A bug hunter's diary : a guided tour through the wilds of software security /
Tobias Klein.
Bok Engelsk 2011 Tobias. Klein,· Electronic books.
| Originaltittel | [ Aus dem Tagebuch eines Bughunters. .] English
|
|---|---|
| Utgitt | San Francisco : : No Starch Press, , c2011.
|
| Omfang | 1 online resource (212 p.)
|
| Utgave | 1st edition
|
| Opplysninger | Description based upon print version of record.. - Index; Acknowledgments; Acknowledgments; Introduction; Introduction; The Goals of This Book; Who Should Read the Book; Disclaimer; Resources; 1; Bug Hunting; Bug Hunting; 1.1 For Fun and Profit; 1.2 Common Techniques; Index; 1.2.1 My Preferred Techniques; 1.2.2 Potentially Vulnerable Code Locations; 1.2.3 Fuzzing; 1.2.4 Further Reading; 1.3 Memory Errors; 1.4 Tools of the Trade; 1.4.1 Debugger; 1.4.2 Disassemblers; 1.5 EIP = 41414141; 1.6 Final Note; 2; Back to the '90s; Back to the '90s; 2.1 Vulnerability Discovery; Step 1: Generate a List of the Demuxers of VLC. - 4.3 Vulnerability Remediation4.4 Lessons Learned; 4.5 Addendum; Browse and You're Owned; Browse and You're Owned; 5.1 Vulnerability Discovery; Step 1: List the Registered WebEx Objects and Exported Methods; Step 2: Test the Exported Methods in the Browser; Step 3: Find the Object Methods in the Binary; Step 4: Find the User-Controlled Input Values; Step 5: Reverse Engineer the Object Methods; 5.2 Exploitation; 5.3 Vulnerability Remediation; 5.4 Lessons Learned; 5.5 Addendum; One Kernel to Rule Them All; One Kernel to Rule Them All; 6.1 Vulnerability Discovery. - Step 1: Prepare a VMware Guest for Kernel DebuggingStep 2: Generate a List of the Drivers and Device Objects Created by avast!; Step 3: Check the Device Security Settings; Step 4: List the IOCTLs; Step 5: Find the User-Controlled Input Values; Step 6: Reverse Engineer the IOCTL Handler; 6.2 Exploitation; 6.3 Vulnerability Remediation; 6.4 Lessons Learned; 6.5 Addendum; A Bug Older Than 4.4BSD; A Bug Older Than 4.4BSD; 7.1 Vulnerability Discovery; Step 1: List the IOCTLs of the Kernel; Step 2: Identify the Input Data; Step 3: Trace the Input Data; 7.2 Exploitation. - Step 1: Trigger the Bug to Crash the System (Denial of Service). - Step 1: Trigger the NULL Pointer Dereference for a Denial of ServiceStep 2: Use the Zero Page to Get Control over EIP/RIP; 3.3 Vulnerability Remediation; 3.4 Lessons Learned; 3.5 Addendum; NULL Pointer FTW; NULL Pointer FTW; 4.1 Vulnerability Discovery; Step 1: List the Demuxers of FFmpeg; Step 2: Identify the Input Data; Step 3: Trace the Input Data; 4.2 Exploitation; Step 1: Find a Sample 4X Movie File with a Valid strk Chunk; Step 2: Learn About the Layout of the strk Chunk; Step 3: Manipulate the strk Chunk to Crash FFmpeg; Step 4: Manipulate the strk Chunk to Gain Control over EIP. - Step 2: Identify the Input DataStep 3: Trace the Input Data; 2.2 Exploitation; Step 1: Find a Sample TiVo Movie File; Step 2: Find a Code Path to Reach the Vulnerable Code; Step 3: Manipulate the TiVo Movie File to Crash VLC; Step 4: Manipulate the TiVo Movie File to Gain Control of EIP; 2.3 Vulnerability Remediation; 2.4 Lessons Learned; 2.5 Addendum; Escape from the WWW Zone; Escape from the WWW Zone; 3.1 Vulnerability Discovery; Step 1: List the IOCTLs of the Kernel; Step 2: Identify the Input Data; Step 3: Trace the Input Data; 3.2 Exploitation. - Although ominous-sounding terms like "zero-day" and "exploit" are widely used, even many security professionals don't know how bug hunters actually find and attack software security flaws. In A Bug Hunter's Diary , readers follow along with security expert Tobias Klein as he tracks down and exploits bugs in some of the world's most popular programs. Whether by browsing source code, poring over disassembly, or fuzzing live programs, readers get an over-the-shoulder glimpse into the world of a bug hunter as Klein unearths security flaws and uses them to take control of affected systems. Readers
|
| Emner | |
| Sjanger | |
| Dewey | |
| ISBN | 1-59327-415-7
|
| Hylleplass | QA76.9.D43 K5813 2011
|
