1. Designing BSD Rootkits: An Introduction to kernel hacking
Though rootkits have a fairly negative image, they can be used for both good and evil. Designing BSD Rootkits arms you with the knowledge you need to write offensive rootkits, to defend against malicious ones, and to explore the FreeBSD kernel and operating system in the process.
Organized as a tutorial, Designing BSD Rootkits will teach you the fundamentals of programming and developing rootkits under the FreeBSD operating system. Author Joseph Kong's goal is to make you smarter, not to teach you how to write exploits or launch attacks. You'll learn how to maintain root access long after gaining access to a computer and how to hack FreeBSD.
Kongs liberal use of examples assumes no prior kernel-hacking experience but doesn't water down the information. All code is thoroughly described and analyzed, and each chapter contains at least one real-world application.
Included:
- The fundamentals of FreeBSD kernel module programming
- Using call hooking to subvert the FreeBSD kernel
- Directly manipulating the objects the kernel depends upon for its internal record-keeping
- Patching kernel code resident in main memory; in other words, altering the kernel's logic while it’s still running
- How to defend against the attacks described
Download Designing BSD Rootkits
2. Hacking Firefox: More Than 150 Hacks, Mods, and Customizations
Even novice Firefox users will be able to immediately begin modifying and customizing Firefox’s appearance and functionality, and then move on to tweaking performance, and tweaking configurations. More advanced coverage includes creating custom installations for various platforms including Linux, Windows memory optimizations, network performance, and creating your own extensions and themes.
Download Hacking Firefox
3. Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions
"This book concisely identifies the types of attacks which are faced daily by Web 2.0 sites, and the authors give solid, practical advice on how to identify and mitigate these threats." --Max Kelly, CISSP, CIPP, CFCE, Senior Director of Security, Facebook
Protect your Web 2.0 architecture against the latest wave of cybercrime using expert tactics from Internet security professionals. Hacking Exposed Web 2.0 shows how hackers perform reconnaissance, choose their entry point, and attack Web 2.0-based services, and reveals detailed countermeasures and defense techniques. You'll learn how to avoid injection and buffer overflow attacks, fix browser and plug-in flaws, and secure AJAX, Flash, and XML-driven applications. Real-world case studies illustrate social networking site weaknesses, cross-site attack methods, migration vulnerabilities, and IE7 shortcomings.
- Plug security holes in Web 2.0 implementations the proven Hacking Exposed way
- Learn how hackers target and abuse vulnerable Web 2.0 applications, browsers, plug-ins, online databases, user inputs, and HTML forms
- Prevent Web 2.0-based SQL, XPath, XQuery, LDAP, and command injection attacks
- Circumvent XXE, directory traversal, and buffer overflow exploits
- Learn XSS and Cross-Site Request Forgery methods attackers use to bypass browser security controls
- Fix vulnerabilities in Outlook Express and Acrobat Reader add-ons
- Use input validators and XML classes to reinforce ASP and .NET security
- Eliminate unintentional exposures in ASP.NET AJAX (Atlas), Direct Web Remoting, Sajax, and GWT Web applications
- Mitigate ActiveX security exposures using SiteLock, code signing, and secure controls
- Find and fix Adobe Flash vulnerabilities and DNS rebinding attacks
- Foreword
- Acknowledgments
- Introduction
Chapter 1. Common Injection Attacks
Chapter 2. Cross-Site Scripting
Part II: Next Generation Web Application Attacks
Chapter 3. Cross-Domain Attacks
Chapter 4. Malicious JavaScript and AJAX
Chapter 5. .Net Security
Part III: AJAX
Chapter 6. AJAX Types, Discovery, and Parameter Manipulation
Chapter 7. AJAX Framework Exposures
Part IV: Thick Clients
Chapter 8. ActiveX Security
Chapter 9. Attacking Flash Applications
Index
Download Hacking Exposed Web 2.0
4. Hacking Windows-Specific Services
The latest Windows security attack and defense strategies
"Securing Windows begins with reading this book." --James Costello (CISSP) IT Security Specialist, Honeywell
