Professional Documents
Culture Documents
Textbook Gray Hat Hacking The Ethical Hackers Handbook Fifth Edition Daniel Regalado Ebook All Chapter PDF
Textbook Gray Hat Hacking The Ethical Hackers Handbook Fifth Edition Daniel Regalado Ebook All Chapter PDF
https://textbookfull.com/product/gray-hat-hacking-the-ethical-
hacker-s-handbook-5th-edition-shon-harris-daniel-regalado-allen-
harper-harris-shon-regalado-daniel-harper-allen/
https://textbookfull.com/product/practical-social-engineering-a-
primer-for-the-ethical-hacker-1st-edition-joe-gray/
https://textbookfull.com/product/gray-hat-c-a-hacker-s-guide-to-
creating-and-automating-security-tools-brandon-perry/
https://textbookfull.com/product/gray-hat-c-a-hacker-s-guide-to-
creating-and-automating-security-tools-1st-edition-brandon-perry/
Cehv9: Certified Ethical Hacker Version 9 Oriyano
https://textbookfull.com/product/cehv9-certified-ethical-hacker-
version-9-oriyano/
https://textbookfull.com/product/cehv9-certified-ethical-hacker-
version-9-oriyano-2/
https://textbookfull.com/product/ceh-certified-ethical-hacker-
bundle-third-edition-walker/
https://textbookfull.com/product/biota-grow-2c-gather-2c-cook-
loucas/
https://textbookfull.com/product/ceh-certified-ethical-hacker-
exam-guide-matt-walker/
||||||||||||||||||||
||||||||||||||||||||
||||||||||||||||||||
||||||||||||||||||||
||||||||||||||||||||
Praise for Gray Hat Hacking: The Ethical Hacker’s Handbook, Fifth
Edition
“The Gray Hat Hacking book series continue to provide an up-to-date and detailed
view on a large variety of offensive IT security disciplines. In this fifth edition, a group
of respected infosec professionals spared no effort to share their experience and
expertise on novel techniques to bypass security mechanisms.
The exploit development chapters, written by Stephen Sims, reveal in great detail
what it takes to write an exploit for modern applications. In Chapter 14, Stephen uses a
recent vulnerability in a major web browser to demystify the complexity of writing
modern exploits for heap-related memory corruptions, bypassing memory protections
along the road.
This book is a must read for anyone who wants to step up and broaden their skills in
infosec.”
—Peter Van Eeckhoutte
Corelan Team (@corelanc0d3r)
“One of the few book series where I ALWAYS buy the updated version. Learn updated
exploit-dev techniques from the best instructors in the business. The volume of new
information available to the average information security practitioner is staggering. The
authors, who are some of the best in their respective fields, help us stay up to date with
current trends and techniques. GHH’s updates on Red Team Ops, Bug Bounties,
PowerShell Techniques, and IoT & Embedded Devices are exactly what infosec
practitioners need to add to their tool kits.”
—Chris Gates
Sr. Security Engineer (Uber)
“Never before has there been so much technology to attack nor such high levels of
controls and prevention mechanisms. For example, the advancements in modern
operating systems and applications to protect against exploitation are very impressive,
yet time and time again with the right conditions they are bypassed. Amongst a litany of
modern and up-to-date techniques, Gray Hat Hacking provides detailed and informative
walkthroughs of vulnerabilities and how controls like ASLR and DEP are bypassed.
Filled with real examples you can follow if you are seeking to upgrade your
understanding of the latest hacking techniques—this is the book for you.”
||||||||||||||||||||
||||||||||||||||||||
—James Lyne
Global Research Advisor (Sophos) and Head of R&D (SANS Institute)
||||||||||||||||||||
||||||||||||||||||||
||||||||||||||||||||
||||||||||||||||||||
||||||||||||||||||||
||||||||||||||||||||
ISBN: 978-1-26-010842-2
MHID: 1-26-010842-2
The material in this eBook also appears in the print version of this title: ISBN: 978-1-
26-010841-5,
MHID: 1-26-010841-4.
All trademarks are trademarks of their respective owners. Rather than put a trademark
symbol after every occurrence of a trademarked name, we use names in an editorial
fashion only, and to the benefit of the trademark owner, with no intention of infringement
of the trademark. Where such designations appear in this book, they have been printed
with initial caps.
All trademarks or copyrights mentioned herein are the possession of their respective
owners and McGraw-Hill Education makes no claim of ownership by the mention of
products that contain these marks.
