• Home

  • Documents

  • Gray Hat Hacking: The Ethical Hacker’s Handbook - ISACA · PDF fileinformation on...
1
18 ISACA JOURNAL VOLUME 3, 2015 The rise of hacking exploits and their potential to cause havoc to enterprises, nations, industries and individuals has led to a need for more information on hacking. Gray Hat Hacking: The Ethical Hacker’s Handbook is written by a team of experts with advanced knowledge in gray hat hacking and penetration testing, and the book includes proven strategies and techniques meant to fortify user networks and help prevent current and emerging digital catastrophes. The book offers a variety of hacking tools and weapons, case studies, mitigating remedies against attacks, and ready-to-deploy models. It gives an overview of modern hacking tools and techniques such as Android-based exploits and reverse-engineering techniques. It also outlines the ethical considerations of hacking, including existing cyberlaws. The book was compiled by a team of experts with years of experience in the field, demonstrated by the depth and accuracy of this book. Gray Hat Hacking highlights important points in its note bookmarks and lists useful links and references in each chapter. Additionally, practical codes and command structures bring theory to real-life scenarios, which are included in the book as engaging illustrations, graphics and tables. The book succeeds in giving a holistic guide to the subject of gray hat hacking by addressing the different facets of the subject, from definitions to legal developments in the area. It also provides up-to-date granular threat profiles, processes, techniques, commands and tools that are utilized in modern-day hacking. All of this is achieved while keeping to the key theme of the gray hat—responsible and truly ethical in its intentions and the materials prescribed. A key aspect of the book’s coverage is a focus on programming, which is needed in order to be able to create exploits or review source code. Fuzzing techniques and shellcode creation are also reviewed, as are advanced penetration methods and exploits. The benefits derived from the book are numerous and readers will be able to: • Build and launch spoofing exploits with Ettercap and Evilgrade • Hack Cisco routers, switches and network hardware • Bypass Windows Access Control and memory-protection schemes • Use advanced reverse-engineering to exploit Windows and Linux software and learn the use- after-free technique in recent zero-day exploits • Neutralize ransomware before it takes control of their desktop • Find one-day vulnerabilities with binary diffing and other similar techniques The book itself is broken into three parts and has 23 chapters. The first part prepares the readers with essential tools and techniques, such as programming and reverse engineering. It describes the distinctions between black, gray and white hat hackers and their respective characteristics. The second part delves deep into advanced penetration techniques and exploits, with hands-on testing labs, covered beyond what is available in print and other materials on the subject. The final part covers Android malware, ransomware, 64-bit malware and next-generation reverse engineering. The book delivers a comprehensive and up-to-date compilation of the gray hat hacker’s tools and materials, with downloadable hands-on labs that can be replicated by readers. Since the last edition, 12 new chapters have been added and many of the gaps from the previous edition have been addressed. EDITOR’S NOTE Gray Hat Hacking: The Ethical Hacker’s Handbook is available from the ISACA ® Bookstore. For information, see the ISACA Bookstore Supplement in this issue of the Journal, visit www.isaca.org/bookstore, email [email protected] or telephone +1.847.660.5650. By Allen Harper, Shon Harris, Jonathan Ness, Chris Eagle, Gideon Lenkey, Terron Williams Reviewed by Ibe Etea, CISA, CRISC, CA, CFE, CIA, CRMA, a corporate governance, internal controls, fraud and enterprise risk assurance professional. Etea also serves as a member on the advisory council of the Association of Certified Fraud Examiners (ACFE). Gray Hat Hacking: The Ethical Hacker’s Handbook Do you have something to say about this article? Visit the Journal pages of the ISACA web site (www.isaca. org/journal), find the article and choose the Comments tab to share your thoughts. Go directly to the article:

Gray Hat Hacking: The Ethical Hacker’s Handbook - ISACA · PDF fileinformation on hacking. Gray Hat Hacking: The Ethical Hacker’s Handbook is ... lists useful links and references

Embed Size (px)

Citation preview

Page 1: Gray Hat Hacking: The Ethical Hacker’s Handbook - ISACA · PDF fileinformation on hacking. Gray Hat Hacking: The Ethical Hacker’s Handbook is ... lists useful links and references

18 ISACA JOURNAL VOLUME 3, 2015

The rise of hacking exploits and their potential to cause havoc to enterprises, nations, industries and individuals has led to a need for more information on hacking. Gray Hat Hacking: The Ethical Hacker’s Handbook is written by a team of experts with advanced knowledge in gray hat hacking and penetration testing, and the book includes proven strategies and techniques meant to fortify user networks and help prevent current and emerging digital catastrophes.

