment Variable and Argument Fuzzing: Automation 103

Chapter 9    Web Application and Server Fuzzing     113

Chapter 10  Web Application and Server Fuzzing: Automation    137

Chapter 11  File Format Fuzzing         169

Chapter 12  File Format Fuzzing: Automation on UNIX     181

Chapter 13  File Format Fuzzing: Automation on Windows         197

Chapter 14  Network Protocol Fuzzing         223

Chapter 15  Network Protocol Fuzzing: Automation on UNIX     235

Chapter 16  Network Protocol Fuzzing: Automation on Windows         249

Chapter 17  Web Browser Fuzzing      267

Chapter 18  Web Browser Fuzzing: Automation     283

Chapter 19  In-Memory Fuzzing         301

Chapter 20  In-Memory Fuzzing: Automation         315


Chapter 21  Fuzzing Frameworks       351

Chapter 22  Automated Protocol Dissection  419

Chapter 23  Fuzzer Tracking     437

Chapter 24  Intelligent Fault Detection 471


Chapter 25  Lessons Learned    497

Chapter 26  Looking Forward    507

Index 519

Price: $54.99

Click here to buy from Amazon