ورود به حساب

نام کاربری گذرواژه

گذرواژه را فراموش کردید؟ کلیک کنید

حساب کاربری ندارید؟ ساخت حساب

ساخت حساب کاربری

نام نام کاربری ایمیل شماره موبایل گذرواژه

برای ارتباط با ما می توانید از طریق شماره موبایل زیر از طریق تماس و پیامک با ما در ارتباط باشید


09117307688
09117179751

در صورت عدم پاسخ گویی از طریق پیامک با پشتیبان در ارتباط باشید

دسترسی نامحدود

برای کاربرانی که ثبت نام کرده اند

ضمانت بازگشت وجه

درصورت عدم همخوانی توضیحات با کتاب

پشتیبانی

از ساعت 7 صبح تا 10 شب

دانلود کتاب Gray Hat Hacking: The Ethical Hacker’s Handbook

دانلود کتاب Grey Hat Hacking: The Ethical Hacker’s Handbook

Gray Hat Hacking: The Ethical Hacker’s Handbook

مشخصات کتاب

Gray Hat Hacking: The Ethical Hacker’s Handbook

ویرایش: 5th Edition 
نویسندگان: , , , , , , , ,   
سری:  
ISBN (شابک) : 1260108414, 9781260108415 
ناشر: McGraw-Hill Education 
سال نشر: 2018 
تعداد صفحات: 777 
زبان: English 
فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود) 
حجم فایل: 94 مگابایت 

قیمت کتاب (تومان) : 46,000



ثبت امتیاز به این کتاب

میانگین امتیاز به این کتاب :
       تعداد امتیاز دهندگان : 26


در صورت تبدیل فایل کتاب Gray Hat Hacking: The Ethical Hacker’s Handbook به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.

توجه داشته باشید کتاب Grey Hat Hacking: The Ethical Hacker’s Handbook نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.


توضیحاتی در مورد کتاب Grey Hat Hacking: The Ethical Hacker’s Handbook

استراتژی های به روز برای خنثی کردن جدیدترین و موذیانه ترین حملات شبکه

این منبع امنیتی کاملاً به روز شده و استاندارد صنعتی نشان می دهد که چگونه می توان شبکه های رایانه ای را با یادگیری و به کارگیری مؤثر تقویت کرد. تکنیک های هک اخلاقی بر اساس موضوعات مهمی که نویسندگان در کنفرانس‌ها و کالج‌های امنیتی بزرگ تدریس می‌کنند، این کتاب دارای روش‌های برنامه‌ریزی و تحلیل عملی و همچنین مراحل عملی برای شناسایی و مبارزه با حملات هدفمند و فرصت‌طلب است.

گری هک کلاه: کتاب راهنمای هکر اخلاقی، ویرایش پنجمبه وضوح سلاح‌ها، مهارت‌ها و تاکتیک‌های دشمن را توضیح می‌دهد و راه‌حل‌های آزمایش‌شده، مطالعات موردی و آزمایشگاه‌های جالبی را ارائه می‌دهد. شما پوشش کاملی از تست نفوذ، کشف آسیب‌پذیری، تجزیه و تحلیل بدافزار، مهندسی معکوس و امنیت اینترنت اشیا را دریافت خواهید کرد. جدیدترین بهره‌برداری‌های تلفن همراه، باج‌افزارها و مسائل حقوقی به‌طور کامل توضیح داده شده‌اند.

- محتوای کاملاً اصلاح‌شده--دارای 13 فصل کاملاً جدید
- شامل تکنیک‌های فعلی برای تجزیه و تحلیل و مسدود کردن باج افزار
- نوشته شده توسط تیمی از کارشناسان امنیت کامپیوتر


توضیحاتی درمورد کتاب به خارجی

Up-to-date strategies for thwarting the latest, most insidious network attacks

This fully updated, industry-standard security resource shows how to fortify computer networks by learning and effectively applying ethical hacking techniques. Based on critical topics that the authors teach at major security conferences and colleges, the book features actionable planning and analysis methods as well as practical steps for identifying and combating both targeted and opportunistic attacks.

Gray Hat Hacking: The Ethical Hacker's Handbook, Fifth Edition, clearly explains the enemy's devious weapons, skills, and tactics and offers field-tested remedies, case studies, and interesting labs. You will get complete coverage of penetration testing, vulnerability discovery, malware analysis, reverse engineering, and Internet of Things security. State-of-the-art mobile exploits, ransomware, and legal issues are thoroughly explained.

