Penetration Testing with Shellcode: Detect, exploit, and secure network-level and operating system vulnerabilities
暫譯: 使用 Shellcode 的滲透測試:檢測、利用及保護網路層級和作業系統漏洞
Hamza Megahed
- 出版商: Packt Publishing
- 出版日期: 2018-02-15
- 售價: $1,380
- 貴賓價: 9.5 折 $1,311
- 語言: 英文
- 頁數: 346
- 裝訂: Paperback
- ISBN: 1788473736
- ISBN-13: 9781788473736
-
相關分類:
Penetration-test
立即出貨 (庫存=1)
買這商品的人也買了...
-
無瑕的程式碼-敏捷完整篇-物件導向原則、設計模式與 C# 實踐 (Agile principles, patterns, and practices in C#)$790$616 -
SparkFun BBC micro:bit Board 開發板 (附 USB 線)$680$680 -
Illustrated C# 7: The C# Language Presented Clearly, Concisely, and Visually, 5/e$2,590$2,461 -
$699Cybersecurity - Attack and Defense Strategies: Infrastructure security with Red Team and Blue Team tactics -
Working Effectively with Legacy Code : 管理、修改、重構遺留程式碼的藝術 (中文版)$720$562 -
Rust 權威指南 (The Rust Programming Language (Covers Rust 2018))$954$906 -
再強一點:用 Go語言完成六個大型專案$780$616 -
Network Programming with Go: Learn to Code Secure and Reliable Network Services from Scratch$1,750$1,663 -
黑帽 Python|給駭客與滲透測試者的 Python 開發指南, 2/e (Black Hat Python : Python Programming for Hackers and Pentesters, 2/e)$450$355 -
Spring REST API 開發與測試指南|使用 Swagger、HATEOAS、JUnit、Mockito、PowerMock、Spring Test$580$458 -
Linux 網路內功修煉 - 徹底了解底層原理及高性能架構$780$616 -
演算法生存指南$800$632 -
從 Hooks 開始,讓你的網頁 React 起來 (第二版)(iT邦幫忙鐵人賽系列書)$720$360 -
哎呀!不小心刻了一套 React UI 元件庫 : 從無到有輕鬆上手(iThome鐵人賽系列書)$650$429 -
The Rust Programming Language, 2/e (Paperback)$1,890$1,796 -
哎呀!原來 React 這麼有趣好玩:圈叉、貪吃蛇、記憶方塊三款經典遊戲實戰練習(iThome鐵人賽系列書)$620$484 -
Smaller C|用於小型機器之精實程式碼 (Smaller C: Lean Code for Small Machines)$680$578 -
TypeScript 學習手冊 (Learning Typescript: Enhance Your Web Development Skills Using Type-Safe JavaScript)$580$458 -
白話機器學習$780$616 -
React 思維進化:一次打破常見的觀念誤解,躍升專業前端開發者(iThome鐵人賽系列書)【軟精裝】$790$616 -
Python 風格徹底研究|超詳實、好理解的 Python 必學主題 (Dead Simple Python)$980$774 -
遞迴演算法大師親授面試心法:Python 與 JavaScript 解題全攻略 (The Recursive Book of Recursion)$680$530 -
建構機器學習系統實踐指南$620$490 -
機器學習的訓練資料 (Training Data for Machine Learning)$780$616 -
資料工程基礎|規劃和建構強大、穩健的資料系統 (Fundamentals of Data Engineering)$980$774
相關主題
商品描述
Master Shellcode to leverage the buffer overflow concept
Key Features
- Understand how systems can be bypassed both at the operating system and network level with shellcode, assembly, and Metasploit
- Learn to write and modify 64-bit shellcode along with kernel-level shellcode concepts
- A step-by-step guide that will take you from low-level security skills to covering loops with shellcode
Book Description
Security has always been a major concern for your application, your system, or your environment. This book's main goal is to build your skills for low-level security exploits, finding vulnerabilities and covering loopholes with shellcode, assembly, and Metasploit.
