黑客书籍_计算机网络通信，安全_计算机类_最新资料_得益网

【绿色兵团】新一代黑客教学视频

2008-07-17 21:29:11

绿色兵团的成立及发展。提起中国的黑客，我们没办法不提到这个被众多网民誉为网上“黄浦军校”的中国最早的电脑黑客组织：绿色兵团。

　　我国最早一批黑客大约出现在1994年，其黑客行为持续到1999年底。代表性的组织就是GOODWELL(龚蔚)等五人组织的绿色兵团。据称，极盛时期注册会员达到3000多人，成员遍布全国各地。谢朝霞、彭哥、PP(彭泉)、天行(陈伟山)、黄鑫是第一代黑客中的顶级高手。他们的特点是，自己深入研究网络安全技术(换一个名称就叫黑客技术)，有自己的理论和产品。现在他们都已经是网络安全方面的专家了！

　　“绿色兵团”是中国大陆最大最早的民间黑客组织之一。创始人goodwell1997年在外网站申请一免费空间并在国内多处做了镜像站点，当初起名为绿色兵团，原地址”i.am/hack1“。作为最早的中国黑客组织，绿色兵团成员在短期里成员迅速状大！上海、北京、石家庄等地均由其主要成员分布。同时，其影响力也在网民之中大增，特别是与与网易的几次冲突，使绿色兵团名声大振。

本套视频教程为绿色兵团顶级黑客倾情演示。跟着高手学习，即使不能学到全部，对自己的计算机水平也受益匪浅，定有长足进步！
（注：本套视频教程为【绿色兵团】于2006年8月发布，纯粹教学，不含黑客软件，要相应的黑客软件的话自己去网上找！）

Q版缓冲区溢出教程PDF

2008-07-16 09:30:50

作者名称：王炜方勇

作者简介

王炜：男，1981年生于川沱小镇泸州。生于酒城但不能喝酒，现是四川大学信息安全专业硕士研究生。
勤奋有余，天赋不足，还好总有良师益友，让我能一步步的前进。本科时，曾代表学校参加国际大学生程序设计竞赛（ACM / ICPC）、全国数学建模竞赛，还有星际争霸比赛，成绩总有些遗憾，不提也罢！现主要从事缓冲区溢出漏洞的研究，在国内各安全专业杂志上发表过多篇缓冲区溢出利用相关文章。现在奋斗的愿望是能去微软亚洲研究院工程院实习，寻找当年ACM队的队长。

方勇：博士，四川大学电子信息学院副教授，通信与信息系统专业硕士生导师。主攻研究网络系统与信息安全方向，从事信息系统安全的整体框架的研究。发表多篇信息安全方面论文，主编过国家信息安全核心教程——《信息系统安全》一书。

主要角色简介
老师：尽职尽责，不断进取的楷模；授课方式幽默风趣，并经常带动同学们思考讨论；不仅传授学生们技术，更重要的是引导学习的方法；可能是作者理想中的老师形象吧！

宇强、小倩：主角（如果可以这么说的话），宇强的悟性很强，能对已掌握的知识融会贯通，举一反三。小倩是位聪明的PLMM，也是男主角的心上人。

古风：有非常勤奋的精神和非常好的记忆力；不足之处是太过细节，有时不能抓住概要和重点。

玉波：总是想比较轻松的完成学习和工作，这种态度不可取，但这种发散的思维有时还是有一定用处的！

阅读指南

本书定位于初学缓冲区溢出利用的读者；并照顾想学习缓冲区溢出技术的朋友。
本书的目的是用幽默的语言和通俗的解释，对Windows缓冲区溢出编程的思路和思维进行详细分析；并用大量实例对溢出的实际利用进行一次又一次详尽的讲解。
本书没有枯燥的、大段汇编代码的解释；没有复杂的、Windows系统结构的定义，阅读起来不会有混混欲睡的乏味感！
书里面，有的是活波生动的语言；有的是的美好纯真的校园生活；有的是可遇不可求的经验；有的是直截了当、图文并茂的手把手操作；有的是引导读者感受程序设计的艺术，并在缓冲区溢出的美妙世界中遨游；有的提示和建议是能引起读者浓厚的兴趣，能够自觉下去再找相关的资料完善自己。
知识就像一个圆；圆的面积是你所知道的东西；圆的边长是你不知道的东西。圆越大，那么边就越长。所以当你知道得越多，那么你不清楚的就更多！
所以，我们都要自觉的学习，不断的勤奋学习，这样才能不落伍，才能与当今纷杂的社会竞争！
缓冲区溢出是安全论坛上最常见的问题，包括堆栈缓冲区的利用思想，ShellCode的初步编写、变形、高级利用，以及堆溢出的利用，漏洞的亲自分析等。当然，每个部分都有大量的实例，让大家实际操作，学以致用。
后一章都以前一章为基础，逐渐深入并展开。在学习前面的内容时，如果有些地方不了解，可以在后面的章节中找到答案；后面不清晰的地方，也可以翻看前面的知识，以进一步巩固自己！
如果读者能在白忙之中抽出5分钟时间来翻看这本书，那么我希望能吸引你再用几个小时的时间来读完这本书。然后用更多的时间，去实际操作书中的每一个例子，进一步的学习，进一步的寻找答案。
“课后解惑”部分，是根据作者学习中遇到的问题和论坛上较常见的提问??理出来的经验之谈。有些可能是翻遍资料都找不到答案的注意事项。
最后，希望阅读这本书没有浪费你宝贵的时间！

黑客调试技术揭秘

2008-05-21 11:32:50

--------------------------------------------------------------------------------

内容提要
本书是帮助应用程序员和系统程序员理解调试过程的指南，揭示了各种调试器的实用使用技巧，说明了如何操作调试器以及如何克服障碍和修复调试器，介绍了黑客利用调试器和反汇编器来寻找程序弱点和实施攻击的方法。本书还详细介绍了在Windows和UNIX操作系统中调试应用程序和驱动程序的方法。对于各种调试技术，书中都给出了带有详尽解释的源代码。

导读：
本书是帮助应用程序员和系统程序员理解调试过程的指南，揭示了各种调试器的实用使用技巧，说明了如何操作调试器以及如何克服障碍和修复调试器，介绍了黑客利用调试器和反汇编器来寻找程序弱点和实施攻击的方法。通过本书，程序员将学会如何弄清楚计算机系统内部的结构、如何重建没有提供源程序的程序的运行算法、如何修改程序以及如何调试驱动程序。本书还详细介绍了在Windows和UNIX操作系统中调试应用程序和驱动程序的方法。对于各种调试技术，书中都给出了带有详尽解释的源代码。如果你是具有C/C++或者Pascal/Delphi语言实际编程经验的程序员，那么本书就是使你的技术升华至一个新的台阶的宝典。

The Hacker's Handbook : The Strategy behind Breaking into and Defending Networks

2008-05-19 22:00:45

Editorial Reviews

Review
By the authors providing a hacker perspective, readers will more fully understand the ramifications of having an insecure computer, server, network, program, database and or policy. The book [includes] a good table of contents that is extensive, very organized and thorough . [T]here are important discussions of the non-technical kind [of insecurity] like policy, which is too often overlooked in many organizations. What is most impressive about the book is its outlines of specific exploits and attacks with prescribed defenses. Coupled with good illustrations and detailed explanations[,] this is a great resource for both academic and public libraries.
E-Streams, Vol. 7, No. 9, Sept. 2004
Awesome work!
Anton Chuvakin, Ph.D., GCIA, GCIH, netForensics
Promo Copy

Product Description
The Hackers Handbook: The Strategy Behind Breaking Into and Defending Networks, moves ahead of the pack of books about digital security by revealing the technical aspects of hacking that are least understood by network administrators. This is accomplished by analyzing subjects through a hacking/security dichotomy that details hacking maneuvers and defenses in the same context. Chapters are organized around specific technical components and administrative tasks, providing theoretical background that prepares network defenders for the always-changing and creative tools and techniques of intruders.
This book is divided into three parts. Part I introduces programming, protocol, and attack concepts. Part II addresses subject areas (protocols, services, technologies, etc.) that may be vulnerable. Part III details consolidation activities that hackers may use following penetration.

Each section provides a path to hacking/security Web sites and other resources that augment existing content. Referencing these supplemental and constantly-updated resources ensures that this volume remains timely and enduring. By informing IT professionals how to think like hackers, this book serves as a valuable weapon in the fight to protect digital assets.

