|
Writing Security Tools & Exploits
Learn to Write the Security Tools the Other Books Only Teach
You to Use
Exploits. In information technology circles, the term
exploits has become synonymous with vulnerabilities. It is a
scary word that can keep you up at night wondering if you
have purchased the best firewalls, configured your new
host-based intrusion
prevention system correctly, and
patched your entire environment. It's also a topic that can
enter the security water-cooler discussions faster than
McAfee's new wicked antivirus software or Symantec's latest
acquisition. Exploits are proof that the computer science or
software programming community still does not have an
understanding of how to design, create, and implement secure
code.
Write Solid Shellcode
Learn the techniques used to make the most out of
vulnerabilities by employing the correct shellcode.
Reverse Connection Shellcode
See how reverse connection shellcode makes a connection from
a hacked system to a different system where it can be caught
using network tools such as netcat.
Buffer Overflow Exploits
Find techniques to protect against buffer overflows such as
allocating buffers for string operations dynamically on the
heap.
Heap Overflows
Heap overflows have become the most prominent software
security bugs. See how they can have varying exploitation
techniques and consequences.
Format Strings
Format string vulnerabilities occur when programmers pass
externally supplied data to a print f function (or similar)
as part of the format string argument.
Race Conditions
Nearly all race condition exploits are written from a local
attacker's perspective and have the potential to escalate
privileges, overwrite files, or compromise protected data.
Exploitable Integer Bugs
See how integer bugs are harder for a researcher to spot
than stack overflow vulnerabilities and learn why the
implications of integer calculation errors are less
understood by developers as a whole.
Code for Nessus
Use NASLs to check for security vulnerabilities or
misconfigurations.
Metasploit Framework (MSF)
Use MSF and its components, msfweb, msfconsole, and msfcli,
as an exploitation platform.
Meterpreter Extensions
Use the power of the Meterpreter payload system to load
custom-written DLLs into an exploited process's address
space.
Windows Server Update Services Essentials; Preparing for WSUS; Installing Windows Server Update Services; Upgrading from SUS to WSUS; Deploying WSUS in the Enterprise; Administering WSUS Servers; Configuring and Administering WSUS Clients; Managing the WSUS Environment; Troubleshooting WSUS; Securing WSUS; The Role of WSUS in IT Service Management
|
