Gray Hat Hacking, Second Edition - Softcover

About the Author

Shon Harris is the founder and CEO of Logical Security LLC, an information security consultant, a former engineer in the Air Forces Information Warfare unit, an instructor and an author. She has authored several international bestselling books on information security published by McGraw-Hill and Pearson which has sold over a million copies and have been translated into six languages. Ms. Harris authors academic textbooks, security articles for publication and is a technical editor for Information Security Magazine. Ms. Harris has consulted for a large number of organizations in every business sector (financial, medical, retail, entertainment, utility) and several U.S. government agencies over the last 18 years. Ms. Harris provides high-end, advanced and specialized consulting for organizations globally. She also works directly with law firms as a technical and expert witness on cases that range from patent infringement, criminal investigations, civil lawsuits and she specializes in cryptographic technologies. Ms. Harris has taught information security to a wide range of clients over the last 18 years, some of which have included; West Point, Microsoft, DHS, DoD, DoE, NSA, FBI, NASA, CDC, PWC, DISA, RSA, Visa, Intel, Cisco, Oracle, HP, Boeing, Northrop Grumman, Shell, Verizon, Citi, BoA, HSBC, Morgan Stanley, Symantec, Warner Brothers, Bridgestone, American Express, etc. Ms. Harris was recognized as one of the top 25 women in the Information Security field by Information Security Magazine.

From the Back Cover

Uncover, plug, and ethically disclose security flaws

Prevent catastrophic network attacks by exposing security flaws, fixing them, and ethically reporting them to the software author. Fully expanded to cover the hacker's latest devious methods, Gray Hat Hacking: The Ethical Hacker's Handbook, Second Edition lays out each exploit alongside line-by-line code samples, detailed countermeasures, and moral disclosure procedures. Find out how to execute effective penetration tests, use fuzzers and sniffers, perform reverse engineering, and find security holes in Windows and Linux applications. You'll also learn how to trap and autopsy stealth worms, viruses, rootkits, adware, and malware.

• Implement vulnerability testing, discovery, and reporting procedures that comply with applicable laws
• Learn the basics of programming, stack operations, buffer overflow and heap vulnerabilities, and exploit development
• Test and exploit systems using Metasploit and other tools
• Break in to Windows and Linux systems with perl scripts, Python scripts, and customized C programs
• Analyze source code using ITS4, RATS, FlawFinder, PREfast, Splint, and decompilers
• Understand the role of IDA Pro scripts, FLAIR tools, and third-party plug-ins in discovering software vulnerabilities
• Reverse-engineer software using decompiling, profiling, memory monitoring, and data flow analysis tools
• Reveal client-side web browser vulnerabilities with MangleMe, AxEnum, and AxMan
• Probe Windows Access Controls to discover insecure access tokens, security descriptors, DACLs, and ACEs
• Find and examine malware and rootkits using honeypots, honeynets, and Norman SandBox technology