The book offers a variety of hacking tools and weapons, case studies, mitigating remedies against attacks, and ready-to-deploy models. It gives an overview of modern hacking tools and techniques such as Android-based exploits and reverse-engineering techniques. It also outlines the ethical considerations of hacking, including existing cyberlaws. The book was compiled by a team of experts with years of experience in the field, demonstrated by the depth and accuracy of this book. Gray Hat Hacking highlights important points in its note bookmarks and lists useful links and references in each chapter. Additionally, practical codes and command structures bring theory to real-life scenarios, which are included in the book as engaging illustrations, graphics and tables.

The book succeeds in giving a holistic guide to the subject of gray hat hacking by addressing the different facets of the subject, from definitions to legal developments in the area. It also provides up-to-date granular threat profiles, processes, techniques, commands and tools that are utilized in modern-day hacking. All of this is achieved while keeping to the key theme of the gray hat—responsible and truly ethical in its intentions and the materials prescribed. A key aspect of the book’s coverage is a focus on programming, which is needed in order to be able to create exploits or review source code. Fuzzing techniques and shellcode creation are also reviewed, as are advanced penetration methods and exploits.

The benefits derived from the book are numerous and readers will be able to: • Build and launch spoofing exploits with

Ettercap and Evilgrade• Hack Cisco routers, switches and

network hardware• Bypass Windows Access Control and

memory-protection schemes• Use advanced reverse-engineering to exploit

Windows and Linux software and learn the use-after-free technique in recent zero-day exploits

• Neutralize ransomware before it takes control of their desktop

• Find one-day vulnerabilities with binary diffing and other similar techniquesThe book itself is broken into three parts

and has 23 chapters. The first part prepares the readers with essential tools and techniques, such as programming and reverse engineering. It describes the distinctions between black, gray and white hat hackers and their respective characteristics. The second part delves deep into advanced penetration techniques and exploits, with hands-on testing labs, covered beyond what is available in print and other materials on the subject. The final part covers Android malware, ransomware, 64-bit malware and next-generation reverse engineering.

The book delivers a comprehensive and up-to-date compilation of the gray hat hacker’s tools and materials, with downloadable hands-on labs that can be replicated by readers. Since the last edition, 12 new chapters have been added and many of the gaps from the previous edition have been addressed.

EDITOR’S NOTEGray Hat Hacking: The Ethical Hacker’s Handbook is available from the ISACA® Bookstore. For information, see the ISACA Bookstore Supplement in this issue of the Journal, visit www.isaca.org/bookstore, email [email protected] or telephone +1.847.660.5650.

By Allen Harper, Shon Harris, Jonathan Ness, Chris Eagle, Gideon Lenkey, Terron Williams

Reviewed by Ibe Etea, CISA,

CRISC, CA, CFE, CIA, CRMA,

a corporate governance,

internal controls, fraud and

enterprise risk assurance

professional. Etea also serves

as a member on the advisory

council of the Association of

Certified Fraud Examiners

(ACFE).

Gray Hat Hacking: The Ethical Hacker’s Handbook

Do you have something to say about this article?

Visit the Journal pages of the ISACA web site (www.isaca.org/journal), find the article and choose the Comments tab to share your thoughts.

Go directly to the article:

Cincuenta Sombras del Gray Hat Hacking

Cincuenta Sombras del Gray Hat Hacking

Documents
Web Application Hacker’s Toolkit

Web Application Hacker’s Toolkit

Documents
A User’s and Hacker’s Guide to the SimpleScalar Architectural Research …skadron/cs654/cs654_01/slides/h… ·  · 2002-08-27A User’s and Hacker’s Guide to the SimpleScalar

A User’s and Hacker’s Guide to the SimpleScalar Architectural Research …skadron/cs654/cs654_01/slides/h… ·  · 2002-08-27A User’s and Hacker’s Guide to the SimpleScalar

