Gray Hat Hacking The Ethical Hacker's Handbook, 4/e (Paperback)

Daniel Regalado, Shon Harris, Allen Harper, Chris Eagle, Jonathan Ness, Branko Spasojevic, Ryan Linn, Stephen Sims

買這商品的人也買了...

商品描述

Cutting-edge techniques for finding and fixing critical security flaws

Fortify your network and avert digital catastrophe with proven strategies from a team of security experts. Completely updated and featuring 12 new chapters, Gray Hat Hacking: The Ethical Hacker's Handbook, Fourth Edition explains the enemy’s current weapons, skills, and tactics and offers field-tested remedies, case studies, and ready-to-deploy testing labs. Find out how hackers gain access, overtake network devices, script and inject malicious code, and plunder Web applications and browsers. Android-based exploits, reverse engineering techniques, and cyber law are thoroughly covered in this state-of-the-art resource.

  • Build and launch spoofing exploits with Ettercap and Evilgrade
  • Induce error conditions and crash software using fuzzers
  • Hack Cisco routers, switches, and network hardware
  • Use advanced reverse engineering to exploit Windows and Linux software
  • Bypass Windows Access Control and memory protection schemes
  • Scan for flaws in Web applications using Fiddler and the x5 plugin
  • Learn the use-after-free technique used in recent zero days
  • Bypass Web authentication via MySQL type conversion and MD5 injection attacks
  • Inject your shellcode into a browser's memory using the latest Heap Spray techniques
  • Hijack Web browsers with Metasploit and the BeEF Injection Framework
  • Neutralize ransomware before it takes control of your desktop
  • Dissect Android malware with JEB and DAD decompilers
  • Find one-day vulnerabilities with binary diffing

 

商品描述(中文翻譯)

尋找和修復關鍵安全漏洞的尖端技術

從一個安全專家團隊中獲得的成熟策略,強化您的網絡並避免數字災難。全面更新並新增了12個章節,《Gray Hat Hacking: The Ethical Hacker's Handbook》第四版解釋了敵人目前的武器、技能和戰術,並提供了經過實踐驗證的解決方案、案例研究和可即時部署的測試實驗室。了解黑客如何獲取訪問權限、接管網絡設備、編寫並注入惡意代碼,以及掠奪網絡應用程序和瀏覽器。本書全面介紹了基於Android的攻擊、逆向工程技術和網絡法律。


  • 使用Ettercap和Evilgrade建立並發動欺騙攻擊

  • 使用fuzzers誘發錯誤條件並使軟件崩潰

  • 入侵Cisco路由器、交換機和網絡硬件

  • 使用高級逆向工程技術來利用Windows和Linux軟件

  • 繞過Windows存取控制和內存保護機制

  • 使用Fiddler和x5插件掃描Web應用程序中的漏洞

  • 學習最新的零日漏洞中使用的use-after-free技術

  • 通過MySQL類型轉換和MD5注入攻擊繞過Web身份驗證

  • 使用最新的Heap Spray技術將shellcode注入瀏覽器內存

  • 使用Metasploit和BeEF Injection Framework劫持Web瀏覽器

  • 在桌面被勒索軟件控制之前對其進行中和

  • 使用JEB和DAD反編譯器分析Android惡意軟件

  • 使用二進制差異分析尋找一日漏洞