Attacking network protocols a hacker's guide to capture, analysis, and exploitation
Attacking Network Protocols is a deep-dive into network vulnerability discovery from James Forshaw, Microsoft's top bug hunter. This comprehensive guide looks at networking from an attacker's perspective to help you find, exploit, and ultimately protect vulnerabilities. Part I starts with...
Otros Autores: | , |
---|---|
Formato: | Libro electrónico |
Idioma: | Inglés |
Publicado: |
San Francisco, California :
No Starch Press
[2018]
|
Edición: | First edition |
Materias: | |
Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009630062906719 |
Tabla de Contenidos:
- Intro
- Title Page
- Copyright Page
- About the Author
- About the Technical Reviewer
- Brief Contents
- Contents in Detail
- Foreword by Katie Moussouris
- Acknowledgments
- Introduction
- Why Read This Book?
- What's in This Book?
- How to Use This Book
- Contact Me
- Chapter 1: The Basics of Networking
- Network Architecture and Protocols
- The Internet Protocol Suite
- Data Encapsulation
- Headers, Footers, and Addresses
- Data Transmission
- Network Routing
- My Model for Network Protocol Analysis
- Final Words
- Chapter 2: Capturing Application Traffic
- Passive Network Traffic Capture
- Quick Primer for Wireshark
- Alternative Passive Capture Techniques
- System Call Tracing
- The strace Utility on Linux
- Monitoring Network Connections with DTrace
- Process Monitor on Windows
- Advantages and Disadvantages of Passive Capture
- Active Network Traffic Capture
- Network Proxies
- Port-Forwarding Proxy
- SOCKS Proxy
- HTTP Proxies
- Forwarding an HTTP Proxy
- Reverse HTTP Proxy
- Final Words
- Chapter 3: Network Protocol Structures
- Binary Protocol Structures
- Numeric Data
- Booleans
- Bit Flags
- Binary Endian
- Text and Human-Readable Data
- Variable Binary Length Data
- Dates and Times
- POSIX/Unix Time
- Windows FILETIME
- Tag, Length, Value Pattern
- Multiplexing and Fragmentation
- Network Address Information
- Structured Binary Formats
- Text Protocol Structures
- Numeric Data
- Text Booleans
- Dates and Times
- Variable-Length Data
- Structured Text Formats
- Encoding Binary Data
- Hex Encoding
- Base64
- Final Words
- Chapter 4: Advanced Application Traffic Capture
- Rerouting Traffic
- Using Traceroute
- Routing Tables
- Configuring a Router
- Enabling Routing on Windows
- Enabling Routing on *nix
- Network Address Translation
- Enabling SNAT.
- Configuring SNAT on Linux
- Enabling DNAT
- Forwarding Traffic to a Gateway
- DHCP Spoofing
- ARP Poisoning
- Final Words
- Chapter 5: Analysis from the Wire
- The Traffic-Producing Application: SuperFunkyChat
- Starting the Server
- Starting Clients
- Communicating Between Clients
- A Crash Course in Analysis with Wireshark
- Generating Network Traffic and Capturing Packets
- Basic Analysis
- Reading the Contents of a TCP Session
- Identifying Packet Structure with Hex Dump
- Viewing Individual Packets
- Determining the Protocol Structure
- Testing Our Assumptions
- Dissecting the Protocol with Python
- Developing Wireshark Dissectors in Lua
- Creating the Dissector
- The Lua Dissection
- Parsing a Message Packet
- Using a Proxy to Actively Analyze Traffic
- Setting Up the Proxy
- Protocol Analysis Using a Proxy
- Adding Basic Protocol Parsing
- Changing Protocol Behavior
- Final Words
- Chapter 6: Application Reverse Engineering
- Compilers, Interpreters, and Assemblers
- Interpreted Languages
- Compiled Languages
- Static vs. Dynamic Linking
- The x86 Architecture
- The Instruction Set Architecture
- CPU Registers
- Program Flow
- Operating System Basics
- Executable File Formats
- Sections
- Processes and Threads
- Operating System Networking Interface
- Application Binary Interface
- Static Reverse Engineering
- A Quick Guide to Using IDA Pro Free Edition
- Analyzing Stack Variables and Arguments
- Identifying Key Functionality
- Dynamic Reverse Engineering
- Setting Breakpoints
- Debugger Windows
- Where to Set Breakpoints?
