Biblioteca de la Universidad APEC

Hacking : the art of exploitation/ Jon Erickson

Por: Erickson, Jon.
Tipo de material: materialTypeLabelLibroEditor: San Francisco, CA : No starch Press, 2008Edición: 2 edición.Descripción: 472 páginas.ISBN: 1-59327-144-2.Tema(s): Seguridad en computadores -- Control de acceso -- Criptografía | Delitos por computador | Protección de datos | Privacidad de los datos | Internet (Red de computadores) | Virus informáticos | Cifras y claves | ComputadoresClasificación CDD: 005.8 E682h 2008
Contenidos:
 PREFACE -- xi  ACKNOWLEDGMENTS -- xii  0 x 100 INTRODUCTION -- 1  0 x 200 PROGRAMMING -- 5  0x210 What Is Programming? -- 6  0x220 Pseudo-code -- 7  0x230 Control Structures -- 8  0x231 If-Then-Else -- 8  0x232 While/Until Loops -- 9  0x233 For Loops -- 10  0x240 More Fundamental Programming Concepts -- 11  0x241 Variables -- 11  0x242 Arithmetic Operators -- 12  0x243 Comparison Operators -- 14  0x244 Functions -- 16  0x250 Getting Your Hands Dirty -- 19  0x251 The Bigger Picture -- 20  0x252 The x86 Processor -- 23  0x253 Assembly Language -- 25  0x260 Back to Basics -- 37  0x261 Strings -- 38  0x262 Signed, Unsigned, Long, and Short -- 41  0x263 Pointers -- 43  0x264 Format Strings -- 48  0x265 Typecasting -- 51  0x266 Command-Line Arguments -- 58  0x267 Variable Scoping -- 62  0x270 Memory Segmentation -- 69  0x271 Memory Segments in C -- 75  0x272 Using the Heap -- 77  0x273 Error-Checked malloc () -- 80  0x280 Building on Basics -- 81  0x281 File Access -- 81  0x282 File Permissions -- 87  0x283 User IDs -- 88  0x284 Structs -- 96  0x285 Function Pointers -- 100  0x286 Pseudo-random Numbers -- 101  0x287 A Game of Chance -- 102  0x300 EXPLOITATION -- 115  0x310 Generalized Exploit Techniques -- 118  0x320 Buffer Overflows -- 119  0x321 Stack-Based Buffer Overflow Vulnerabilities -- 122  0x330 Experimenting with BASH -- 133  0x331 Using the Environment -- 142  0x340 Overflows in Other Segments -- 150  0x341 A Basic Heap-Based Overflow -- 150  0x342 Overflowing Function Pointers -- 156  0x350 Format Strings -- 167  0x351 Format Parameters -- 167  0x352 The Format String Vulnerability -- 170  0x353 Reading from Arbitrary Memory Addresses -- 172  0x354 Writing to Arbitrary Memory Addresses -- 173  0x355 Direct Parameter Access -- 180  0x356 Using Short Writes -- 182  0x357 Detours with .dtors -- 184  0x358 Another notesearch Vulnerability -- 189  0x359 Overwriting the Global Offset Table -- 190  0x400 NETWORKING -- 195  0x410 OSI Model -- 196  0x420 Sockets -- 198  0x421 Socket Functions -- 199  0x422 Socket Addresses -- 200  0x423 Network Byte Order -- 202  0x424 Internet Address Conversion -- 203  0x425 A Simple Server Example -- 203  0x426 A Web Client Example -- 207  0x427 A Tinyweb Server -- 213  0x430 Peeling Back the Lower Layers -- 217  0x431 Data-Link Layer -- 218  0x432 Network Layer -- 220  0x433 Transport Layer -- 221  0x440 Network Sniffing -- 224  0x441 Raw Socket Sniffer -- 226  0x442 Libpcap Sniffer -- 228  0x443 Decoding the Layers -- 230  0x444 Active Sniffing -- 239  0x450 Denial of Service -- 251  0x451 SYN Flooding -- 252  0x452 The Ping of Death -- 256  0x453 Teardrop -- 256  0x454 Ping Flooding -- 257  0x455 Amplification Attacks -- 257  0x456 Distributed DoS Flooding -- 258  0x460 TCP/IP Hijacking -- 258  0x461 RST Hijacking -- 259  0x462 Continued Hijacking -- 263  0x470 Port Scanning -- 264  0x471 Stealth SYN Scan -- 264  0x472 FIN, X-mas, and Null Scans -- 264  0x473 Spoofing Decoys -- 265  0x474 Idle Scanning -- 265  0x475 Proactive Defense (shroud) -- 267  0x480 Reach Out and Hack Someone -- 272  0x481 Analysis with GDB -- 273  0x482 Almost Only Counts with Hand Grenades -- 275  0x483 Port-Binding Shellcode -- 278  0x500 SHELLCODE -- 281  0x510 Assembly vs. C -- 282  0x511 Linux System Calls in Assembly -- 284  0x520 The Path to Shellcode -- 286  0x521 Assembly Instructions Using the Stack -- 287  0x522 Investigating with GDB -- 289  0x523 Removing Null Bytes -- 290  0x530 Shell-Spawning Shellcode -- 295  0x531 A Matter of Privilege -- 299  0x532 And Smaller Still -- 302  0x540 Port-Binding Shellcode -- 303  0x541 Duplicating Standard File Descriptors -- 307  0x542 Branching Control Structures -- 309  0x550 Connect-Back Shellcode -- 314  0x600 COUNTERMEASURES -- 319  0x610 Countermeasures That Detect -- 320  0x620 System Daemons -- 321  0x621 Crash Course in Signals -- 322  0x622 Tinyweb Daemon -- 324  0x630 Tools of the Trade -- 328  0x631 Tinywebd Exploit Tool -- 329  0x640 Log Files -- 334  0x641 Blend In with the Crowd -- 334  0x650 Overlooking the Obvious -- 336  0x651 One Step at a Time -- 336  0x652 Putting Things Back Together Again -- 340  0x653 Child Laborers -- 346  0x660 Advanced Camouflage -- 348  0x661 Spoofing the Logged IP Address -- 348  0x662 Logless Exploitation -- 352  0x670 The Whole Infrastructure -- 354  0x671 Socket Reuse -- 355  0x680 Payload Smuggling -- 359  0x681 String Encoding -- 359  0x682 How to Hide a Sled -- 362  0x690 Buffer Restrictions -- 363  0x691 Polymorphic Printable ASCII Shellcode -- 366  0x6a0 Hardening Countermeasures -- 376  0x6b0 Nonexecutable Stack -- 376  0x6b1 Ret2libc -- 376  0x6b2 Returning into system() -- 377  0x6c0 Randomized Stack Space -- 379  0x6c1 Investigations with BASH and GDB -- 380  0x6c2 Bouncing Off linux-gate -- 384  0x6c3 Applied Knowledge -- 388  0x6c4 A First Attempt -- 388  0x6c5 Playing the Odds -- 390  0x700 CRYPTOLOGY -- 393  0x710 Information Theory -- 394  0x711 Unconditional Security -- 394  0x712 One-Time Pads -- 395  0x713 Quantum Key Distribution -- 395  0x714 Computational Security -- 396  0x720 Algorithmic Run Time -- 397  0x721 Asymptotic Notation -- 398  0x730 Symmetric Encryption -- 398  0x731 Lov Grover’s Quantum Search Algorithm -- 399  0x740 Asymmetric Encryption -- 400  0x741 RSA -- 400  0x742 Peter Shor’s Quantum Factoring Algorithm -- 404  0x750 Hybrid Ciphers -- 406  0x751 Man-in-the-Middle Attack -- 406  0x752 Differing SSH Protocol Host Fingerprints -- 410  0x753 Fuzzy Fingerprints -- 413  0x760 Password Cracking -- 418  0x761 Dictionary Attacks -- 419  0x762 Exhaustive Brute-Force Attacks -- 422  0x763 Hash Lookup Table -- 423  0x764 Password Probability Matrix -- 424  0x770 Wireless 802.11b Encryption -- 433  0x771 Wired Equivalent Privacy -- 434  0x772 RC4 Stream Cipher -- 435  0x780 WEP Attacks -- 436  0x781 Offline Brute-Force Attacks -- 436  0x782 Keystream Reuse -- 437  0x783 IV-Based Decryption Dictionary Tables -- 438  0x784 IP Redirectio -- 438  0x785 Fluhrer, Mantin, and Shamir Attack -- 439  0x800 CONCLUSION -- 451  0x810 References -- 452  0x820 Sources -- 454  INDEX -- 455
Tipo de ítem Biblioteca de origen Colección Signatura Copia número Estado Fecha de vencimiento Código de barras Reserva de ejemplares
