Security Power Tools - Helion

ebook

Autor: Bryan Burns, Dave Killion, Nicolas Beauchesne
ISBN: 978-05-965-5481-1
stron: 860, Format: ebook
Data wydania: 2007-08-27
Księgarnia: Helion

Cena książki: 169,15 zł (poprzednio: 196,69 zł)
Oszczędzasz: 14% (-27,54 zł)

Osoby, które kupiły tę książkę, wybierały także »

Tagi: Bezpieczeństwo sieci | Bezpieczeństwo systemów | Bezpieczeństwo WWW | Inne

What if you could sit down with some of the most talented security engineers in the world and ask any network security question you wanted? Security Power Tools lets you do exactly that! Members of Juniper Networks' Security Engineering team and a few guest experts reveal how to use, tweak, and push the most popular network security applications, utilities, and tools available using Windows, Linux, Mac OS X, and Unix platforms.

Designed to be browsed, Security Power Tools offers you multiple approaches to network security via 23 cross-referenced chapters that review the best security tools on the planet for both black hat techniques and white hat defense tactics. It's a must-have reference for network administrators, engineers and consultants with tips, tricks, and how-to advice for an assortment of freeware and commercial tools, ranging from intermediate level command-line operations to advanced programming of self-hiding exploits.

Security Power Tools details best practices for:

Reconnaissance -- including tools for network scanning such as nmap; vulnerability scanning tools for Windows and Linux; LAN reconnaissance; tools to help with wireless reconnaissance; and custom packet generation
Penetration -- such as the Metasploit framework for automated penetration of remote computers; tools to find wireless networks; exploitation framework applications; and tricks and tools to manipulate shellcodes
Control -- including the configuration of several tools for use as backdoors; and a review of known rootkits for Windows and Linux
Defense -- including host-based firewalls; host hardening for Windows and Linux networks; communication security with ssh; email security and anti-malware; and device security testing
Monitoring -- such as tools to capture, and analyze packets; network monitoring with Honeyd and snort; and host monitoring of production servers for file changes
Discovery -- including The Forensic Toolkit, SysInternals and other popular forensic tools; application fuzzer and fuzzing techniques; and the art of binary reverse engineering using tools like Interactive Disassembler and Ollydbg

A practical and timely network security ethics chapter written by a Stanford University professor of law completes the suite of topics and makes this book a goldmine of security information. Save yourself a ton of headaches and be prepared for any network security dilemma with Security Power Tools.

Osoby które kupowały "Security Power Tools", wybierały także:

Profesjonalne testy penetracyjne. Zbuduj własne środowisko do testów 67,42 zł, (20,90 zł -69%)
Windows Server 2003. Bezpieczeństwo sieci 74,69 zł, (23,90 zł -68%)
Spring Security. Kurs video. Metody zabezpieczania aplikacji webowych 69,00 zł, (31,05 zł -55%)
Bezpieczeństwo systemów informatycznych. Zasady i praktyka. Wydanie IV. Tom 2 99,00 zł, (49,50 zł -50%)
Hartowanie Linuksa we wrogich środowiskach sieciowych. Ochrona serwera od TLS po Tor 59,00 zł, (29,50 zł -50%)

Spis treści

Security Power Tools eBook -- spis treści

Security Power Tools
- SPECIAL OFFER: Upgrade this ebook with OReilly
- Foreword
- Credits
  - About the Author
- Preface
  - Audience
  - Assumptions This Book Makes
  - Contents of This Book
    - Legal and Ethics
    - Reconnaissance
    - Penetration
    - Control
    - Defense
    - Monitoring
    - Discovery
  - Conventions Used in This Book
  - Using Code Examples
  - Wed Like to Hear from You
  - Safari Books Online
  - Acknowledgments
- I. Legal and Ethics
  - 1. Legal and Ethics Issues
    - Core Issues
      - Be Able to Identify These Legal Topics
    - Computer Trespass Laws: No "Hacking" Allowed
      - What Does It Mean to Access or Use a Computer?
      - What Is Adequate Authorization to Access a Computer?
      - Common Law Computer Trespass
      - Case Study: Active Defense
      - Law and Ethics: Protecting Yourself from Computer Trespass Claims
    - Reverse Engineering
      - Copyright Law and Reverse Engineering
        
