From Day Zero to Zero Day: A Hands-On Guide to Vulnerability Research
暫譯: 從零開始到零日:漏洞研究實務指南
Lim, Eugene
- 出版商: No Starch Press
- 出版日期: 2025-08-12
- 售價: $1,980
- 貴賓價: 9.5 折 $1,881
- 語言: 英文
- 頁數: 344
- 裝訂: Quality Paper - also called trade paper
- ISBN: 1718503946
- ISBN-13: 9781718503946
-
相關分類:
資訊安全
海外代購書籍(需單獨結帳)
相關主題
商品描述
Find vulnerabilities before anyone else does. Zero days aren't magic--they're missed opportunities. From Day Zero to Zero Day teaches you how to find them before anyone else does. In this hands-on guide, award-winning white-hat hacker Eugene "Spaceraccoon" Lim breaks down the real-world process of vulnerability discovery. You'll retrace the steps behind past CVEs, analyze open source and embedded targets, and build a repeatable workflow for uncovering critical flaws in code. Whether you're new to vulnerability research or sharpening an existing skill set, this book will show you how to think--and work--like a bug hunter. You'll learn how to:
More than a toolkit, this is a window into how top vulnerability researchers approach the work. You'll gain not just techniques but also the mindset to go deeper, ask better questions, and find what others miss. If you're ready to stop reading write-ups and start writing them, From Day Zero to Zero Day is your guide.
- Identify promising targets across codebases, protocols, and file formats.
- Trace code paths with taint analysis and map attack surfaces with precision.
- Reverse engineer binaries using Ghidra, Frida, and angr.
- Apply coverage-guided fuzzing, symbolic execution, and variant analysis.
- Build and validate proof-of-concept exploits to demonstrate real-world impact.
More than a toolkit, this is a window into how top vulnerability researchers approach the work. You'll gain not just techniques but also the mindset to go deeper, ask better questions, and find what others miss. If you're ready to stop reading write-ups and start writing them, From Day Zero to Zero Day is your guide.
商品描述(中文翻譯)
在其他人之前找到漏洞。
零日漏洞並不是魔法——它們是錯失的機會。從零日到零日漏洞教你如何在其他人之前找到它們。 在這本實用指南中,獲獎的白帽駭客Eugene 'Spaceraccoon' Lim解析了漏洞發現的真實過程。你將重溯過去CVE的步驟,分析開源和嵌入式目標,並建立一個可重複的工作流程,以揭示代碼中的關鍵缺陷。 無論你是漏洞研究的新手還是想要提升現有技能,這本書將教你如何像漏洞獵人一樣思考和工作。 你將學會如何:- 在代碼庫、協議和文件格式中識別有前景的目標。
- 使用污點分析追蹤代碼路徑,並精確地映射攻擊面。
- 使用Ghidra、Frida和angr進行二進制文件的逆向工程。
- 應用覆蓋引導模糊測試、符號執行和變體分析。
- 構建和驗證概念驗證漏洞利用,以展示其在現實世界中的影響。
這不僅僅是一個工具包,而是了解頂尖漏洞研究人員如何進行工作的窗口。你將獲得的不僅是技術,還有深入思考、提出更好問題和發現他人所忽略的事物的心態。 如果你準備好停止閱讀報告並開始撰寫它們,從零日到零日漏洞將是你的指南。
作者簡介
Eugene Lim (aka "Spaceraccoon") is a security researcher and white-hat hacker who has reported hundreds of vulnerabilities across enterprise software, hardware, and cloud services. In 2021, he was one of five researchers selected from a pool of over one million for HackerOne's H1 Elite Hall of Fame. His research has been featured at Black Hat and DEF CON and in WIRED and The Register.
作者簡介(中文翻譯)
尤金·林(又名「Spaceraccoon」)是一位安全研究員和白帽駭客,已報告數百個企業軟體、硬體和雲端服務的漏洞。在2021年,他是從超過一百萬名候選者中選出的五位研究員之一,獲得HackerOne的H1精英名人堂榮譽。他的研究曾在Black Hat和DEF CON大會上發表,並被WIRED和The Register報導。