Contents
1 Introduction: The Chess Game
Book Structure
Chapter 2. Case Study in Subversion
Chapter 3. Know Your Opponent
Chapter 4. Anatomy of an Attack
Chapter 5. Your Defensive Arsenal
Chapter 6. Programming
Chapter 7. IP and Layer 2 Protocols
Chapter 8. The Protocols
Chapter 9. Domain Name System (DNS)
Chapter 10. Directory Services
Chapter 11. Simple Mail Transfer Protocol (SMTP)
Chapter 12. Hypertext Transfer Protocol (HTTP)
Chapter 13. Database Hacking
Chapter 14. Malware and Viruses
Chapter 15. Network Hardware
Chapter 16. Consolidating Gains
Chapter 17. After the Fall
Chapter 18. Conclusion
PART I FOUNDATION MATERIAL
2 Case Study in Subversion
Dalmedica
The Dilemma
The Investigation
Notes
3 Know Your Opponent
Terminology
Script Kiddy
Cracker
White Hat Hacker
Black Hat Hacker
Hacktivism
Professional Attackers
History
Computer Industry and Campus
System Administration
Home Computers
Home Computers: Commercial Software
Home Computers: The BBS
Phone Systems
Ethics and Full Disclosure
Opponents Inside
The Hostile Insider
Corporate Politics
Conclusion
Notes
4 Anatomy of an Attack
Overview
Reconnaissance
Social Engineering and Site Reconnaissance
Internet Reconnaissance
Internet Search Engines and Usenet Tools
Financial Search Tools, Directories, Yellow Pages,
and Other Sources
IP and Network Reconnaissance
Registrar and whois Searches
Network Registrar Searches (ARIN)
DNS Reconnaissance
Mapping Targets
War Dialing
Network Mapping (ICMP)
ICMP Queries
TCP Pings: An Alternative to ICMP
Traceroute
Additional Network Mapping Tools
Port Scanning
TCP and UDP Scanning
Banner Grabbing
Packet Fragmentation Options
Decoy Scanning Capabilities
Ident Scanning
FTP Bounce Scanning
Source Port Scanning
Stack Fingerprinting Techniques
Vulnerability Scanning (Network-Based OS
and Application Interrogation)
Researching and Probing Vulnerabilities
System/Network Penetration
Account (Password) Cracking
Application Attacks
Cache Exploits
File System Hacking
Hostile and Self-Replicating Code
Programming Tactics
Process Manipulation
Shell Hacking
Session Hijacking
Spoofing
State-Based Attacks
Traffic Capture (Sniffing)
Trust Relationship Exploitation
Denial-of-Service
Consolidation
Security
Notes
References
Texts
Web References
5 Your Defensive Arsenal
The Defensive Arsenal
Access Controls
Network Access Controls (Firewalls)
State Management Attacks on Firewalls
Firewall Ruleset and Packet Filter Reconnaissance
IP Spoofing to Circumvent Network Access Controls
Denial-of-Service
Packet Fragmentation Attacks
Application Level Attacks
System Access Controls
Host-Based Firewalls
Operating System Access Controls
and Privilege Management
Authentication
IP Authentication
Password Authentication
Account/Password Cracking
Eavesdropping Attacks
Password Guessing Attacks
Token-Based Authentication
Session Authentication
Session Authentication Scheme Cracking
Generation of Counterfeit Session Auth Credentials
Session ID Brute-Forcing
Session Auth Eavesdropping
Session Auth/ID Stealing or “Hijacking”
Client Session/ID Theft
Cryptographic (Key-Based) Authentication
Key Transfer and Key Management Vulnerabilities
Key Transfer Vulnerabilities
Key Management Vulnerabilities
(Public Key Infrastructure)
Key Binding and Impersonation Vulnerabilities
Dictionary and Brute-Force Attacks
against Weak Secrets
Centralized Authentication Servers
RADIUS
TACACS
Kerberos
Human Authentication (Biometrics)
Resource Controls
Nonrepudiation
Digital Signatures (and Digital Certificates)
Privacy
Virtual Private Network (VPN)
Session and Protocol Encryption
Secure Sockets Layer (SSL)
Certificate and Impersonation Attacks (SSL)
Cryptographic Weaknesses (SSL)
Attacks against the Handshake Protocol (SSL)
SSL Man-in-the-Middle Attacks
Man-in-the-Middle Attack Version Rollback (SSL)
Viruses, Worms, and other Application Issues (SSL)
Secure Shell (SSH)
File System Encryption
Intrusion Detection
Network-Based and Host-Based IDS
Anomaly-Based (Behavior-Based) IDS
Signature-Based (Knowledge-Based) IDS
IDS Hacking Exploits
Address Spoofing or Proxying
Attacking the IDS
Denial-of-Service
Instigating Active Events
Nondefault Evasion and Pattern Change Evasion
Packet Fragmentation and “Session Splicing”
Port Scan Evasion
TCP Session Synchronization Attacks
URL Encoding (Unicode and Hex Attacks)
Web Evasion Techniques
File System Integrity Checkers
Security Information Management
Data Integrity
Application Proxies
Content Assurance (Antivirus, Content Scanning)
Notes
References
Texts
Web References
6 Programming
Languages
Speed and Security Trade-Offs
Native Compiled Code: C/C++/Assembly
Bytecode/Just in Time Compiled Code
(“Managed” Code): C#/Java
Interpreted (Usually Compiled into Byte Codes
at Runtime): Perl, Python (Scripting Languages),
PHP, Visual Basic, .ASP, Lisp, JSP (Web Languages)
Language-Specific Flaws and Strategic Ways to Protect
against Them
The Basics of Buffer Overflows and Other Memory
Allocation Errors
History
Basic Stack Overflows
Options for the Hacker after a Stack Overflow
So What Is a Stack Canary?
Heap Overflows
Format String Bugs
Integer Overflows
Signal Races on UNIX
What Is Shellcode?
Interpreter Bugs
File Name Canonicalization
Logic Error War Stories
Platform-Specific Programming Security Issues
Windows NT Compared to UNIX
Types of Applications
Web Applications
Cross-Site Scripting Vulnerabilities
Java J2EE
Traditional ASP
.Net
LAMP
Remote Procedure Calling
Creating an RPC Program
Special Cases
Setuid Applications on UNIX
DCOM Services
Auditing Techniques
Tools That Aid Source Auditing
Tools That Aid Reverse Engineering
Fuzzing Audit Tools
Web Security Audit Tools
General Security Tools
Encryption and Authentication
Layered Defenses
Platform-Specific Defenses (Security through Security
and Security through Obscurity)
Nonexecutable Stack
Using a Different Platform Than Expected
File System User Access Controls
Process Logging
The Insider Problem, Backdoors, and Logic Bombs
Buying an Application Assessment
Conclusion
References
7 IP and Layer 2 Protocols
Layer 2 Protocols
Address Resolution Protocol (ARP)
Protocol
Hacking Exploits
Security (Mapping ARP Exploits to ARP Defenses)
Static ARP Entries on Internet Gateways
and Firewalls
Network Management
ARP Monitoring
Port-Level Security
Reverse Address Resolution Protocol (RARP)
Protocol
Hacking Exploits
Security (Defenses for RARP-Related Attacks:
DHCP, BOOTP)
Assignment of Static IP Addresses to Clients
Use of DHCP/BOOTP MAC Controls
ARP Monitoring
Port-Level Security
Layer 3 Protocols
IP Protocol
Protocol
Hacking Exploits
IP Eavesdropping (Packet Sniffing)
IP Spoofing
IP Session Hijacking (Man-in-the-Middle Attacks)
IP Packet Fragmentation Attacks
ICMP-Based Fragmentation Attacks
Tiny Fragment Attacks
Overlapping Fragment Attacks
IP Covert Tunneling
Security (Mapping IP Exploits to IP Defenses)
Tools and Techniques to Detect Promiscuous
Mode Packet Sniffers
System Audits to Identify NICs
in Promiscuous Mode
System Hardening Procedures
to Inhibit Sniffer Installation
Inspection of Systems for Signs
of Rootkit Compromise
Institution of Switched Network
Institution of ARP Monitoring
Institution of Traffic Encryption
Implementation of Strong Authentication
Institution of Spoof Protection at Firewalls
and Access Control Devices
Patch TCP/IP Implementations
Deny Source Routing at Gateways and Firewalls
Deny ICMP Redirects at Gateways and Firewalls
Deter the Use of IP Addresses for Authentication
or Construction of Trust Relationships
Implement ARP Controls
Monitor Network Traffic Using Network
and Host-based IDS
Restrict ICMP Traffic into and out of
a Protected Network
Patch Firewalls and Intrusion Detection Systems
against Packet Fragmentation Attacks
Notes
References
Texts
Request for Comments (RFCs)
White Papers and Web References
8 The Protocols
Layer 3 Protocols
Internet Control Message Protocol (ICMP)
Protocol
Hacking Exploits
ICMP-Based Denial-of-Service
ICMP Network Reconnaissance
ICMP Time Exceeded
ICMP Access Control Enumeration
ICMP Stack Fingerprinting
ICMP Covert Tunneling
Security
Deny ICMP Broadcasts
Network Controls against ICMP Packet Flooding
IP Spoofing Defenses
Patch TCP/IP Implementations against