        What to do to protect yourself with fair use
      - Reverse Engineering, Contracts, and Trade Secret Law
        
        What to do to protect yourself
      - Reverse Engineering and Anti-Circumvention Rules
        
        What to do to protect yourself when working in DMCA
    - Vulnerability Reporting
      - What to do to protect yourself when reporting vulnerabilities
    - What to Do from Now On
- II. Reconnaissance
  - 2. Network Scanning
    - How Scanners Work
      - TCP Scanning
      - UDP Scanning
    - Superuser Privileges
    - Three Network Scanners to Consider
    - Host Discovery
      - Dealing with Blocked Pings
      - Choosing the Right Ports
      - Combining Multiple Host Scan Techniques
    - Port Scanning
      - Default Port Ranges
    - Specifying Custom Ports
      - Nmap
      - Unicornscan
      - Scanrand
    - Specifying Targets to Scan
    - Different Scan Types
      - UDP Scan Types
      - TCP Scan Types
      - Special TCP Scan Types in Nmap
      - An Example of Using Multiple Scan Types
    - Tuning the Scan Speed
      - Nmap
      - Unicornscan
      - Scanrand
    - Application Fingerprinting
    - Operating System Detection
    - Saving Nmap Output
    - Resuming Nmap Scans
    - Avoiding Detection
      - Idle Scans
      - Decoys
    - Conclusion
  - 3. Vulnerability Scanning
    - Nessus
      - License
      - Architecture
      - Tenable Security Center
      - Windows Configuration
      - Linux Configuration
      - Local Vulnerabilities
      - Network Scan
      - Scan Results
      - Policy Configuration
      - Plug-ins
      - Plug-in Code Example
      - Linux Command Line
      - Windows Command Line
    - Nikto
      - Types of Vulnerabilities
      - Command Line
      - Evasion Techniques
    - WebInspect
      - Purpose
      - WebInspect Scan
      - Policy Tuning
      - Settings Tuning
      - Report Analysis
      - False Positives Analysis
      - WebInspect Tools
      - Assessment Management Platform (AMP)
  - 4. LAN Reconnaissance
    - Mapping the LAN
    - Using ettercap and arpspoof on a Switched Network
      - Running ettercap
      - Running arpspoof from the dsniff suite
    - Dealing with Static ARP Tables
      - Using macof to Stupefy a Switch
      - Super-Stealthy Sniffing
    - Getting Information from the LAN
      - Logging Packet Data
      - Filtering Incoming Packets
      - Fingerprinting LAN Hosts
      - Sniffing Plain-Text Passwords
      - Shadow Browsing
    - Manipulating Packet Data
  - 5. Wireless Reconnaissance
    - Get the Right Wardriving Gear
    - 802.11 Network Basics
    - 802.11 Frames
    - How Wireless Discovery Tools Work
    - Netstumbler
    - Kismet at a Glance
    - Using Kismet
    - Sorting the Kismet Network List
    - Using Network Groups with Kismet
    - Using Kismet to Find Networks by Probe Requests
    - Kismet GPS Support Using gpsd
      - Generating Maps
      - Kismet Location Tracking
    - Looking Closer at Traffic with Kismet
    - Capturing Packets and Decrypting Traffic with Kismet
    - Wireshark at a Glance
      - Enabling rfmon Mode
        
        Linux
        
        OpenBSD, NetBSD, and FreeBSD
        
        Mac OS X
        
        Windows
    - Using Wireshark
    - AirDefense Mobile
    - AirMagnet Analyzers
    - Other Wardriving Tools
      - Airopeek
      - KisMac
  - 6. Custom Packet Generation
    - Why Create Custom Packets?
      - Custom Packet Example: Ping of Death
      - Hping
      - Getting Started with Hping2
      - Hping2's Limitations
    - Scapy
      - Decode, Do Not Interpret
      - Probe Once, Interpret Many Times
      - Scapy's Limitations
      - Working with Scapy
      - Creating and Manipulating Packets with Scapy
      - Navigating Between Layers
      - Scapy Tips and Shortcuts
        
