| | Copyright |
| | Dedication |
| | Preface |
| | | Organization of This Book |
| | | Part I: Software Cracking |
| | | Part II: Network Stalking |
| | | Part III: Platform Attacks |
| | | Part IV: Advanced Defense |
| | | Part V: Appendix |
| | | Conventions Used in This Book |
| | | Using Code Examples |
| | | Comments and Questions |
| | | Acknowledgments |
| | Part I: Software Cracking |
| | | Chapter 1. Assembly Language |
| | | Section 1.1. Registers |
| | | Section 1.2. ASM Opcodes |
| | | Section 1.3. References |
| | | Chapter 2. Windows Reverse Engineering |
| | | Section 2.1. History of RCE |
| | | Section 2.2. Reversing Tools |
| | | Section 2.3. Reverse Engineering Examples |
| | | Section 2.4. References |
| | | Chapter 3. Linux Reverse Engineering |
| | | Section 3.1. Basic Tools and Techniques |
| | | Section 3.2. A Good Disassembly |
| | | Section 3.3. Problem Areas |
| | | Section 3.4. Writing New Tools |
| | | Section 3.5. References |
| | | Chapter 4. Windows CE Reverse Engineering |
| | | Section 4.1. Windows CE Architecture |
| | | Section 4.2. CE Reverse Engineering Fundamentals |
| | | Section 4.3. Practical CE Reverse Engineering |
| | | Section 4.4. Reverse Engineering serial.exe |
| | | Section 4.5. References |
| | | Chapter 5. Overflow Attacks |
| | | Section 5.1. Buffer Overflows |
| | | Section 5.2. Understanding Buffers |
| | | Section 5.3. Smashing the Stack |
| | | Section 5.4. Heap Overflows |
| | | Section 5.5. Preventing Buffer Overflows |
| | | Section 5.6. A Live Challenge |
| | | Section 5.7. References |
| | Part II: Network Stalking |
| | | Chapter 6. TCP/IP Analysis |
| | | Section 6.1. A Brief History of TCP/IP |
| | | Section 6.2. Encapsulation |
| | | Section 6.3. TCP |
| | | Section 6.4. IP |
| | | Section 6.5. UDP |
| | | Section 6.6. ICMP |
| | | Section 6.7. ARP |
| | | Section 6.8. RARP |
| | | Section 6.9. BOOTP |
| | | Section 6.10. DHCP |
| | | Section 6.11. TCP/IP Handshaking |
| | | Section 6.12. Covert Channels |
| | | Section 6.13. IPv6 |
| | | Section 6.14. Ethereal |
| | | Section 6.15. Packet Analysis |
| | | Section 6.16. Fragmentation |
| | | Section 6.17. References |
| | | Chapter 7. Social Engineering |
| | | Section 7.1. Background |
| | | Section 7.2. Performing the Attacks |
| | | Section 7.3. Advanced Social Engineering |
| | | Section 7.4. References |
| | | Chapter 8. Reconnaissance |
| | | Section 8.1. Online Reconnaissance |
| | | Section 8.2. Conclusion |
| | | Section 8.3. References |
| | | Chapter 9. OS Fingerprinting |
| | | Section 9.1. Telnet Session Negotiation |
| | | Section 9.2. TCP Stack Fingerprinting |
| | | Section 9.3. Special-Purpose Tools |
| | | Section 9.4. Passive Fingerprinting |
| | | Section 9.5. Fuzzy Operating System Fingerprinting |
| | | Section 9.6. TCP/IP Timeout Detection |
| | | Section 9.7. References |
| | | Chapter 10. Hiding the Tracks |
| | | Section 10.1. From Whom Are You Hiding? |
| | | Section 10.2. Postattack Cleanup |
| | | Section 10.3. Forensic Tracks |
| | | Section 10.4. Maintaining Covert Access |
| | | Section 10.5. References |
| | Part III: Platform Attacks |
| | | Chapter 11. Unix Defense |
| | | Section 11.1. Unix Passwords |
| | | Section 11.2. File Permissions |
| | | Section 11.3. System Logging |
| | | Section 11.4. Network Access in Unix |
| | | Section 11.5. Unix Hardening |
| | | Section 11.6. Unix Network Defense |
| | | Section 11.7. References |
| | | Chapter 12. Unix Attacks |