ICMP Denial-of-Service and ICMP Typing
Monitor Network Traffic Using Network and
Host-Based Intrusion Detection Systems (IDSs)
Restriction of Specific ICMP Message Types
Monitor ICMP Activity at Firewalls
and Intrusion Detection Systems
Layer 4 Protocols
Transmission Control Protocol (TCP)
Protocol
Hacking Exploits
Covert TCP
TCP Denial-of-Service
TCP Sequence Number Prediction
(TCP Spoofing and Session Hijacking)
TCP Stack Fingerprinting
TCP State-Based Attacks
Security
Network Controls against TCP Packet Flooding
IP Spoofing Defenses
Patch TCP/IP Implementations against TCP
Denial-of-Service, TCP Stack Fingerprinting,
and TCP Sequence Number Prediction
Monitor Network Traffic Using Network
and Host-Based IDS Systems
Activation of SYN Flood Protection on Firewalls
and Perimeter Gateways
Implement Stateful Firewalling
User Datagram Protocol (UDP)
Protocol
Hacking Exploits
Covert UDP
UDP Denial-of-Service
UDP Packet Inspection Vulnerabilities
Security
Disable Unnecessary UDP Services
Network Controls against UDP Packet Flooding
IP Spoofing Defenses
Patch TCP/IP Implementations against UDP
Denial-of-Service
Monitor Network Traffic Using Networkand
Host-Based IDS Systems
Implement Stateful Firewalling
Notes
References
Texts
Request for Comments (RFCs)
White Papers and Web References
PART II SYSTEM AND NETWORK PENETRATION
9 Domain Name System (DNS)
The DNS Protocol
DNS Protocol and Packet Constructs
(Packet Data Hacking)
DNS Vulnerabilities
DNS Exploits and DNS Hacking
Protocol-Based Hacking
Reconnaissance
DNS Registration Information
Name Server Information
IP Address and Network Topology Data
Information on Key Application Servers
Protocol-Based Denial-of-Service
Dynamic DNS (DDNS) Hacking
Application-Based Attacks
Buffer Overflows (Privileged Server Access,
Denial-of-Service)
Exploiting the DNS Trust Model
DNS Registration Attacks
DNS Spoofing
Cache Poisoning
DNS Hijacking
DNS Security and Controls
Mapping Exploits to Defenses
Defensive Strategy
Configuration Audit and Verification Tools
DDNS Security
Name Server Redundancy
DNSSEC: Authentication and Encryption of DNS Data
Name Server Software Upgrade(s)
Network and Name Server Monitoring
and Intrusion Detection
Berkeley Internet Name Daemon (BIND)
Logging Controls
Microsoft Windows 2000 DNS Logging Controls
Patches and Service Packs
Server-Side Access Controls
Split-Level DNS Topologies (and DNS Proxying)
Split-Level DNS Topology
System and Service Hardening
Notes
References
Texts
Request for Comments (RFCs)
Mailing Lists and Newsgroups
Web References
10 Directory Services
What Is a Directory Service?
Components of a Directory
Schema
Leaf Object
Container Object
Namespace
Directory Information Tree
Directory Information Base (DIB)
Directory Features
Directory Security
Single Sign On
Uses for Directory Systems
Directory-Enabled Networking
Linked Provisioning
Global Directory
Public Key Infrastructure
Directory Models
Physical vs. Logical
Flat vs. Hierarchical
X.500 Directory
X.500 Schema
X.500 Partitions
X.500 Objects and Naming
A Word about Aliases
X.500 Back-End Processes
Directory Information Tree
Directory Information Base
Replication
Agents and Protocols
X.500 Directory Access
X.500 Security
Authentication
Simple Authentication
Strong Authentication
Access Control
Rights
Summary
Lightweight Directory Access Protocol (LDAP)
LDAP Schema
LDAP Partitions
LDAP Objects and Naming
LDAP Queries
LDAP Data Interchange Format (LDIF)
LDAP Security
Authentication
Anonymous Access
Simple Authentication
Simple Authentication with Secure Sockets
Layer (SSL)/Transport Layer Security (TLS)
Simple Authentication and Security Layer (SASL)
Access Control
Summary
Active Directory
Windows NT
Windows 2000 Schema
Windows 2000 Partitions
Windows 2000 Objects and Naming
The Domain
The Tree
The Forest
The Forest Root Domain
Naming Standards and Resolution in Windows 2000
Active Directory Back-End Processes
The Directory Information Base (DIB)
Replication
The Global Catalog
Windows 2000 Security
Authentication
Kerberos
NTLM
Access Control
Exploiting LDAP
Sun ONE Directory Server 5.1
Microsoft Active Directory
Summary
Future Directions
Further Reading
11 Simple Mail Transfer Protocol (SMTP)
The SMTP Protocol
SMTP Protocol and Packet Constructs
(Packet Data Hacking)
SMTP Vulnerabilities
SMTP Protocol Commands and Protocol Extensions
Protocol Commands
Protocol Extensions
SMTP Exploits and SMTP Hacking
SMTP Protocol Attacks
Account Cracking
Eavesdropping and Reconnaissance
ESMTP and Command Set Vulnerabilities
Protocol-Based Denial-of-Service
Mail Bombing
Mail Spamming
Man-in-the-Middle Attacks
Application-Based Attacks
Malicious Content (MIME Attacks)
Buffer Overflows (Privileged Server Access)
Worms and Automated Attack Tools
Application-Based Denial-of-Service
Attacks on the Mail Trust Model
Mail Spoofing
Identity Impersonation
Attacks on Data Integrity
Delivery Status Notification Manipulation
SMTP Security and Controls
Mapping Exploits to Defenses
Defensive Strategy
Antispam/Antirelay Controls
Antivirus and Content Scanning
Client-Side Access Controls
Content or Code Signing
Delivery Status Notification Controls
Disable Vulnerable ESMTP and SMTP Commands
Disable Vulnerable MIME Types
Network and SMTP Server Monitoring,
Intrusion Detection
Patches and Service Packs
Separation of SMTP and Intranet Account Databases
Server-Side Access Controls
Server Redundancy
SMTP Header Stripping and Parsing
SMTP Source Routing Controls
Split SMTP Topology
System and Service Hardening
Transport Layer Security, Secure Socket
Layer Security
Notes
References
Texts
Request for Comments (RFCs)
White Papers and Web References
12 Hypertext Transfer Protocol (HTTP)
The HTTP Protocol
HTTP Protocol and Packet Constructs
(Packet Data Hacking)
HTTP Vulnerabilities
HTTP Protocol Methods (and Associated Vulnerabilities)
HTTP Exploits and HTTP Hacking
HTTP Protocol Attacks
Eavesdropping and Reconnaissance
Account Cracking
Basic Access Authentication
Digest Access Authentication
HTTP Method Vulnerabilities
Content Vulnerabilities
Caching Exploits
Cache Poisoning
Man-in-the-Middle Attacks
Unauthorized Retrieval of Cache Data
and Cache Monitoring
Denial-of-Service
Protocol-Based Denial-of-Service
Application-Based Attacks
Buffer Overflows (Privileged Server Access,
Denial-of-Service)
Directory Traversal Attacks
Application-Based Denial-of-Service
Attacks on the HTTP Trust Model
State-Based Attacks (Session ID Hacking)
HTTP Spoofing/HTTP Redirection
Man-in-the-Middle Attacks (Session Hijacking)
HTTP Security and Controls
Mapping Exploits to Defenses
Defensive Strategy
Caching Controls and Cache Redundancy
Disable Vulnerable HTTP Methods
HTTP Header Stripping
Implementation of HTTP Digest
Access Authentication
Load Balancing and Server Redundancy
Network and HTTP Server Monitoring,
Intrusion Detection
Patches and Service Packs
Security for Financial Transactions
Server-Side Access Controls
System and Service Hardening
Transport Layer Security or Secure Socket
Layer Security
Notes
References
Texts
Request for Comments (RFCs)
Web References
13 Database Hacking and Security
Introduction
Enumeration of Weaknesses
SQL Injection
Introduction
Phases of SQL Injection
Hacking Microsoft SQL Server
Overflows in Microsoft SQL Server
You Had Me at Hello
SQL Server Resolver Service Stack Overflow
Microsoft SQL Server Postauth Vulnerabilities
Microsoft SQL Server SQL Injection
A Note on Attacking Cold Fusion Web Applications
Default Accounts and Configurations
Hacking Oracle
Buffer Overflows in Oracle Servers
SQL Injection on Oracle
Default User Accounts
Tools and Services for Oracle Assessments
Other Databases
Connecting Backwards
Demonstration and Examples
Phase 1. Discovery
Phase 2. Reverse Engineering the Vulnerable Application
Phase 3. Getting the Results of Arbitrary Queries
Conclusions
14 Malware and Viruses
Ethics Again
Target Platforms
Script Malware
Learning Script Virus Basics with Anna Kournikova
Binary Viruses
Binary File Viruses
Binary Boot Viruses
Hybrids
Binary Worms
Worst to Come
Adware Infections
Conclusion
Notes
15 Network Hardware
Overview
Network Infrastructure
Routers
Switches
Load-Balancing Devices
Remote Access Devices
Wireless Technologies