- Fully revised content--features 13 brand-new chapters
- Includes current techniques to analyze and block ransomware
- Written by a team of computer security experts



فهرست مطالب

Cover
Title page
Copyright Page
Contents
Preface
Acknowledgments
Introduction
Part I Preparation
	Chapter 1 Why Gray Hat Hacking? Ethics and Law
		Know Your Enemy
			The Current Security Landscape
			Recognizing an Attack
		The Gray Hat Way
			Emulating the Attack
			Frequency and Focus of Testing
		Evolution of Cyberlaw
			Understanding Individual Cyberlaws
		Summary
		References
	Chapter 2 Programming Survival Skills
		C Programming Language
			Basic C Language Constructs
			Sample Program
			Compiling with gcc
		Computer Memory
			Random Access Memory
			Endian
			Segmentation of Memory
			Programs in Memory
			Buffers
			Strings in Memory
			Pointers
			Putting the Pieces of Memory Together
		Intel Processors
			Registers
		Assembly Language Basics
			Machine vs. Assembly vs. C
			AT&T vs. NASM
			Addressing Modes
			Assembly File Structure
			Assembling
		Debugging with gdb
			gdb Basics
			Disassembly with gdb
		Python Survival Skills
			Getting Python
			“Hello, World!” in Python
			Python Objects
			Strings
			Numbers
			Lists
			Dictionaries
			Files with Python
			Sockets with Python
		Summary
		For Further Reading
		References
	Chapter 3 Next-Generation Fuzzing
		Introduction to Fuzzing
			Types of Fuzzers
			Mutation Fuzzers
			Generation Fuzzers
			Genetic Fuzzing
		Mutation Fuzzing with Peach
			Lab 3-1: Mutation Fuzzing with Peach
		Generation Fuzzing with Peach
			Crash Analysis
			Lab 3-2: Generation Fuzzing with Peach
		Genetic or Evolutionary Fuzzing with AFL
			Lab 3-3: Genetic Fuzzing with AFL
		Summary
		For Further Reading
	Chapter 4 Next-Generation Reverse Engineering
		Code Annotation
			IDB Annotation with IDAscope
			C++ Code Analysis
		Collaborative Analysis
			Leveraging Collaborative Knowledge Using FIRST
			Collaboration with BinNavi
		Dynamic Analysis
			Automated Dynamic Analysis with Cuckoo Sandbox
			Bridging the Static-Dynamic Tool Gap with Labeless
		Summary
		For Further Reading
		References
	Chapter 5 Software-Defined Radio
		Getting Started with SDR
			What to Buy
			Not So Quick: Know the Rules
		Learn by Example
			Search
			Capture
			Replay
			Analyze
			Preview
			Execute
		Summary
		For Further Reading
Part II Business of Hacking
	Chapter 6 So You Want to Be a Pen Tester?
		The Journey from Novice to Expert
			Pen Tester Ethos
			Pen Tester Taxonomy
			The Future of Hacking
			Know the Tech
			Know What Good Looks Like
			Pen Tester Training
			Practice
			Degree Programs
			Knowledge Transfer
		Pen Tester Tradecraft
			Personal Liability
			Being the Trusted Advisor
			Managing a Pen Test
		Summary
		For Further Reading
	Chapter 7 Red Teaming Operations
		Red Team Operations
			Strategic, Operational, and Tactical Focus
			Assessment Comparisons
		Red Teaming Objectives
		What Can Go Wrong
			Limited Scope
			Limited Time
			Limited Audience
			Overcoming Limitations
		Communications
			Planning Meetings
			Defining Measurable Events
		Understanding Threats
		Attack Frameworks
		Testing Environment
		Adaptive Testing
			External Assessment
			Physical Security Assessment
			Social Engineering
			Internal Assessment
		Lessons Learned
		Summary
		References
	Chapter 8 Purple Teaming
		Introduction to Purple Teaming
		Blue Team Operations
			Know Your Enemy
			Know Yourself
			Security Program
			Incident Response Program
			Common Blue Teaming Challenges
		Purple Teaming Operations
			Decision Frameworks
			Disrupting the Kill Chain
			Kill Chain Countermeasure Framework
			Communication
		Purple Team Optimization
		Summary
		For Further Reading
		References
	Chapter 9 Bug Bounty Programs
		History of Vulnerability Disclosure
			Full Vendor Disclosure
			Full Public Disclosure
			Responsible Disclosure
			No More Free Bugs
		Bug Bounty Programs