        Looking only at the custom data in a packet
        
        Viewing computed data in a packet
        
        Decoding the packet payload differently
        
        Sprintf shortcut for creating custom packets
        
        Operations on packet lists
        
        Producing a simple diagram of packet flow
        
        Sending and interacting with Scapy
        
        Super-sockets
      - Building Custom Tools with Scapy
      - Studying a New Protocol
      - Writing Add-Ons
        
        Examples of creating Scapy add-ons
      - Test Campaigns
    - Packet-Crafting Examples with Scapy
      - ARP Cache Poisoning
      - Tracerouting: A Step-by-Step Example
      - Traceroute and NAT
      - Firewalking
      - Sliced Network Scan
      - Fuzzing
    - Packet Mangling with Netfilter
      - Transparent Proxying
      - QUEUE and NFQUEUE
    - References
- III. Penetration
  - 7. Metasploit
    - Metasploit Interfaces
      - The Metasploit Console
      - The Metasploit Command-Line Interface
      - The Metasploit Web Interface
    - Updating Metasploit
    - Choosing an Exploit
    - Choosing a Payload
      - Metasploit Payloads
      - Choosing a Payload Variant
    - Setting Options
      - Hidden Options
    - Running an Exploit
      - Debugging Exploitation
    - Managing Sessions and Jobs
      - Sessions
      - Jobs
    - The Meterpreter
      - Some Useful Meterpreter Commands
      - Meterpreter Session Example
    - Security Device Evasion
    - Sample Evasion Output
    - Evasion Using NOPs and Encoders
      - NOP Generators
      - Payload Encoders
    - In Conclusion
  - 8. Wireless Penetration
    - WEP and WPA Encryption
    - Aircrack
    - Installing Aircrack-ng
      - Windows Installation
      - Linux Installation
    - Running Aircrack-ng
    - Airpwn
    - Basic Airpwn Usage
      - Command-Line Options
    - Airpwn Configuration Files
    - Using Airpwn on WEP-Encrypted Networks
    - Scripting with Airpwn
    - Karma
      - Installing Karma
      - Scanning for Victims
      - Basic Configuration
      - Proxy Network Traffic
    - Conclusion
  - 9. Exploitation Framework Applications
    - Task Overview
      - Other Framework Advantages
    - Core Impact Overview
      - Running Core Impact Behind a NAT
      - Automatic Network Penetration with Core Impact
    - Network Reconnaissance with Core Impact
      - Importing Module Information with Core Impact
    - Core Impact Exploit Search Engine
    - Running an Exploit
      - Bypassing Core Impact's Exploit Version Restrictions
    - Running Macros
      - The Local Side
      - Using the Mini-Shell
    - Bouncing Off an Installed Agent
    - Enabling an Agent to Survive a Reboot
    - Mass Scale Exploitation
    - Writing Modules for Core Impact
    - The Canvas Exploit Framework
      - The Covertness Bar
    - Porting Exploits Within Canvas
    - Using Canvas from the Command Line
    - Digging Deeper with Canvas
    - Advanced Exploitation with MOSDEF
    - Writing Exploits for Canvas
    - Exploiting Alternative Tools
  - 10. Custom Exploitation
    - Understanding Vulnerabilities
      - Performing a Simple Exploit
    - Analyzing Shellcode
      - Disassemblers
      - The libopcode Disassembling Library
      - The libdisasm Disassembling Library
    - Testing Shellcode
      - Inclusion into a C File
      - A Shellcode Loader
      - Debugging Shellcode
    - Creating Shellcode
      - nasm
      - GNU Compiler Collection
        
        Quick glance at the binary-building internals
        
        Building shellcode from assembly language
        
        Building shellcode in C
      - The SFlib Library
        
        What SFLib looks like
        
        Using SFLib
      - ShellForge
        
        Getting started
        
        Cross-platform generation
        
        Loaders
        
        Inline shellcoding
      - InlineEgg
      - Metasploit Framework's msfpayload
    - Disguising Shellcode
      - alpha2
      - Metasploit Framework's msfencoder
    - Execution Flow Hijacking
      - Metasploit Framework's msfelfscan and msfpescan
      - EEREAP
      - Code Injection
    - References
- IV. Control
  - 11. Backdoors
    - Choosing a Backdoor
    - VNC
    - Creating and Packaging a VNC Backdoor
      - Consolidating the Backdoor
      - Packaging VNC As a Backdoor
    - Connecting to and Removing the VNC Backdoor
      - Removing the Backdoor
    - Back Orifice 2000
    - Configuring a BO2k Server
      - Setting Variables
      - Minimum Configuration
        