Network Infrastructure Exploits and Hacking
Device Policy Attacks
Installation Policy
Acceptable Use Policy
Access Policy
Configuration Storage Policy
Patch or Update Policy
Denial-of-Service
Device Obliteration
Configuration Removal or Modification
Sending Crafted Requests
Physical Device Theft
Environmental Control Modification
Resource Expenditure
Diagnostic Port Attack
Sequence (SYN) Attack
Land Attack
Bandwidth Expenditure
Broadcast (Smurf) Attacks
Other ICMP-Related Attacks
Redirects
ICMP Router Discovery Protocol (IDRP) Attack
Ping O’Death
Squelch
Fragmented ICMP
Network Mapping Exploits
Ping
Traceroute
Broadcast Packets
Information Theft
Network Sniffing
Hijacking Attacks
Spoofing
Address Spoofing
TCP Sequence Attacks
Media Access (MAC) Address Exploits
Password or Configuration Exploits
Default Passwords or Configurations
No Passwords
Weak Passwords
Dictionary Password Attacks
Brute-Force Attacks
Logging Attacks
Log Modification
Log Deletion
Log Rerouting
Spoofed Event Management
Network Ports and Protocols Exploits and Attacks
Telnet
BOOTP
Finger
Small Services
Device Management Attacks
Authentication
Console Access
Modem Access (AUX)
Management Protocols
Web (HTTP[S])
Telnet
SSH (Version 1)
TFTP
SNMP
Device Configuration Security Attacks
Passwords
Remote Loading (Network Loads)
Router-Specific Exploits
Routing Protocol Attacks
Authentication
IRDP Attacks
Cisco Discovery Protocol (CDP)
Classless Routing
Source Routing
Route Table Attacks
Modification
Poisoning
ARP Table Attacks
Modification
Poisoning
Man-in-the-Middle Attack
Access-Control Lists Attacks
Switch-Specific Exploits
ARP Table
Modification
Poisoning
Man-in-the-Middle Attack
Media Access (MAC) Address Exploits
Changing a Host’s MAC
Duplicate MAC Addresses
Load-Balancing Device — Specific Exploits
Remote Access Device — Specific Exploits
Weak User Authentication
Same Account and Login Multiple Devices
Shared Login Credentials
Home User System Exploitation
Wireless Technology — Specific Exploits
Interception and Monitoring
Jamming
Insertion
Rogue Access Points
Unauthorized Clients
Client-to-Client Attacks
Media Access (MAC) Address
Duplicate IP Address
Improper Access Point Configuration
Service Set Identifier (SSID)
Default SSID
SSID Broadcasting
Wired Equivalent Privacy (WEP) Exploits
Network Infrastructure Security and Controls
Defensive Strategy
Routing Protocol Security Options
Management Security Options
Operating System Hardening Options
Protecting Running Services
Hardening of the Box
Explicitly Shut Down All Unused Interfaces
Limit or Disable In-Band Access (via Telnet,
SSH, SNMP, Etc.)
Reset All Default Passwords
Use Encrypted Passwords
Use Remote AAA Authentication
Use Access Lists to Protect Terminal, SNMP,
TFTP Ports
Remote Login (Telnet) Service
SNMP Service
Routing Services
Limit Use of SNMP
Limit Use of Internal Web Servers Used
for Configuration
Disable Cisco Discovery Protocol (CDP)
on Cisco Gear Outside of the Firewall
Do Not Leak Info in Banners
Keep Up-to-Date on Security Fixes for
Your Network Infrastructure Devices
DoS and Packet Flooding Controls
Use IP Address Spoofing Controls
Watch for Traffic Where the Source
and Destination Addresses Are the Same
Enforce Minimum Fragment Size to Protect
against Tiny Fragment Attack, Overlapping
Fragment Attack, and Teardrop Attack
Disable IP Unreachables on External Interfaces
Disable ICMP Redirects on External Interfaces
Disable Proxy ARP
Disable IP Directed Broadcasts (SMURF Attacks)
Disable Small Services (No Service Small-Servers
UDP and No Service Small-Servers TCP)
Disable IP Source Routing (No IP Source-Route)
Use Traffic Shaping (Committed Access Rate)
Tools
Configuration Audit and Verification Tools
Wireless Network Controls
Notes
References
Tools
Request for Comments (RFCs)
White Paper
Web References
PART III CONSOLIDATION
16 Consolidating Gains
Overview
Consolidation (OS and Network Facilities)
Account and Privilege Management Facilities
Account Cracking
SMBCapture
Active Directory Privilege Reconnaissance
and Hacking
Built-In/Default Accounts, Groups,
and Associated Privileges
Finger Service Reconnaissance
Kerberos Hacking and Account Appropriation
Keystroke Logging
LDAP Hacking and LDAP Reconnaissance
Polling the Account Database
Social Engineering
Trojanized Login Programs
File System and I/O Resources
File System and Object Privilege Identification
File System (Operating System) Hacking
File Sharing Exploits
NFS (IP) Spoofing
SMBRelay
File Handle/File Descriptor Hacking
File System Device and I/O Hacking
File System Exploitation through
Application Vulnerabilities
Application-Based File System Hacking
Extended File System Functionality
and File System Hacking
Service and Process Management Facilities
Processes, Services, and Privilege Identification
Starting/Stopping Services and Executing
with Specific Privileges
API, Operating System, and Application
Vulnerabilities
Buffer Overflows, Format String,
and Other Application Attacks
Debugging Processes and Memory Manipulation
Inter-Process Communication (IPC), Named Pipe,
and Named Socket Hacking
Devices and Device Management Facilities
Devices and Device Management Hacking
Keystroke Logging
Packet Sniffing
Libraries and Shared Libraries
Library (and Shared Library) Hacking
Shell Access and Command Line Facilities
Shell Hacking
Registry Facilities (NT/2000)
Registry Hacking
Client Software
Client Software Appropriation
Listeners and Network Services
Account/Privilege Appropriation via
a Vulnerable Network Service
NetBIOS/SMB Reconnaissance
Network Information Service (NIS) Reconnaissance
NIS Hacking
SNMP Reconnaissance
Network Trust Relationships
Account Cracking
IP Spoofing
Token Capture and Impersonation
Application/Executable Environment
Consolidation (Foreign Code)
Trojans
Backdoors (and Trojan Backdoors)
Backdoor Listeners
Backdoor Applications
Rootkits
Kernel-Level Rootkits
Security
Mapping Exploits to Defenses
Notes
References and System Hardening References
Texts
Web References
System Hardening References
Windows NT/2000
UNIX Platforms
17 After the Fall
Logging, Auditing, and IDS Evasion
Logging and Auditing Evasion
Windows NT/2000 Logging/Auditing Evasion
IP Spoofing
Account Masquerading
Deletion/Modification of Log File Entries
Deletion of Log Files
Disabling Logging
Controlling What Is Logged
Manipulation of Audit Options
Deletion or Update of Audit Files
UNIX Platforms
UNIX Logging/Auditing Evasion
IP Spoofing
Account Masquerading
Deletion/Modification of Log File Entries
Deletion of Log Files
Disabling Log Files
Controlling What Is Logged
Manipulation of Audit and Accounting Options
Deletion or Update of Audit Files
Routers (Cisco)
AAA Protocols (RADIUS, TACACS)
Centralized Logging Solutions (Syslog)
IP Spoofing
Account Masquerading
Deletion/Modification of Log File Entries
Deletion of Log Files
Disabling Log Files
Controlling What Is Logged
IDS Evasion
Forensics Evasion
Environment Sanitization
Sanitizing History Files
Sanitizing Cache Files
File Hiding and File System Manipulation
Operating System File Hiding Techniques
Alternate Data Streams (NT/2000/XP)
Steganography
Cryptography
Covert Network Activities
Covert TCP
“Normalizing” Traffic (Covert Shells)
ICMP Covert Tunneling
Investigative, Forensics, and Security Controls
Mapping Exploits to Defenses
Centralized Logging and Archival of Log File Data
Centralized Reporting and Data Correlation
Encryption of Local Log File Data
Establishment of Appropriate Access Controls
for Log Files
Implementation of Tools for Remote Monitoring
of Log Files
Patches and Software Updates
Process Monitoring for Logging Services
Regular File System Audits
Strict Management of Audit and
Accounting-Related Privileges
Traffic Encryption for Syslog Packet Data
Notes
References
Texts
Web References
18 Conclusion
Conclusion: Case Study in Subversion
Dalmedica’s Perspective
Access Points
Bastion Hosts
Reconnaissance Activity
Target Systems
Conclusion (Final Thoughts)
References
Areas of Focus
General Hacking and Security Resources
Authentication Technologies
Cryptography
DNS and Directory Services
Network Management
Route/Switch Infrastructures
Storage Networking
Voice over IP
Wireless Networks
Notes

