A bug hunter's diary : a guided tour through the wilds of software security

A bug hunter's diary a guided tour through the wilds of software security

Although ominous-sounding terms like "zero-day" and "exploit" are widely used, even many security professionals don't know how bug hunters actually find and attack software security flaws. In A Bug Hunter's Diary , readers follow along with security expert Tobias Klein...

Descripción completa

Detalles Bibliográficos
Autor principal: Klein, Tobias (-)
Formato: Libro electrónico
Idioma:Inglés
Publicado: San Francisco : No Starch Press c2011.
Edición:1st edition
Materias:
Debugging in computer science.
Computer security.
Malware (Computer software)
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009628294406719
Tabla de Contenidos:
  • Index; Acknowledgments; Acknowledgments; Introduction; Introduction; The Goals of This Book; Who Should Read the Book; Disclaimer; Resources; 1; Bug Hunting; Bug Hunting; 1.1 For Fun and Profit; 1.2 Common Techniques; Index; 1.2.1 My Preferred Techniques; 1.2.2 Potentially Vulnerable Code Locations; 1.2.3 Fuzzing; 1.2.4 Further Reading; 1.3 Memory Errors; 1.4 Tools of the Trade; 1.4.1 Debugger; 1.4.2 Disassemblers; 1.5 EIP = 41414141; 1.6 Final Note; 2; Back to the '90s; Back to the '90s; 2.1 Vulnerability Discovery; Step 1: Generate a List of the Demuxers of VLC
  • Step 2: Identify the Input DataStep 3: Trace the Input Data; 2.2 Exploitation; Step 1: Find a Sample TiVo Movie File; Step 2: Find a Code Path to Reach the Vulnerable Code; Step 3: Manipulate the TiVo Movie File to Crash VLC; Step 4: Manipulate the TiVo Movie File to Gain Control of EIP; 2.3 Vulnerability Remediation; 2.4 Lessons Learned; 2.5 Addendum; Escape from the WWW Zone; Escape from the WWW Zone; 3.1 Vulnerability Discovery; Step 1: List the IOCTLs of the Kernel; Step 2: Identify the Input Data; Step 3: Trace the Input Data; 3.2 Exploitation
  • Step 1: Trigger the NULL Pointer Dereference for a Denial of ServiceStep 2: Use the Zero Page to Get Control over EIP/RIP; 3.3 Vulnerability Remediation; 3.4 Lessons Learned; 3.5 Addendum; NULL Pointer FTW; NULL Pointer FTW; 4.1 Vulnerability Discovery; Step 1: List the Demuxers of FFmpeg; Step 2: Identify the Input Data; Step 3: Trace the Input Data; 4.2 Exploitation; Step 1: Find a Sample 4X Movie File with a Valid strk Chunk; Step 2: Learn About the Layout of the strk Chunk; Step 3: Manipulate the strk Chunk to Crash FFmpeg; Step 4: Manipulate the strk Chunk to Gain Control over EIP
  • 4.3 Vulnerability Remediation4.4 Lessons Learned; 4.5 Addendum; Browse and You're Owned; Browse and You're Owned; 5.1 Vulnerability Discovery; Step 1: List the Registered WebEx Objects and Exported Methods; Step 2: Test the Exported Methods in the Browser; Step 3: Find the Object Methods in the Binary; Step 4: Find the User-Controlled Input Values; Step 5: Reverse Engineer the Object Methods; 5.2 Exploitation; 5.3 Vulnerability Remediation; 5.4 Lessons Learned; 5.5 Addendum; One Kernel to Rule Them All; One Kernel to Rule Them All; 6.1 Vulnerability Discovery
  • Step 1: Prepare a VMware Guest for Kernel DebuggingStep 2: Generate a List of the Drivers and Device Objects Created by avast!; Step 3: Check the Device Security Settings; Step 4: List the IOCTLs; Step 5: Find the User-Controlled Input Values; Step 6: Reverse Engineer the IOCTL Handler; 6.2 Exploitation; 6.3 Vulnerability Remediation; 6.4 Lessons Learned; 6.5 Addendum; A Bug Older Than 4.4BSD; A Bug Older Than 4.4BSD; 7.1 Vulnerability Discovery; Step 1: List the IOCTLs of the Kernel; Step 2: Identify the Input Data; Step 3: Trace the Input Data; 7.2 Exploitation
  • Step 1: Trigger the Bug to Crash the System (Denial of Service)

Ejemplares similares