Authors: Syngress, Rain Forest Puppy, Muidge
ISBN-13: 9781928994701, ISBN-10: 1928994709
Format: Paperback
Publisher: Elsevier Science
Date Published: April 2002
Edition: 2ND
Ryan Russell (CCNA, CCNP) is the best-selling author of Hack Proofing Your Network: Internet Tradecraft and Hack Proofing Your ECommerce Web Site. He is an MIS manager at SecurityFocus.com, has served as an expert witness on security topics, and has done internal security investigation for a major software vendor. Ryan has been working in the IT field for over 11 years, the last 6 of which have been spent primarily in information security. He has been an active participant in various security mailing lists, such as BugTraq, for years. Ryan holds a Bachelors of Science degree in Computer Science.
This book teaches people how to be hackers, based on Ryan Russell's belief that the only way to stop a hacker is to think like one. Most of those who buy this book will do so because they want to protect their own systems and those of their employer. Important terms like "smashing the stack," "blind spoofing," "building a backward bridge," "steganography," and "buffer overflow," are explained, along with why readers need to worry about them. This updated edition also shows how to protect servers from attacks by using a five-step approach: Planning, Network/Machine Recon, Research/Develop, Execute Attack and Achieve Goal, and Cleanup.
This attack-oriented (rather than defense-oriented) guide is intended to teach skills for breaking into computer systems. Readers can use these skills for security testing, consumer advocacy and civil rights purposes, and military and political reasons. The book begins with a discussion of the current climate in regards to hacking, reverse engineering, copy protection, and the law, then describes types of attacks and various methods for discovering security problems. The bulk of the book gives instructions for breaking encoding schemes, writing machine language, and monitoring network communications for hacking purposes. Individual chapters are rated for beginning, intermediate, and advanced hackers. A companion Web site contains code, files, applications, and links to applications. This second edition offers new material on hardware hacking, tunneling, evasion of intrusion detection systems, and format string attacks. Ahmad works for a provider of security intelligence services. Annotation c. Book News, Inc., Portland, OR (booknews.com)
Foreword v 1.5 | xxix | |
Foreword v 1.0 | xxxiii | |
Chapter 1 | How To Hack | 1 |
Chapter 2 | The Laws of Security | 11 |
Chapter 3 | Classes of Attack | 45 |
Chapter 4 | Methodology | 99 |
Chapter 5 | Diffing | 131 |
Chapter 6 | Cryptography | 165 |
Chapter 7 | Unexpected Input | 205 |
Chapter 8 | Buffer Overflow | 243 |
Chapter 9 | Format Strings | 319 |
Chapter 10 | Sniffing | 361 |
Chapter 11 | Session Hijacking | 407 |
Chapter 12 | Spoofing: Attacks on Trusted Identity | 443 |
Chapter 13 | Tunneling | 527 |
Chapter 14 | Hardware Hacking | 609 |
Chapter 15 | Viruses, Trojan Horses, and Worms | 655 |
Chapter 16 | IDS Evasion | 689 |
Chapter 17 | Automated Security Review and Attack Tools | 719 |
Chapter 18 | Reporting Security Problems | 749 |
Index | 767 |