Meet the challenges of Windows security with the exclusive Hacking Exposed "attack-countermeasure" approach. Learn how real-world malicious hackers conduct reconnaissance of targets and then exploit common misconfigurations and software flaws on both clients and servers. See leading-edge exploitation techniques demonstrated, and learn how the latest countermeasures in Windows XP, Vista, and Server 2003/2008 can mitigate these attacks. Get practical advice based on the authors' and contributors' many years as security professionals hired to break into the world's largest IT infrastructures. Dramatically improve the security of Microsoft technology deployments of all sizes when you learn to:
- Establish business relevance and context for security by highlighting real-world risks
- Take a tour of the Windows security architecture from the hacker's perspective, exposing old and new vulnerabilities that can easily be avoided
- Understand how hackers use reconnaissance techniques such as footprinting, scanning, banner grabbing, DNS queries, and Google searches to locate vulnerable Windows systems
- Learn how information is extracted anonymously from Windows using simple NetBIOS, SMB, MSRPC, SNMP, and Active Directory enumeration techniques
- Prevent the latest remote network exploits such as password grinding via WMI and Terminal Server, passive Kerberos logon sniffing, rogue server/man-in-the-middle attacks, and cracking vulnerable services
- See up close how professional hackers reverse engineer and develop new Windows exploits
- Identify and eliminate rootkits, malware, and stealth software
- Fortify SQL Server against external and insider attacks
- Harden your clients and users against the latest e-mail phishing, spyware, adware, and Internet Explorer threats
- Deploy and configure the latest Windows security countermeasures, including BitLocker, Integrity Levels, User Account Control, the updated Windows Firewall, Group Policy, Vista Service Refactoring/Hardening, SafeSEH, GS, DEP, Patchguard, and Address Space Layout Randomization
5. Hacking Exposed Computer Forensics: Computer Forensics Secrets & Solutions
Investigate computer crime, corporate malfeasance, and hacker break-ins quickly and effectively with help from this practical and comprehensive resource. You’ll get expert information on crucial procedures to successfully prosecute violators while avoiding the pitfalls of illicit searches, privacy violations, and illegally obtained evidence. It’s all here--from collecting actionable evidence, re-creating the criminal timeline, and zeroing in on a suspect to uncovering obscured and deleted code, unlocking encrypted files, and preparing lawful affidavits. Plus, you’ll get in-depth coverage of the latest PDA and cell phone investigation techniques and real-world case studies.
Learn the secrets and strategies for investigating computer crime
Investigate computer crime, corporate malfeasance, and hacker break-ins quickly and effectively with help from this practical and comprehensive resource. You’ll get expert information on crucial procedures to prosecute violators successfully while avoiding the pitfalls of illicit searches, privacy violations, and illegally obtained evidence. It’s all here--from collecting actionable evidence, re-creating the criminal timeline, and zeroing in on a suspect to uncovering obscured and deleted code, unlocking encrypted files, and preparing lawful affidavits. Plus, you’ll get in-depth coverage of the latest PDA and cell phone investigation techniques and real-world case studies.
Digital sleuthing techniques that will withstand judicial scrutiny
Inside, you’ll learn to:
- Plan and prepare for all stages of an investigation using the proven Hacking Exposed methodology
- Work with and store evidence in a properly configured forensic lab
- Deploy an effective case management strategy to collect material, document findings, and archive results
- Covertly investigate, triage, and work with remote data across the network
- Recover partitions, INFO records, and deleted, wiped, and hidden files
- Acquire, authenticate, and analyze evidence from Windows, UNIX, and Macintosh systems using the latest hardware and software tools
- Use forensic tools to uncover obscured code, file mismatches, and invalid signatures
- Extract client and Web-based email artifacts using Email Examiner, EnCase, Forensic Toolkit, and open source tools
- Handle enterprise storage like RAIDs, SANs, NAS, and tape backup libraries
- Recover vital data from handheld devices such as PDAs and cell phones
Do you have questions, comments, or suggestions? Feel free to post a comment!
Source
0 comments:
Post a Comment