Documents
side-channel attack surfaces A Hacker’s guide to …...Security and Privacy Group Google, @elie A Hacker’s guide to reducing side-channel attack surfaces using deep-learning with

side-channel attack surfaces A Hacker’s guide to …...Security and Privacy Group Google, @elie A Hacker’s guide to reducing side-channel attack surfaces using deep-learning with

Documents
A User’s and Hacker’s Guide to the SimpleScalar ...ee565/project/sscalar_hack_guide.pdfA User’s and Hacker’s Guide to the SimpleScalar Architectural Research Tool Set (for

A User’s and Hacker’s Guide to the SimpleScalar ...ee565/project/sscalar_hack_guide.pdfA User’s and Hacker’s Guide to the SimpleScalar Architectural Research Tool Set (for

Documents
# !@ Ethical Hacking. 2 # !@ Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting

# !@ Ethical Hacking. 2 # !@ Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting

Documents
SimpleScalar Hacker’s Guide - es.ele.tue.nlmwijtvliet/5MD00_SC/downloads...SimpleScalar Hacker’s Guide Todd Austin SimpleScalar LLC SimpleScalar Hacker’s Guide (for tool set

SimpleScalar Hacker’s Guide - es.ele.tue.nlmwijtvliet/5MD00_SC/downloads...SimpleScalar Hacker’s Guide Todd Austin SimpleScalar LLC SimpleScalar Hacker’s Guide (for tool set

Documents
EBOOK A Hacker’s Guide to Ransomware Mitigation and Recovery

EBOOK A Hacker’s Guide to Ransomware Mitigation and Recovery

Documents
Tim Jensen, CISSP CBI Shodan: The Hacker’s Search Engine

Tim Jensen, CISSP CBI Shodan: The Hacker’s Search Engine

Documents
Hacking – Ethical Hacking

Hacking – Ethical Hacking

Technology
Gray Hat Hacking - Grand Computers€¦ · Gray Hat Hacking Grand Computers Club ... Definitions •Black-hat hackers, or simply “black hats,” are the type of hacker the popular

Gray Hat Hacking - Grand Computers€¦ · Gray Hat Hacking Grand Computers Club ... Definitions •Black-hat hackers, or simply “black hats,” are the type of hacker the popular

Documents
Hacking / Hacking Exposed 6: Network Security Secrets & …cdn.ttgtmedia.com/searchMidmarketSecurity/downloads/Hacking... · 153 Hacking / Hacking Exposed 6: Network Security Secrets

Hacking / Hacking Exposed 6: Network Security Secrets & …cdn.ttgtmedia.com/searchMidmarketSecurity/downloads/Hacking... · 153 Hacking / Hacking Exposed 6: Network Security Secrets

Documents
Hacker’s Mind · 2020. 4. 27. · Security awareness training is not about clicking the write answer, it is about changing behavior. Hacker’s Mind by Elevate Security gamifies

Hacker’s Mind · 2020. 4. 27. · Security awareness training is not about clicking the write answer, it is about changing behavior. Hacker’s Mind by Elevate Security gamifies

Documents
Computer Science and Engineering 1 Web Application Hacker’s Toolkit

Computer Science and Engineering 1 Web Application Hacker’s Toolkit

Documents
The Hacker’s Underground Handbook€¦ · 1 The Hacker’s Underground Handbook . Learn What it Takes to Crack Even the Most Secure Systems . By: David Melnichuk

The Hacker’s Underground Handbook€¦ · 1 The Hacker’s Underground Handbook . Learn What it Takes to Crack Even the Most Secure Systems . By: David Melnichuk

Documents
1 Ethics of Ethical Hacking Source: Grey Hat Hacking: The Ethical Hacker’s Handbook By Shon Harris, Allen Harper, Chris Eagle, Jonathan Ness, Michael Lester

1 Ethics of Ethical Hacking Source: Grey Hat Hacking: The Ethical Hacker’s Handbook By Shon Harris, Allen Harper, Chris Eagle, Jonathan Ness, Michael Lester

Documents
A Hacker’s Guide to the SimpleScalar Architectural Research Tool Setftp.cs.wisc.edu/sohi/Code/simplescalar-1.0/hack_guide.… ·  · 1996-12-17A Hacker’s Guide to the SimpleScalar

A Hacker’s Guide to the SimpleScalar Architectural Research Tool Setftp.cs.wisc.edu/sohi/Code/simplescalar-1.0/hack_guide.… ·  · 1996-12-17A Hacker’s Guide to the SimpleScalar

