Exploiting Software : How to Break Code (Paperback)

Greg Hoglund, Gary McGraw

  • 出版商: Addison Wesley
  • 出版日期: 2004-02-17
  • 售價: $2,275
  • 貴賓價: 9.5$2,161
  • 語言: 英文
  • 頁數: 512
  • 裝訂: Paperback
  • ISBN: 0201786958
  • ISBN-13: 9780201786958
  • 立即出貨 (庫存=1)



Using attack patterns, real code, and example exploits, students learn techniques that are used by real malicious hackers against software. The author team show to break code—if students want to protect software from attack, they must first learn how real attacks are really carried out.

Table of Contents:

Attack Patterns.


What This Book Is About.

How to Use This Book.

But Isn't This Too Dangerous?


1. Software—The Root of the Problem.

A Brief History of Software.

Bad Software Is Ubiquitous.

The Trinity of Trouble.

The Future of Software.

What Is Software Security?


2. Attack Patterns.

A Taxonomy.

An Open-Systems View.

Tour of an Exploit.

Attack Patterns: Blueprints for Disaster.

An Example Exploit: Microsoft's Broken C++ Compiler.

Applying Attack Patterns.

Attack Pattern Boxes.


3. Reverse Engineering and Program Understanding.

Into the House of Logic.

Should Reverse Engineering Be Illegal?

Reverse Engineering Tools and Concepts.

Methods of the Reverser.

Writing Interactive Disassembler (IDA) Plugins.

Decompiling and Disassembling Software.

Decompilation in Practice: Reversing helpctr.exe.

Automatic, Bulk Auditing for Vulnerabilities.

Writing Your Own Cracking Tools.

Building a Basic Code Coverage Tool.


4. Exploiting Server Software.

The Trusted Input Problem.

The Privilege Escalation Problem.

Finding Injection Points.

Input Path Tracing.

Exploiting Trust through Configuration.

Specific Techniques and Attacks for Server Software.


5. Exploiting Client Software.

Client-side Programs as Attack Targets.

In-band Signals.

Cross-site Scripting (XSS).

Clients Scripts and Malicious Code.

Content-Based Attacks.

Backwash Attacks: Leveraging Client-side Buffer.


6. Crafting (Malicious) Input.

The Defender's Dilemma.

Intrusion Detection (Not).

Partition Analysis.

Tracing Code.

Reversing Parser Code.

Example: Reversing I-Planet Server 6.0 through the Front Door.


Building “Equivalent" Requests.

Audit Poisoning.


7. Buffer Overflow.

Buffer Overflow 101.

Injection Vectors: Input Rides Again.

Buffer Overflows and Embedded Systems.

Database Buffer Overflows.

Buffer Overflows and Java?!

Content-Based Buffer Overflow.

Audit Truncation and Filters with Buffer Overflow.

Causing Overflow and Environment Variables.

The Multiple Operation Problem.

Finding Potential Buffer Overflows.

Stack Overflow.

Arithmetic Errors in Memory Management.

Format String Vulnerabilities.

Heap Overflows.

Buffer Overflows and C++.


Payloads on RISC Architectures.

Multiplatform Payloads.

Prolog/Epilog Code to Protect Functions.


8. Rootkits.

Subversive Programs.

A Simple Windows XP Kernel Rootkit.

Call Hooking.

Trojan Executable Redirection.

Hiding Files and Directories.

Patching Binary Code.

The Hardware Virus.

Low-Level Disk Access.

Adding Network Support to a Driver.


Key Logging.

Advanced Rootkit Topics.