Security Power Tools - Helion
ISBN: 978-05-965-5481-1
stron: 860, Format: ebook
Data wydania: 2007-08-27
Księgarnia: Helion
Cena książki: 177,65 zł (poprzednio: 216,65 zł)
Oszczędzasz: 18% (-39,00 zł)
What if you could sit down with some of the most talented security engineers in the world and ask any network security question you wanted? Security Power Tools lets you do exactly that! Members of Juniper Networks' Security Engineering team and a few guest experts reveal how to use, tweak, and push the most popular network security applications, utilities, and tools available using Windows, Linux, Mac OS X, and Unix platforms.
Designed to be browsed, Security Power Tools offers you multiple approaches to network security via 23 cross-referenced chapters that review the best security tools on the planet for both black hat techniques and white hat defense tactics. It's a must-have reference for network administrators, engineers and consultants with tips, tricks, and how-to advice for an assortment of freeware and commercial tools, ranging from intermediate level command-line operations to advanced programming of self-hiding exploits.
Security Power Tools details best practices for:
- Reconnaissance -- including tools for network scanning such as nmap; vulnerability scanning tools for Windows and Linux; LAN reconnaissance; tools to help with wireless reconnaissance; and custom packet generation
- Penetration -- such as the Metasploit framework for automated penetration of remote computers; tools to find wireless networks; exploitation framework applications; and tricks and tools to manipulate shellcodes
- Control -- including the configuration of several tools for use as backdoors; and a review of known rootkits for Windows and Linux
- Defense -- including host-based firewalls; host hardening for Windows and Linux networks; communication security with ssh; email security and anti-malware; and device security testing
- Monitoring -- such as tools to capture, and analyze packets; network monitoring with Honeyd and snort; and host monitoring of production servers for file changes
- Discovery -- including The Forensic Toolkit, SysInternals and other popular forensic tools; application fuzzer and fuzzing techniques; and the art of binary reverse engineering using tools like Interactive Disassembler and Ollydbg
Osoby które kupowały "Security Power Tools", wybierały także:
- Windows Server 2003. Bezpieczeństwo sieci 74,69 zł, (23,90 zł -68%)
- Spring Security. Kurs video. Metody zabezpieczania aplikacji webowych 69,00 zł, (31,05 zł -55%)
- Cyberbezpieczeństwo w bashu. Jak za pomocą wiersza poleceń prowadzić działania zaczepne i obronne 69,00 zł, (34,50 zł -50%)
- Informatyka w kryminalistyce. Praktyczny przewodnik. Wydanie II 149,00 zł, (74,50 zł -50%)
- Wojny w cyberprzestrzeni. Koncepcje, strategie i taktyki, dzięki którym przetrwasz i ocalisz swoją organizację 58,98 zł, (29,49 zł -50%)
Spis treści
Security Power Tools eBook -- spis treści
- Security Power Tools
- SPECIAL OFFER: Upgrade this ebook with OReilly
- Foreword
- Credits
- About the Author
- Preface
- Audience
- Assumptions This Book Makes
- Contents of This Book
- Legal and Ethics
- Reconnaissance
- Penetration
- Control
- Defense
- Monitoring
- Discovery
- Conventions Used in This Book
- Using Code Examples
- Wed Like to Hear from You
- Safari Books Online
- Acknowledgments
- I. Legal and Ethics
- 1. Legal and Ethics Issues
- Core Issues
- Be Able to Identify These Legal Topics
- Computer Trespass Laws: No "Hacking" Allowed
- What Does It Mean to Access or Use a Computer?
- What Is Adequate Authorization to Access a Computer?
