Gray Hat Hacking: The Ethical Hacker's Handbook (All-In-One) [Paperback]

Excerpts from review by Patrick Mueller
... a proficient work...offers a smorgasbord of topics geared towards moderate- and advanced-level practitioners...The authors touch on some deep technical issues, such as automated penetration testing and shellcode exploit construction...great command of the material...[authors] discuss a few refreshingly different topics -- such as vulnerability disclosure protocols -- that are hardly covered elsewhere.

The authors did...deliver on their ethical obligations to provide accurate countermeasures to attack methods they describe -- a true value to readers. ... security professionals will find value in the authors' formidable understanding of the material. (Information Security Magazine )

Analyze your company’s vulnerability to hacks with expert guidance from Gray Hat Hacking: The Ethical Hacker’s Handbook. Discover advanced security tools and techniques such as fuzzing, reverse engineering, and binary scanning. Test systems using both passive and active vulnerability analysis. Learn to benefit from your role as a gray hat. Review ethical and legal issues and case studies. This unique resource provides leading-edge technical information being utilized by the top network engineers, security auditors, programmers, and vulnerability assessors. Plus, the book offers in-depth coverage of ethical disclosure and provides a practical course of action for those who find themselves in a "disclosure decision" position.

Detect, ethically disclose, and repair security flaws before malicious hackers wreak havoc

Avoid devastating network attacks by acquiring the advanced skills malicious hackers and computer criminals are using today. Gray Hat Hacking: The Ethical Hacker’s Handbook takes you to the next level by explaining, line-by-line, the code behind the latest and most insidious hacking techniques, as well as their countermeasures. Many of the attacks described have been used to successfully carry out online fraud, identity theft, extortion, denial of service attacks, and access to critical and confidential data. Malicious hackers are dedicated to bringing about mayhem and destruction--this book will teach you how to identify and stop them.

• Plan, script, and execute widespread security tests using redteaming approaches
• Carry out advanced vulnerability assessments, penetration tests, code scans, and system auditing tests
• Use the latest target discovery and fingerprinting tools: Paketto Keiretsu, Xprobe2, P0f, Amap, Winfingerprint
• Generate error conditions and crashes within programs using fuzzers
• Automate pen-tests with Python Survival Skills, Core Impact, CANVAS, and Metasploit
• Deploy the latest sniffing tools/techniques: Ettercap, Dsniff, SMB/LANMan credential sniffing, Kerbsniff/Kerbcrack
• Understand passive vs. active sniffing, including MAC flooding, ARP cache poisoning, MAC duplicating, and DNS poisoning
• Use various classes of Reverse Engineering tools: Debugging, Code Coverage, Profiling, Flow Analysis, and Memory Monitoring Tools
• Create proof of concept exploits using stack operations, local and remote buffer overflows, and heap overflows

Shon Harris (Fairchild Air Force Base, WA) MCSE, CISSP, is a security consultant who provides security assessments and analysis, vulnerability testing, and solutions to a wide range of different businesses.

Allen Harper (Burke, VA) has served in the Marine Corps for 16 years as both enlisted and an officer. Currently, he serves as a security engineer in the US Department of Defense.

Chris Eagle (Monterey, CA) is the Associate Chairman of the Computer Science Department at the Naval Postgraduate School (NPS) in Monterey, CA.

Michael J. Lester (Miami, FL) CISSP, MCSE, MCSA, MCT, CCNP, CCDP, CCSE+, CCI, CCEA, CTT+, Linux+, Security+, Network+, I-net+, A+, holds a Bachelor of Science degree in Information Technology, and is a senior consultant and instructor for MicroLink Corporation.