        IO plug-in
        
        Encryption plug-in
        
        Authentication plug-in
        
        Control plug-ins
    - Configuring a BO2k Client
    - Adding New Servers to the BO2k Workspace
    - Using the BO2k Backdoor
    - BO2k Powertools
      - Server Setup
      - Client Setup
        
        The BO Tools Connect To window
        
        Using the File Browser
        
        Using the Registry Editor
      - A Sneak Peek at the Backdoor's Desktop with BO Peep
        
        BO Peep installation and configuration
        
        The VidStream listener
        
        The VidStream client
        
        The Hijack listener
        
        The Hijack client
    - Encryption for BO2k Communications
    - Concealing the BO2k Protocol
    - Removing BO2k
    - A Few Unix Backdoors
      - A Simple Unix Backdoor
      - Netcat
      - A Simple Netcat Backdoor
        
        Crontab and Netcat
      - Lots of Options
  - 12. Rootkits
    - Windows Rootkit: Hacker Defender
      - Configuring hxdef
        
        Making hxdef harder to detect
      - Connecting to Hacker Defender's Backdoor
        
        Install/uninstall/reconfigure hxdef
        
        Uninstalling a process you cannot see
    - Linux Rootkit: Adore-ng
      - Installing Adore
      - Using Adore
    - Detecting Rootkits Techniques
      - Signature Scanner
      - Inspecting Dangerous Calls
      - Differentiating Call Results
      - Looking for Hooks
      - System Integrity
    - Windows Rootkit Detectors
      - Rootkit Revealer
      - IceSword
        
        Functionalities of IceSword
        
        Finding a rootkit and killing it
        
        Removing the rootkit with IceSword
    - Linux Rootkit Detectors
      - Kstat
        
        Interface lookup
        
        Listing processes
        
        Investigating individual processes
        
        Examining the syscall table
      - Zeppoo
      - Chkrootkit
        
        Detecting new rootkits
        
        Using safe binaries
        
        In the cron
    - Cleaning an Infected System
    - The Future of Rootkits
- V. Defense
  - 13. Proactive Defense: Firewalls
    - Firewall Basics
      - Router/Network Address Translation Router
      - Endpoint/Host
      - Transparent/Bridge Firewall
      - The Tools
      - Securing Concepts
        
        Allowing limited inbound connections
        
        Tightening inbound connections by host
      - Further Investigation
    - Network Address Translation
      - Setting Up a Basic NAT Gateway
      - NAT with Inbound Service Mapping
    - Securing BSD Systems with ipfw/natd
      - Initial Setup
      - Inbound Connection Blocking with BSD ipfw/natd
      - Allowing Inbound Connections with BSD ipfw2/natd
      - Filtering Connections with BSD ipfw2/natd
      - BSD ipfw2/natd NAT Gateway
      - Inbound Service Mapping with BSD ipfw2/natd
    - Securing GNU/Linux Systems with netfilter/iptables
      - Initial Setup
      - Inbound Connection Blocking with Netfilter
      - Filtering Connections with Netfilter
      - Allowing Inbound Connections with Netfilter
      - Netfilter NAT Gateway
      - Inbound Service Mapping with Netfilter
      - Internet-in-a-Box: All Traffic to One Destination Using Netfilter
    - Securing Windows Systems with Windows Firewall/Internet Connection Sharing
      - Initial Setup
      - Inbound Connection Blocking with Windows FW/ICS
      - Allowing Inbound Connections with Windows FW/ICS
      - Filtering Connections with Windows FW/ICS
      - A Windows FW/ICS NAT Gateway
      - Inbound Service Mapping with Windows FW/ICS
    - Verifying Your Coverage
  - 14. Host Hardening
    - Controlling Services
    - Turning Off What You Do Not Need
    - Limiting Access
      - sudo
      - sudowin
        
