Commencez à lire The Shellcoder's Handbook sur votre Kindle dans moins d'une minute. Vous n'avez pas encore de Kindle ? Achetez-le ici Ou commencez à lire dès maintenant avec l'une de nos applications de lecture Kindle gratuites.

Envoyer sur votre Kindle ou un autre appareil

 
 
 

Essai gratuit

Découvrez gratuitement un extrait de ce titre

Envoyer sur votre Kindle ou un autre appareil

Tout le monde peut lire les livres Kindle, même sans un appareil Kindle, grâce à l'appli Kindle GRATUITE pour les smartphones, les tablettes et les ordinateurs.
The Shellcoder's Handbook: Discovering and Exploiting Security Holes
 
Agrandissez cette image
 

The Shellcoder's Handbook: Discovering and Exploiting Security Holes [Format Kindle]

Chris Anley , John Heasman , Felix Lindner , Gerardo Richarte
5.0 étoiles sur 5  Voir tous les commentaires (1 commentaire client)

Prix conseillé : EUR 41,20 De quoi s'agit-il ?
Prix éditeur - format imprimé : EUR 42,54
Prix Kindle : EUR 26,99 TTC & envoi gratuit via réseau sans fil par Amazon Whispernet
Économisez : EUR 15,55 (37%)

Formats

Prix Amazon Neuf à partir de Occasion à partir de
Format Kindle EUR 26,99  
Broché EUR 42,15  
Chaque jour, un ebook avec au moins 60% de réduction
Découvrez l'Offre Éclair Kindle et inscrivez-vous à la Newsletter Offre Éclair Kindle pour ne rater aucun ebook à prix exceptionnel. Abonnez-vous dès maintenant





Descriptions du produit

Présentation de l'éditeur

  • This much-anticipated revision, written by the ultimate group of top security experts in the world, features 40 percent new content on how to find security holes in any operating system or application
  • New material addresses the many new exploitation techniques that have been discovered since the first edition, including attacking "unbreakable" software packages such as McAfee's Entercept, Mac OS X, XP, Office 2003, and Vista
  • Also features the first-ever published information on exploiting Cisco's IOS, with content that has never before been explored
  • The companion Web site features downloadable code files

Quatrième de couverture

The black hats have kept up with security enhancements. Have you? In the technological arena, three years is a lifetime. Since the first edition of this book was published in 2004, built–in security measures on compilers and operating systems have become commonplace, but are still far from perfect. Arbitrary–code execution vulnerabilities still allow attackers to run code of their choice on your system—with disastrous results. In a nutshell, this book is about code and data and what happens when the two become confused. You′ll work with the basic building blocks of security bugs—assembler, source code, the stack, the heap, and so on. You′ll experiment, explore, and understand the systems you′re running—and how to better protect them. Become familiar with security holes in Windows, Linux, Solaris, Mac OS X, and Cisco′s IOS Learn how to write customized tools to protect your systems, not just how to use ready–made ones Use a working exploit to verify your assessment when auditing a network Use proof–of–concept exploits to rate the significance of bugs in software you′re developing Assess the quality of purchased security products by performing penetration tests based on the information in this book Understand how bugs are found and how exploits work at the lowest level

Détails sur le produit

  • Format : Format Kindle
  • Taille du fichier : 1908 KB
  • Nombre de pages de l'édition imprimée : 747 pages
  • Pagination - ISBN de l'édition imprimée de référence : 047008023X
  • Editeur : Wiley; Édition : 2 (16 février 2011)
  • Vendu par : Amazon Media EU S.à r.l.
  • Langue : Anglais
  • ASIN: B004P5O38Q
  • Synthèse vocale : Activée
  • X-Ray :
  • Moyenne des commentaires client : 5.0 étoiles sur 5  Voir tous les commentaires (1 commentaire client)
  • Classement des meilleures ventes d'Amazon: n°116.634 dans la Boutique Kindle (Voir le Top 100 dans la Boutique Kindle)
  •  Souhaitez-vous faire modifier les images ?


En savoir plus sur les auteurs

Découvrez des livres, informez-vous sur les écrivains, lisez des blogs d'auteurs et bien plus encore.

Commentaires en ligne 

4 étoiles
0
3 étoiles
0
2 étoiles
0
1 étoiles
0
5.0 étoiles sur 5
5.0 étoiles sur 5
Commentaires client les plus utiles
0 internautes sur 1 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Très bon livre 15 mars 2010
Par Loïs S.
Format:Broché
C'est un très bouquin pour ceux qui s'intéresse aux Shell codes!
A lire, malgré qu'il soit en anglais!
Par contre, à déconseiller aux novices!
Avez-vous trouvé ce commentaire utile ?
Commentaires client les plus utiles sur Amazon.com (beta)
Amazon.com: 4.2 étoiles sur 5  31 commentaires
102 internautes sur 104 ont trouvé ce commentaire utile 
4.0 étoiles sur 5 Excellent material, but... 11 mai 2004
Par Omar A. Herrera Reyna - Publié sur Amazon.com
Format:Broché
Not for beginners as others have previously stated, you require deep knowledge of C, assembler and IA32 architecture as well as some knowledge of the Linux and Windows operating systems. If you have this then it will suffice (Even if you have not ever heard of a buffer overflow before).
What amazes me, and the reason of me not giving five stars to the book, is the enormous amount of errors in the book (no one else has talked about this on previous reviews). These go from forgetting to include memory allocation routines in some sample code and putting incorrect labels in some diagrams to talking about certain parts of code while actually showing completely different lines of code or talking about different addresses in the explanations from the ones on the sample code and program output that they talk about.
For example, on page 90 the authors wrote:
" Let's take a look at two assembly instructions that correspond to the free() routine finding the previous chunk
0x42073ff8 <_int_free+136>: mov 0xfffffff8 (%edx),%eax
0x42073ffb <_int_free+139>: sub %eax,%esi
In the first instruction (mov 0x8 (%esi), %edx), %edx is 0x80499b8, the address of..."
The instruction being referred to at the last sentence should be "mov 0xfffffff8 (%edx),%eax". "mov 0x8 (%esi), %edx" appears many lines below this paragraph, in another code sample, and it is completely unrelated to the explanation given there.
Of course, people familiar with these topics who also have a deep knowledge of the required programming languages and architectures will catch these flaws easily. The problem is that there are so many of them that it gets annoying at some point and you end asking yourself why do the editorial reviewers didn't do their job properly.
Also, I bought this book almost as soon as it went out for sale, yet as of this date (may 2004), the only material found in the web page of the book is the source code to most of the examples. Definitely much less compared to all the material that the authors promised in the book to be there (so don't expect to find more than this).
It is an excellent reference book though, and if you take the time to read the book thoroughly and make notes to fix the errors in the book you will find that even this activity is rewarding. Some might even argue that the authors put the errors there on purpose to keep script kiddies away from this knowledge, but I don't think that would be OK with a book like this which has created so much expectation. Hopefully the next edition will have all this fixed.
24 internautes sur 24 ont trouvé ce commentaire utile 
4.0 étoiles sur 5 Amazing 8 avril 2004
Par Elijah D - Publié sur Amazon.com
Format:Broché
I've always been facinated by the amount of work security researchers put into finding vulnerabilities. This is a very good book on software vulnerabilities. It's also very current as it examines a number of the recently widely publicized vulnerabilities. It also rightly points out the fact that Linux/Unix are not as secure as a lot of people out there would like the public to believe.
The ways to get around stack protection outlined in this book was an eye opener for me.
I thought I had very good knowledge of the material the book covers until I actually read it. It is clear that as software shops continue to plug vulnerabilties, people will continue to find new ways to exploit software.
Clearly, this book is not for the casual reader. This is essentially a book for people who have above average assembly language and c/c++ skills.
34 internautes sur 37 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 The Real Deal... 10 avril 2004
Par Jeff Pike - Publié sur Amazon.com
Format:Broché
Here's how this ambitious learning resource is laid out:

PART 1 INTRO TO EXPLOITATION ON LINUX x86

1) Before You Begin
2) Stack Overflows
3) Shellcode
4) Introduction to Format String Bugs
5) Introduction to Heap Overflows

PART 2 EXPLOITING MORE PLATFORMS: Windows, Solaris, and Tru64

6) The Wild World of Windows
7) Windows Shellcode
8) Windows Overflows
9) Overcoming Filters
10) Introduction to Solaris Exploitation
11) Advanced Solaris Exploitation
12) HP Tru64 Unix Exploitation

PART 3 VULNERABILITY DISCOVERY

13) Establishing a Working Environment
14) Falut Injection
15) The Art of Fuzzing
16) Souce Code Auditing: Finding Vulnerabilities in C-based Languages
17) Instrumented Investigation: A manual approach
18) Tracing for Vulnerabilities
19) Binary Auditing: Hacking Closed Source Software

PART 4 ADVANCED MATERIALS

20) Alternative Payload Strategies
21) Writing Exploits that Work in the Wild
22) Attacking Database Software
23) Kernel Overflows
24) Exploiting Kernel Vulnerabilities

This is not just another security book! The wizards from bugtraq have shared a significant portion of their craft and tools with us in this book. For that, I am most grateful. Given the technical prowess of many of the authors, I was pleasantly supprised by their willingness and ability to explain concepts in very detailed, clear, and concise manner.

After spending some time with this book, I became somewhat disappointed by the number of errors it contains. A few solid technical reviewers could have easily caught these errors and made the end product much better. Another disappoint is that all of the stuff that the book promises at the website still hasn't appeared.

This book is not for beginners. This book assumes reasonable competence with C, Assemply, and computer architecture... all at an intermediate level.

This book stands out for the info it provides. Other books have tease and hint at some of these concepts for maybe a sentence or two, but they never truly explain any of them. It's rare to find explanations of this material. There is no fluff and no confusion (except for errors in the examples). This is well done, and a joy to read. It is the definitivie text book for students of vulnerability discovery.
26 internautes sur 30 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Excellent security book although misleading title 21 mai 2004
Par AdV - Publié sur Amazon.com
Format:Broché
The title "Shellcoder's handbook" made me reluctant to even buy this book. I thought it would go about explaining exploiting stack, heap overruns, bypassing memory exploitation methods and so on in order to execute shell code: basically, a book for hacking and I didn't like that. Nonetheless, it took me a glance of the list of authors and the table of contents to realize that this book goes beyond exploitation and into core penetration testing and vulnerability discovery methods. Hopefully, like rational and ethical software security engineers will do, this book will be used more for vulnerability discovery and benign exploitation rather than malicious exploitation.
Parts 1 and 2 are a great introduction of OS internal, system calls, memory management, and in-depth analysis of security bug exploitation; thus making them relevant for part 3: "Vulnerability Discovery". Part 3 goes into great depth on how discover security bugs. No so often do we have the brightest minds in the art of software vulnerability discovery, penetration testing, or "ethical hacking" joining forces. The variety of ways to discover security bugs is what we need to learn in order to ship secure software or to successfully secure existing software applications. Great Job!
10 internautes sur 10 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Koziol is great. 7 septembre 2005
Par Austin Seipp - Publié sur Amazon.com
Format:Broché
This book is absolutely excellent. One of the best, if not the best security book I have ever read.

As previously stated numerous times, it will require you have Assembly and C knowledge. If you don't know either one the book will move lightning fast and you will probably not have the ability to keep up. If you do know both, you should be able to take the book at a nice and steady speed.

Aside from difficulty, the rumors that it contains syntax errors ARE true. There are a few little errors in places like this (showing a typical off-by-one error to prove that C doesn't check boundries on arrays):

#include <stdio.h>

int main() {

int array[5] = {1,2,3,4,5};

printf("%d",array[5];

}

While these errors ARE numerous and slightly annoying, the important thing to understand is that you get the general concepts they are trying to teach you. Anybody can fix the syntax to work correctly but if they don't know the logic behind the syntax it's no different than a car mechanic trying to fix a F-16 jet.

I am willing to overlook the syntax and lexical errors that appear in this book and give it a 5/5. I may be too light, but I think it's an absolutely essential book that everybody should read.

If you find yourself wanting to get a book, whether it be Hacking: The Art of Exploitation, Reversing: Secrets of Reverse Engineering, Rootkits: subverting the Windows kernel, or The Art of Computer Virus Research and Defense, while all excellent books (which I highly recommend you all read if this book interests you), if you have the ability to get The Shellcoders Handbook: Discovering and Exploiting Security Holes, you should.
Ces commentaires ont-ils été utiles ?   Dites-le-nous
Rechercher des commentaires
Rechercher uniquement parmi les commentaires portant sur ce produit

Passages les plus surlignés

 (Qu'est-ce que c'est ?)
&quote;
extended stack pointer (ESP) register, &quote;
Marqué par 5 utilisateurs Kindle
&quote;
ESP points to the last address used by the stack. &quote;
Marqué par 5 utilisateurs Kindle
&quote;
The heap is another data structure used to hold program information, more specifically, dynamic variables. The heap is (roughly) a First In First Out (FIFO) data structure. &quote;
Marqué par 4 utilisateurs Kindle

Discussions entre clients

Le forum concernant ce produit
Discussion Réponses Message le plus récent
Pas de discussions pour l'instant

Posez des questions, partagez votre opinion, gagnez en compréhension
Démarrer une nouvelle discussion
Thème:
Première publication:
Aller s'identifier
 

Rechercher parmi les discussions des clients
Rechercher dans toutes les discussions Amazon
   


Rechercher des articles similaires par rubrique