Information Security, January 2005
smorgasbord of topics...some deep technical issues...great command of
material...a few refreshingly different topics...deliver[s]...ethical obligations
formidable understanding of
material.
Review
Excerpts from review by Patrick Mueller
... a proficient work...offers a smorgasbord of topics geared towards moderate- and advanced-level practitioners...The authors touch on some deep technical issues, such as automated penetration testing and shellcode exploit construction...great command of the material...[authors] discuss a few refreshingly different topics -- such as vulnerability disclosure protocols -- that are hardly covered elsewhere.
The authors did...deliver on their ethical obligations to provide accurate countermeasures to attack methods they describe -- a true value to readers. ... security professionals will find value in the authors' formidable understanding of the material.
Book Description
Analyze your company’s vulnerability to hacks with expert guidance from Gray Hat Hacking: The Ethical Hacker’s Handbook. Discover advanced security tools and techniques such as fuzzing, reverse engineering, and binary scanning. Test systems using both passive and active vulnerability analysis. Learn to benefit from your role as a gray hat. Review ethical and legal issues and case studies. This unique resource provides leading-edge technical information being utilized by the top network engineers, security auditors, programmers, and vulnerability assessors. Plus, the book offers in-depth coverage of ethical disclosure and provides a practical course of action for those who find themselves in a "disclosure decision" position.
From the Back Cover
Detect, ethically disclose, and repair security flaws before malicious hackers wreak havoc
Avoid devastating network attacks by acquiring the advanced skills malicious hackers and computer criminals are using today. Gray Hat Hacking: The Ethical Hacker’s Handbook takes you to the next level by explaining, line-by-line, the code behind the latest and most insidious hacking techniques, as well as their countermeasures. Many of the attacks described have been used to successfully carry out online fraud, identity theft, extortion, denial of service attacks, and access to critical and confidential data. Malicious hackers are dedicated to bringing about mayhem and destruction--this book will teach you how to identify and stop them. Plan, script, and execute widespread security tests using redteaming approaches Carry out advanced vulnerability assessments, penetration tests, code scans, and system auditing tests Use the latest target discovery and fingerprinting tools: Paketto Keiretsu, Xprobe2, P0f, Amap, Winfingerprint Generate error conditions and crashes within programs using fuzzers Automate pen-tests with Python Survival Skills, Core Impact, CANVAS, and Metasploit Deploy the latest sniffing tools/techniques: Ettercap, Dsniff, SMB/LANMan credential sniffing, Kerbsniff/Kerbcrack Understand passive vs. active sniffing, including MAC flooding, ARP cache poisoning, MAC duplicating, and DNS poisoning Use various classes of Reverse Engineering tools: Debugging, Code Coverage, Profiling, Flow Analysis, and Memory Monitoring Tools Create proof of concept exploits using stack operations, local and remote buffer overflows, and heap overflows
Gray Hat Hacking: The Ethical Hacker's Handbook FROM THE PUBLISHER
Avoid devastating network attacks by acquiring the advanced skills malicious hackers and computer criminals are using today. Gray Hat Hacking: The Ethical Hacker's Handbook takes you to the next level by explaining, line-by-line, the code behind the latest and most insidious hacking techniques, as well as their countermeasures. Many of the attacks described have been used to successfully carry out online fraud, identity theft, extortion, denial of service attacks, and access to critical and confidential data. Malicious hackers are dedicated to bringing about mayhem and destruction - this book will teach you how to identify and stop them.