Cutting-edge techniques for finding and fixing critical security flawsFortify your network and avert digital catastrophe with proven strategies from a team of security experts. Completely updated and featuring 12 new chapters, Gray Hat Hacking: The Ethical Hacker's Handbook, Fourth Edition explains the enemy’s current weapons, skills, and tactics and offers field-tested remedies, case studies, and ready-to-deploy testing labs. Find out how hackers gain access, overtake network devices, script and inject malicious code, and plunder Web applications and browsers. Android-based exploits, reverse engineering techniques, and cyber law are thoroughly covered in this state-of-the-art resource.Build and launch spoofing exploits with Ettercap and EvilgradeInduce error conditions and crash software using fuzzersHack Cisco routers, switches, and network hardwareUse advanced reverse engineering to exploit Windows and Linux softwareBypass Windows Access Control and memory protection schemesScan for flaws in Web applications using Fiddler and the x5 pluginLearn the use-after-free technique used in recent zero daysBypass Web authentication via MySQL type conversion and MD5 injection attacksInject your shellcode into a browser's memory using the latest Heap Spray techniquesHijack Web browsers with Metasploit and the BeEF Injection FrameworkNeutralize ransomware before it takes control of your desktopDissect Android malware with JEB and DAD decompilersFind one-day vulnerabilities with binary diffing**About the AuthorDaniel Regalado, aka Danux, CISSP®, OSCP, OSCE, CREA, is a senior malware and vulnerability researcher at FireEye.Shon Harris, CISSP, was the CEO and founder of Logical Security.Allen Harper, CISSP, PCI QSA, is the executive vice president of Tangible Security.Chris Eagle is a senior lecturer in the Computer Science Department at the Naval Postgraduate School.Jonathan Ness, CHFITM, is a lead software security engineer in Microsoft’s Security Response Center.Branko Spasojevic is a security engineer at Google.Ryan Linn, CISSP, CSSLP®, OSCE, is a managing consultant working on network penetration testing.Stephen Sims is a senior instructor and course author with the SANS Institute.
更多信息……