This book will teach you topics ranging from memory management and assembly to compiling and extracting shellcode and using syscalls and dynamically locating functions in memory. This book also covers techniques to compile 64-bit shellcode for Linux and Windows along with Metasploit shellcode tools. Lastly, this book will also show you to how to write your own exploits with intermediate techniques, using real-world scenarios.
By the end of this book, you will have become an expert in shellcode and will understand how systems are compromised both at the operating system and network level.
What you will learn
- Create an isolated lab to test and inject shellcodes (Windows and Linux).
- Understand both Windows and Linux behavior.
- Learn the assembly programming language.
- Create shellcode using assembly and Metasploit.
- Detect buffer overflows.
- Debug and reverse-engineer using tools such as GDB, edb, and Immunity (Windows and Linux).
- Exploit development and shellcodes injections (Windows & Linux).
- Prevent and protect against buffer overflows and heap corruption.
Who This Book Is For
This book is intended to be read by penetration testers, malware analysts, security researchers, forensic practitioners, exploit developers, C language programmers, software testers, and students in the security field.
Readers should have a basic understanding of OS internals (Windows and Linux). Some knowledge of the C programming language is essential, and a familiarity with the Python language would be helpful.
Table of Contents
- Introduction
- Lab Setup
- Assembly Language in Linux
- Reverse Engineering
- Creating Shellcode
- Buffer Overflow Attacks
- Exploit Development - Part 1
- Exploit Development - Part 2
- Real World scenarios part 1
- Real World scenarios part 2
- Real World scenarios part 3
- Detection and Prevention
商品描述(中文翻譯)
**掌握 Shellcode 以利用緩衝區溢出概念**
### 主要特點
- 了解如何使用 shellcode、組合語言和 Metasploit 在操作系統和網路層面繞過系統的安全性
- 學習撰寫和修改 64 位元 shellcode 以及內核級 shellcode 概念
- 一步一步的指南,將您從低階安全技能提升到使用 shellcode 覆蓋迴圈
### 書籍描述
安全性一直是您應用程式、系統或環境的一個主要關注點。本書的主要目標是提升您在低階安全漏洞利用方面的技能,尋找漏洞並使用 shellcode、組合語言和 Metasploit 來填補漏洞。
本書將教您從記憶體管理和組合語言到編譯和提取 shellcode,以及使用系統調用和動態定位記憶體中的函數等主題。本書還涵蓋了為 Linux 和 Windows 編譯 64 位元 shellcode 的技術,以及 Metasploit shellcode 工具。最後,本書還將展示如何使用中級技術撰寫自己的漏洞利用,並使用真實世界的場景。
在本書結束時,您將成為 shellcode 的專家,並了解系統如何在操作系統和網路層面被攻擊。
### 您將學到的內容
- 創建一個隔離的實驗室來測試和注入 shellcode(Windows 和 Linux)。
- 了解 Windows 和 Linux 的行為。
- 學習組合語言。
- 使用組合語言和 Metasploit 創建 shellcode。
- 偵測緩衝區溢出。
- 使用 GDB、edb 和 Immunity 等工具進行除錯和逆向工程(Windows 和 Linux)。
- 漏洞開發和 shellcode 注入(Windows 和 Linux)。
- 預防和保護緩衝區溢出和堆損壞。
### 本書適合誰閱讀
本書適合滲透測試員、惡意軟體分析師、安全研究人員、取證實務者、漏洞開發者、C 語言程式設計師、軟體測試員以及安全領域的學生閱讀。
讀者應具備基本的作業系統內部結構(Windows 和 Linux)理解。對 C 程式語言的基本知識是必需的,熟悉 Python 語言將會有所幫助。
### 目錄
1. 介紹
2. 實驗室設置
3. Linux 中的組合語言
4. 逆向工程
5. 創建 Shellcode
6. 緩衝區溢出攻擊
7. 漏洞開發 - 第 1 部分
8. 漏洞開發 - 第 2 部分
9. 真實世界場景 第 1 部分
10. 真實世界場景 第 2 部分
11. 真實世界場景 第 3 部分
12. 偵測與預防