- Common Law Computer Trespass
- Case Study: Active Defense
- Law and Ethics: Protecting Yourself from Computer Trespass Claims
- Reverse Engineering
- Copyright Law and Reverse Engineering
- What to do to protect yourself with fair use
- Reverse Engineering, Contracts, and Trade Secret Law
- What to do to protect yourself
- Reverse Engineering and Anti-Circumvention Rules
- What to do to protect yourself when working in DMCA
- Copyright Law and Reverse Engineering
- Vulnerability Reporting
- What to do to protect yourself when reporting vulnerabilities
- What to Do from Now On
- Core Issues
- 1. Legal and Ethics Issues
- II. Reconnaissance
- 2. Network Scanning
- How Scanners Work
- TCP Scanning
- UDP Scanning
- Superuser Privileges
- Three Network Scanners to Consider
- Host Discovery
- Dealing with Blocked Pings
- Choosing the Right Ports
- Combining Multiple Host Scan Techniques
- Port Scanning
- Default Port Ranges
- Specifying Custom Ports
- Nmap
- Unicornscan
- Scanrand
- Specifying Targets to Scan
- Different Scan Types
- UDP Scan Types
- TCP Scan Types
- Special TCP Scan Types in Nmap
- An Example of Using Multiple Scan Types
- Tuning the Scan Speed
- Nmap
- Unicornscan
- Scanrand
- Application Fingerprinting
- Operating System Detection
- Saving Nmap Output
- Resuming Nmap Scans
- Avoiding Detection
- Idle Scans
- Decoys
- Conclusion
- How Scanners Work
- 3. Vulnerability Scanning
- Nessus
- License
- Architecture
- Tenable Security Center
- Windows Configuration
- Linux Configuration
- Local Vulnerabilities
- Network Scan
- Scan Results
- Policy Configuration
- Plug-ins
- Plug-in Code Example
- Linux Command Line
- Windows Command Line
- Nikto
- Types of Vulnerabilities
- Command Line
- Evasion Techniques
- WebInspect
- Purpose
- WebInspect Scan
- Policy Tuning
- Settings Tuning
- Report Analysis
- False Positives Analysis
- WebInspect Tools
- Assessment Management Platform (AMP)
- Nessus
- 4. LAN Reconnaissance
- Mapping the LAN
- Using ettercap and arpspoof on a Switched Network
- Running ettercap
- Running arpspoof from the dsniff suite
- Dealing with Static ARP Tables
- Using macof to Stupefy a Switch
- Super-Stealthy Sniffing
- Getting Information from the LAN
- Logging Packet Data
- Filtering Incoming Packets
- Fingerprinting LAN Hosts
- Sniffing Plain-Text Passwords
- Shadow Browsing
- Manipulating Packet Data
- 5. Wireless Reconnaissance
- Get the Right Wardriving Gear
- 802.11 Network Basics
- 802.11 Frames
- How Wireless Discovery Tools Work
- Netstumbler
- Kismet at a Glance
- Using Kismet
- Sorting the Kismet Network List
- Using Network Groups with Kismet
- Using Kismet to Find Networks by Probe Requests
- Kismet GPS Support Using gpsd
- Generating Maps
- Kismet Location Tracking
- Looking Closer at Traffic with Kismet
- Capturing Packets and Decrypting Traffic with Kismet
- Wireshark at a Glance
- Enabling rfmon Mode
- Linux
- OpenBSD, NetBSD, and FreeBSD
- Mac OS X
- Windows
- Enabling rfmon Mode
- Using Wireshark
- AirDefense Mobile
- AirMagnet Analyzers
- Other Wardriving Tools
- Airopeek
- KisMac
- 6. Custom Packet Generation
- Why Create Custom Packets?