			Types of Bug Bounty Programs
			Incentives
			Controversy Surrounding Bug Bounty Programs
			Popular Bug Bounty Program Facilitators
		Bugcrowd in Depth
			Program Owner Web Interface
			Program Owner API Example
			Researcher Web Interface
		Earning a Living Finding Bugs
			Selecting a Target
			Registering (If Required)
			Understanding the Rules of the Game
			Finding Vulnerabilities
			Reporting Vulnerabilities
			Cashing Out
		Incident Response
			Communication
			Triage
			Remediation
			Disclosure to Users
			Public Relations
		Summary
		For Further Reading
		References
Part III Exploiting Systems
	Chapter 10 Getting Shells Without Exploits
		Capturing Password Hashes
			Understanding LLMNR and NBNS
			Understanding Windows NTLMv1 and NTLMv2 Authentication
			Using Responder
			Lab 10-1: Getting Passwords with Responder
		Using Winexe
			Lab 10-2: Using Winexe to Access Remote Systems
			Lab 10-3: Using Winexe to Gain Elevated Privileges
		Using WMI
			Lab 10-4 : Querying System Information with WMI
			Lab 10-5: Executing Commands with WMI
		Taking Advantage of WinRM
			Lab 10-6: Executing Commands with WinRM
			Lab 10-7: Using WinRM to Run PowerShell Remotely
		Summary
		For Further Reading
		Reference
	Chapter 11 Basic Linux Exploits
		Stack Operations and Function-Calling Procedures
		Buffer Overflows
			Lab 11-1: Overflowing meet.c
			Ramifications of Buffer Overflows
		Local Buffer Overflow Exploits
			Lab 11-2: Components of the Exploit
			Lab 11-3: Exploiting Stack Overflows from the Command Line
			Lab 11-4: Exploiting Stack Overflows with Generic Exploit Code
			Lab 11-5: Exploiting Small Buffers
		Exploit Development Process
			Lab 11-6: Building Custom Exploits
		Summary
		For Further Reading
	Chapter 12 Advanced Linux Exploits
		Format String Exploits
			Format Strings
			Lab 12-1: Reading from Arbitrary Memory
			Lab 12-2: Writing to Arbitrary Memory
			Lab 12-3: Changing Program Execution
		Memory Protection Schemes
			Compiler Improvements
			Lab 11-4: Bypassing Stack Protection
			Kernel Patches and Scripts
			Lab 12-5: Return to libc Exploits
			Lab 12-6: Maintaining Privileges with ret2libc
			Bottom Line
		Summary
		For Further Reading
		References
	Chapter 13 Windows Exploits
		Compiling and Debugging Windows Programs
			Lab 13-1: Compiling on Windows
			Windows Compiler Options
			Debugging on Windows with Immunity Debugger
			Lab 13-2: Crashing the Program
		Writing Windows Exploits
			Exploit Development Process Review
			Lab 13-3: Exploiting ProSSHD Server
		Understanding Structured Exception Handling (SEH)
		Understanding and Bypassing Windows Memory Protections
			Safe Structured Exception Handling (SafeSEH)
			Bypassing SafeSEH
			SEH Overwrite Protection (SEHOP)
			Bypassing SEHOP
			Stack-Based Buffer Overrun Detection (/GS)
			Bypassing /GS
			Heap Protections
		Summary
		For Further Reading
		References
	Chapter 14 Advanced Windows Exploitation
		Data Execution Prevention (DEP)
		Address Space Layout Randomization (ASLR)
		Enhanced Mitigation Experience Toolkit (EMET) and Windows Defender Exploit Guard
		Bypassing ASLR
		Bypassing DEP and Avoiding ASLR
			VirtualProtect
			Return-Oriented Programming
			Gadgets
			Building the ROP Chain
		Defeating ASLR Through a Memory Leak
			Triggering the Bug
			Tracing the Memory Leak
			Weaponizing the Memory Leak
			Building the RVA ROP Chain
		Summary
		For Further Reading
		References
	Chapter 15 PowerShell Exploitation
		Why PowerShell
			Living Off the Land
			PowerShell Logging
			PowerShell Portability
		Loading PowerShell Scripts
			Lab 15-1: The Failure Condition
			Lab 15-2: Passing Commands on the Command Line
			Lab 15-3: Encoded Commands
			Lab 15-4: Bootstrapping via the Web
		Exploitation and Post-Exploitation with PowerSploit
			Lab 15-5: Setting Up PowerSploit
			Lab 15-6: Running Mimikatz Through PowerShell
			Lab 15-7: Creating a Persistent Meterpreter Using PowerSploit
		Using PowerShell Empire for C2
