About

Previous page
Table of content
Next page

Jack Koziol
Dave Aitel
David Litchfield
Chris Anley
Sinan "noir" Eren
Neel Mehta
Riley Hassell

Published by
Wiley Publishing, Inc.
10475 Crosspoint Boulevard
Indianapolis, IN 46256
www.wiley.com

Copyright 2004 by Jack Koziol, Dave Aitel, David Litchfield, Chris Anley,
Sinan "noir" Eren, Neel Mehta, Riley Hassell. All rights reserved.
Published by Wiley Publishing, Inc., Indianapolis, Indiana
Published simultaneously in Canada

Library of Congress Cataloging-in-Publication Data
The shellcoder's handbook : discovering and exploiting security holes / Jack Koziol . . . [et al.].
            p. cm.
    Includes index.
    ISBN 0-7645-4468-3 (paper/website)
1. Computer security. 2. Data protection. 3. Risk assessment. I. Koziol, Jack.
QA76.9.A25S464 2004
005.8dc22                                                            2003027629

ISBN: 0-7645-4468-3

10 9 8 7 6 5 4 3 2 1

1MA/RX/QT/QU/IN

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise , except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8700. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4447, E-Mail: permcoordinator@wiley.com .

LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THAT PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATION AND/OR POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ.

For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (800) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.

Trademarks: Wiley, the Wiley publishing logo, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc., and/or its affiliates in the United States and other countries , and may not be used without written permission. All other trademarks are the property of their respective owners . Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book.

About the Authors

Jack Koziol, the lead author of The Shellcoder's Handbook, is a Senior Instructor and Security Program Manager at InfoSec Institute, a provider of advanced ethical hacking training. He regularly is called upon to train members of the United States intelligence community, military, and federal law enforcement agencies. Additionally, Jack provides training for Fortune 500 companies, such as Microsoft, HP, and Citibank, on how to better secure their networks and applications. When not teaching hacking classes, Jack regularly performs penetration tests and application security assessments for a number of clients . He has years of private vulnerability development and exploitation experience for his customers and himself.

Jack is also the author of Intrusion Detection with Snort , one of the best-selling security books in its first year of publication (2003). The book has been translated into several languages, including French and Japanese, and has received rave reviews from Linux Journal, Slashdot, and Information Security magazine. Jack has appeared in USA Today, CNN, MSNBC, First Business, and other media outlets for his expert opinions on information security. He lives in Oak Park, Illinois, in the shadow of Frank Lloyd Wright's home and studio, with his girlfriend Tracy and dog Quasi.

David Litchfield is the world's leading computer security vulnerability researcher and one of the five founding members of NGSSoftware. David has discovered and published over 100 major security vulnerabilities in many different products, including most notably Apache, Microsoft Internet Information Server, Oracle, and Microsoft SQL Server. With his vast experience of network and application penetration testing, David is a permanent presenter to the Black Hat Briefings. He is also the lead author of SQL Security (Osborne/McGraw-Hill).

Dave Aitel is the author of SPIKE and the founder of the NYC-based Internet security company Immunity, Inc. His research has incorporated exploitation of both Windows and Unix vulnerabilities, and advanced methodologies for finding new vulnerabilities.

Chris Anley is a Director of Next Generation Security Software, a U.K.-based security consulting, research, and software company. Chris is actively involved in vulnerability research and has published several white papers and security advisories on a number of products, including PGP, Windows, SQL Server, and Oracle. He splits his time evenly between research, coding, consulting, and drinking, and hopes at some point to add sleeping to the list.

Sinan Eren is a security researcher based in the Bay Area. He has done extensive work regarding exploitation of Unix vulnerabilities, developed advanced and robust methodologies for exploiting Kernel-level holes, and found many high-profile bugs in commercial and open source Unix software.

Neel Mehta works as an application vulnerability researcher at ISS X-Force, and, like many other security researchers, comes from a reverse-engineering background. His reverse-engineering experience was cultivated through extensive consulting work in the copy protection field, and has more recently been focused on application security. Neel has done extensive research into binary and source-code auditing and has applied this knowledge to find many vulnerabilities in critical and widely deployed network applications.