- Custom Packet Example: Ping of Death
- Hping
- Getting Started with Hping2
- Hping2's Limitations
- Scapy
- Decode, Do Not Interpret
- Probe Once, Interpret Many Times
- Scapy's Limitations
- Working with Scapy
- Creating and Manipulating Packets with Scapy
- Navigating Between Layers
- Scapy Tips and Shortcuts
- Looking only at the custom data in a packet
- Viewing computed data in a packet
- Decoding the packet payload differently
- Sprintf shortcut for creating custom packets
- Operations on packet lists
- Producing a simple diagram of packet flow
- Sending and interacting with Scapy
- Super-sockets
- Building Custom Tools with Scapy
- Studying a New Protocol
- Writing Add-Ons
- Examples of creating Scapy add-ons
- Test Campaigns
- Packet-Crafting Examples with Scapy
- ARP Cache Poisoning
- Tracerouting: A Step-by-Step Example
- Traceroute and NAT
- Firewalking
- Sliced Network Scan
- Fuzzing
- Packet Mangling with Netfilter
- Transparent Proxying
- QUEUE and NFQUEUE
- References
- Why Create Custom Packets?
- 2. Network Scanning
- III. Penetration
- 7. Metasploit
- Metasploit Interfaces
- The Metasploit Console
- The Metasploit Command-Line Interface
- The Metasploit Web Interface
- Updating Metasploit
- Choosing an Exploit
- Choosing a Payload
- Metasploit Payloads
- Choosing a Payload Variant
- Setting Options
- Hidden Options
- Running an Exploit
- Debugging Exploitation
- Managing Sessions and Jobs
- Sessions
- Jobs
- The Meterpreter
- Some Useful Meterpreter Commands
- Meterpreter Session Example
- Security Device Evasion
- Sample Evasion Output
- Evasion Using NOPs and Encoders
- NOP Generators
- Payload Encoders
- In Conclusion
- Metasploit Interfaces
- 8. Wireless Penetration
- WEP and WPA Encryption
- Aircrack
- Installing Aircrack-ng
- Windows Installation
- Linux Installation
- Running Aircrack-ng
- Airpwn
- Basic Airpwn Usage
- Command-Line Options
- Airpwn Configuration Files
- Using Airpwn on WEP-Encrypted Networks
- Scripting with Airpwn
- Karma
- Installing Karma
- Scanning for Victims
- Basic Configuration
- Proxy Network Traffic
- Conclusion
- 9. Exploitation Framework Applications
- Task Overview
- Other Framework Advantages
- Core Impact Overview
- Running Core Impact Behind a NAT
- Automatic Network Penetration with Core Impact
- Network Reconnaissance with Core Impact
- Importing Module Information with Core Impact
- Core Impact Exploit Search Engine
- Running an Exploit
- Bypassing Core Impact's Exploit Version Restrictions
- Running Macros
- The Local Side
- Using the Mini-Shell
- Bouncing Off an Installed Agent
- Enabling an Agent to Survive a Reboot
- Mass Scale Exploitation
- Writing Modules for Core Impact
- The Canvas Exploit Framework
- The Covertness Bar
- Porting Exploits Within Canvas
- Using Canvas from the Command Line
- Digging Deeper with Canvas
- Advanced Exploitation with MOSDEF
- Writing Exploits for Canvas
- Exploiting Alternative Tools
- Task Overview
- 10. Custom Exploitation
- Understanding Vulnerabilities
- Performing a Simple Exploit
- Analyzing Shellcode
- Disassemblers
- The libopcode Disassembling Library
- The libdisasm Disassembling Library
- Testing Shellcode
- Inclusion into a C File
- A Shellcode Loader
- Debugging Shellcode
- Creating Shellcode
- nasm
- GNU Compiler Collection
- Quick glance at the binary-building internals
