Livraison gratuite en 1 jour ouvré avec Amazon Premium
Commencez à lire A Guide to Kernel Exploitation: Attacking the Core sur votre Kindle dans moins d'une minute. Vous n'avez pas encore de Kindle ? Achetez-le ici Ou commencez à lire dès maintenant avec l'une de nos applications de lecture Kindle gratuites.

Envoyer sur votre Kindle ou un autre appareil

 
 
 

Essai gratuit

Découvrez gratuitement un extrait de ce titre

Envoyer sur votre Kindle ou un autre appareil

A Guide to Kernel Exploitation: Attacking the Core
 
Agrandissez cette image
 

A Guide to Kernel Exploitation: Attacking the Core [Format Kindle]

Enrico Perla , Massimiliano Oldani

Prix conseillé : EUR 41,15 De quoi s'agit-il ?
Prix éditeur - format imprimé : EUR 40,04
Prix Kindle : EUR 28,80 TTC & envoi gratuit via réseau sans fil par Amazon Whispernet
Économisez : EUR 11,24 (28%)

App de lecture Kindle gratuite Tout le monde peut lire les livres Kindle, même sans un appareil Kindle, grâce à l'appli Kindle GRATUITE pour les smartphones, les tablettes et les ordinateurs.

Pour obtenir l'appli gratuite, saisissez votre adresse e-mail ou numéro de téléphone mobile.

Formats

Prix Amazon Neuf à partir de Occasion à partir de
Format Kindle EUR 28,80  
Broché EUR 40,04  




Du 1er au 18 décembre, Amazon verse 1€ à l’association Les Nez Rouges pour tout achat d’un chèque-cadeau de 40€ avec le code "NEZROUGES" afin d'offrir des cadeaux de Noël aux enfants hospitalisés.


Les clients ayant acheté cet article ont également acheté


Descriptions du produit

Revue de presse

"A very interesting book that not only exposes readers to kernel exploitation techniques, but also deeply motivates the study of operating systems internals, moving such study far beyond simple curiosity."--Golden G. Richard III, Ph.D., Professor of Computer Science, University of New Orleans and CTO, Digital Forensics Solutions, LLC

Présentation de l'éditeur

A Guide to Kernel Exploitation: Attacking the Core discusses the theoretical techniques and approaches needed to develop reliable and effective kernel-level exploits, and applies them to different operating systems, namely, UNIX derivatives, Mac OS X, and Windows. Concepts and tactics are presented categorically so that even when a specifically detailed vulnerability has been patched, the foundational information provided will help hackers in writing a newer, better attack; or help pen testers, auditors, and the like develop a more concrete design and defensive structure.
The book is organized into four parts. Part I introduces the kernel and sets out the theoretical basis on which to build the rest of the book. Part II focuses on different operating systems and describes exploits for them that target various bug classes. Part III on remote kernel exploitation analyzes the effects of the remote scenario and presents new techniques to target remote issues. It includes a step-by-step analysis of the development of a reliable, one-shot, remote exploit for a real vulnerabilitya bug affecting the SCTP subsystem found in the Linux kernel. Finally, Part IV wraps up the analysis on kernel exploitation and looks at what the future may hold.

  • Covers a range of operating system families — UNIX derivatives, Mac OS X, Windows
  • Details common scenarios such as generic memory corruption (stack overflow, heap overflow, etc.) issues, logical bugs and race conditions
  • Delivers the reader from user-land exploitation to the world of kernel-land (OS) exploits/attacks, with a particular focus on the steps that lead to the creation of successful techniques, in order to give to the reader something more than just a set of tricks

Détails sur le produit

  • Format : Format Kindle
  • Taille du fichier : 2042 KB
  • Nombre de pages de l'édition imprimée : 442 pages
  • Editeur : Syngress; Édition : 1 (28 octobre 2010)
  • Vendu par : Amazon Media EU S.à r.l.
  • Langue : Anglais
  • ASIN: B004FGMSFK
  • Synthèse vocale : Activée
  • X-Ray :
  • Word Wise: Non activé
  • Classement des meilleures ventes d'Amazon: n°163.740 dans la Boutique Kindle (Voir le Top 100 dans la Boutique Kindle)
  •  Souhaitez-vous faire modifier les images ?


En savoir plus sur l'auteur

Découvrez des livres, informez-vous sur les écrivains, lisez des blogs d'auteurs et bien plus encore.

Commentaires en ligne

Il n'y a pas encore de commentaires clients sur Amazon.fr
5 étoiles
4 étoiles
3 étoiles
2 étoiles
1 étoiles
Commentaires client les plus utiles sur Amazon.com (beta)
Amazon.com: 4.5 étoiles sur 5  22 commentaires
17 internautes sur 19 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Readable, instructive, concise, just two caveats 4 octobre 2010
Par DDDDDDD - Publié sur Amazon.com
Format:Broché
My colleague showed me this book (full disclosure: he was a reviewer) - he made his students buy it it for his OS II class (assigned middle of the semester!) one week ago - hot off the presses. I got two copies, one for my office and one for reading on the bus.

It's one of three technical exploit books I'd take on a deserted, networked, powered island. Part 1: Journey into Kernel Land (Intro and explanations) is one of the most succinct clear intros I have ever seen. I wish I could distributed that as a document for class. The section on Windows is current and well done, also because the difference between 32 and 64 bit architectures and approaches are emphasized (this is not the case with Eilam's book alas, though very good) - this book is up to date. I think the Unix section needs to be updated, though, my colleague said that some of the exploits were possible in 2006/2007 but with kernel changes some APIs are not available etc. This needs to be updated. Cannot comment on the Mac section, because no expertise.

