|
||||||||||||||||||||
|
||||||||||||||||||||
|
||||||||||||||||||||
|
|
Produktinformation
Möchten Sie die Produktinformationen aktualisieren oder Feedback zu den Produktabbildungen geben?
Ist der Verkauf dieses Produkts für Sie nicht akzeptabel? |
Produktbeschreibungen
Kurzbeschreibung
The book is logically divided into five main categories with each category representing a major skill set required by most security professionals including: Coding - The ability to program and script is quickly becoming a mainstream requirement for just about everyone in the security industry (This section covers the basics in coding complemented with a slue of programming tips and tricks in C/C++, Java, Perl and NASL); Sockets - The technology that allows programs and scripts to communicate over a network is sockets (Even though the theory remains the same - communication over TCP and UDP, sockets are implemented differently in nearly ever language); and, Shellcode - Shellcode, commonly defined as bytecode converted from Assembly, is utilized to execute commands on remote systems via direct memory access. It includes, Porting - Due to the differences between operating platforms and language implementations on those platforms, it is a common practice to modify an original body of code to work on a different platforms (This technique is known as porting and is incredible useful in the real world environments since it allows you to not 'recreate the wheel'); and, Coding Tools - The culmination of the previous four sections, coding tools brings all of the techniques that you have learned to the forefront. With the background technologies and techniques you will now be able to code quick utilities that will not only make you more productive, they will arm you with an extremely valuable skill that will remain with you as long as you make the proper time and effort dedications. The book contains never before seen chapters on writing and automating exploits on windows systems with all-new exploits. Perform zero-day exploit forensics by reverse engineering malicious code. The book provides working code and scripts in all of the most common programming languages for readers to use TODAY to defend their networks.
Synopsis
The book is logically divided into 5 main categories with each category representing a major skill set required by most security professionals: Coding - The ability to program and script is quickly becoming a mainstream requirement for just about everyone in the security industry. This section covers the basics in coding complemented with a slue of programming tips and tricks in C/C++, Java, Perl and NASL. Sockets - The technology that allows programs and scripts to communicate over a network is sockets. Even though the theory remains the same communication over TCP and UDP, sockets are implemented differently in nearly ever language. Shellcode - Shellcode, commonly defined as bytecode converted from Assembly, is utilized to execute commands on remote systems via direct memory access. Porting - Due to the differences between operating platforms and language implementations on those platforms, it is a common practice to modify an original body of code to work on a different platforms. This technique is known as porting and is incredible useful in the real world environments since it allows you to not recreate the wheel.Coding Tools - The culmination of the previous four sections, coding tools brings all of the techniques that you have learned to the forefront. With the background technologies and techniques you will now be able to code quick utilities that will not only make you more productive, they will arm you with an extremely valuable skill that will remain with you as long as you make the proper time and effort dedications. This book contains never before seen chapters on writing and automating exploits on windows systems with all-new exploits. It helps you to perform zero-day exploit forensics by reverse engineering malicious code. It also provides working code and scripts in all of the most common programming languages for readers to use today to defend their networks.
In diesem Buch
(Mehr dazu)
Buchdeckel | Copyright | Inhaltsverzeichnis | Auszug | Stichwortverzeichnis
Mehr entdecken
Wortanzeiger
Ausgewählte Seiten ansehenWortanzeiger
Buchdeckel | Copyright | Inhaltsverzeichnis | Auszug | Stichwortverzeichnis
Tags(Was ist das?)Bei einem Tag handelt es sich um ein Schlagwort, das zum Produkt passt.
Tags erleichtern allen Kunden die Suche und die Sortierung ihrer Lieblingsprodukte. |
Kundenrezensionen
Es gibt noch keine Kundenrezensionen auf Amazon.de
5 Sterne
4 Sterne
3 Sterne
2 Sterne
1 Sterne
Die hilfreichsten Kundenrezensionen auf Amazon.com (beta)
Amazon.com:
7 Rezensionen
13 von 14 Kunden fanden die folgende Rezension hilfreich
Cut and Paste
24. Juni 2006
Format:Taschenbuch
I purchased <u>Buffer Overflow Attacks</u>, which is also published by Syngress and co-authored by Foster, a couple of months ago. The chapters about shellcode were good and I wanted a deeper explanation. When I saw this book I thought I had found what I was looking for. Unfortunately, the chapters about shellcode are taken straight from BOA. So are the chapter about the xlockmore format string vulnerability and the section in chapter one about InlineEgg.
Additionally, the title says that this book is 'for Security Professionals.' However, the first chapter is devoted to the basics of programming; if someone is unfamiliar with a looping construct, they should not start with a book about shellcode and exploits.
All of this is not to say that <u>Sockets, Shellcode, Porting and Coding</u> is not an excellent book; it is. But with so much cut'n'pasting going on, I find myself reluctant to purchase another book with Foster on the author list.
Additionally, the title says that this book is 'for Security Professionals.' However, the first chapter is devoted to the basics of programming; if someone is unfamiliar with a looping construct, they should not start with a book about shellcode and exploits.