TERMS OF USE
||||||||||||||||||||
||||||||||||||||||||
This is a copyrighted work and McGraw-Hill Education and its licensors reserve all
rights in and to the work. Use of this work is subject to these terms. Except as permitted
under the Copyright Act of 1976 and the right to store and retrieve one copy of the work,
you may not decompile, disassemble, reverse engineer, reproduce, modify, create
derivative works based upon, transmit, distribute, disseminate, sell, publish or
sublicense the work or any part of it without McGraw-Hill Education’s prior consent.
You may use the work for your own noncommercial and personal use; any other use of
the work is strictly prohibited. Your right to use the work may be terminated if you fail
to comply with these terms.
||||||||||||||||||||
||||||||||||||||||||
To my brothers and sisters in Christ, keep running the race. Let your light shine for Him,
that others may be drawn to Him through you.
—Allen Harper
Dedicado a ti mamita Adelina Arias Cruz, cuando me pregunto de donde sale mi garra
de no dejarme de nadie o el sacrificio incansable para conseguir mis metas, solo tengo
que voltear a verte, para ti no hay imposibles, te adoro!
—Daniel Regalado
To Mom, who read to me when I was little, so I could achieve the level of literacy I
needed to become an author one day.
—Ryan Linn
To my lovely wife LeAnne and my daughter Audrey, thank you for your ongoing support!
—Stephen Sims
To my lovely daughter Elysia, thank you for your unconditional love and support. You
inspire me in so many ways. I am, and will always be, your biggest fan.
—Linda Martinez
To my family and friends for their unconditional support and making this life funny and
interesting.
||||||||||||||||||||
||||||||||||||||||||
—Branko Spasojevic
To my daughter Tiernan, thank you for your support and continuous reminders to enjoy
life and learning each and every day. I look forward to seeing the wonderful woman you
will become.
—Michael Baucom
To my son Aaron, thanks for all your love while I spend too much time at the keyboard,
and thanks for sharing your joy on all the projects we work on together.
—Chris Eagle
||||||||||||||||||||
||||||||||||||||||||
Dr. Allen Harper, CISSP. In 2007, Allen Harper retired from the military as a Marine
Corps Officer after a tour in Iraq. He has more than 30 years of IT/security experience.
He holds a PhD in IT with a focus in Information Assurance and Security from Capella,
an MS in Computer Science from the Naval Postgraduate School, and a BS in Computer
Engineering from North Carolina State University. Allen led the development of the
GEN III honeywall CD-ROM, called roo, for the Honeynet Project. He has worked as a
security consultant for many Fortune 500 and government entities. His interests include
the Internet of Things, reverse engineering, vulnerability discovery, and all forms of
ethical hacking. Allen was the founder of N2NetSecurity, Inc., served as the EVP and
chief hacker at Tangible Security, and now serves the Lord at Liberty University in
Lynchburg, Virginia.
Daniel Regalado, aka Danux, is a Mexican security researcher with more than 16
years in the security field, dissecting or pen-testing malware, 0-day exploits, ATMs, IoT
devices, IV pumps, and car infotainment systems. He is a former employee of widely
respected companies like FireEye and Symantec and is currently a principal security
researcher at Zingbox. Daniel is probably best known for his multiple discoveries and
dissection of ATM malware attacking banks worldwide, with the most notorious
findings being Ploutus, Padpin, and Ripper.
Ryan Linn has over 20 years in the security industry, ranging from systems
programmer to corporate security, to leading a global cybersecurity consultancy. Ryan
has contributed to a number of open source projects, including Metasploit and the
Browser Exploitation Framework (BeEF). Ryan participates in Twitter as @sussurro,
and he has presented his research at numerous security conferences, including Black Hat
and DEF CON, and has provided training in attack techniques and forensics worldwide.
Stephen Sims is an industry expert with over 15 years of experience in information
technology and security. He currently works out of San Francisco as a consultant
performing reverse engineering, exploit development, threat modeling, and penetration
testing. Stephen has an MS in information assurance from Norwich University and is a
course author, fellow, and curriculum lead for the SANS Institute, authoring courses on
advanced exploit development and penetration testing. He has spoken at numerous
conferences, including RSA, BSides, OWASP AppSec, ThaiCERT, AISA, and many
others. He may be reached on twitter: @Steph3nSims
||||||||||||||||||||
||||||||||||||||||||
||||||||||||||||||||
||||||||||||||||||||
one of the top 25 women in the Information Security field by Information Security
Magazine.
