A bug hunter's diary : a guided tour through the wilds of software security / Tobias Klein.

Format:

Book

Author/Creator:

Klein, Tobias.

Standardized Title:

Aus dem Tagebuch eines Bughunters. English

Language:

English

Subjects (All):

Debugging in computer science.

Computer security.

Malware (Computer software).

Physical Description:

1 online resource (212 p.)

Edition:

1st edition

Place of Publication:

San Francisco : No Starch Press, c2011.

Language Note:

English

System Details:

text file

Summary:

Although ominous-sounding terms like "zero-day" and "exploit" are widely used, even many security professionals don't know how bug hunters actually find and attack software security flaws. In A Bug Hunter's Diary , readers follow along with security expert Tobias Klein as he tracks down and exploits bugs in some of the world's most popular programs. Whether by browsing source code, poring over disassembly, or fuzzing live programs, readers get an over-the-shoulder glimpse into the world of a bug hunter as Klein unearths security flaws and uses them to take control of affected systems. Readers

Contents:

Index; Acknowledgments; Acknowledgments; Introduction; Introduction; The Goals of This Book; Who Should Read the Book; Disclaimer; Resources; 1; Bug Hunting; Bug Hunting; 1.1 For Fun and Profit; 1.2 Common Techniques; Index; 1.2.1 My Preferred Techniques; 1.2.2 Potentially Vulnerable Code Locations; 1.2.3 Fuzzing; 1.2.4 Further Reading; 1.3 Memory Errors; 1.4 Tools of the Trade; 1.4.1 Debugger; 1.4.2 Disassemblers; 1.5 EIP = 41414141; 1.6 Final Note; 2; Back to the '90s; Back to the '90s; 2.1 Vulnerability Discovery; Step 1: Generate a List of the Demuxers of VLC

Step 2: Identify the Input DataStep 3: Trace the Input Data; 2.2 Exploitation; Step 1: Find a Sample TiVo Movie File; Step 2: Find a Code Path to Reach the Vulnerable Code; Step 3: Manipulate the TiVo Movie File to Crash VLC; Step 4: Manipulate the TiVo Movie File to Gain Control of EIP; 2.3 Vulnerability Remediation; 2.4 Lessons Learned; 2.5 Addendum; Escape from the WWW Zone; Escape from the WWW Zone; 3.1 Vulnerability Discovery; Step 1: List the IOCTLs of the Kernel; Step 2: Identify the Input Data; Step 3: Trace the Input Data; 3.2 Exploitation

Step 1: Trigger the NULL Pointer Dereference for a Denial of ServiceStep 2: Use the Zero Page to Get Control over EIP/RIP; 3.3 Vulnerability Remediation; 3.4 Lessons Learned; 3.5 Addendum; NULL Pointer FTW; NULL Pointer FTW; 4.1 Vulnerability Discovery; Step 1: List the Demuxers of FFmpeg; Step 2: Identify the Input Data; Step 3: Trace the Input Data; 4.2 Exploitation; Step 1: Find a Sample 4X Movie File with a Valid strk Chunk; Step 2: Learn About the Layout of the strk Chunk; Step 3: Manipulate the strk Chunk to Crash FFmpeg; Step 4: Manipulate the strk Chunk to Gain Control over EIP

4.3 Vulnerability Remediation4.4 Lessons Learned; 4.5 Addendum; Browse and You're Owned; Browse and You're Owned; 5.1 Vulnerability Discovery; Step 1: List the Registered WebEx Objects and Exported Methods; Step 2: Test the Exported Methods in the Browser; Step 3: Find the Object Methods in the Binary; Step 4: Find the User-Controlled Input Values; Step 5: Reverse Engineer the Object Methods; 5.2 Exploitation; 5.3 Vulnerability Remediation; 5.4 Lessons Learned; 5.5 Addendum; One Kernel to Rule Them All; One Kernel to Rule Them All; 6.1 Vulnerability Discovery

Step 1: Prepare a VMware Guest for Kernel DebuggingStep 2: Generate a List of the Drivers and Device Objects Created by avast!; Step 3: Check the Device Security Settings; Step 4: List the IOCTLs; Step 5: Find the User-Controlled Input Values; Step 6: Reverse Engineer the IOCTL Handler; 6.2 Exploitation; 6.3 Vulnerability Remediation; 6.4 Lessons Learned; 6.5 Addendum; A Bug Older Than 4.4BSD; A Bug Older Than 4.4BSD; 7.1 Vulnerability Discovery; Step 1: List the IOCTLs of the Kernel; Step 2: Identify the Input Data; Step 3: Trace the Input Data; 7.2 Exploitation

Step 1: Trigger the Bug to Crash the System (Denial of Service)

Notes:

Description based upon print version of record.

Includes bibliographical references and index.

Description based on publisher supplied metadata and other sources.

ISBN:

9781593274153

1593274157

OCLC:

830164464