- Building shellcode from assembly language
- Building shellcode in C
- The SFlib Library
- What SFLib looks like
- Using SFLib
- ShellForge
- Getting started
- Cross-platform generation
- Loaders
- Inline shellcoding
- InlineEgg
- Metasploit Framework's msfpayload
- Disguising Shellcode
- alpha2
- Metasploit Framework's msfencoder
- Execution Flow Hijacking
- Metasploit Framework's msfelfscan and msfpescan
- EEREAP
- Code Injection
- References
- Understanding Vulnerabilities
- 7. Metasploit
- IV. Control
- 11. Backdoors
- Choosing a Backdoor
- VNC
- Creating and Packaging a VNC Backdoor
- Consolidating the Backdoor
- Packaging VNC As a Backdoor
- Connecting to and Removing the VNC Backdoor
- Removing the Backdoor
- Back Orifice 2000
- Configuring a BO2k Server
- Setting Variables
- Minimum Configuration
- IO plug-in
- Encryption plug-in
- Authentication plug-in
- Control plug-ins
- Configuring a BO2k Client
- Adding New Servers to the BO2k Workspace
- Using the BO2k Backdoor
- BO2k Powertools
- Server Setup
- Client Setup
- The BO Tools Connect To window
- Using the File Browser
- Using the Registry Editor
- A Sneak Peek at the Backdoor's Desktop with BO Peep
- BO Peep installation and configuration
- The VidStream listener
- The VidStream client
- The Hijack listener
- The Hijack client
- Encryption for BO2k Communications
- Concealing the BO2k Protocol
- Removing BO2k
- A Few Unix Backdoors
- A Simple Unix Backdoor
- Netcat
- A Simple Netcat Backdoor
- Crontab and Netcat
- Lots of Options
- 12. Rootkits
- Windows Rootkit: Hacker Defender
- Configuring hxdef
- Making hxdef harder to detect
- Connecting to Hacker Defender's Backdoor
- Install/uninstall/reconfigure hxdef
- Uninstalling a process you cannot see
- Configuring hxdef
- Linux Rootkit: Adore-ng
- Installing Adore
- Using Adore
- Detecting Rootkits Techniques
- Signature Scanner
- Inspecting Dangerous Calls
- Differentiating Call Results
- Looking for Hooks
- System Integrity
- Windows Rootkit Detectors
- Rootkit Revealer
- IceSword
- Functionalities of IceSword
- Finding a rootkit and killing it
- Removing the rootkit with IceSword
- Linux Rootkit Detectors
- Kstat
- Interface lookup
- Listing processes
- Investigating individual processes
- Examining the syscall table
- Zeppoo
- Chkrootkit
- Detecting new rootkits
- Using safe binaries
- In the cron
- Kstat
- Cleaning an Infected System
- The Future of Rootkits
- Windows Rootkit: Hacker Defender
- 11. Backdoors
- V. Defense
- 13. Proactive Defense: Firewalls
- Firewall Basics
- Router/Network Address Translation Router
- Endpoint/Host
- Transparent/Bridge Firewall
- The Tools
- Securing Concepts
- Allowing limited inbound connections
- Tightening inbound connections by host
- Further Investigation
- Network Address Translation
- Setting Up a Basic NAT Gateway
- NAT with Inbound Service Mapping
- Securing BSD Systems with ipfw/natd
- Initial Setup
- Inbound Connection Blocking with BSD ipfw/natd
- Allowing Inbound Connections with BSD ipfw2/natd
- Filtering Connections with BSD ipfw2/natd
- BSD ipfw2/natd NAT Gateway
- Inbound Service Mapping with BSD ipfw2/natd
- Securing GNU/Linux Systems with netfilter/iptables
- Initial Setup
- Inbound Connection Blocking with Netfilter
- Filtering Connections with Netfilter
- Allowing Inbound Connections with Netfilter
- Netfilter NAT Gateway
- Inbound Service Mapping with Netfilter