Documents
202 887 0200 | Consequences of Hacking ...cs.brown.edu/people/jsavage/Deterrence/2017_10_12... · The hacker’s apparent goal was to strike a blow against the Saudi regime, if only

202 887 0200 | Consequences of Hacking ...cs.brown.edu/people/jsavage/Deterrence/2017_10_12... · The hacker’s apparent goal was to strike a blow against the Saudi regime, if only

Documents
A Hacker’s Introduction to the Nokia N900 - Be-Clubrezo.biz/wp-content/uploads/2009/12/PUSH_N900_Hackers_guidev1.0.… · A Hacker’s Introduction to the Nokia N900. ... pages

A Hacker’s Introduction to the Nokia N900 - Be-Clubrezo.biz/wp-content/uploads/2009/12/PUSH_N900_Hackers_guidev1.0.… · A Hacker’s Introduction to the Nokia N900. ... pages

Documents
A User’s and Hacker’s Guide to the SimpleScalar

A User’s and Hacker’s Guide to the SimpleScalar

Documents
Hacking - cdn.ttgtmedia.comcdn.ttgtmedia.com/.../HarrisGrayHatHackingCh1.pdf · All-In-One / Gray Hat Hacking: The Ethical Hacker’s Handbook / Harris, Harper, Eagle, Ness, Lester

Hacking - cdn.ttgtmedia.comcdn.ttgtmedia.com/.../HarrisGrayHatHackingCh1.pdf · All-In-One / Gray Hat Hacking: The Ethical Hacker’s Handbook / Harris, Harper, Eagle, Ness, Lester

Documents
BlackHat Hacking - Hacking VoIP

BlackHat Hacking - Hacking VoIP

Internet
Web Applications – The Hacker’s New Target · Web Applications – The Hacker’s New Target Hacking 102: Integrating Web Application Security Testing into Development 1. Ross

Web Applications – The Hacker’s New Target · Web Applications – The Hacker’s New Target Hacking 102: Integrating Web Application Security Testing into Development 1. Ross

Documents
Ethical Hacking: Hacking GMail. Teaching Hacking

Ethical Hacking: Hacking GMail. Teaching Hacking

Documents
The Hacker’s Underground Handbookindex-of.co.uk/Hacking-Coleccion/166 - The Underground Hacker's... · effective hacking if you understand all of the security tools very well. Even

The Hacker’s Underground Handbookindex-of.co.uk/Hacking-Coleccion/166 - The Underground Hacker's... · effective hacking if you understand all of the security tools very well. Even

Documents
The Heroku Hacker’s Guide - Canoë Kayak Décines Meyzieu€¦ · 5.1 Best Practices and You ... a CLI tool for creating and managing your ... The Heroku Hacker’s Guide,

The Heroku Hacker’s Guide - Canoë Kayak Décines Meyzieu€¦ · 5.1 Best Practices and You ... a CLI tool for creating and managing your ... The Heroku Hacker’s Guide,

Documents
The Hacker’s Underground Handbook - GUTL · The Hacker’s Underground Handbook . ... 3. Countermeasures I. Web Hacking ... 2. Download and install IsoRecorder at

The Hacker’s Underground Handbook - GUTL · The Hacker’s Underground Handbook . ... 3. Countermeasures I. Web Hacking ... 2. Download and install IsoRecorder at

Documents
Gray hat hacking : the ethical hacker's handbook Hacking,TheEthical Hacker's Handbook, Third Edition xiv DeterminetheAttack Vector 221 BuildtheExploitSandwich 222 Test theExploit 222

Gray hat hacking : the ethical hacker's handbook Hacking,TheEthical Hacker's Handbook, Third Edition xiv DeterminetheAttack Vector 221 BuildtheExploitSandwich 222 Test theExploit 222

Documents
Gray Hat Hacking, - Internet Archive...Gray Hat Hacking, Third Edition Reviews “Bigger, better, and more thorough, the Gray Hat Hacking series is one that I’ve enjoyed from the

Gray Hat Hacking, - Internet Archive...Gray Hat Hacking, Third Edition Reviews “Bigger, better, and more thorough, the Gray Hat Hacking series is one that I’ve enjoyed from the

Documents
hacking and ethical hacking

hacking and ethical hacking

Education