Exploiting Software: How to Break Code

摘要: Attack Patterns. Foreword. Preface. What This Book Is About. How to Use Book. But Isn't Too Dangerous? Acknowledgments. 1. Software-The Root of the Problem. A Brief History Software. Bad Software Ubiquitous. The Trinity Trouble. Future Security? Conclusion. 2. Taxonomy. An Open-Systems View. Tour an Exploit. Patterns: Blueprints for Disaster. Example Exploit: Microsoft's Broken C++ Compiler. Applying Pattern Boxes. 3. Reverse Engineering and Program Understanding. Into House Logic. Should Be Illegal? Tools Concepts. Methods Reverser. Writing Interactive Disassembler (IDA) Plugins. Decompiling Disassembling Decompilation in Practice: Reversing helpctr.exe. Automatic, Bulk Auditing Vulnerabilities. Your Own Cracking Tools. Building a Basic Code Coverage Tool. 4. Exploiting Server Trusted Input Privilege Escalation Finding Injection Points. Path Tracing. Trust through Configuration. Specific Techniques Attacks 5. Client Client-side Programs as Targets. In-band Signals. Cross-site Scripting (XSS). Clients Scripts Malicious Code. Content-Based Attacks. Backwash Attacks: Leveraging Buffer. 6. Crafting (Malicious) Input. Defender's Dilemma. Intrusion Detection (Not). Partition Analysis. Tracing Parser Example: I-Planet 6.0 Front Door. Misclassification. "Equivalent" Requests. Audit Poisoning. 7. Buffer Overflow. Overflow 101. Vectors: Rides Again. Overflows Embedded Systems. Database Overflows. Java?! Truncation Filters with Causing Environment Variables. Multiple Operation Potential Stack Arithmetic Errors Memory Management. Format String Heap C++. Payloads. Payloads on RISC Architectures. Multiplatform Prolog/Epilog Protect Functions. 8. Rootkits. Subversive Programs. Simple Windows XP Kernel Rootkit. Call Hooking. Trojan Executable Redirection. Hiding Files Directories. Patching Binary Hardware Virus. Low-Level Disk Access. Adding Network Support Driver. Interrupts. Key Logging. Advanced Rootkit Topics. References. Index.