- Internet-in-a-Box: All Traffic to One Destination Using Netfilter
- Securing Windows Systems with Windows Firewall/Internet Connection Sharing
- Initial Setup
- Inbound Connection Blocking with Windows FW/ICS
- Allowing Inbound Connections with Windows FW/ICS
- Filtering Connections with Windows FW/ICS
- A Windows FW/ICS NAT Gateway
- Inbound Service Mapping with Windows FW/ICS
- Verifying Your Coverage
- Firewall Basics
- 14. Host Hardening
- Controlling Services
- Turning Off What You Do Not Need
- Limiting Access
- sudo
- sudowin
- Issues with sudowin
- Limiting Damage
- Mounting Volumes As noexec
- Controlling the Linux Kernel Through /proc/sys
- /proc/sys/kernel/cap-bound
- /proc/sys/net
- /proc/sys/kernel/modprobe
- Bastille Linux
- SELinux
- Enabling SELinux
- Transparent Usage of SELinux
- Tweaking SELinux's Policy
- Local SELinux Policy Generation
- Underlying SELinux Principle of Operations
- Password Cracking
- John the Ripper
- Rainbow Cracking
- Chrooting
- Sandboxing with OS Virtualization
- Cooperative Linux
- KVM
- OpenVZ: OS-Level Virtualization
- Parallels
- QEMU
- UserMode Linux: Paravirtualization
- VMWare
- Xen: Paravirtulization
- Virtualization Summary
- 15. Securing Communications
- The SSH-2 Protocol
- The Transport Layer
- The User Authentication Layer
- The Connection Layer
- SSH Configuration
- Server Configuration
- User Access Restriction
- SSH Client Connection
- Tune the Client's Configuration
- SSH Authentication
- SSH Shortcomings
- SSH Man-in-the-Middle Attacks
- Host Public Key Distribution with DNSSEC
- User's Public Key Distribution
- User's Key Operation Restrictions
- SSH Troubleshooting
- The Client Is Logged Out Just After Logging In
- File Permissions
- Restrictions to Users or Groups
- Remote File Access with SSH
- File Copy
- FTP Through SSH
- File Synchronization
- Remote Filesystem
- Source Code Transfer
- SSH Advanced Use
- Agent Forwarding
- X and Port Forwarding
- Escape Sequences
- Perpetual Tunneling with autossh
- Storing Your SSH Private Key on a USB Drive
- Using SSH Under Windows
- Cygwin
- PuTTY
- WinSCP
- SecureCRT
- File and Email Signing and Encryption
- GPG
- Theory of Operations
- How to Obtain Public Keys
- Web of Trust
- In Practice
- Create Your GPG Keys
- Adding Subkeys
- Different Keys for Different Addresses
- Modify Your Web of Trust Model
- Import of Public Keys
- Revoke a Key
- Encryption and Signature with GPG
- File Signature
- Email Encryption and Signature
- PGP Versus GPG Compatibility
- Encryption and Signature with S/MIME
- X.509 Certificate
- S/MIME
- Certificate Authority
- S/MIME Versus GPG/PGP
- Stunnel
- SSL Versus TLS
- Create an X.509 Certificate
- Client Encryption
- Server Encryption
- Client and Server Encryption
- Transparent Proxy
- Disk Encryption
- Windows Filesystem Encryption with PGP Disk
- Linux Filesystem Encryption with LUKS
- Comparing dm-crypt to cryptoloop and loop-AES
- Conclusion
- The SSH-2 Protocol
- 16. Email Security and Anti-Spam
- Norton Antivirus
- Installation Test
- Configuration Tuning
- Failed tests
- Updates
- The ClamAV Project
- ClamWin
- Configuration
- Freshclam
- How to Run Freshclam
- Examples of Commands for Freshclam
- Clamscan
- clamd and clamdscan
- On-Access Scanning
- Clamd As a Network Server
- Clamd Commands
- Test clamscan and clamdscan/clamd
- clamscan or clamdscan?