Disclaimer: The views expressed in this book are those of the authors and not of
the U.S. government or any company mentioned herein.
||||||||||||||||||||
||||||||||||||||||||
CONTENTS AT A GLANCE
Part I Preparation
Chapter 1 Why Gray Hat Hacking? Ethics and Law
Chapter 2 Programming Survival Skills
Chapter 3 Next-Generation Fuzzing
Chapter 4 Next-Generation Reverse Engineering
Chapter 5 Software-Defined Radio
||||||||||||||||||||
||||||||||||||||||||
Index
||||||||||||||||||||
||||||||||||||||||||
CONTENTS
Preface
Acknowledgments
Introduction
Part I Preparation
Chapter 1 Why Gray Hat Hacking? Ethics and Law
Know Your Enemy
The Current Security Landscape
Recognizing an Attack
The Gray Hat Way
Emulating the Attack
Frequency and Focus of Testing
Evolution of Cyberlaw
Understanding Individual Cyberlaws
Summary
References
Chapter 2 Programming Survival Skills
C Programming Language
Basic C Language Constructs
Sample Program
Compiling with gcc
Computer Memory
Random Access Memory
Endian
Segmentation of Memory
Programs in Memory
Buffers
Strings in Memory
||||||||||||||||||||
||||||||||||||||||||
Pointers
Putting the Pieces of Memory Together
Intel Processors
Registers
Assembly Language Basics
Machine vs. Assembly vs. C
AT&T vs. NASM
Addressing Modes
Assembly File Structure
Assembling
Debugging with gdb
gdb Basics
Disassembly with gdb
Python Survival Skills
Getting Python
“Hello, World!” in Python
Python Objects
Strings
Numbers
Lists
Dictionaries
Files with Python
Sockets with Python
Summary
For Further Reading
References
Chapter 3 Next-Generation Fuzzing
Introduction to Fuzzing
Types of Fuzzers
Mutation Fuzzers
Generation Fuzzers
Genetic Fuzzing
Mutation Fuzzing with Peach
Lab 3-1: Mutation Fuzzing with Peach
Generation Fuzzing with Peach
Crash Analysis
||||||||||||||||||||
||||||||||||||||||||
||||||||||||||||||||
||||||||||||||||||||
||||||||||||||||||||
||||||||||||||||||||
Lessons Learned
Summary
References
Chapter 8 Purple Teaming
Introduction to Purple Teaming
Blue Team Operations
Know Your Enemy
Know Yourself
Security Program
Incident Response Program
Common Blue Teaming Challenges
Purple Teaming Operations
Decision Frameworks
Disrupting the Kill Chain
Kill Chain Countermeasure Framework
Communication
Purple Team Optimization
Summary
For Further Reading
References
Chapter 9 Bug Bounty Programs
History of Vulnerability Disclosure
Full Vendor Disclosure
Full Public Disclosure
Responsible Disclosure
No More Free Bugs
Bug Bounty Programs
Types of Bug Bounty Programs
Incentives
Controversy Surrounding Bug Bounty Programs
Popular Bug Bounty Program Facilitators
Bugcrowd in Depth
Program Owner Web Interface
Program Owner API Example
Researcher Web Interface
||||||||||||||||||||
||||||||||||||||||||
||||||||||||||||||||
||||||||||||||||||||
||||||||||||||||||||
||||||||||||||||||||
||||||||||||||||||||
||||||||||||||||||||
||||||||||||||||||||
||||||||||||||||||||
References
Chapter 17 Next-Generation Patch Exploitation
Introduction to Binary Diffing
Application Diffing
Patch Diffing
Binary Diffing Tools
BinDiff
turbodiff
Lab 17-1: Our First Diff
Patch Management Process
Microsoft Patch Tuesday
Obtaining and Extracting Microsoft Patches
Lab 17-2: Diffing MS17-010
Patch Diffing for Exploitation
DLL Side-Loading Bugs
Lab 17-3: Diffing MS16-009
Summary
For Further Reading
References
||||||||||||||||||||
||||||||||||||||||||
||||||||||||||||||||
||||||||||||||||||||
||||||||||||||||||||
||||||||||||||||||||
I2C
Debug Interfaces
JTAG
SWD (Serial Wire Debug)
Software
Bootloader
No Operating System
Real-Time Operating System
General Operating System
Summary
For Further Reading
References
Chapter 24 Exploiting Embedded Devices
Static Analysis of Vulnerabilities in Embedded Devices
Lab 24-1: Analyzing the Update Package
Lab 24-2: Performing Vulnerability Analysis
Dynamic Analysis with Hardware
The Test Environment Setup
Ettercap
Dynamic Analysis with Emulation
FIRMADYNE
Lab 24-3: Setting Up FIRMADYNE
Lab 24-4: Emulating Firmware
Lab 24-5: Exploiting Firmware
Summary
Further Reading
References
Chapter 25 Fighting IoT Malware
Physical Access to the Device
RS-232 Overview
RS-232 Pinout
Exercise 25-1: Troubleshooting a Medical Device’s RS-232
Port
Setting Up the Threat Lab
ARM and MIPS Overview
||||||||||||||||||||
||||||||||||||||||||
Index
||||||||||||||||||||
Another random document with
no related content on Scribd:
Nitrogenous Foodstuffs or Proteins
The proteins form heat and energy when the supply of sugars,
starches, and fat are exhausted, but proteins, alone form muscle,
bone and sinew. They are, in this sense, the most important of foods,
—they are, also, the most costly.