Libro (Reserva) Libro (Reserva) Campus I
Reserva 005.8 E682h 2008 (Navegar estantería) Ej. 1 Disponible 090479
Recurso electrónico de libro (en CD) Recurso electrónico de libro (en CD) Campus I
Audiovisuales 005.8 E682h 2008 (Navegar estantería) Ej. 1 Disponible AV1047
Libro (Col. General) Libro (Col. General) Campus I
Colección General 005.8 E682h 2008 (Navegar estantería) Ej. 2 Disponible 090480
Recurso electrónico de libro (en CD) Recurso electrónico de libro (en CD) Campus I
Audiovisuales 005.8 E682h 2008 (Navegar estantería) Ej. 2 Disponible AV1048
Reservas Totales: 0

CAMPUS I
Incluye CD-ROM

 PREFACE -- xi
 ACKNOWLEDGMENTS -- xii
 0 x 100 INTRODUCTION -- 1
 0 x 200 PROGRAMMING -- 5
 0x210 What Is Programming? -- 6
 0x220 Pseudo-code -- 7
 0x230 Control Structures -- 8
 0x231 If-Then-Else -- 8
 0x232 While/Until Loops -- 9
 0x233 For Loops -- 10
 0x240 More Fundamental Programming Concepts -- 11
 0x241 Variables -- 11
 0x242 Arithmetic Operators -- 12
 0x243 Comparison Operators -- 14
 0x244 Functions -- 16
 0x250 Getting Your Hands Dirty -- 19
 0x251 The Bigger Picture -- 20
 0x252 The x86 Processor -- 23
 0x253 Assembly Language -- 25
 0x260 Back to Basics -- 37
 0x261 Strings -- 38
 0x262 Signed, Unsigned, Long, and Short -- 41
 0x263 Pointers -- 43
 0x264 Format Strings -- 48
 0x265 Typecasting -- 51
 0x266 Command-Line Arguments -- 58
 0x267 Variable Scoping -- 62
 0x270 Memory Segmentation -- 69
 0x271 Memory Segments in C -- 75
 0x272 Using the Heap -- 77
 0x273 Error-Checked malloc () -- 80
 0x280 Building on Basics -- 81
 0x281 File Access -- 81
 0x282 File Permissions -- 87
 0x283 User IDs -- 88
 0x284 Structs -- 96
 0x285 Function Pointers -- 100
 0x286 Pseudo-random Numbers -- 101
 0x287 A Game of Chance -- 102
 0x300 EXPLOITATION -- 115
 0x310 Generalized Exploit Techniques -- 118
 0x320 Buffer Overflows -- 119
 0x321 Stack-Based Buffer Overflow Vulnerabilities -- 122
 0x330 Experimenting with BASH -- 133
 0x331 Using the Environment -- 142
 0x340 Overflows in Other Segments -- 150
 0x341 A Basic Heap-Based Overflow -- 150
 0x342 Overflowing Function Pointers -- 156
 0x350 Format Strings -- 167
 0x351 Format Parameters -- 167
 0x352 The Format String Vulnerability -- 170
 0x353 Reading from Arbitrary Memory Addresses -- 172
 0x354 Writing to Arbitrary Memory Addresses -- 173
 0x355 Direct Parameter Access -- 180
 0x356 Using Short Writes -- 182
 0x357 Detours with .dtors -- 184
 0x358 Another notesearch Vulnerability -- 189
 0x359 Overwriting the Global Offset Table -- 190
 0x400 NETWORKING -- 195
 0x410 OSI Model -- 196
 0x420 Sockets -- 198
 0x421 Socket Functions -- 199
 0x422 Socket Addresses -- 200
 0x423 Network Byte Order -- 202
 0x424 Internet Address Conversion -- 203
 0x425 A Simple Server Example -- 203
 0x426 A Web Client Example -- 207
 0x427 A Tinyweb Server -- 213
 0x430 Peeling Back the Lower Layers -- 217
 0x431 Data-Link Layer -- 218
 0x432 Network Layer -- 220
 0x433 Transport Layer -- 221
 0x440 Network Sniffing -- 224
 0x441 Raw Socket Sniffer -- 226
 0x442 Libpcap Sniffer -- 228
 0x443 Decoding the Layers -- 230
 0x444 Active Sniffing -- 239
 0x450 Denial of Service -- 251
 0x451 SYN Flooding -- 252
 0x452 The Ping of Death -- 256
 0x453 Teardrop -- 256
 0x454 Ping Flooding -- 257
 0x455 Amplification Attacks -- 257
 0x456 Distributed DoS Flooding -- 258
 0x460 TCP/IP Hijacking -- 258