Riley Hassell, a Senior Researcher Engineer at eEye Digital Security, is responsible for the design and implementation of eEye Digital Security's QA and research tool suite. He is responsible for the discovery of several highly exposed vulnerabilities released by eEye Digital Security.

Credits

Executive Editor and Acquisitions Editor
Carol A. Long

Development Editor
Adaobi Obi Tulton

Production Editor
Gabrielle Nabi

Copy Editor
Jennifer Ashley

Editorial Manager
Kathryn A. Malm

Vice President & Executive Group Publisher
Richard Swadley

Vice President and Executive Publisher
Robert Ipsen

Vice President and Publisher
Joseph B. Wikert

Executive Editorial Director
Mary Bednarek

Project Coordinator
Erin Smith

Graphics and Production Specialists
Carrie A. Foster
Lauren Goddard
Jennifer Heleine

Quality Control Technician
John Greenough

Proofreading and Indexing
TECHBOOKS Production Services

Cover Image
Anthony Bunyan

This book is dedicated to anyone and everyone that understands that hacking and learning is a way to live your life, not a day job or semi-ordered list of instructions found in a thick book.

Acknowledgments

First, I would like to thank all of the people that made this book possible. Many cheers to the coauthors , in no particular order; Dave, Sinan, Chris, Neel, David, and Riley for all of their hard work and dedication. And many thanks to the folks at Wiley Publishing, Carol Long and Adaobi Obi Tulton, the best possible Acquisitions Editor and Development Editor an author could have. I would also like to thank my parents, Jeff and Arlene, and my brother, Charlie, and the rest of my family: the Beckers, Koziols, Noeldners, Jacobsons, and Spreitzers. I'd also like to acknowledge my friends ; the Hoffmans, Golas, DJ, Darren, Ryan, Ian, and Quasi. Finally, thank you Tracy, for hanging around while I write. You are the love of my life. ~Jack Koziol

I would like to acknowledge Justine Bone for making it look easy; Oded Horowitz; Sinan Eren; Jeremy Jethro; Adam; Shane; the members of #convers who provided technical support, friendship, and inspiration; and the Internet comic group "GOBBLES," for keeping me from taking myself too seriously with their many advisories. ~Dave Aitel To Victoria, whom I love more than words can tell. ~Chris Anley

I would like to thank Canan Zihnioglu and Mehmet Ali Eren for their support and encouragement for whatever I wish to do, learn, practice and become in life, for their love and friendship and for being the coolest parents of all. I would also like to thank and acknowledge Asli Ors for being the other half of my soul and mind. Kudos to Oded Horovitz, Dave Aitel, the members of #convers, nahual, and Jack Koziol for all the great fun that was and will be. . . ~Sinan Eren

Cheers to the rest of the eEye research department for the incredible research they produce and for all the good times over the years. Without their help and positive reinforcement, many of my research projects may have never amounted to anything. They include Derek Soeder, Barnaby Jack, Ryan Permeh, Drew Copley, Yugi Yukai, and Marc Maiifret. Most importantly I owe my thanks to Kelly. You're everything I've ever wanted. Thank you for your love and support and good luck, wherever you are. ~Riley Hassell


Previous page
Table of content
Next page
The Shellcoder's Handbook. Discovering and Exploiting Security
Hacking Ubuntu: Serious Hacks Mods and Customizations (ExtremeTech)
ISBN: N/A
EAN: 2147483647
Year: 2003
Pages: 198
Authors: Neal Krawetz
BUY ON AMAZON
MySQL Stored Procedure Programming
Cisco IP Communications Express: CallManager Express with Cisco Unity Express
Managing Enterprise Systems with the Windows Script Host
The Java Tutorial: A Short Course on the Basics, 4th Edition
Visual Studio Tools for Office(c) Using C# with Excel, Word, Outlook, and InfoPath
Extending and Embedding PHP
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy