c, 286??“289
finder??™s fees, 68
findings, 59??“61
firewalls
and client-side vulnerabilities, 359??“360
depending on, 71
FLAIR. See Fast Library Acquisition for
Identification and Recognition (FLAIR)
Flake, Halvar, 535
FlawFinder, 280
FLIRT. See Fast Library Identification and
Recognition Technology (FLIRT)
flow analysis tools, 342??“343
format string exploits, 169??“180
mutations against, 493??“495
format strings, 170
format symbols, 170
Fuller, Landon, 496
function calling procedure, 148??“149
fuzzing tools, 44, 348??“349
AxEnum, 372??“377
AxFuzz, 377
AxMan, 378??“383
fuzzing unknown protocols, 352??“353
MangleMe, 370??“371
Sharefuzz, 357
simple URL fuzzer, 349??“352
SPIKE, 353??“357
See also intelligent fuzzing; Sulley
G
gcc, 127
Libsafe, 183, 193
StackShield, StackGuard, and Stack
Smashing Protection (SSP), 183, 193
gdb, 137??“139
goals of attackers, 43
gray box testing, 335
gray hat hackers, 48
Guilfanov, Ilfak, 45??“46, 495??“496
Gray Hat Hacking: The Ethical Hacker??™s Handbook
542
H
hacker, positive connotation of term, 10
hackers??™ motivation, 5
hacking books and classes, 11??“12
hardware interrupts, 212
hardware traps, 212
hashdump command, 91
heap overflow exploits, 180??“182
mutations against, 492??“493
heap spray, 383??“384
hex opcodes, extracting, 226??“227
Hex-Rays, 302??“303
Homeland Security Act of 2002, 35
honeyd, 503
honeynets, 501
types of, 504??“505
honeypots, 501
high-interaction, 503
limitations, 502??“503
low-interaction, 503
reasons for using, 502
honeywalls, 504??“505
hosts file, 522??“523
I
IDA Pro, 293??“303, 309, 530
data structure analysis, 318??“321
generating sig files, 315??“318
Hex-Rays, 302??“303
IDA SDK, 329??“331
IDAPython plug-in, 331??“332
loaders and process modules, 332??“334
plug-in modules, 329??“332
quirks of compiled C++ code, 323??“325
scripting with IDC, 326??“328
static analysis challenges, 309??“310
statically linked programs and FLAIR,
312??“318
stripped binaries, 310??“312
using IDA structures to view program
headers, 321??“323
x86emu plug-in, 332
IDA x86 emulator plug-in (x86emu), 531??“533
IDA-assisted unpacking, 529??“533
IDC, 326??“328
iDefense, 67??“69
identity theft, 7
information concealment, 34??“36
injunctions, 30
Inqtana worm, 44
instrumentation tools, 337??“338
code coverage tools, 340??“341
debuggers, 338??“340
flow analysis tools, 342??“343
memory monitoring tools, 343??“348
profiling tools, 341??“342
Intel processors, 132
Intellectual Property Protection Act
of 2006, 38
intelligent fuzzing, 441
Internet Explorer, security zones, 362??“363
Internet Security Systems (ISS), disclosure
policy, 50
???Internet Security Threat Report, Volume X???, 7
Internet zone, 362
InternetExploiter, 384
interorganizational learning, 65
Intranet zone, 362
investigation, 58
iPods, 6??“7
IsDebuggerPresent function, 529
ITS4, 280
Index
543
K
knowledge barrier, 67
knowledge management, 64??“65
L
laws, 17??“18
Access Device Statute, 19??“22
Computer Fraud and Abuse Act (CFAA),
23??“29
Cyber Security Enhancement Act of 2002,
39??“40
Digital Millennium Copyright Act
(DMCA), 36??“38, 277??“278
Electronic Communications Privacy Act
(ECPA), 32, 33??“34
Homeland Security Act of 2002, 35
Intellectual Property Protection Act of
2006, 38
state law alternatives, 30??“32
Stored Communication Act, 33
USA Patriot Act, 35??“36, 39
Wiretap Act, 32??“33, 36
lines of code (LOC), 15
Linux exploits
buffer overflows, 149??“154
building the exploit sandwich, 167??“168
control of eip, 163
determining the attack vector, 166??“167
determining the offset(s), 163??“166
direct parameter access, 175
exploit development process, 162??“168
exploiting small buffers, 160??“162
exploiting stack overflows by command
line, 157??“158
exploiting stack overflows with generic
code, 158??“160
format string exploits, 169??“180
function calling procedure, 148??“149
heap overflow exploits, 180??“182
local buffer overflow exploits, 154??“162
memory protection schemes, 182??“193
overflow of meet.
Pages:
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932