Website available and examples useful: [...]

Wishlist:

1) There are some unavoidable typos, sure: p.10: MAC is nor Media Access Control in a security context, it's Mandatory Access Control
2) I would have really really like an expanded section on hypervisors and virtualization (there is a mini epilogue on it at the end)- that would have made my day
3) The Linux case study was neat - for next version, do Windows Stuxnet's m.o. because it adds all sorts of interesting kernel root attack pathways

You will not regret buying this book - it is obvious and much appreciated that the authors put a lot of effort into making an readable guide for the medium to expert reader that can double as a textbook companion.

Daniel Bilar
CS Department
UNO
7 internautes sur 7 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 An excellent book on kernel exploitation 19 octobre 2010
Par Blake - Publié sur Amazon.com
Format:Broché|Achat vérifié
I bought this book in hopes of finding an informative and thought provoking look at kernel exploitation - I was not disappointed. Aside from a few minor typos, I found this book to be one of the most well written books on exploitation that I have read. I have recommended it to some fellow students and a professor (I am a graduate student in computer science). I highly recommend this book for anybody that is interested in kernel exploitation. In my opinion, this book is currently the best source of information on exploiting the kernel since Phrack #64 file 6.
6 internautes sur 6 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 the new bible for kernel hackers 30 décembre 2010
Par Amazon Customer - Publié sur Amazon.com
Format:Broché|Commentaire client Vine pour produit gratuit (De quoi s'agit-il?)
I've read plenty of works that have covered kernel exploits at their most basic level - fill up a buffer, overwrite the stack pointer, and insert your code with a nop sled. I can't think of anything that comes close to the depth and breadth offered by this book. It starts where technical books always should but rarely do - with theory. The first part of the book deals with explaining the kernel, describing the various types of kernel exploits, and has a lengthy discussion of architectural options that may effect a kernel exploit. The second part of the book gets practical. They cover the three main classes of OS in depth - Windows, Mac, and Unix. Each kernel is discussed, its' peculiarities analyzed, tool suggestions provided, debugging explained, and numerous examples of previous kernel exploits are given. There is also a chapter on remote exploitation, and the book wraps up with a fantastic case study which ties everything together in a real world example. This is going to quickly become a staple in the library of every kernel hacker as both a reference work and educational guide.

A quick note on the technical level of the book - it assumes you know C, understand something about how kernels work, and have at least a passing familiarity with assembly. There is a lot of code in the book, all of which is helpfully on the book's website at attackingthecore.com.
4 internautes sur 4 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Great book 23 décembre 2010
Par L. Romero - Publié sur Amazon.com
Format:Broché|Commentaire client Vine pour produit gratuit (De quoi s'agit-il?)
The authors do a great job at introducing the subject. They provide a definition of what exploitation means and a rationale on why exploitations are moving from user-land to kernel-land. They then describe different categories of exploitations and provide examples taken from real code. A thorough understanding of the examples requires some programming experience but if you are looking at this book you probably have it. Some background in operating systems is also helpful even though the authors do a good job at explaining the parts of the OS that will be affected by the exploit. Once the high-level concepts have been presented, discussion moves to examples of exploitations under different OS families. If you are looking for a book that will allow you to understand the thought process involved in exploiting kernel vulnerabilities, I think this book does a great job!
6 internautes sur 7 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 An excellent way to learn how operating systems kernels work and how they are vulnerable to attack 15 décembre 2010
Par Charles Ashbacher - Publié sur Amazon.com
Format:Broché|Commentaire client Vine pour produit gratuit (De quoi s'agit-il?)
While there are many crackers in the programming world, what separates the amateurs from the pros is the ability to successfully attack the bastion of security, the kernel of the operating system. The code in the kernel runs with full privilege so obviously if you can get in and run malicious code at the level of the kernel, then there is nothing else to stop it from doing whatever the cracker intends.
There are two fundamental and hopefully distinct audiences for this book. The first are the crackers that want to take their game up to the next level and prove that they can run with the big dogs when it comes to cracking systems. The second audience are the people that program operating systems kernels, by understanding the techniques used to attack the kernel, you are better able to program systems that will withstand attack.
The opening three chapters consist of explanations of the generic concepts that prepare the way for understanding how kernels can be attacked and exploited. Chapter four deals with attacks specifically on UNIX systems, chapter five with attacks on Mac OS X and chapter 6 with how to attack Windows systems. Chapter seven deals with remote kernel exploitation, chapter 8 is a Linux case study and chapter 9 looks to the future forms of attack and defense.
This last point is the key; it is impossible to create a defense unless you clearly understand the tactics used to attack. Therefore, this is a book that should be read by all people that program operating system kernels. Even if the type of attack described is not one that can be executed against the system you program, the act of studying exploits is the best way to create the mindset that will keep you sharp so that you avoid making the kind of mistake or oversight that will create a potential path to exploitation.
The descriptions are very technical in nature; there are many examples of exploit code written in C. While the code is presented in segments, they are generally not easy to understand, one must read slowly and carefully if you are to get the full impact of what the code is doing in the specific context. This book could serve as a textbook of an advanced course in computer security; it is loaded with examples that will raise your awareness of how difficult it is to program security into very large projects.
Ces commentaires ont-ils été utiles ?   Dites-le-nous

Discussions entre clients

Le forum concernant ce produit
Discussion Réponses Message le plus récent
Pas de discussions pour l'instant

Posez des questions, partagez votre opinion, gagnez en compréhension
Démarrer une nouvelle discussion
Thème:
Première publication:
Aller s'identifier
 

Rechercher parmi les discussions des clients
Rechercher dans toutes les discussions Amazon
   


Rechercher des articles similaires par rubrique