Product Description

A thorough revision of the bestselling guide to the tools and tricks of the hybrid hacker

Written by seasoned security authors and instructors, this fully updated volume offers a comprehensive overview of today's hacking and computer security landscape. You will learn the latest techniques to uncover, legally disclose, and fix vulnerabilities deep within software and networks. The book includes six brand-new chapters and fully updated material throughout.

Gray Hat Hacking, Second Edition is the only ethical hacking book on the market to provide in-depth coverage of vulnerability discovery and reverse engineering. It also offers full details on cutting-edge attack methods, hacking-related law, malware analysis, and post-exploitation survival.

Product Details

• Amazon Sales Rank: #27966 in Books
• Published on: 2008-02-01
• Original language: English
• Number of items: 1
• Binding: Paperback
• 550 pages

From the Back Cover

Uncover, plug, and ethically disclose security flaws

Prevent catastrophic network attacks by exposing security flaws, fixing them, and ethically reporting them to the software author. Fully expanded to cover the hacker's latest devious methods, Gray Hat Hacking: The Ethical Hacker's Handbook, Second Edition lays out each exploit alongside line-by-line code samples, detailed countermeasures, and moral disclosure procedures. Find out how to execute effective penetration tests, use fuzzers and sniffers, perform reverse engineering, and find security holes in Windows and Linux applications. You'll also learn how to trap and autopsy stealth worms, viruses, rootkits, adware, and malware.

• Implement vulnerability testing, discovery, and reporting procedures that comply with applicable laws
• Learn the basics of programming, stack operations, buffer overflow and heap vulnerabilities, and exploit development
• Test and exploit systems using Metasploit and other tools
• Break in to Windows and Linux systems with perl scripts, Python scripts, and customized C programs
• Analyze source code using ITS4, RATS, FlawFinder, PREfast, Splint, and decompilers
• Understand the role of IDA Pro scripts, FLAIR tools, and third-party plug-ins in discovering software vulnerabilities
• Reverse-engineer software using decompiling, profiling, memory monitoring, and data flow analysis tools
• Reveal client-side web browser vulnerabilities with MangleMe, AxEnum, and AxMan
• Probe Windows Access Controls to discover insecure access tokens, security descriptors, DACLs, and ACEs
• Find and examine malware and rootkits using honeypots, honeynets, and Norman SandBox technology

About the Author

Shon Harris, MCSE, CISSP, is the president of Logical Security, an educator, and a security consultant.

Allen Harper, CISSP, is the president and owner of n2netsecurity, Inc., in North Carolina.

Chris Eagle is the associate chairman of the Computer Science Department at the Naval Postgraduate School (NPS) in Monterey, California.

Jonathan Ness, CHFI, is a lead software security engineer at Microsoft.

Customer Reviews

A superb read
An ethical debate could go on for ages as to whether this sort of material could be classed as malicious or useful to the information and security community.

This book will certainly bring the noob up to speed with some of the greatest tools out there such as backtrack and metasploit and certainly will prove to be very useful information for any techie out there wanting to learn about some of the tools and techniques which hackers will use to compromise systems.

The approach by the authors is concise and thorough covering subject such as beginner programming with c, assembly and python while introducing concepts like shellcode scripting and exploit creation in a linux and windows environment.

Alot of this information can be found with alot of work on Google and searching forums and tutorials but is well presented and all located within this single book. The details on each subject are only tipping the iceberg but will certainly serve as an introduction for anyone with an interest in security and penetration testing.

I recommend taking the A+, N+, Linux+, CEH, MCSE and CCNA before trying to enter a career in security but the pay is great when you got them and you will find books on the latest security methods to be breeze to follow and implement

Interesting
This is not really mentioned anywhere, but you're expected to have some understanding of security and programming concepts to understand the majority of the information covered. Its not a 'beginners guide' kind of thing; more an advanced guide for people wanting to specialize in the area of hacking and security.

I would suggest getting at the very least a live cd of your favorite distro of linux to play around with the programming and linux exploit sections of the book.

Overall a fantastic read. Even if you don't plan to enter the field on a business level, if you have interests in computer security its worth getting.

Handy Reference Material
I've been out the field for a short time as I worked more in development, But have recently got back into penetration testing, this book was a great reference to bring me back up to speed. I would recommend it to anyone.