        Issues with sudowin
    - Limiting Damage
      - Mounting Volumes As noexec
      - Controlling the Linux Kernel Through /proc/sys
        
        /proc/sys/kernel/cap-bound
        
        /proc/sys/net
        
        /proc/sys/kernel/modprobe
    - Bastille Linux
    - SELinux
      - Enabling SELinux
      - Transparent Usage of SELinux
      - Tweaking SELinux's Policy
      - Local SELinux Policy Generation
      - Underlying SELinux Principle of Operations
    - Password Cracking
      - John the Ripper
      - Rainbow Cracking
    - Chrooting
    - Sandboxing with OS Virtualization
      - Cooperative Linux
      - KVM
      - OpenVZ: OS-Level Virtualization
      - Parallels
      - QEMU
      - UserMode Linux: Paravirtualization
      - VMWare
      - Xen: Paravirtulization
      - Virtualization Summary
  - 15. Securing Communications
    - The SSH-2 Protocol
      - The Transport Layer
      - The User Authentication Layer
      - The Connection Layer
    - SSH Configuration
      - Server Configuration
      - User Access Restriction
      - SSH Client Connection
      - Tune the Client's Configuration
    - SSH Authentication
    - SSH Shortcomings
      - SSH Man-in-the-Middle Attacks
      - Host Public Key Distribution with DNSSEC
      - User's Public Key Distribution
      - User's Key Operation Restrictions
    - SSH Troubleshooting
      - The Client Is Logged Out Just After Logging In
      - File Permissions
      - Restrictions to Users or Groups
    - Remote File Access with SSH
      - File Copy
      - FTP Through SSH
      - File Synchronization
      - Remote Filesystem
      - Source Code Transfer
    - SSH Advanced Use
      - Agent Forwarding
      - X and Port Forwarding
      - Escape Sequences
      - Perpetual Tunneling with autossh
      - Storing Your SSH Private Key on a USB Drive
    - Using SSH Under Windows
      - Cygwin
      - PuTTY
      - WinSCP
      - SecureCRT
    - File and Email Signing and Encryption
    - GPG
      - Theory of Operations
      - How to Obtain Public Keys
      - Web of Trust
      - In Practice
    - Create Your GPG Keys
      - Adding Subkeys
      - Different Keys for Different Addresses
      - Modify Your Web of Trust Model
      - Import of Public Keys
      - Revoke a Key
    - Encryption and Signature with GPG
      - File Signature
      - Email Encryption and Signature
    - PGP Versus GPG Compatibility
    - Encryption and Signature with S/MIME
      - X.509 Certificate
      - S/MIME
      - Certificate Authority
      - S/MIME Versus GPG/PGP
    - Stunnel
      - SSL Versus TLS
      - Create an X.509 Certificate
      - Client Encryption
      - Server Encryption
      - Client and Server Encryption
      - Transparent Proxy
    - Disk Encryption
    - Windows Filesystem Encryption with PGP Disk
    - Linux Filesystem Encryption with LUKS
      - Comparing dm-crypt to cryptoloop and loop-AES
    - Conclusion
  - 16. Email Security and Anti-Spam
    - Norton Antivirus
      - Installation Test
      - Configuration Tuning
        
