Gray Hat Hacking : The Ethical Hacker's Handbook

Books Details :

Author : Shon Harris, Allen Harper, Chris Eagle, Jonathan Ness, Michael Lester
Paperback: 512 pages
Publisher: McGraw-Hill Osborne Media(October 11, 2004)
Language: English
ISBN: 0072257091
Product Dimensions: 9.1 x 7.4 x 0.9 inches



Book Description
Analyze your company's vulnerability to hacks with expert guidance from Gray Hat Hacking: The Ethical Hacker's Handbook . Discover advanced security tools and techniques such as fuzzing, reverse engineering, and binary scanning. Test systems using both passive and active vulnerability analysis. Learn to benefit from your role as a gray hat. Review ethical and legal issues and case studies. This unique resource provides leading-edge technical information being utilized by the top network engineers, security auditors, programmers, and vulnerability assessors. Plus, the book offers in-depth coverage of ethical disclosure and provides a practical course of action for those who find themselves in a "disclosure decision" position.

From the Back Cover

Detect, ethically disclose, and repair security flaws before malicious hackers wreak havoc

Avoid devastating network attacks by acquiring the advanced skills malicious hackers and computer criminals are using today. Gray Hat Hacking: The Ethical Hacker’s Handbook takes you to the next level by explaining, line-by-line, the code behind the latest and most insidious hacking techniques, as well as their countermeasures. Many of the attacks described have been used to successfully carry out online fraud, identity theft, extortion, denial of service attacks, and access to critical and confidential data. Malicious hackers are dedicated to bringing about mayhem and destruction--this book will teach you how to identify and stop them.

1. Plan, script, and execute widespread security tests using redteaming approaches
2. Carry out advanced vulnerability assessments, penetration tests, code scans, and system auditing tests
3. Use the latest target discovery and fingerprinting tools: Paketto Keiretsu, Xprobe2, P0f, Amap, Winfingerprint
4. Generate error conditions and crashes within programs using fuzzers
5. Automate pen-tests with Python Survival Skills, Core Impact, CANVAS, and Metasploit
6. Deploy the latest sniffing tools/techniques: Ettercap, Dsniff, SMB/LANMan credential sniffing, Kerbsniff/Kerbcrack
7. Understand passive vs. active sniffing, including MAC flooding, ARP cache poisoning, MAC duplicating, and DNS poisoning
8. Use various classes of Reverse Engineering tools: Debugging, Code Coverage, Profiling, Flow Analysis, and Memory Monitoring Tools
9. Create proof of concept exploits using stack operations, local and remote buffer overflows, and heap overflows

Information Security, January 2005
smorgasbord of topics...some deep technical issues...great command of…material...a few refreshingly different topics...deliver[s]...ethical obligations…formidable understanding of…material.

Review
Information Security Magazine : Excerpts from review by Patrick Mueller
... a proficient work...offers a smorgasbord of topics geared towards moderate- and advanced-level practitioners...The authors touch on some deep technical issues, such as automated penetration testing and shellcode exploit construction...great command of the material...[authors] discuss a few refreshingly different topics -- such as vulnerability disclosure protocols -- that are hardly covered elsewhere. The authors did...deliver on their ethical obligations to provide accurate countermeasures to attack methods they describe -- a true value to readers. ... security professionals will find value in the authors' formidable understanding of the material.

Spotlight Reviews :

Reviewer: Richard Bejtlich "TaoSecurity.com" (Washington, DC)
'Gray Hat Hacking' (GHH) is positioned as a next-generation book for so-called ethical hackers, moving beyond the tool-centric discussions of books like 'Hacking Exposed.' The authors leave their definition of 'gray hat' unresolved until ch 3, where they claim that a 'white hat' is a person who 'uncovers a vulnerability and exploits it with authorization;' a 'black hat' is one who 'uncovers a vulnerability and illegally exploits it and/or tells others how to;' and a 'gray hat' is one who 'uncovers a vulnerability, does not illegally exploit it or tell others how to do it, but works with the vendor.' I disagree and prefer SearchSecurity.com's definitions, where white hats find vulnerabilities and tell vendors without providing public exploit code; black hats find vulnerabilities, code exploits, and maliciously attack victims; and gray hats find vulnerabilities, publish exploits, but do not illegally use them. According to these more common definitions, the book should have been called 'White Hat Hacking.' I doubt it would sell as well with that title!