Reverse Engineering With IDA Pro

2008-04-21 13:37:52

Reverse Engineering Code with IDA Pro
Copyright ? 2008 by Elsevier, Inc.

Chapter 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
An Overview of Code Debuggers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Chapter 2 Assembly and Reverse Engineering Basics . . . . . . . . . . . . . . . . . . 7
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Assembly and the IA-32 Processor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
The Stack, the Heap and Other Sections of a Binary Executable . . . . . . . . . . . . 19
IA-32 Instruction Set Refresher and Reference . . . . . . . . . . . . . . . . . . . . . . . . 24
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Chapter 3 Portable Executable and Executable
and Linking Formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Portable Executable Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Executable and Linking Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Chapter 4 Walkthroughs One and Two . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Following Execution Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Reversing What the Binary Does . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
The Processing Subroutine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Chapter 5 Debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Debugging Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Breakpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Hardware Breakpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Software Breakpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Using Breakpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Single Stepping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Watches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Tracing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Debugging in IDA Pro . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Use of Debugging while Reverse Engineering . . . . . . . . . . . . . . . . . . . . . . . . . 94
Heap and Stack Access and Modifi cation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Other Debuggers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Windbg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Ollydbg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Immunity Debugger (Immdbg). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
PaiMei/PyDbg. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
GDB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Chapter 6 Anti-Reversing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Example Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Obfuscation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Chapter 7 Walkthrough Four . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
The Protocol Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Protocol Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Framing and Reassembly . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Self Similarity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Hit Marking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Example Hitlist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Chapter 8 Advanced Walkthrough . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Reversing Malware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Chapter 9 IDA Scripting and Plug-ins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Basics of IDA Scripting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
IDC Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Conditionals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Loops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Local and Global Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Global Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Simple Script Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Writing IDC Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Problem solving with IDC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
The Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Problem Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Proposed solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
Possible Improvements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
New IDC Debugger Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Useful IDC Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Reading and Writing Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Cross References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Code Xrefs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Data Xrefs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Data Representation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Comments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Code Traversal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Input and Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Basics of IDA Plug-ins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Module/Plug-in Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Introducing the IDA Pro SDK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
SDK Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
Plug-in Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Setting up the Development Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Simple Plug-in Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
The Hello World Plug-in . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
The fi nd memcpy Plug-in . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Collecting Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Displaying Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
The Indirect Call Plug-in. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Collecting Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
User Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Implementing the Callback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
dbg_bpt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
dbg_step_into . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
dbg_process_exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
Presenting Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Plug-in Development and Debugging Strategies . . . . . . . . . . . . . . . . . . . . . . . 301
Create a new IDA Development Directory . . . . . . . . . . . . . . . . . . . . . . . . 301
Editing Confi guration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
Using an Unpacked Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
Enabling Exit without Saving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
Plug-in Arguments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
Scripting to Help Plug-in Development . . . . . . . . . . . . . . . . . . . . . . . . 304
Loaders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Processor Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Third-party Scripting Plug-ins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
IDAPython . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
Supported Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
IDARub . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311

Excel Hacks

2008-03-12 17:31:42

The tips and tools in Excel Hacks include little known "backdoor" adjustments for everything from reducing workbook and worksheet frustration to hacking built-in features such as pivot tables, charts, formulas and functions, and even the macro language. This resourceful, roll-up-your-sleeves guide shows you new ways to make Excel do things--from data analysis to worksheet management to import/export--that you never thought possible. Excel Hacks increases productivity with Excel and gives you hours of "hacking" enjoyment along the way.

Copyright
Dedication
Credits
About the Authors
Contributors
Acknowledgments

Preface
Why Excel Hacks?
Getting and Using the Hacks
How to Use This Book
How This Book Is Organized
Windows and Macintosh Users
Conventions Used in This Book
Using Code Examples
How to Contact Us

Chapter 1. Reducing Workbook and Worksheet Frustration
Hacks #1-15
Section 1. Create a Personal View of Your Workbooks
Section 2. Enter Data into Multiple Worksheets Simultaneously
Section 3. Prevent Users from Performing Certain Actions
Section 4. Prevent Seemingly Unnecessary Prompts
Section 5. Hide Worksheets So That They Cannot Be Unhidden
Section 6. Customize the Templates Dialog and Default Workbook
Section 7. Create an Index of Sheets in Your Workbook
Section 8. Limit the Scrolling Range of Your Worksheet
Section 9. Lock and Protect Cells Containing Formulas
Section 10. Find Duplicate Data using Conditional Formatting
Section 11. Tie Custom Toolbars to a Particular Workbook
Section 12. Outsmart Excel's Relative Reference Handler
Section 13. Remove Phantom Workbook Links
Section 14. Reduce Workbook Bloat
Section 15. Extract Data from a Corrupt Workbook

Chapter 2. Hacking Excel's Built-in Features
Hacks #16-38
Section 16. Validate Data Based on a List on Another Worksheet
Section 17. Control Conditional Formatting with Checkboxes
Section 18. Identify Formulas with Conditional Formatting
Section 19. Count or Sum Cells That Meet Conditional Formatting Criteria
Section 20. Highlight Every Other Row or Column
Section 21. Create 3D Effects in Tables or Cells
Section 22. Turn Conditional Formatting and Data Validation On and Off with a Checkbox
Section 23. Support Multiple Lists in a ComboBox
Section 24. Create Validation Lists That Change Based on a Selection from Another List
Section 25. Force Data Validation to Reference a List on Another Worksheet
Section 26. Use Replace... to Remove Unwanted Characters
Section 27. Convert Text Numbers to Real Numbers
Section 28. Customize Cell Comments
Section 29. Sort by More Than Three Columns
Section 30. Random Sorting
Section 31. Manipulate Data with the Advanced Filter
Section 32. Create Custom Number Formats
Section 33. Add More Levels of Undo to Excel for Windows
Section 34. Create Custom Lists
Section 35. Boldface Excel Subtotals
Section 36. Convert Excel Formulas and Functions to Values
Section 37. Automatically Add Data to a Validation List
Section 38. Hack Excel's Date and Time Features

Chapter 3. Naming Hacks
Hacks #39-44
Section 39. Address Data by Name
Section 40. Use the Same Name for Ranges on Different Worksheets
Section 41. Create Custom Functions Using Names
Section 42. Create Ranges That Expand and Contract
Section 43. Nest Dynamic Ranges for Maximum Flexibility
Section 44. Identify Named Ranges on a Worksheet

Chapter 4. Hacking PivotTables
Hacks #46-49
Section 45. PivotTables: A Hack in Themselves
Section 46. Share PivotTables but Not Their Data
Section 47. Automate PivotTable Creation
Section 48. Move PivotTable Grand Totals
Section 49. Efficiently Pivot Another Workbook's Data

Chapter 5. Charting Hacks
Hacks #50-59
Section 50. Explode a Single Slice from a Pie Chart
Section 51. Create Two Sets of Slices in One Pie Chart
Section 52. Create Charts That Adjust to Data
Section 53. Interact with Your Charts Using Custom Controls
Section 54. Three Quick Ways to Update Your Charts
Section 55. Hack Together a Simple Thermometer Chart
Section 56. Create a Column Chart with Variable Widths and Heights
Section 57. Create a Speedometer Chart
Section 58. Link Chart Text Elements to a Cell
Section 59. Hack Chart Data So That Blank Cells Are Not Plotted

Chapter 6. Hacking Formulas and Functions
Hacks #60-80
Section 60. Add Descriptive Text to Your Formulas
Section 61. Move Relative Formulas Without Changing References
Section 62. Compare Two Excel Ranges
Section 63. Fill All Blank Cells in a List
Section 64. Make Your Formulas Increment by Rows When You Copy Across Columns
Section 65. Convert Dates to Excel Formatted Dates
Section 66. Sum or Counting Cells While Avoiding Error Values
Section 67. Reduce the Impact of Volatile Functions on Recalculation
Section 68. Count Only One Instance of Each Entry in a List
Section 69. Sum Every Second, Third, or nth Row or Cell
Section 70. Find the nth Occurrence of a Value
Section 71. Make the Excel Subtotal Function Dynamic
Section 72. Add Date Extensions
Section 73. Convert Numbers with the Negative Sign on the Right to Excel Numbers
Section 74. Display Negative Time Values
Section 75. Use the VLOOKUP Function Across Multiple Tables
Section 76. Show Total Time as Days, Hours, and Minutes
Section 77. Determine the Number of Specified Days in Any Month
Section 78. Construct Mega-Formulas
Section 79. Hack Mega-Formulas that Reference Other Workbooks
Section 80. Hack One of Excel's Database Functions to Take the Place of Many Functions

Chapter 7. Macro Hacks
Hacks #81-94
Section 81. Speed Up Code While Halting Screen Flicker
Section 82. Run a Macro at a Set Time
Section 83. Use CodeName to Reference Sheets in Excel Workbooks
Section 84. Connect Buttons to Macros Easily
Section 85. Create a Workbook Splash Screen
Section 86. Display a "Please Wait" Message
Section 87. Have a Cell Ticked or Unticked upon Selection
Section 88. Count or Sum Cells That Have a Specified Fill Color
Section 89. Add the Microsoft Excel Calendar Control to Any Excel Workbook
Section 90. Password-Protect and Unprotect All Excel Worksheets in One Fell Swoop
Section 91. Retrieve a Workbook's Name and Path
Section 92. Get Around Excel's Three-Criteria Limit for Conditional Formatting
Section 93. Run Procedures on Protected Worksheets
Section 94. Distribute Macros

