Product Description

Analyze your company’s vulnerability to hacks with expert guidance from Gray Hat Hacking: The Ethical Hacker’s Handbook. Discover advanced security tools and techniques such as fuzzing, reverse engineering, and binary scanning. Test systems using both passive and active vulnerability analysis. Learn to benefit from your role as a gray hat. Review ethical and legal issues and case studies. This unique resource provides leading-edge technical information being utilized by the top network engineers, security auditors, programmers, and vulnerability assessors. Plus, the book offers in-depth coverage of ethical disclosure and provides a practical course of action for those who find themselves in a "disclosure decision" position.

Product Details

• Amazon Sales Rank: #359019 in Books
• Published on: 2005-01-01
• Original language: English
• Number of items: 1
• Binding: Paperback
• 434 pages

Review
Excerpts from review by Patrick Mueller
... a proficient work...offers a smorgasbord of topics geared towards moderate- and advanced-level practitioners...The authors touch on some deep technical issues, such as automated penetration testing and shellcode exploit construction...great command of the material...[authors] discuss a few refreshingly different topics -- such as vulnerability disclosure protocols -- that are hardly covered elsewhere.

The authors did...deliver on their ethical obligations to provide accurate countermeasures to attack methods they describe -- a true value to readers. ... security professionals will find value in the authors' formidable understanding of the material. (Information Security Magazine )

From the Back Cover

Detect, ethically disclose, and repair security flaws before malicious hackers wreak havoc

Avoid devastating network attacks by acquiring the advanced skills malicious hackers and computer criminals are using today. Gray Hat Hacking: The Ethical Hacker’s Handbook takes you to the next level by explaining, line-by-line, the code behind the latest and most insidious hacking techniques, as well as their countermeasures. Many of the attacks described have been used to successfully carry out online fraud, identity theft, extortion, denial of service attacks, and access to critical and confidential data. Malicious hackers are dedicated to bringing about mayhem and destruction--this book will teach you how to identify and stop them.

• Plan, script, and execute widespread security tests using redteaming approaches
• Carry out advanced vulnerability assessments, penetration tests, code scans, and system auditing tests
• Use the latest target discovery and fingerprinting tools: Paketto Keiretsu, Xprobe2, P0f, Amap, Winfingerprint
• Generate error conditions and crashes within programs using fuzzers
• Automate pen-tests with Python Survival Skills, Core Impact, CANVAS, and Metasploit
• Deploy the latest sniffing tools/techniques: Ettercap, Dsniff, SMB/LANMan credential sniffing, Kerbsniff/Kerbcrack
• Understand passive vs. active sniffing, including MAC flooding, ARP cache poisoning, MAC duplicating, and DNS poisoning
• Use various classes of Reverse Engineering tools: Debugging, Code Coverage, Profiling, Flow Analysis, and Memory Monitoring Tools
• Create proof of concept exploits using stack operations, local and remote buffer overflows, and heap overflows

About the Author
Shon Harris (Fairchild Air Force Base, WA) MCSE, CISSP, is a security consultant who provides security assessments and analysis, vulnerability testing, and solutions to a wide range of different businesses.

Allen Harper (Burke, VA) has served in the Marine Corps for 16 years as both enlisted and an officer. Currently, he serves as a security engineer in the US Department of Defense.

Chris Eagle (Monterey, CA) is the Associate Chairman of the Computer Science Department at the Naval Postgraduate School (NPS) in Monterey, CA.

Michael J. Lester (Miami, FL) CISSP, MCSE, MCSA, MCT, CCNP, CCDP, CCSE+, CCI, CCEA, CTT+, Linux+, Security+, Network+, I-net+, A+, holds a Bachelor of Science degree in Information Technology, and is a senior consultant and instructor for MicroLink Corporation.

Customer Reviews

Bought in a deal but best of the lot
I got this book as part of a "Buy something and get this half price deal" - to be honest I wasn't expecting much but thought what the hell. After reading both over the last few weeks I can't actually tell you the name of the first book I bought that this came with, such was the depth this had to offer.

For anyone interested in a simple attack guide this isn't for you - Gray Hat Hacking explores much more complicated subject matter going into detail about the ethics of hacking and responsible disclosure along with the means of doing it properly. If you are working in or touching on IT security this book is a must have - the depth of knowledge is excellent as are the code examples.

If you are new to security or indeed have become a software engineer in only the last few years this book goes back to security fundamentals for good coding, how buffers and machine code actually work. For me as a professional programmer of over a decade, even though I was taught this stuff it has re-awakened me to it and has sharpened up my coding practices as well.

This book is full of stuff and will be the one on your shelf afterwards with loads of post-it notes hanging out the side and plenty of dog-eared pages.

Very good approach
I was so skeptic about this genre of books. But I've to admit that this book is a good resource for people involved in IT security.
The approach used by the book is something in between of a practical guide and a theorical approach.
So you can use it not just as a manual but also as a base to develop a your personal hacking approach. So if you're interested in IT security, penetration tests, networks auditing you should read this book. A last note, in this book you can find plenty of examples based on open-source software.

Too many authors
Too many authors to be a truly coherent handbook. What makes this book stand out however are the excellent sections on developing shellcode for both *nix and Windows environments. A great book for pentesters without a development background but to get the most out of it buy it with a good Python book.