Gray Hat Hacking The Ethical Hacker's Handbook, 5/e (Paperback)

Allen Harper, Daniel Regalado, Ryan Linn, Stephen Sims, Branko Spasojevic, Linda Martinez, Michael Baucom, Chris Eagle, Shon Harris



Cutting-edge techniques for finding and fixing critical security flaws

Fortify your network and avert digital catastrophe with proven strategies from a team of security experts. Completely updated and featuring 13 new chapters, Gray Hat Hacking: The Ethical Hacker’s Handbook, Fifth Edition explains the enemy’s current weapons, skills, and tactics and offers field-tested remedies, case studies, and ready-to-try testing labs. Find out how hackers gain access, overtake network devices, script and inject malicious code, and plunder Web applications and browsers. Android-based exploits, reverse engineering techniques, and cyber law are thoroughly covered in this state-of-the-art resource. And the new topic of exploiting the Internet of things is introduced in this edition.

•Build and launch spoofing exploits with Ettercap

•Induce error conditions and crash software using fuzzers

•Use advanced reverse engineering to exploit Windows and Linux software

•Bypass Windows Access Control and memory protection schemes

•Exploit web applications with Padding Oracle Attacks

•Learn the use-after-free technique used in recent zero days

•Hijack web browsers with advanced XSS attacks

•Understand ransomware and how it takes control of your desktop

•Dissect Android malware with JEB and DAD decompilers

•Find one-day vulnerabilities with binary diffing

•Exploit wireless systems with Software Defined Radios (SDR)

•Exploit Internet of things devices

•Dissect and exploit embedded devices

•Understand bug bounty programs

•Deploy next-generation honeypots

•Dissect ATM malware and analyze common ATM attacks

•Learn the business side of ethical hacking




從一個安全專家團隊的實踐策略中,加強您的網絡安全,避免數字災難。全面更新並新增了13個章節,《Gray Hat Hacking: The Ethical Hacker's Handbook, Fifth Edition》解釋了敵人目前的武器、技能和戰術,並提供經過實踐驗證的解決方案、案例研究和可立即嘗試的測試實驗室。了解黑客如何獲取訪問權限、接管網絡設備、編寫並注入惡意代碼,以及掠奪網絡應用程序和瀏覽器。本書全面介紹了基於Android的攻擊、逆向工程技術和網絡法律。此版本還引入了關於利用物聯網的新主題。

- 使用Ettercap建立並發動欺騙攻擊
- 使用模糊器引發錯誤條件並使軟件崩潰
- 使用高級逆向工程技術來利用Windows和Linux軟件
- 繞過Windows存取控制和內存保護機制
- 使用填充Oracle攻擊來利用網絡應用程序
- 學習最近零日漏洞中使用的用後即焚技術
- 使用高級XSS攻擊劫持網絡瀏覽器
- 了解勒索軟件及其如何控制您的桌面
- 使用JEB和DAD反編譯器分析Android惡意軟件
- 使用二進制差異分析尋找一日漏洞
- 利用軟件定義無線電(SDR)攻擊無線系統
- 利用物聯網設備
- 分析和利用嵌入式設備
- 了解漏洞賞金計劃
- 部署下一代蜜罐
- 分析ATM惡意軟件並分析常見的ATM攻擊
- 了解道德黑客的商業方面