All of this is not to say that <u>Sockets, Shellcode, Porting and Coding</u> is not an excellent book; it is. But with so much cut'n'pasting going on, I find myself reluctant to purchase another book with Foster on the author list.
9 von 10 Kunden fanden die folgende Rezension hilfreich
unique reference
8. Februar 2006
Format:Taschenbuch
I've had this book for about 6 months now. I've read it, and I've worked through about a third of the code samples.
This book starts of with an intro on programming languages that touches on issues relevant to C, C++, Perl, Java, C#, and others that vulnerability researchers might be interested in. The 2nd chapter on NASL (Nessus) scripting is a little sparse, but is suitable for a quick reference.
The next three chapters are devoted to BSD, Windows, and Java sockets respectively. The information provided is good enough to code working sockets in all three. The BSD code samples seem to work okay.
The next two chapters are on writing portable code and portable network programming. These are probably two of the best chapters in this book. If I ever got heavy into vulnerability coding, I'd be referring to these.
The next two chapters are on writing shellcode. These are pretty good chapters. One issue with these chapters is that the author's s-proc program doesn't quite seem to work. This is a utility that prints your shellcode in hex (-p option) or executes the code to test it (-e option). This would come in handy indeed. I have some working shellcode, but I never got it to work with s-proc -e in chapter 9. I e-mailed the author twice, but he did not respond. I subtract one star for that. Still these chapters have some cool ideas for shellcode.
There are three chapters on writing exploits. The first two are kind of a whirlwind tour of traditional exploit issues (format string, stack & heap overflows, integer bugs). The last chapter is an introductory chapter on using Metasploit and an overview of how to write exploits for the framework.
The last two chapters are on writing security components, and writing a security tool. They are Microsoft centric, and I didn't roll up my sleeves and get into these.
This book brings together a lot of information in a single volume. This would make a great reference, for someone who doesn't have books covering all the other subjects. The chapters on porting are probably the most valuable and unique. There are also some really cool ideas in the chapters on shellcode. There are a few other cool things sprinkled throughout. Plenty of code samples; they are available from the publisher for download if you register the book. The index is really pretty good and suitable for reference. I give back the star I previously took away for that. This is nice as a reference and tutorial.
This book starts of with an intro on programming languages that touches on issues relevant to C, C++, Perl, Java, C#, and others that vulnerability researchers might be interested in. The 2nd chapter on NASL (Nessus) scripting is a little sparse, but is suitable for a quick reference.
The next three chapters are devoted to BSD, Windows, and Java sockets respectively. The information provided is good enough to code working sockets in all three. The BSD code samples seem to work okay.
The next two chapters are on writing portable code and portable network programming. These are probably two of the best chapters in this book. If I ever got heavy into vulnerability coding, I'd be referring to these.
The next two chapters are on writing shellcode. These are pretty good chapters. One issue with these chapters is that the author's s-proc program doesn't quite seem to work. This is a utility that prints your shellcode in hex (-p option) or executes the code to test it (-e option). This would come in handy indeed. I have some working shellcode, but I never got it to work with s-proc -e in chapter 9. I e-mailed the author twice, but he did not respond. I subtract one star for that. Still these chapters have some cool ideas for shellcode.
There are three chapters on writing exploits. The first two are kind of a whirlwind tour of traditional exploit issues (format string, stack & heap overflows, integer bugs). The last chapter is an introductory chapter on using Metasploit and an overview of how to write exploits for the framework.
The last two chapters are on writing security components, and writing a security tool. They are Microsoft centric, and I didn't roll up my sleeves and get into these.
This book brings together a lot of information in a single volume. This would make a great reference, for someone who doesn't have books covering all the other subjects. The chapters on porting are probably the most valuable and unique. There are also some really cool ideas in the chapters on shellcode. There are a few other cool things sprinkled throughout. Plenty of code samples; they are available from the publisher for download if you register the book. The index is really pretty good and suitable for reference. I give back the star I previously took away for that. This is nice as a reference and tutorial.
4 von 6 Kunden fanden die folgende Rezension hilfreich
Good book
22. März 2006
Format:Taschenbuch|Von Amazon bestätigter Kauf
I personally like this book. It is not for the light of heart, and for those of you that have no idea what the term reverse engineering means. If you have a knowledge of reverse engineering, or have some experience in analyzing binaries. This is an excellent tool.
Waren diese Rezensionen hilfreich?
Wir wollen von Ihnen hören.
Kunden diskutieren
|
Das Forum zu diesem Produkt
Fragen stellen, Meinungen austauschen, Einblicke gewinnen Aktive Diskussionen in ähnlichen Foren
Kundendiskussionen durchsuchen
|
Ähnliche Foren
|
||||||||||||||||||||||||||||||||||
Lieblingslisten
|
|
Ähnliche Artikel finden
Anhand des Sachgebietes nach ähnlichen Produkten suchen:
Ihr Kommentar
Möchten Sie die Produktinformationen aktualisieren oder Feedback zu den Produktabbildungen geben?
|