        Failed tests
        
        Updates
    - The ClamAV Project
    - ClamWin
      - Configuration
    - Freshclam
      - How to Run Freshclam
      - Examples of Commands for Freshclam
    - Clamscan
    - clamd and clamdscan
      - On-Access Scanning
      - Clamd As a Network Server
      - Clamd Commands
      - Test clamscan and clamdscan/clamd
      - clamscan or clamdscan?
    - ClamAV Virus Signatures
      - MD5 Signatures
      - Hexadecimal Signatures
      - Advanced Hexadecimal Signatures
      - HTML Signatures
    - Procmail
      - Mail Delivery Chain
    - Basic Procmail Rules
      - Examples
    - Advanced Procmail Rules
      - Scoring
    - ClamAV with Procmail
    - Unsolicited Email
    - Spam Filtering with Bayesian Filters
      - Spamprobe
      - Automate the Learning Phase
      - Maintenance
      - SpamProbe with Procmail
      - Inconvenient
    - SpamAssassin
      - Configuration Files
      - SpamAssassin Variables
      - Administrator Settings
    - SpamAssassin Rules
      - Meta Tests
      - Score
      - Whitelist and Blacklist
      - Language
      - Bayesian Filter
    - Plug-ins for SpamAssassin
      - Collaborative Plug-ins
      - SpamAssassin Network Tests
    - SpamAssassin with Procmail
      - SpamAssassin As a Daemon or Server
      - ClamAV, SpamProbe, and SpamAssassin with Procmail
    - Anti-Phishing Tools
      - Email Filtering
      - Toolbar for Web Browsers
    - Conclusion
  - 17. Device Security Testing
    - Replay Traffic with Tcpreplay
      - What and How to Test
      - tcpreplay
      - Rewrite Packets with Tcpreplay
        
        MAC address
        
        IP address
        
        TCP/UDP port
      - Tcpreplay with Two Interfaces
      - flowreplay
      - Tomahawk
    - Traffic IQ Pro
      - Setup
      - Replay Traffic Files
      - Attack Files
      - Standard Traffic Files
      - Scan
      - Import Custom Packet Captures
      - Packet Editing
      - Conclusion
    - ISIC Suite
      - Network Setup
      - esic
      - isic, icmpsic, tcpsic, udpsic, and multisic
      - Automation
    - Protos
- VI. Monitoring
  - 18. Network Capture
    - tcpdump
      - Basics
      - Berkeley Packet Filter (BPF)
      - Writing Packets to Disk
      - Advanced BPF Filtering
      - Advanced Dump Display
      - Using tcpdump to Extract Packets
    - Ethereal/Wireshark
      - Basics
      - Starting a Capture
        
        Capture
        
        Display Options
        
        Name Resolution
      - Loading a Previously Created Capture
      - Viewing a Capture
      - Basic Wireshark Display Filters
      - Advanced Wireshark Display Filters
      - Saving Select Packets to Disk
      - Packet Colorization
      - Overriding Default Protocol Decoders
      - TShark Techniques
      - Wireshark Statistics
      - Setting Useful Defaults
    - pcap Utilities: tcpflow and Netdude
      - tcpflow
        
        Basics
      - Netdude
        
        Basics
        
        Cleaning up a botched pcap file
        
        Editing packet payloads
    - Python/Scapy Script Fixes Checksums
      - Basics
    - Conclusion
  - 19. Network Monitoring
    - Snort
      - Different Snort Modes
      - Writing Signatures for Snort
      - Passive Network Mapping
      - Stealth Ethernet
      - Disabling a Rule
      - Changing the Default Port of a Service
      - Snort Preprocessor
      - Excluding Authorized Scans
      - Log Analysis
      - Updating Rules
      - Blocking Port Scan
      - From a NIDS to an ILDS
        
        Protocols that should be monitored
        
        Limitations of Snort as an ILDS
      - Monitoring Network Usage
    - Implementing Snort
      - NIDS
      - User Monitoring
      - ILDS
    - Honeypot Monitoring
      - The Value of a Honeypot
      - Using Honeyd to Emulate a Server
      - Using Honeyd to Emulate a Network
      - Using Honeyd As a Tar Pit
      - Implementing Honeyd
      - Writing New Scripts with Honeyd
      - Jail
      - HoneyView and Log Management
    - Gluing the Stuff Together
  - 20. Host Monitoring
    - Using File Integrity Checkers
    - File Integrity Hashing
    - The Do-It-Yourself Way with rpmverify
    - Comparing File Integrity Checkers
      - Afick
      - Aide
      - Integrit
      - Remote Filesystem Checker (RFC)
      - Samhain/Beltane
      - Open Source Tripwire
    - Prepping the Environment for Samhain and Tripwire
      - Samhain
      - Tripwire
    - Database Initialization with Samhain and Tripwire
      - Samhain
      - Tripwire
    - Securing the Baseline Storage with Samhain and Tripwire
      - Samhain
      - Tripwire
    - Running Filesystem Checks with Samhain and Tripwire
      - Samhain
      - Tripwire
    - Managing File Changes and Updating Storage Database with Samhain and Tripwire
      - Samhain
      - Tripwire
    - Recognizing Malicious Activity with Samhain and Tripwire
      - Tripwire
      - Samhain
    - Log Monitoring with Logwatch
    - Improving Logwatch's Filters
    - Host Monitoring in Large Environments with Prelude-IDS
      - Log Correlation
    - Conclusion
- VII. Discovery
  - 21. Forensics
    - Netstat
      - Finding a Linux Backdoor with Netstat
      - Finding a Windows Backdoor with Netstat
    - The Forensic ToolKit
      - Hfind.exe: Discover Hidden Files
      - Sfind.exe: Discover Files Hidden in Alternate Data Streams
      - FileStat.exe: Very Detailed Data on a Specific File
        
