Exploiting Software: How To Break Code (Addison-Wesley, 2004) was written to provide security professionals with deep technical insight into how real attacks against software are carried out. Armed with this knowledge, software architects, developers and security professionals can recognize—and avoid—vulnerabilities that expose software to malicious exploits.
Exploiting Software pulls no punches in its detailed discussion of how malicious hackers break software systems. The book describes why classic network security mechanisms such as firewalls, intrusion detection systems and antivirus engines can never solve the computer security problem. It leads security professionals through distilled attack patterns, real coding examples, and exploits from the field and offers deep technical coverage of advanced topics such as rootkits and disassembly, showing why access to source code is not necessary for software exploit.
Table of Contents
Foreword
Preface
Acknowledgments
- Software-the Root of the Problem
- A Brief History of Software
- The Trinity of Trouble
- The Future of Software
- Conclusion
- Attack Patterns
- A Taxonomy
- An Open-Systems View
- Tour of an Exploit
- Attack Patterns: Blueprints for Disaster
- An Example Exploit: Microsoft's Broken C++ Compiler
- Applying Attack Patterns
- Attack Pattern Boxes
- Conclusion
- Reverse Engineering and Program Understanding
- Into the House of Logic
- Should Reverse Engineering Be Illegal?
- Reverse Engineering Tools and Concepts
- Approaches to Reverse Engineering
- Methods of the Reverser
- Writing IDA Plug-Ins
- Decompiling and Disassembling Software
- Decompilation in Practice: Reversing helpctr.exe
- Automatic, Bulk Auditing for Vulnerabilities
- Writing Your Own Cracking Tools
- Building a Basic Code Coverage Tool
- Conclusion
- Exploiting Server Software
- The Trusted Input Problem
- The Privilege Escalation Problem
- Finding Injection Points
- Input Path Tracing
- Exploiting Trust Through Configuration
- Specific Techniques and Attacks for Server Software
- Conclusion
- Exploiting Client Software
- Client-side Programs as Attack Targets
- In-Band Signals
- Cross-Site Scripting
- Clients Scripts and Malicious Code
- Content-Based Attacks
- "Back-Wash" Attacks: Leveraging Client-Side Buffering Overflows
- Conclusion
- Crafting (Malicious) Input
- The Defender's Dilemma
- Intrusion-Detection (not)
- Partition Analysis
- Tracing Code
- Example: Reversing I-Planet Server 6.0 Through the Front Door
- Misclassification
- Building "Equivalent" Requests
- Conclusion
- Appendix: ASCII Conversion Chart
- Buffer Overflow
- Buffer Overflow 101
- Injection Vectors: Input Rides Again
- Buffer Overflows and Embedded Systems
- Database Buffer Overflows
- Buffer Overflows and Java?!
- Content-Based Buffer Overflow
- Audit Truncation and Filters with Buffer Overflow
- Causing Overflow and Environment Variables
- The Multiple Operation Problem
- Finding Potential Buffer Overflows
- Stack Overflow
- Arithmetic Errors in Memory Management
- Format String Vulnerabilities
- Heap Overflows
- Buffer Overflows and C + +
- Payloads
- Payloads on RISC Architectures
- Prolog/Epilog Code to Protect Functions
- Conclusion
- Rootkits
- Subversive Programs
- A Simple Windows-XP Kernel Rootkit
- Call Hooking
- Trojan Executable Redirection
- Hiding Files and Directories
- Patching Binary Code
- The Hardware Virus
- Low Level Disk-Access
- Adding Network Support to a Driver
- Interrupts
- Key-Logging
- Advanced Rootkit Topics
- Conclusion
Appendix: ASCII Conversion Chart
References
Index
|