- Reverse Engineering Managed Languages
- .NET Applications
- Using ILSpy
- Java Applications
- Dealing with Obfuscation
- Reverse Engineering Resources
- Final Words
- Chapter 7: Network Protocol Security
- Encryption Algorithms
- Substitution Ciphers.
- XOR Encryption
- Random Number Generators
- Symmetric Key Cryptography
- Block Ciphers
- Block Cipher Modes
- Block Cipher Padding
- Padding Oracle Attack
- Stream Ciphers
- Asymmetric Key Cryptography
- RSA Algorithm
- RSA Padding
- Diffie-Hellman Key Exchange
- Signature Algorithms
- Cryptographic Hashing Algorithms
- Asymmetric Signature Algorithms
- Message Authentication Codes
- Public Key Infrastructure
- X.509 Certificates
- Verifying a Certificate Chain
- Case Study: Transport Layer Security
- The TLS Handshake
- Initial Negotiation
- Endpoint Authentication
- Establishing Encryption
- Meeting Security Requirements
- Final Words
- Chapter 8: Implementing the Network Protocol
- Replaying Existing Captured Network Traffic
- Capturing Traffic with Netcat
- Using Python to Resend Captured UDP Traffic
- Repurposing Our Analysis Proxy
- Repurposing Existing Executable Code
- Repurposing Code in .NET Applications
- Repurposing Code in Java Applications
- Unmanaged Executables
- Encryption and Dealing with TLS
- Learning About the Encryption In Use
- Decrypting the TLS Traffic
- Final Words
- Chapter 9: The Root Causes of Vulnerabilities
- Vulnerability Classes
- Remote Code Execution
- Denial-of-Service
- Information Disclosure
- Authentication Bypass
- Authorization Bypass
- Memory Corruption Vulnerabilities
- Memory-Safe vs. Memory-Unsafe Programming Languages
- Memory Buffer Overflows
- Out-of-Bounds Buffer Indexing
- Data Expansion Attack
- Dynamic Memory Allocation Failures
- Default or Hardcoded Credentials
- User Enumeration
- Incorrect Resource Access
- Canonicalization
- Verbose Errors
- Memory Exhaustion Attacks
- Storage Exhaustion Attacks
- CPU Exhaustion Attacks
- Algorithmic Complexity
- Configurable Cryptography
- Format String Vulnerabilities
- Command Injection.
- SQL Injection
- Text-Encoding Character Replacement
- Final Words
- Chapter 10: Finding and Exploiting Security Vulnerabilities
- Fuzz Testing
- The Simplest Fuzz Test
- Mutation Fuzzer
- Generating Test Cases
- Vulnerability Triaging
- Debugging Applications
- Improving Your Chances of Finding the Root Cause of a Crash
- Exploiting Common Vulnerabilities
- Exploiting Memory Corruption Vulnerabilities
- Arbitrary Memory Write Vulnerability
- Writing Shell Code
- Getting Started
- Simple Debugging Technique
- Calling System Calls
- Executing the Other Programs
- Generating Shell Code with Metasploit
- Memory Corruption Exploit Mitigations
- Data Execution Prevention
- Return-Oriented Programming Counter-Exploit
- Address Space Layout Randomization (ASLR)
- Detecting Stack Overflows with Memory Canaries
- Final Words
- Appendix: Network Protocol Analysis Toolkit
- Passive Network Protocol Capture and Analysis Tools
- Microsoft Message Analyzer
- TCPDump and LibPCAP
- Wireshark
- Active Network Capture and Analysis
- Canape
- Canape Core
- Mallory
- Network Connectivity and Protocol Testing
- Hping
- Netcat
- Nmap
- Web Application Testing
- Burp Suite
- Zed Attack Proxy (ZAP)
- Mitmproxy
- Fuzzing, Packet Generation, and Vulnerability Exploitation Frameworks
- American Fuzzy Lop (AFL)
- Kali Linux
- Metasploit Framework
- Scapy
- Sulley
- Network Spoofing and Redirection
- DNSMasq
- Ettercap
- Executable Reverse Engineering
- Java Decompiler (JD)
- IDA Pro
- Hopper
- ILSpy
- .NET Reflector
- Index
- Footnotes
- Chapter 2: Capturing Application Traffic
- Chapter 3: Network Protocol Structures
- Chapter 6: Application Reverse Engineering.