        The Security Descriptor
        
        File streams
        
        Timestamps
      - Working with Alternate Data Streams
    - Sysinternals
      - Autoruns: What Runs Without Your Help?
        
        Trimming down the list
      - RootkitRevealer: Rooting Out Rootkits
        
        RootkitRevealer from the console
      - Streams: Find and Delete Data Hidden in Streams the Sysinternals Way
      - TCPView: A Graphical Netstat
      - Process Explorer: Powerful Process Management
        
        Replacing the Task Manager with Process Explorer
        
        Run as...
      - Now What?
  - 22. Application Fuzzing
    - Which Fuzzer to Use
    - Different Types of Fuzzers for Different Tasks
      - Block-Based Fuzzers
      - Riot
      - Flipper
      - Inline Fault Injection
      - Setting Up a Network Fuzzer Test Bed
        
        The client
        
        The fuzzer
        
        The server/target
      - Gathering Information of the Target's Side
    - Writing a Fuzzer with Spike
    - The Spike API
      - Reversing a Protocol with Spike
    - File-Fuzzing Apps
      - PaiMei
      - FileFuzz
    - Fuzzing Web Applications
    - Configuring WebProxy
    - Automatic Fuzzing with WebInspect
    - Next-Generation Fuzzing
    - Fuzzing or Not Fuzzing
  - 23. Binary Reverse Engineering
    - Interactive Disassembler
      - Opening the Binary
        
        Special cases
      - Searching in IDA
        
        Searching for text strings
        
        Searching for immediate values
      - Defining Data Types
        
        Structures and unions
        
        An example
        
        Enumerations
      - Annotating the Code
        
        Setting comments
        
        Marking positions
        
        An example
      - Code Navigation
      - Tracking the Flow of Execution
        
        Cross-reference
        
        Flow charts
        
        Tracking function calls
      - Using Subview Windows
        
        Functions window
        
        Strings window
        
        Names window
        
        Imports and exports windows
      - Debugging with IDA
        
        Initial configuration
        
        Setting breakpoints and watchpoints
        
        Stepping through the program
        
        Examining data
        
        Tracing
        
        Taking a memory snapshot
        
        Remote debugging
        
        Configuring the client
        
        Configuring the remote host
      - Finding the Bugs
      - Making Scripts with IDC
        
        IDC Hello World
        
        Functions and variables
        
        Expressions and statements
        
        Interacting with the IDA database
        
        Adding graphical interfaces
        
        Faking global variables with arrays
        
        Making hotkeys
        
        Automating large tasks
      - Using IDA Plug-ins
    - Sysinternals
      - RegMon
      - FileMon
      - Setting Filters
    - OllyDbg
      - The Basics
        
        Setting breakpoints and watchpoints
        
        Stepping through the program
        
        Animated stepping
        
        Examining data
      - Navigating Through the Disassembly
        
        Using bookmarks
      - Editing Data
        
        Copying and pasting binary sections
        
        The patches window
        
        Undoing edits
        
        Saving your changes
      - Using OllyDbg with the FreeCiv Case Study
        
        Finding the location of interest
        
        Making our changes
        
        Running the hack
    - Other Tools
      - SoftICE
      - HT
- Index
- About the Authors
- Colophon
- SPECIAL OFFER: Upgrade this ebook with OReilly