Security Warrior
暫譯: 安全戰士

When it comes to network security, many users and administrators are running scared, and justifiably so. The sophistication of attacks against computer systems increases with each new Internet worm.

What's the worst an attacker can do to you? You'd better find out, right? That's what Security Warrior teaches you. Based on the principle that the only way to defend yourself is to understand your attacker in depth, Security Warrior reveals how your systems can be attacked. Covering everything from reverse engineering to SQL attacks, and including topics like social engineering, antiforensics, and common attacks against UNIX and Windows systems, this book teaches you to know your enemy and how to be prepared to do battle.

Security Warrior places particular emphasis on reverse engineering. RE is a fundamental skill for the administrator, who must be aware of all kinds of malware that can be installed on his machines -- trojaned binaries, "spyware" that looks innocuous but that sends private data back to its creator, and more. This is the only book to discuss reverse engineering for Linux or Windows CE. It's also the only book that shows you how SQL injection works, enabling you to inspect your database and web applications for vulnerability.

Security Warrior is the most comprehensive and up-to-date book covering the art of computer war: attacks against computer systems and their defenses. It's often scary, and never comforting. If you're on the front lines, defending your site against attackers, you need this book. On your shelf--and in your hands.

Table of Contents

Preface 


Part I. Software Cracking

1. Assembly Language

      Registers 

      ASM Opcodes 

      References 

2. Windows Reverse Engineering

      History of RCE 

      Reversing Tools 

      Reverse Engineering Examples 

      References 

3. Linux Reverse Engineering

      Basic Tools and Techniques 

      A Good Disassembly 

      Problem Areas 

      Writing New Tools 

      References 

4. Windows CE Reverse Engineering

      Windows CE Architecture 

      CE Reverse Engineering Fundamentals 

      Practical CE Reverse Engineering 

      Reverse Engineering serial.exe 

      References 

5. Overflow Attacks

      Buffer Overflows 

      Understanding Buffers 

      Smashing the Stack 

      Heap Overflows 

      Preventing Buffer Overflows 

      A Live Challenge 

      References 


Part II. Network Stalking

6. TCP/IP Analysis

      A Brief History of TCP/IP 

      Encapsulation 

      TCP 

      IP 

      UDP 

      ICMP 

      ARP 

      RARP 

      BOOTP 

      DHCP 

      TCP/IP Handshaking 

      Covert Channels 

      IPv6 

      Ethereal 

      Packet Analysis 

      Fragmentation 

      References 

7. Social Engineering

      Background 

      Performing the Attacks 

      Advanced Social Engineering 

      References 

8. Reconnaissance

      Online Reconnaissance 

      Conclusion 

      References 

9. OS Fingerprinting

      Telnet Session Negotiation 

      TCP Stack Fingerprinting 

      Special-Purpose Tools 

      Passive Fingerprinting 

      Fuzzy Operating System Fingerprinting 

      TCP/IP Timeout Detection 

      References 

10. Hiding the Tracks

      From Whom Are You Hiding? 

      Postattack Cleanup 

      Forensic Tracks 

      Maintaining Covert Access 

      References 


Part III. Platform Attacks

11. Unix Defense

      Unix Passwords 

      File Permissions 

      System Logging 

      Network Access in Unix 

      Unix Hardening 

      Unix Network Defense 

      References 

12. Unix Attacks

      Local Attacks 

      Remote Attacks 

      Unix Denial-of-Service Attacks 

      References 

13. Windows Client Attacks

      Denial-of-Service Attacks 

      Remote Attacks 

      Remote Desktop/Remote Assistance 

      References 

14. Windows Server Attacks

      Release History 

      Kerberos Authentication Attacks 

      Kerberos Authentication Review 

      Defeating Buffer Overflow Prevention 

      Active Directory Weaknesses 

      Hacking PKI 

      Smart Card Hacking 

      Encrypting File System Changes 

      Third-Party Encryption 

      References 

15. SOAP XML Web Services Security

      XML Encryption 

      XML Signatures 

      Reference 


Part IV. Advanced Defense

16. SQL Injection

      Introduction to SQL 

      SQL Injection Attacks 

      SQL Injection Defenses 

      PHP-Nuke Examples 

      References 

17. Wireless Security

      Reducing Signal Drift 

      Problems with WEP 

      Cracking WEP 

      Practical WEP Cracking 

      VPNs 

      TKIP 

      SSL 

      Airborne Viruses 

      References 

18. Audit Trail Analysis

      Log Analysis Basics 

      Log Examples 

      Logging States 

      When to Look at the Logs 

      Log Overflow and Aggregation 

      Challenge of Log Analysis 

      Security Information Management 

      Global Log Aggregation 

      References 

19. Intrusion Detection Systems

      IDS Examples 

      Bayesian Analysis 

      Hacking Through IDSs 

      The Future of IDSs 

      Snort IDS Case Study 

      IDS Deployment Issues 

      References 

20. Honeypots

      Motivation 

      Building the Infrastructure 

      Capturing Attacks 

      References 

21. Incident Response

      Case Study: Worm Mayhem 

      Definitions 

      Incident Response Framework 

      Small Networks 

      Medium-Sized Networks 

      Large Networks 

      References 

22. Forensics and Antiforensics

      Hardware Review 

      Information Detritus 

      Forensics Tools 

      Bootable Forensics CD-ROMs 

      Evidence Eliminator 

      Forensics Case Study: FTP Attack 

      References 


Part V. Appendix

Appendix: Useful SoftICE Commands and Breakpoints 


Index