| | | Section 12.1. Local Attacks |
| | | Section 12.2. Remote Attacks |
| | | Section 12.3. Unix Denial-of-Service Attacks |
| | | Section 12.4. References |
| | | Chapter 13. Windows Client Attacks |
| | | Section 13.1. Denial-of-Service Attacks |
| | | Section 13.2. Remote Attacks |
| | | Section 13.3. Remote Desktop/Remote Assistance |
| | | Section 13.4. References |
| | | Chapter 14. Windows Server Attacks |
| | | Section 14.1. Release History |
| | | Section 14.2. Kerberos Authentication Attacks |
| | | Section 14.3. Kerberos Authentication Review |
| | | Section 14.4. Defeating Buffer Overflow Prevention |
| | | Section 14.5. Active Directory Weaknesses |
| | | Section 14.6. Hacking PKI |
| | | Section 14.7. Smart Card Hacking |
| | | Section 14.8. Encrypting File System Changes |
| | | Section 14.9. Third-Party Encryption |
| | | Section 14.10. References |
| | | Chapter 15. SOAP XML Web Services Security |
| | | Section 15.1. XML Encryption |
| | | Section 15.2. XML Signatures |
| | | Section 15.3. Reference |
| | | Chapter 16. SQL Injection |
| | | Section 16.1. Introduction to SQL |
| | | Section 16.2. SQL Injection Attacks |
| | | Section 16.3. SQL Injection Defenses |
| | | Section 16.4. PHP-Nuke Examples |
| | | Section 16.5. References |
| | | Chapter 17. Wireless Security |
| | | Section 17.1. Reducing Signal Drift |
| | | Section 17.2. Problems with WEP |
| | | Section 17.3. Cracking WEP |
| | | Section 17.4. Practical WEP Cracking |
| | | Section 17.5. VPNs |
| | | Section 17.6. TKIP |
| | | Section 17.7. SSL |
| | | Section 17.8. Airborne Viruses |
| | | Section 17.9. References |
| | Part IV: Advanced Defense |
| | | Chapter 18. Audit Trail Analysis |
| | | Section 18.1. Log Analysis Basics |
| | | Section 18.2. Log Examples |
| | | Section 18.3. Logging States |
| | | Section 18.4. When to Look at the Logs |
| | | Section 18.5. Log Overflow and Aggregation |
| | | Section 18.6. Challenge of Log Analysis |
| | | Section 18.7. Security Information Management |
| | | Section 18.8. Global Log Aggregation |
| | | Section 18.9. References |
| | | Chapter 19. Intrusion Detection Systems |
| | | Section 19.1. IDS Examples |
| | | Section 19.2. Bayesian Analysis |
| | | Section 19.3. Hacking Through IDSs |
| | | Section 19.4. The Future of IDSs |
| | | Section 19.5. Snort IDS Case Study |
| | | Section 19.6. IDS Deployment Issues |
| | | Section 19.7. References |
| | | Chapter 20. Honeypots |
| | | Section 20.1. Motivation |
| | | Section 20.2. Building the Infrastructure |
| | | Section 20.3. Capturing Attacks |
| | | Section 20.4. References |
| | | Chapter 21. Incident Response |
| | | Section 21.1. Case Study: Worm Mayhem |
| | | Section 21.2. Definitions |
| | | Section 21.3. Incident Response Framework |
| | | Section 21.4. Small Networks |
| | | Section 21.5. Medium-Sized Networks |
| | | Section 21.6. Large Networks |
| | | Section 21.7. References |
| | | Chapter 22. Forensics and Antiforensics |
| | | Section 22.1. Hardware Review |
| | | Section 22.2. Information Detritus |
| | | Section 22.3. Forensics Tools |
| | | Section 22.4. Bootable Forensics CD-ROMs |
| | | Section 22.5. Evidence Eliminator |
| | | Section 22.6. Forensics Case Study: FTP Attack |
| | | Section 22.7. References |
| | Part V: Appendix |
| | | Appendix A. Useful SoftICE Commands and Breakpoints |
| | | Section A.1. SoftICE Commands |
| | | Section A.2. Breakpoints |
| | Colophon |
| | Index |