Chapter 8. Connecting Excel to the World
Hacks #95-100
Section 95. Load an XML Document into Excel
Section 96. Save to SpreadsheetML and Extracting Data
Section 97. Create Spreadsheets using SpreadsheetML
Section 98. Import Data Directly into Excel
Section 99. Access SOAP Web Services from Excel
Section 100. Create Excel Spreadsheets Using Other Environments

Glossary
Colophon

Honeypots Tracking Hackers

2008-03-04 01:57:17

Preface
Audience
CD-ROM
Web Site
References
Network Diagrams
About the Author
Acknowledgments

Chapter 1. The Sting: My Fascination with Honeypots
The Lure of Honeypots
How I Got Started with Honeypots
Perceptions and Misconceptions of Honeypots
Summary
References

Chapter 2. The Threat: Tools, Tactics, and Motives of Attackers
Script Kiddies and Advanced Blackhats
Everyone Is a Target
Methods of Attackers
Motives of Attackers
Adapting and Changing Threats
Summary
References

Chapter 3. History and Definition of Honeypots
The History of Honeypots
Definitions of Honeypots
Summary
References

Chapter 4. The Value of Honeypots
Advantages of Honeypots
Disadvantages of Honeypots
The Role of Honeypots in Overall Security
Honeypot Policies
Summary
References

Chapter 5. Classifying Honeypots by Level of Interaction
Tradeoffs Between Levels of Interaction
Low-Interaction Honeypots
Medium-Interaction Honeypots
High-Interaction Honeypots
An Overview of Six Honeypots
Summary
References

Chapter 6. BackOfficer Friendly
Overview of BOF
The Value of BOF
How BOF Works
Installing, Configuring, and Deploying BOF
Information Gathering and Alerting Capabilities
Risk Associated with BOF
Summary
Tutorial
References

Chapter 7. Specter
Overview of Specter
The Value of Specter
How Specter Works
Installing and Configuring Specter
Deploying and Maintaining Specter
Information-Gathering and Alerting Capabilities
Risk Associated with Specter
Summary
References

Chapter 8. Honeyd
Overview of Honeyd
Value of Honeyd
How Honeyd Works
Installing and Configuring Honeyd
Deploying and Maintaining Honeyd
Information Gathering
Risk Associated with Honeyd
Summary
References

Chapter 9. Homemade Honeypots
An Overview of Homemade Honeypots
Port-Monitoring Honeypots
Jailed Environments
Summary
References

Chapter 10. ManTrap
Overview of ManTrap
The Value of ManTrap
How ManTrap Works
Installing and Configuring ManTrap
Deploying and Maintaining ManTrap
Information Gathering
Risk Associated with ManTrap
Summary
References

Chapter 11. Honeynets
Overview of Honeynets
The Value of Honeynets
How Honeynets Work
Honeynet Architectures
Sweetening the Honeynet
Deploying and Maintaining Honeynets
Information Gathering: An Example Attack
Risk Associated with Honeynets
Summary
References

Chapter 12. Implementing Your Honeypot
Specifying Honeypot Goals
Selecting a Honeypot
Determining the Number of Honeypots
Selecting Locations for Deployment
Implementing Data Capture
Logging and Managing Data
Using NAT
Mitigating Risk
Mitigating Fingerprinting
Summary
References

Chapter 13. Maintaining Your Honeypot
Alert Detection
Response
Data Analysis
Updates
Summary
References

Chapter 14. Putting It All Together
Honeyp.com
Honeyp.edu
Summary
References

Chapter 15. Legal Issues
Are Honeypots Illegal?
Precedents
Privacy
Entrapment
Liability
Summary
References
Resources

Chapter 16. Future of Honeypots
From Misunderstanding to Acceptance
Improving Ease of Use
Closer Integration with Technologies
Targeting Honeypots for Specific Purposes
Expanding Research Applications
A Final Caveat
Summary
References

Appendix A. Back Officer Friendly ASCII File of Scans
Appendix B. Snort Configuration File
Appendix C. IP Protocols
Appendix D. Definitions, Requirements, and Standards Document
PURPOSE
DEFINITIONS
REQUIREMENTS
STANDARDS

Appendix E. Honeynet Logs

Hacking Exposed Windows. Microsoft Windows Security Secrets and Solutions, 3rd Edition

2008-02-21 15:50:40

Hacking Exposed Windows. Microsoft Windows Security Secrets and Solutions, 3rd Edition

Author: Joel Scambray
Publisher: McGraw-Hill Osborne Media
Number Of Pages: 451
Publication Date: 2007-12-04
ISBN-10 / ASIN: 007149426X
ISBN-13 / EAN: 9780071494267
Binding: Paperback

The latest Windows security attack and defense strategies

"Securing Windows begins with reading this book." --James Costello (CISSP) IT Security Specialist, Honeywell

Meet the challenges of Windows security with the exclusive Hacking Exposed "attack-countermeasure" approach. Learn how real-world malicious hackers conduct reconnaissance of targets and then exploit common misconfigurations and software flaws on both clients and servers. See leading-edge exploitation techniques demonstrated, and learn how the latest countermeasures in Windows XP, Vista, and Server 2003/2008 can mitigate these attacks. Get practical advice based on the authors' and contributors' many years as security professionals hired to break into the world's largest IT infrastructures. Dramatically improve the security of Microsoft technology deployments of all sizes when you learn to:

Establish business relevance and context for security by highlighting real-world risks

Take a tour of the Windows security architecture from the hacker's perspective, exposing old and new vulnerabilities that can easily be avoided

Understand how hackers use reconnaissance techniques such as footprinting, scanning, banner grabbing, DNS queries, and Google searches to locate vulnerable Windows systems

Learn how information is extracted anonymously from Windows using simple NetBIOS, SMB, MSRPC, SNMP, and Active Directory enumeration techniques

Prevent the latest remote network exploits such as password grinding via WMI and Terminal Server, passive Kerberos logon sniffing, rogue server/man-in-the-middle attacks, and cracking vulnerable services

See up close how professional hackers reverse engineer and develop new Windows exploits

Identify and eliminate rootkits, malware, and stealth software

Fortify SQL Server against external and insider attacks

Harden your clients and users against the latest e-mail phishing, spyware, adware, and Internet Explorer threats

Deploy and configure the latest Windows security countermeasures, including BitLocker, Integrity Levels, User Account Control, the updated Windows Firewall, Group Policy, Vista Service Refactoring/Hardening, SafeSEH, GS, DEP, Patchguard, and Address Space Layout Randomization

Summary: Hacking Exposed Windows 3rd Edition
Rating: 5

This book is awesome! It covers everything including vista. I have many editions of hacking exposed and so far I am loving it!

目录

Foreword . . xvii
Acknowledgments xix
Introduction xxi

1
Information Security Basics . . . 1
A Framework for Operational Security . 2
Plan . 3
Prevent . . . . 8
Detect . . . . . 8
Respond . . . 9
Rinse and Repeat . 9
Basic Security Principles . 10
Summary . . 13
References and Further Reading 14

2
The Windows Security Architecture from the Hacker’s Perspective . . . 15
Overview . . 16
Attacking the Kernel . . . . 17
Attacking User Mode . . . . 18
Access Control Overview 19
Security Principals 19
SIDs . 20
Users 22
Groups . . . . 25
Computers (Machine Accounts) . 28
User Rights 30
Putting It All Together: Access Control . 31
The Token . 32
Network Authentication . 36
The SAM and Active Directory . 39
Forests, Trees, and Domains . . . . 41
Scope: Local, Global, and Universal . . . 42
Trusts . . . . . 43
Administrative Boundaries: Forest or Domain? . . . . . 43
For more information about this title, click here
xii Hacking Exposed Windows: Windows Security Secrets & Solutions
Auditing . . . 46
Cryptography . . . . 47
The .NET Framework . . . 48
Summary . . 50
References and Further Reading 51

3
Footprinting and Scanning . . . . 53
Footprinting 54
Scanning . . . 60
A Final Word on Footprinting and Scanning . . 69
Summary . . 70
References and Further Reading 70

4
Enumeration . . . 73
Prelude: Reviewing Scan Results 74
NetBIOS Names vs. IP Addresses . . . . . 74
NetBIOS Name Service Enumeration . . 77
RPC Enumeration . 82
SMB Enumeration 84
Windows DNS Enumeration . . . 101
SNMP Enumeration . . . . . 103
Active Directory Enumeration . . 107
All-in-One Enumeration Tools . . 111
Summary . . 112
References and Further Reading 113

5
Hacking Windows-Specif ic Services . . 115
Guessing Passwords . . . . 117
Close Existing SMB Sessions to Target . 117
Review Enumeration Results . . . 118
Avoid Account Lockout . . 119
The Importance of Administrator and Service Accounts . . . . 121
Eavesdropping on Windows Authentication . . 137
Subverting Windows Authentication . . 148
Exploiting Windows-Specifi c Services . 156
Summary . . 161
References and Further Reading 162

6
Discovering and Exploiting Windows Vulnerabilities . . . 165
Security Vulnerabilities . . 166
Finding Security Vulnerabilities . 166
Prep Work . 167
Exploiting ANI . . . 181
Summary . . 184
References and Further Reading 184
Contents xiii

7
Post-Exploit Pillaging . . 185
Transferring Attacker’s Toolkit for Further Domination . . . . 186
Remote Interactive Control . . . . . 191
Password Extraction . . . . 201
Introduction to Application Credential Usage and the DPAPI . . . . . 205
Password Cracking . . . . . 210
Cracking LM Hashes . . . . 210
Cracking NT Hashes . . . . 214
Rinse and Repeat . 220
Summary . . 220
References and Further Reading 221

8
Achieving Stealth and Maintaining Presence . . 225
The Rise of the Rootkit . . . 226
Windows Rootkits 227
The Changing Threat Environment . . . . 229
Achieving Stealth: Modern Techniques 235
Windows Internals 235
DKOM . . . . 240
Shadow Walker . . . 245
Antivirus Software vs. Rootkits . 246
Windows Vista vs. Rootkits . . . . 247
Kernel Patch Protection (KPP): Patchguard . . . 247
UAC: You’re About to Get 0wn3d, Cancel or Allow? . 248
Secure Startup . . . . 250
Other Security Enhancements . . 251
Summary of Vista vs. Rootkits . . 251
Rootkit Detection Tools and Techniques 252
Rise of the Rootkit Detection Tool . . . . . 252
Cross-View-Based Rootkit Detection . . . 253
Ad Hoc Rootkit Detection Techniques . 254
The Future of Rootkits . . . 262
Are Rootkits Really Even Necessary? . . 262
Summary . . 268
References and Further Reading 269

9
Hacking SQL Server . . . 273
Case Study: Penetration of a SQL Server . . . . . 274
SQL Server Security Concepts . . 277
Network Libraries 277
Security Modes . . . 278
Logins . . . . . 278
Users 279
Roles 279
xiv Hacking Exposed Windows: Windows Security Secrets & Solutions
Logging . . . 279
SQL Server 2005 Changes 280
Hacking SQL Server . . . . . 281
SQL Server Information Gathering . . . . 282
SQL Server Hacking Tools and Techniques . . . 286
Critical Defensive Strategies . . . . 306
Additional SQL Server Security Best Practices 309
Summary . . 315
References and Further Reading 316

10
Hacking Microsoft Client Apps . 317
Exploits . . . 319
Trickery . . . 327
General Countermeasures 334
IE Security Zones . 335
Low-privilege Browsing . 339
Summary . . 340
References and Further Reading 340

11
Physical Attacks 345
Offl ine Attacks . . . 346
Implications for EFS . . . . . 349
Online Attacks . . . . 354
Device/Media/Wireless Attacks 359
Summary . . 363
References and Further Reading 364

12
Windows Security Features and Tools . 367
BitLocker Drive Encryption . . . . 368
BitLocker Confi gurations 369
BitLocker with TPM . . . . . 370
Windows Integrity Control . . . . . 372
Managing Integrity Levels . . . . . 374
User Account Control . . . 375
Tokens and Processes . . . . 375
UnAdmin . . 375
Windows Service Hardening . . . 377
Service Resource Isolation 377
Least Privilege Services . . 380
Service Refactoring 385
Restricted Network Access . . . . . 386
Session 0 Isolation 386
Your Compiler Can Save You . . . 387
An Overview of Overfl ows . . . . . 387
GS Cookies . 388
Contents xv
SafeSEH . . . 392
Stack Changes . . . . 397
Address Space Layout Randomization . 398
Windows Resource Protection . . 399
Summary . . 402

References and Further Reading 402

A
Windows Security Checklist . . . 405
Caveat Emptor: Roles and Responsibilities . . . 406
Preinstallation Considerations . . 406
Basic Windows Hardening . . . . . 407
Non-Template Recommendations . . . . . 407
Security Templates Recommendations . 409
Windows Firewall and IPSec . . . 411
Group Policy . . . . . 412
Miscellaneous Confi gurations . . 412
Web Application Security Considerations . . . . 413
SQL Server Security Considerations . . . 414
Terminal Server Security Considerations . . . . . 416
Denial of Service Considerations 417
Internet Client Security . . 418
Audit Yourself! . . . 420

B
About the Companion Website . 421
Index . . 423

黑客入门全程图解

2007-12-21 15:30:57

全书从技术分析角度出发，对黑客的每个攻击入侵方法和所有实例都进行了测试，全部可以实现和做到，但，害人之心不可有，读者诸君切勿将本书内容用于任何违法行为，否则一切法律责任自负！上网大家都会，但网络安全的观念和常识却相当缺乏，在遇到别有用心者的入侵后，结果会非常严重！针对这群电脑用户，本书特别披露黑客“练功”全过程，并将其入侵伎俩和招数大曝光，大家在一步步跟着学做后即可熟知那些所谓“神秘”的黑客手法，从而高度重视网络安全，并采取相关措施现场自救！本书特色：不需要专业的网络知识，不需要任何编程基础。适用读者：电脑初学者和稍微有点基础的电脑用户；对黑客和黑客技术感兴趣的所有电脑用户。

欺骗的艺术 [中文完整版 PDF+WORD]

2007-12-09 16:07:50

正如知道Windows的人，都知道比尔·盖兹，如果你对信息安全有所了解，便一定听说过凯文·米特尼克。在信息安全的世界里，他的黑客传奇生涯是无人比拟的。

15岁时闯入“北美空中防务指挥系统”的主机，翻遍了美国指向前苏联及其盟国的所有核弹头的数据资料，然后溜之大吉；
24岁时被DEC指控从公司网络上窃取价值100万美元的软件并造成了400万美元损失，被警察当局认为，只要拥有键盘就会对社会构成威胁；
1994年，成功入侵美国摩托罗拉、NOVELL、SUN、MICROSYSTEMS，芬兰的诺基亚等高科技公司的计算机，FBI推算其盗走的程序和数据而造成的实际损害总额达至4亿美元；
2000年，米特尼克获得监督释放。但不准触摸计算机、手机以及其他任何可以上网的装置；
美国联邦调查局将他列为头号通缉犯、好莱坞根据他的事迹为蓝本拍摄了电影《战争游戏》、以他为主角的书籍更是已经超过10本……

2002年底，凯文·米特尼克完成出版了《欺骗的艺术》一书，此一上市便成为美国畅销书籍，大获成功。米特尼克也由一个世界著名的黑客成为一名致力于信息安全保护方面的专家。

信息安全已经被全世界所关注，中国也将其提到国家安全的高度。纵然，我国的信息安全技术近年来有了长足的提高进步，但在理念意识上仍然有很大的差距。尤其是凯文·米特尼克在《欺骗的艺术》这本书中详细介绍的社会工程学，仍是许多信息安全工作者们一直以来没有给予重视的非技术类的攻击手段。

本书适于企业、政府的管理人员以及任何缺乏信息安全知识和对信息安全知识有兴趣的人阅读。

在物质产品并不匮乏时，安全意识比安全措施重要的多。――王小瑞

黑客就是这么几招(第2版)

2007-12-07 13:00:25

本书从黑客攻击的角度出发,全面,详尽地介绍了黑客的种种攻击技术.书中对每种攻击方法都附有攻击实例,其中大部分攻击实例是从未公开过的,在介如各种攻击方法的同时都给出了相应的用户对策,使广大网民和网络管理员可以保障自己系统与信息的安全,完善自己的网络环境.本书的第一版在国内是畅销书,并且被台湾松岗电脑图书资料股份有限公司以繁体中文在台湾出版.自第一版畅销后,又有许多新的工具和技术出现,第二版在尽量保留第一版精华内容的基础上,加入了一些新的技术资料以及新近发生的重要黑客事件,并对本书所附光盘的相应软件作了更新.

Hacker Disassembling Uncovered

2007-12-07 10:15:54

This text shows how to analyze programs without its source code, using a debugger and a disassembler, and covers hacking methods including virtual functions, local and global variables, branching, loops, objects and their hierarchy, and more.

This book is dedicated to the basics of hacking—methods of analyzing programs using a debugger and disassembler. There is huge interest in this topic, but in reality, there are very few programmers who have mastered these methods on a professional level.

The majority of publications that touch on issues of analyzing and optimizing programs, as well as creating means of protecting information, delicately tiptoe around the fact that in order to competently find "holes" in a program without having its source code, you have to disassemble them. Restoring something that even somewhat resembles the source code is still considered an extremely complex task. In the book, the author describes a technology used by hackers that gives a practically identical source code, and this includes programs in C++ as well, which are particularly difficult to disassemble.

The book gives a detailed description of ways to identify and reconstruct key structures of the source language—functions (including virtual ones), local and global variables, branching, loops, objects and their hierarchy, mathematical operators, etc. The disassembly methodology that we will look at has been formalized—i.e., it has been translated from an intuitive concept into a complete technology, available and comprehensible to almost anyone.