Content-wise, the book mixes ethical and legal advice with tool overviews and technical information. Many reviewers note the good legal overview in ch 3, where I found the tables summarizing various laws to be helpful. The authors provide a sound rationale for penetration testing: 'Nothing should be trusted until it is tested' (p. 13). I enjoyed the disclosure discussion in ch 3 as well. I liked the brief tool descriptions of Core IMPACT, Immunity Security's CANVAS, and the Metasploit Framework. Some of the other discussions (e.g., Amap, P0f, Ettercap) didn't go deeper than already published explanations of those same tools.

I found the technical material to be accurate albeit somewhat disorganized and in some cases far too shallow. For example, the authors provide 6 pages on Python (ch 6), 6 pages on C (ch 7), and a single 21 page chapter (ch 10) mentioning system calls, socket programming, and assembly language. On p 279 and several other places the authors admit their topic 'deserves a chapter to itself, if not an entire book!' They should have trusted their instincts and required readers to have prior knowledge of programming in low- and high-level languages prior to reading GHH. Instead, short sections that are too basic for the pros but too rushed for beginners detract from the book's focus.

The five authors clearly know their subjects, but they should have coordinated their chapters better. For example, ch 7 introduces using debuggers without even a description of their purpose. Six chapters later (in ch 13), we read a description of debugging only to be followed again by another discussion of debugging in ch 14. All of this should have been consolidated and rationalized.

I think McGraw-Hill/Osborne's second edition of GHH should seek to differentiate itself from more focused books like 'The Shellcoder's Handbook' (by Wiley) and 'Exploiting Software' (by Addison-Wesley). There is a market for high-end security books without sparse introductory material included for the benefit of beginners. Authors should either commit to the beginners and give enough information to enlighten them, or tell them to read foundational references first and concentrate on the more experienced audience. Authors like Allen Harper and Chris Eagle, winners of last year's 'Capture the Flag' contest at Def Con, can deliver the goods if not constrained by a publisher's desire to address as broad an audience as possible. I would not be surprised to see this book greatly expanded in a second edition, which I look forward to reading.

Reviewer: Jeff Pike (Stafford, VA United States)
This book is designed as a beyond Hacking Exposed type book. It certainly lives up to that by concentrating on more fundamental knowledge. Among it's strong points, this book is the most solid introduction to vulnerability discovery techniques I have seen. Another point to this books credit is that I was unable to find any errors in the examples I ran (about half)

The authors start out with a 4 chapters that discuss things like... what pen-testing is, ethics, legal issues. Some of the more useful discussions in this section include legal issues, and reporting vulnerabilities to vendors. Some of the less useful discussions include the difference between gray, white, and black hats. Omitted was discussion the true old schoool meaning of 'hacker.' The first 4 chapters rate three stars.

Chapters 5 and 6 discuss some cool tools including: p0f, amap, ettercap, xprobe2, metasploit, CANVAS, and IMACT. Enough information is included to get you going on each one. Also the underlying principles are discussed. Good chapters. Chapters 5 and 6 rate four stars.

Chapters 7 through 11 discuss: Programming, Linux Exploits, Shell Code, and Windows Exploits. The "Programming Survival Skills" chapter is a little light, but that can only be expected. These chapters are very well done, and this is the best section of the book. The explanations are very clear and concise. I tried many of the examples in these chapters, and they worked flawlessly. The authors attention to detail will make these chapters very valuable to those learning vulnerability research and discovery. The material here provides a solid foundation. Chapters 7 through 11 rate a strong five stars.

Chapters 12 through 15 discuss reverse engineering, writing exploits, and patching the holes. Tools discuss include valgrind, sharefuzz, SPIKE, IDA Pro, RATS, its4, debuggers, and more. This is a nice introduction to reverse engineering. It's enough to get you going, but it's not quite as deep as many will probably want. The discussions here are well done. Chapters 12 through 15 rate a weak five stars.

Overall, I rated this book a strong four stars. I would have loved to give it five stars if the first few chapters were better. I wouldn't mind seeing them removed and replaced with expanded technical content in any future editions. Based on the strengh of the remainder of this book, it's hard to imagine a better introduction to advanced vulnerability discovery techniques. I wish I had this a few years ago!