- ClamAV Virus Signatures
- MD5 Signatures
- Hexadecimal Signatures
- Advanced Hexadecimal Signatures
- HTML Signatures
- Procmail
- Mail Delivery Chain
- Basic Procmail Rules
- Examples
- Advanced Procmail Rules
- Scoring
- ClamAV with Procmail
- Unsolicited Email
- Spam Filtering with Bayesian Filters
- Spamprobe
- Automate the Learning Phase
- Maintenance
- SpamProbe with Procmail
- Inconvenient
- SpamAssassin
- Configuration Files
- SpamAssassin Variables
- Administrator Settings
- SpamAssassin Rules
- Meta Tests
- Score
- Whitelist and Blacklist
- Language
- Bayesian Filter
- Plug-ins for SpamAssassin
- Collaborative Plug-ins
- SpamAssassin Network Tests
- SpamAssassin with Procmail
- SpamAssassin As a Daemon or Server
- ClamAV, SpamProbe, and SpamAssassin with Procmail
- Anti-Phishing Tools
- Email Filtering
- Toolbar for Web Browsers
- Conclusion
- Norton Antivirus
- 17. Device Security Testing
- Replay Traffic with Tcpreplay
- What and How to Test
- tcpreplay
- Rewrite Packets with Tcpreplay
- MAC address
- IP address
- TCP/UDP port
- Tcpreplay with Two Interfaces
- flowreplay
- Tomahawk
- Traffic IQ Pro
- Setup
- Replay Traffic Files
- Attack Files
- Standard Traffic Files
- Scan
- Import Custom Packet Captures
- Packet Editing
- Conclusion
- ISIC Suite
- Network Setup
- esic
- isic, icmpsic, tcpsic, udpsic, and multisic
- Automation
- Protos
- Replay Traffic with Tcpreplay
- 13. Proactive Defense: Firewalls
- VI. Monitoring
- 18. Network Capture
- tcpdump
- Basics
- Berkeley Packet Filter (BPF)
- Writing Packets to Disk
- Advanced BPF Filtering
- Advanced Dump Display
- Using tcpdump to Extract Packets
- Ethereal/Wireshark
- Basics
- Starting a Capture
- Capture
- Display Options
- Name Resolution
- Loading a Previously Created Capture
- Viewing a Capture
- Basic Wireshark Display Filters
- Advanced Wireshark Display Filters
- Saving Select Packets to Disk
- Packet Colorization
- Overriding Default Protocol Decoders
- TShark Techniques
- Wireshark Statistics
- Setting Useful Defaults
- pcap Utilities: tcpflow and Netdude
- tcpflow
- Basics
- Netdude
- Basics
- Cleaning up a botched pcap file
- Editing packet payloads
- tcpflow
- Python/Scapy Script Fixes Checksums
- Basics
- Conclusion
- tcpdump
- 19. Network Monitoring
- Snort
- Different Snort Modes
- Writing Signatures for Snort
- Passive Network Mapping
- Stealth Ethernet
- Disabling a Rule
- Changing the Default Port of a Service
- Snort Preprocessor
- Excluding Authorized Scans
- Log Analysis
- Updating Rules
- Blocking Port Scan
- From a NIDS to an ILDS
- Protocols that should be monitored
- Limitations of Snort as an ILDS
- Monitoring Network Usage
- Implementing Snort
- NIDS
- User Monitoring
- ILDS
- Honeypot Monitoring
- The Value of a Honeypot
- Using Honeyd to Emulate a Server
- Using Honeyd to Emulate a Network
- Using Honeyd As a Tar Pit
- Implementing Honeyd
- Writing New Scripts with Honeyd
- Jail
- HoneyView and Log Management
- Gluing the Stuff Together
- Snort
- 20. Host Monitoring
- Using File Integrity Checkers
- File Integrity Hashing
- The Do-It-Yourself Way with rpmverify
- Comparing File Integrity Checkers
- Afick
- Aide
- Integrit
- Remote Filesystem Checker (RFC)
- Samhain/Beltane
- Open Source Tripwire
- Prepping the Environment for Samhain and Tripwire
- Samhain
- Tripwire
- Database Initialization with Samhain and Tripwire
- Samhain
- Tripwire
- Securing the Baseline Storage with Samhain and Tripwire
- Samhain
- Tripwire
- Running Filesystem Checks with Samhain and Tripwire
- Samhain
- Tripwire
- Managing File Changes and Updating Storage Database with Samhain and Tripwire
- Samhain
- Tripwire
- Recognizing Malicious Activity with Samhain and Tripwire
- Tripwire
- Samhain
- Log Monitoring with Logwatch
- Improving Logwatch's Filters
- Host Monitoring in Large Environments with Prelude-IDS
- Log Correlation
- Conclusion
- 18. Network Capture
- VII. Discovery
- 21. Forensics
- Netstat
- Finding a Linux Backdoor with Netstat
- Finding a Windows Backdoor with Netstat
- The Forensic ToolKit
- Hfind.exe: Discover Hidden Files
- Sfind.exe: Discover Files Hidden in Alternate Data Streams
- FileStat.exe: Very Detailed Data on a Specific File
- The Security Descriptor
- File streams
- Timestamps
- Working with Alternate Data Streams
- Sysinternals
- Autoruns: What Runs Without Your Help?