The book contains a large number of unique practical materials. It is organized in such a manner that it will most certainly be useful to the everyday programmer as a manual on optimizing programs for modern intelligent compilers, and to the information protection specialist as a manual on looking for so-called "bugs." The "from simple to complex" style of the book allows it to easily be used as a textbook for beginner analyzers and "code diggers."

About the Editor

Kris Kaspersky is the author of articles on hacking, disassembling, and code optimization. He has dealt with issues relating to security and system programming including compiler development, optimization techniques, security mechanism research, real-time OS kernel creation, and writing antivirus programs.

Table of Contents
Hacker Disassembling Uncovered
Preface
Introduction
Part I - Getting Acquainted with Basic Hacking Techniques
Step One - Warming up
Step Two - Getting Acquainted with the Disassembler
Step Three - Surgery
Step Four - Getting Acquainted with the Debugger
Step Five - IDA Emerges onto the Scene
Step Six - Using a Disassembler with a Debugger
Step Seven - Identifying Key Structures of High-Level Languages
Part II - Ways of Making Software Analysis Difficult
Introduction
Counteracting Debuggers
Counteracting Disassemblers
An Invitation to the Discussion, or New Protection Tips
Hacker Disassembling Uncovered—How to…
Index
List of Figures
List of Tables
List of Listings

Addison Wesley Exploiting Software How To Break Code.chm

2007-11-24 20:50:51

Exploiting Software How to Break Code
By Greg Hoglund, Gary McGraw

Publisher : Addison Wesley
Pub Date : February 17, 2004
ISBN : 0-201-78695-8
Pages : 512

How does software break? How do attackers make software break on purpose? Why are firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys? What tools can be used to break software? This book provides the answers.

Exploiting Software is loaded with examples of real attacks, attack patterns, tools, and techniques used by bad guys to break software. If you want to protect your software from attack, you must first learn how real attacks are really carried out.

This must-have book may shock you—and it will certainly educate you.Getting beyond the script kiddie treatment found in many hacking books, you will learn about

Why software exploit will continue to be a serious problem

When network security mechanisms do not work

Attack patterns

Reverse engineering

Classic attacks against server software

Surprising attacks against client software

Techniques for crafting malicious input

The technical details of buffer overflows

Rootkits

Exploiting Software is filled with the tools, concepts, and knowledge necessary to break software.

Wireshark & Ethereal Network Protocol Analyzer Toolkit

2007-11-18 00:09:28

Ethereal is the #2 most popular open source security tool used by system administrators and security professionals. This all new book builds on the success of Syngress best-selling book Ethereal Packet Sniffing.

This book provides complete information and step-by-step Instructions for analyzing protocols and network traffic on Windows, Unix or Mac OS X networks. First, readers will learn about the types of sniffers available today and see the benefits of using Ethereal. Readers will then learn to install Ethereal in multiple environments including Windows, Unix and Mac OS X as well as building Ethereal from source and will also be guided through Ethereals graphical user interface. The following sections will teach readers to use command-line options of Ethereal as well as using Tethereal to capture live packets from the wire or to read saved capture files. This section also details how to import and export files between Ethereal and WinDump, Snort, Snoop, Microsoft Network Monitor, and EtherPeek. The book then teaches the reader to master advanced tasks such as creating sub-trees, displaying bitfields in a graphical view, tracking requests and reply packet pairs as well as exclusive coverage of MATE, Ethereals brand new configurable upper level analysis engine. The final section to the book teaches readers to enable Ethereal to read new Data sources, program their own protocol dissectors, and to create and customize Ethereal reports.

Brute Force. Cracking the Data Encryption Standard

2007-10-28 10:03:20

Brute Force: Cracking the Data Encryption Standard

Publisher: Springer
Author: Matt Curtin
Number Of Pages: 291
Publication Date: 2005-02-16
Sales Rank: 585396
ISBN / ASIN: 0387201092
EAN: 9780387201092
Binding: Hardcover
Manufacturer: Springer
Studio: Springer
Average Rating: 4.5

In the 1960s, it became increasingly clear that more and more information was going to be stored on computers, not on pieces of paper. With these changes in technology and the ways it was used came a need to protect both the systems and the information. For the next ten years, encryption systems of varying strengths were developed, but none proved to be rigorous enough. In 1973, the NBS put out an open call for a new, stronger encryption system that would become the new federal standard. Several years later, IBM responded with a system called Lucifer that came to simply be known as DES (data encryption standard).

The strength of an encryption system is best measured by the attacks it is able to withstand, and because DES was the federal standard, many tried to test its limits. (It should also be noted that a number of cryptographers and computer scientists told the NSA that DES was not nearly strong enough and would be easily hacked.) Rogue hackers, usually out to steal as much information as possible, tried to break DES. A number of "white hat" hackers also tested the system and reported on their successes. Still others attacked DES because they believed it had outlived its effectiveness and was becoming increasingly vulnerable. The sum total of these efforts to use all of the possible keys to break DES over time made for a brute force attack.

In 1996, the supposedly uncrackable DES was broken. In this captivating and intriguing book, Matt Curtin charts DES’s rise and fall and chronicles the efforts of those who were determined to master it.

50、黑鹰破解大师破解经验总结2

2007-10-18 11:29:55

49、黑鹰破解大师破解经验总结1

2007-10-18 11:24:19

挑战黑客--网络安全的最终解决方案

2007-10-15 11:34:25

黑客攻防对策

2007-09-13 15:19:54

Addison Wesley - Web Hacking Attacks and Defense

2007-08-27 14:00:18

Rootkits For Dummies

2007-08-21 21:49:08

rootkits的入门书籍

Welcome Rootkits For Dummies, a book written for regular folks who
need a better understanding of what rootkits are, what we can do to
protect our computers and networks against them, and how to detect and
remove them. Like Sergeant Schultz on Hogan’s Heroes, you may be among
those who know “nothing, nothing” at all about them. Even the name rootkit
may be unfamiliar to you — but soon everyone with a computer and Internet
access will know how dangerous these malware programs can be.

Rootkits For Dummies can help you gain insight into the realm of malware,
giving you the knowledge and abilities to assess and develop your own plan
to prevent this scourge from ruining your day (or week, or year). Whether
you have a standalone computer or have a business network to run as an
administrator, this book will show you what you can do about rootkits — and
help you secure your system against cyber-criminals and all malware, online
and off.

黑鹰破解教程46、了解Delphi1

2007-08-21 15:21:19

黑鹰破解教程44、内存注册机的制作

2007-08-21 15:21:12

黑鹰破解教程43、算法分析3

2007-08-21 15:21:08

黑客攻防实战详解

2007-08-17 18:02:32

本书系统介绍了黑客入侵的全部过程，以及相应的防御措施和方法。内容主要包括基于认证的入侵及防御、基于服务器软件漏洞的入侵及防御、基于木马的入侵及防御等。

黑鹰破解教程41、算法分析1

2007-08-17 14:26:37

黑鹰破解教程40、VB程序的破解2

2007-08-17 14:26:31

黑鹰破解教程39、VB程序的破解1

2007-08-17 14:07:14

黑鹰破解教程38、Delphi程序的破解2

2007-08-17 14:07:13

黑鹰破解教程37、Delphi程序的破解1

2007-08-17 14:07:12

黑鹰破解教程36、注册码的追踪方法36

2007-08-17 14:07:11

黑鹰破解教程35、注册码的追踪方法2

2007-08-17 14:07:10

黑鹰破解教程34、注册码的追踪方法1

2007-08-17 14:07:09

黑鹰破解教程33、破解补丁的制作

2007-08-17 14:07:08

黑鹰破解教程32、软件的爆破3

2007-08-17 14:07:07

黑鹰破解教程31、软件的爆破2

2007-08-17 14:07:06

黑鹰破解教程30、软件的爆破1

2007-08-17 14:07:04

黑鹰破解教程29、软件破解的思路2

2007-08-17 14:01:15

黑鹰破解教程28、软件破解的思路1

2007-08-17 14:01:14

黑鹰破解教程27、简单汇编基础2

2007-08-17 14:01:12

黑鹰破解教程26、简单汇编基础1

2007-08-17 14:01:11

黑鹰破解教程25、PE区段优化减肥

2007-08-17 14:01:09

入侵检测系统及实例剖析

2007-08-07 11:32:26

1、破解工具的介绍

2007-08-01 11:16:41

黑鹰破解班第39课--VB程序的破解1

2007-07-26 14:25:24

黑鹰破解班第38课--Delphi程序的破解2

2007-07-26 14:25:22

黑鹰破解班第37课--Delphi程序的破解1

2007-07-26 14:25:21

黑鹰破解班第36课--注册码的追踪方法3

2007-07-26 14:21:38

黑鹰破解班第35课--注册码的追踪方法2

2007-07-26 14:21:37

黑鹰破解班第34课--注册码的追踪方法1

2007-07-26 14:21:35