 0x461 RST Hijacking -- 259
 0x462 Continued Hijacking -- 263
 0x470 Port Scanning -- 264
 0x471 Stealth SYN Scan -- 264
 0x472 FIN, X-mas, and Null Scans -- 264
 0x473 Spoofing Decoys -- 265
 0x474 Idle Scanning -- 265
 0x475 Proactive Defense (shroud) -- 267
 0x480 Reach Out and Hack Someone -- 272
 0x481 Analysis with GDB -- 273
 0x482 Almost Only Counts with Hand Grenades -- 275
 0x483 Port-Binding Shellcode -- 278
 0x500 SHELLCODE -- 281
 0x510 Assembly vs. C -- 282
 0x511 Linux System Calls in Assembly -- 284
 0x520 The Path to Shellcode -- 286
 0x521 Assembly Instructions Using the Stack -- 287
 0x522 Investigating with GDB -- 289
 0x523 Removing Null Bytes -- 290
 0x530 Shell-Spawning Shellcode -- 295
 0x531 A Matter of Privilege -- 299
 0x532 And Smaller Still -- 302
 0x540 Port-Binding Shellcode -- 303
 0x541 Duplicating Standard File Descriptors -- 307
 0x542 Branching Control Structures -- 309
 0x550 Connect-Back Shellcode -- 314
 0x600 COUNTERMEASURES -- 319
 0x610 Countermeasures That Detect -- 320
 0x620 System Daemons -- 321
 0x621 Crash Course in Signals -- 322
 0x622 Tinyweb Daemon -- 324
 0x630 Tools of the Trade -- 328
 0x631 Tinywebd Exploit Tool -- 329
 0x640 Log Files -- 334
 0x641 Blend In with the Crowd -- 334
 0x650 Overlooking the Obvious -- 336
 0x651 One Step at a Time -- 336
 0x652 Putting Things Back Together Again -- 340
 0x653 Child Laborers -- 346
 0x660 Advanced Camouflage -- 348
 0x661 Spoofing the Logged IP Address -- 348
 0x662 Logless Exploitation -- 352
 0x670 The Whole Infrastructure -- 354
 0x671 Socket Reuse -- 355
 0x680 Payload Smuggling -- 359
 0x681 String Encoding -- 359
 0x682 How to Hide a Sled -- 362
 0x690 Buffer Restrictions -- 363
 0x691 Polymorphic Printable ASCII Shellcode -- 366
 0x6a0 Hardening Countermeasures -- 376
 0x6b0 Nonexecutable Stack -- 376
 0x6b1 Ret2libc -- 376
 0x6b2 Returning into system() -- 377
 0x6c0 Randomized Stack Space -- 379
 0x6c1 Investigations with BASH and GDB -- 380
 0x6c2 Bouncing Off linux-gate -- 384
 0x6c3 Applied Knowledge -- 388
 0x6c4 A First Attempt -- 388
 0x6c5 Playing the Odds -- 390
 0x700 CRYPTOLOGY -- 393
 0x710 Information Theory -- 394
 0x711 Unconditional Security -- 394
 0x712 One-Time Pads -- 395
 0x713 Quantum Key Distribution -- 395
 0x714 Computational Security -- 396
 0x720 Algorithmic Run Time -- 397
 0x721 Asymptotic Notation -- 398
 0x730 Symmetric Encryption -- 398
 0x731 Lov Grover’s Quantum Search Algorithm -- 399
 0x740 Asymmetric Encryption -- 400
 0x741 RSA -- 400
 0x742 Peter Shor’s Quantum Factoring Algorithm -- 404
 0x750 Hybrid Ciphers -- 406
 0x751 Man-in-the-Middle Attack -- 406
 0x752 Differing SSH Protocol Host Fingerprints -- 410
 0x753 Fuzzy Fingerprints -- 413
 0x760 Password Cracking -- 418
 0x761 Dictionary Attacks -- 419
 0x762 Exhaustive Brute-Force Attacks -- 422
 0x763 Hash Lookup Table -- 423
 0x764 Password Probability Matrix -- 424
 0x770 Wireless 802.11b Encryption -- 433
 0x771 Wired Equivalent Privacy -- 434
 0x772 RC4 Stream Cipher -- 435
 0x780 WEP Attacks -- 436
 0x781 Offline Brute-Force Attacks -- 436
 0x782 Keystream Reuse -- 437
 0x783 IV-Based Decryption Dictionary Tables -- 438
 0x784 IP Redirectio -- 438
 0x785 Fluhrer, Mantin, and Shamir Attack -- 439
 0x800 CONCLUSION -- 451
 0x810 References -- 452
 0x820 Sources -- 454
 INDEX -- 455

Haga clic en una imagen para verla en el visor de imágenes