The foods most rich in proteins are meat and eggs. These have
undergone chemical changes from the vegetable kingdom being built
up into more complex compounds in the animal kingdom.
Meat and eggs are the tissue builders. In this connection it may be
well to state that blood is tissue; thus meat and eggs build the blood,
as well as muscle and sinew.
Nitrogenous foods, or proteins, are so called because of the large
proportion of nitrogen which they contain. All nitrogenous foods
contain considerable carbon—mostly in the form of fat in the meat
elements—but the carbonaceous foods contain so little of the
proteins that they do not appreciably enter into the nutrition,—the
carbon and nitrogen in the carbo-nitrogenous foods are more equally
divided.
The nitrogenous or protein elements in the body constitute about
one-fifth of its weight. They make the framework, forming the basis
of blood, lymph, muscle, sinew, bone, skin, cartilage, and other
tissues.
Worn out body tissues is constantly being torn down and
eliminated and the protein in the foods must daily furnish material for
repair, as well as for building new tissue in the growing child.
A young animal’s first need is for growth, not having learned to
exercise sufficiently to use much energy, and the first food given is
an animal product—milk to babes and other mammals, while the
young of other animals are first fed upon eggs.
The nitrogenous foods are required in smaller bulk than
vegetables and fruits; they are more concentrated and contain less
waste. According to recent experiments, the average adult requires
from two to four ounces a day of nitrogenous foods, to repair the
waste, according to the proportion of nitrogen contained. Happily,
where more is consumed, the system has the power, up to a certain
limit (depending upon the physical condition and the daily activity), to
eliminate an excess. It is needless to say that if the daily waste is not
re-supplied, the digestion and bodily nutrition suffer. The system
must have the two to four ounces to supply the nitrogen daily
excreted, or the tissues themselves will be consumed.
The proteins, of which meat is the principal one, are classified as
Albuminoids:—albumin (white of eggs), casein (curd of milk),
myosin (the basis of lean meat and gluten of wheat),
Gelatinoids, (connective tissue of meat),
Extractives (appetizing and flavoring elements).
DIGESTION
Any discussion in regard to the digestibility of foods must be
general, because food which agrees with one may disagree with
another, and a food which disagrees with one at a particular time
may entirely agree with him at some other time; therefore, before
one passes upon the adaptability of a food to the individual, it should
be known that this food agrees or disagrees with him under varying
conditions.
The digestibility of food depends largely upon the physical
condition of the individual, because the amount of digestive juices
poured into the alimentary canal is influenced by this condition,
particularly by the condition of the nerves. If sufficient juices, in
proper proportions, are not poured into the digestive tract, the
foodstuffs are not made soluble for absorption into the blood.
Digestion is practically synonymous with solution,—all solid foods
must be reduced to a liquid state, through digestive juices and water,
before they can pass through the walls of the stomach and
intestines.
Each individual should learn to like the foods containing the
nutrient elements which experience and blood tests have shown to
be lacking in his case. The question of likes and of dislikes in regard
to foods, is largely habit, and one can learn to like almost any food
one wishes.
Where one forms the habit of discriminating too much in the food,
or discarding this food or that, because at some time it has
disagreed, due to the particular condition at the time, the mind
approaches the table as a more or less pessimistic censor and the
saliva and the gastric juices are retarded in their flow.
When one is exercising freely, so that the muscular and mucous
coats of the digestive system are strong, the body will handle foods
which, during sedentary habits, it would not digest. There are kinds
of foods, however, which, to certain individuals, according to the
chemical composition of the body, act as actual poisons, e. g.,
strawberries, cheese, or coffee.
It may be well to here trace, briefly, the progress of the food
through the digestive tract and the action of the juices and the
ferments upon it.[3]