Security Warrior

Dr. Cyrus Peikari is the Chief Technical Officer of Airscanner Corporation, a leading mobile security software company. He personally holds several patents in the anti-virus and infosec fields. In addition to numerous radio and television appearances, he is a popular speaker at technology and network security conferences.Dr. Anton Chuvakin, Ph.D., GCIH, GCFA is a recognized security expert and book author. His current role is PCI Solutions Director at Qualys. His past roles included Chief Logging Evangelist with LogLogic, a log management company, and a Chief Security Strategist with another security company.He participates in various security industry initiatives and standards organizations.

When it comes to network security, many users and administrators are running scared, and justifiably so. The sophistication of attacks against computer systems increases with each new Internet worm.What's the worst an attacker can do to you? You'd better find out, right? That's what Security Warrior teaches you. Based on the principle that the only way to defend yourself is to understand your attacker in depth, Security Warrior reveals how your systems can be attacked. Covering everything from reverse engineering to SQL attacks, and including topics like social engineering, antiforensics, and common attacks against UNIX and Windows systems, this book teaches you to know your enemy and how to be prepared to do battle.Security Warrior places particular emphasis on reverse engineering. RE is a fundamental skill for the administrator, who must be aware of all kinds of malware that can be installed on his machines -- trojaned binaries, "spyware" that looks innocuous but that sends private data back to its creator, and more. This is the only book to discuss reverse engineering for Linux or Windows CE. It's also the only book that shows you how SQL injection works, enabling you to inspect your database and web applications for vulnerability.Security Warrior is the most comprehensive and up-to-date book covering the art of computer war: attacks against computer systems and their defenses. It's often scary, and never comforting. If you're on the front lines, defending your site against attackers, you need this book. On your shelf--and in your hands.

Dedication;Preface;Organization of This Book;Part I: Software Cracking;Part II: Network Stalking;Part III: Platform Attacks;Part IV: Advanced Defense;Part V: Appendix;Conventions Used in This Book;Using Code Examples;Comments and Questions;Acknowledgments;Part I: Software Cracking;Chapter 1: Assembly Language;1.1 Registers;1.2 ASM Opcodes;1.3 References;Chapter 2: Windows Reverse Engineering;2.1 History of RCE;2.2 Reversing Tools;2.3 Reverse Engineering Examples;2.4 References;Chapter 3: Linux Reverse Engineering;3.1 Basic Tools and Techniques;3.2 A Good Disassembly;3.3 Problem Areas;3.4 Writing New Tools;3.5 References;Chapter 4: Windows CE Reverse Engineering;4.1 Windows CE Architecture;4.2 CE Reverse Engineering Fundamentals;4.3 Practical CE Reverse Engineering;4.4 Reverse Engineering serial.exe;4.5 References;Chapter 5: Overflow Attacks;5.1 Buffer Overflows;5.2 Understanding Buffers;5.3 Smashing the Stack;5.4 Heap Overflows;5.5 Preventing Buffer Overflows;5.6 A Live Challenge;5.7 References;Part II: Network Stalking;Chapter 6: TCP/IP Analysis;6.1 A Brief History of TCP/IP;6.2 Encapsulation;6.3 TCP;6.4 IP;6.5 UDP;6.6 ICMP;6.7 ARP;6.8 RARP;6.9 BOOTP;6.10 DHCP;6.11 TCP/IP Handshaking;6.12 Covert Channels;6.13 IPv6;6.14 Ethereal;6.15 Packet Analysis;6.16 Fragmentation;6.17 References;Chapter 7: Social Engineering;7.1 Background;7.2 Performing the Attacks;7.3 Advanced Social Engineering;7.4 References;Chapter 8: Reconnaissance;8.1 Online Reconnaissance;8.2 Conclusion;8.3 References;Chapter 9: OS Fingerprinting;9.1 Telnet Session Negotiation;9.2 TCP Stack Fingerprinting;9.3 Special-Purpose Tools;9.4 Passive Fingerprinting;9.5 Fuzzy Operating System Fingerprinting;9.6 TCP/IP Timeout Detection;9.7 References;Chapter 10: Hiding the Tracks;10.1 From Whom Are You Hiding?;10.2 Postattack Cleanup;10.3 Forensic Tracks;10.4 Maintaining Covert Access;10.5 References;Part III: Platform Attacks;Chapter 11: Unix Defense;11.1 Unix Passwords;11.2 File Permissions;11.3 System Logging;11.4 Network Access in Unix;11.5 Unix Hardening;11.6 Unix Network Defense;11.7 References;Chapter 12: Unix Attacks;12.1 Local Attacks;12.2 Remote Attacks;12.3 Unix Denial-of-Service Attacks;12.4 References;Chapter 13: Windows Client Attacks;13.1 Denial-of-Service Attacks;13.2 Remote Attacks;13.3 Remote Desktop/Remote Assistance;13.4 References;Chapter 14: Windows Server Attacks;14.1 Release History;14.2 Kerberos Authentication Attacks;14.3 Kerberos Authentication Review;14.4 Defeating Buffer Overflow Prevention;14.5 Active Directory Weaknesses;14.6 Hacking PKI;14.7 Smart Card Hacking;14.8 Encrypting File System Changes;14.9 Third-Party Encryption;14.10 References;Chapter 15: SOAP XML Web Services Security;15.1 XML Encryption;15.2 XML Signatures;15.3 Reference;Chapter 16: SQL Injection;16.1 Introduction to SQL;16.2 SQL Injection Attacks;16.3 SQL Injection Defenses;16.4 PHP-Nuke Examples;16.5 References;Chapter 17: Wireless Security;17.1 Reducing Signal Drift;17.2 Problems with WEP;17.3 Cracking WEP;17.4 Practical WEP Cracking;17.5 VPNs;17.6 TKIP;17.7 SSL;17.8 Airborne Viruses;17.9 References;Part IV: Advanced Defense;Chapter 18: Audit Trail Analysis;18.1 Log Analysis Basics;18.2 Log Examples;18.3 Logging States;18.4 When to Look at the Logs;18.5 Log Overflow and Aggregation;18.6 Challenge of Log Analysis;18.7 Security Information Management;18.8 Global Log Aggregation;18.9 References;Chapter 19: Intrusion Detection Systems;19.1 IDS Examples;19.2 Bayesian Analysis;19.3 Hacking Through IDSs;19.4 The Future of IDSs;19.5 Snort IDS Case Study;19.6 IDS Deployment Issues;19.7 References;Chapter 20: Honeypots;20.1 Motivation;20.2 Building the Infrastructure;20.3 Capturing Attacks;20.4 References;Chapter 21: Incident Response;21.1 Case Study: Worm Mayhem;21.2 Definitions;21.3 Incident Response Framework;21.4 Small Networks;21.5 Medium-Sized Networks;21.6 Large Networks;21.7 References;Chapter 22: Forensics and Antiforensics;22.1 Hardware Review;22.2 Information Detritus;22.3 Forensics Tools;22.4 Bootable Forensics CD-ROMs;22.5 Evidence Eliminator;22.6 Forensics Case Study: FTP Attack;22.7 References;Part V: Appendix;Appendix A: Useful SoftICE Commands and Breakpoints;A.1 SoftICE Commands;A.2 Breakpoints;Colophon;