- Trimming down the list
- RootkitRevealer: Rooting Out Rootkits
- RootkitRevealer from the console
- Streams: Find and Delete Data Hidden in Streams the Sysinternals Way
- TCPView: A Graphical Netstat
- Process Explorer: Powerful Process Management
- Replacing the Task Manager with Process Explorer
- Run as...
- Now What?
- Autoruns: What Runs Without Your Help?
- Netstat
- 22. Application Fuzzing
- Which Fuzzer to Use
- Different Types of Fuzzers for Different Tasks
- Block-Based Fuzzers
- Riot
- Flipper
- Inline Fault Injection
- Setting Up a Network Fuzzer Test Bed
- The client
- The fuzzer
- The server/target
- Gathering Information of the Target's Side
- Writing a Fuzzer with Spike
- The Spike API
- Reversing a Protocol with Spike
- File-Fuzzing Apps
- PaiMei
- FileFuzz
- Fuzzing Web Applications
- Configuring WebProxy
- Automatic Fuzzing with WebInspect
- Next-Generation Fuzzing
- Fuzzing or Not Fuzzing
- 23. Binary Reverse Engineering
- Interactive Disassembler
- Opening the Binary
- Special cases
- Searching in IDA
- Searching for text strings
- Searching for immediate values
- Defining Data Types
- Structures and unions
- An example
- Enumerations
- Structures and unions
- Annotating the Code
- Setting comments
- Marking positions
- An example
- Code Navigation
- Tracking the Flow of Execution
- Cross-reference
- Flow charts
- Tracking function calls
- Using Subview Windows
- Functions window
- Strings window
- Names window
- Imports and exports windows
- Debugging with IDA
- Initial configuration
- Setting breakpoints and watchpoints
- Stepping through the program
- Examining data
- Tracing
- Taking a memory snapshot
- Remote debugging
- Configuring the client
- Configuring the remote host
- Finding the Bugs
- Making Scripts with IDC
- IDC Hello World
- Functions and variables
- Expressions and statements
- Interacting with the IDA database
- Adding graphical interfaces
- Faking global variables with arrays
- Making hotkeys
- Automating large tasks
- Using IDA Plug-ins
- Opening the Binary
- Sysinternals
- RegMon
- FileMon
- Setting Filters
- OllyDbg
- The Basics
- Setting breakpoints and watchpoints
- Stepping through the program
- Animated stepping
- Examining data
- Navigating Through the Disassembly
- Using bookmarks
- Editing Data
- Copying and pasting binary sections
- The patches window
- Undoing edits
- Saving your changes
- Using OllyDbg with the FreeCiv Case Study
- Finding the location of interest
- Making our changes
- Running the hack
- The Basics
- Other Tools
- SoftICE
- HT
- Interactive Disassembler
- 21. Forensics
- Index
- About the Authors
- Colophon
- SPECIAL OFFER: Upgrade this ebook with OReilly