			Lab 15-8: Setting Up Empire
			Lab 15-9: Staging an Empire C2
			Lab 15-10: Using Empire to Own the System
		Summary
		For Further Reading
		References
	Chapter 16 Next-Generation Web Application Exploitation
		The Evolution of Cross-Site Scripting (XSS)
			Setting Up the Environment
			Lab 16-1: XSS Refresher
			Lab 16-2: XSS Evasion from Internet Wisdom
			Lab 16-3: Changing Application Logic with XSS
			Lab 16-4: Using the DOM for XSS
		Framework Vulnerabilities
			Setting Up the Environment
			Lab 16-5: Exploiting CVE-2017-5638
			Lab 16-6: Exploiting CVE-2017-9805
		Padding Oracle Attacks
			Lab 16-7: Changing Data with the Padding Oracle Attack
		Summary
		For Further Reading
		References
	Chapter 17 Next-Generation Patch Exploitation
		Introduction to Binary Diffing
			Application Diffing
			Patch Diffing
		Binary Diffing Tools
			BinDiff
			turbodiff
			Lab 17-1: Our First Diff
		Patch Management Process
			Microsoft Patch Tuesday
			Obtaining and Extracting Microsoft Patches
			Lab 17-2: Diffing MS17-010
		Patch Diffing for Exploitation
			DLL Side-Loading Bugs
			Lab 17-3: Diffing MS16-009
		Summary
		For Further Reading
		References
Part IV Advanced Malware Analysis
	Chapter 18 Dissecting Mobile Malware
		The Android Platform
			Android Application Package
			Application Manifest
			Analyzing DEX
			Java Decompilation
			DEX Decompilation
			DEX Disassembling
			Example 18-1: Running APK in Emulator
			Malware Analysis
		The iOS Platform
			iOS Security
			iOS Applications
		Summary
		For Further Reading
		References
	Chapter 19 Dissecting Ransomware
		The Beginnings of Ransomware
		Options for Paying the Ransom
		Dissecting Ransomlock
			Example 19-1: Dynamic Analysis
			Example 19-2: Static Analysis
		Wannacry
			Example 19-3: Analyzing Wannacry Ransomware
		Summary
		For Further Reading
	Chapter 20 ATM Malware
		ATM Overview
		XFS Overview
			XFS Architecture
			XFS Manager
		ATM Malware Analysis
			Types of ATM Malware
			Techniques for Installing Malware on ATMs
			Techniques for Dissecting the Malware
			ATM Malware Countermeasures
		Summary
		For Further Reading
		References
	Chapter 21 Deception: Next-Generation Honeypots
		Brief History of Deception
			Honeypots as a Form of Deception
			Deployment Considerations
			Setting Up a Virtual Machine
		Open Source Honeypots
			Lab 21-1: Dionaea
			Lab 21-2: ConPot
			Lab 21-3: Cowrie
			Lab 21-4: T-Pot
		Commercial Alternative: TrapX
		Summary
		For Further Reading
		References
Part V Internet of Things
	Chapter 22 Internet of Things to Be Hacked
		Internet of Things (IoT)
			Types of Connected Things
			Wireless Protocols
			Communication Protocols
			Security Concerns
		Shodan IoT Search Engine
			Web Interface
			Shodan Command-Line Interface
			Lab 22-1: Using the Shodan Command Line
			Shodan API
			Lab 22-2: Testing the Shodan API
			Lab 22-3: Playing with MQTT
			Implications of This Unauthenticated Access to MQTT
		IoT Worms: It Was a Matter of Time
			Lab 22-4: Mirai Lives
			Prevention
		Summary
		For Further Reading
		References
	Chapter 23 Dissecting Embedded Devices
		CPU
			Microprocessor
			Microcontrollers
			System on Chip (SoC)
			Common Processor Architectures
		Serial Interfaces
			UART
			SPI
			I2C
		Debug Interfaces
			JTAG
			SWD (Serial Wire Debug)
		Software
			Bootloader
			No Operating System
			Real-Time Operating System
			General Operating System
		Summary
		For Further Reading
		References
	Chapter 24 Exploiting Embedded Devices
		Static Analysis of Vulnerabilities in Embedded Devices
			Lab 24-1: Analyzing the Update Package
			Lab 24-2: Performing Vulnerability Analysis
		Dynamic Analysis with Hardware
			The Test Environment Setup
			Ettercap
		Dynamic Analysis with Emulation
			FIRMADYNE
			Lab 24-3: Setting Up FIRMADYNE
			Lab 24-4: Emulating Firmware
			Lab 24-5: Exploiting Firmware
		Summary
		Further Reading
		References
	Chapter 25 Fighting IoT Malware
		Physical Access to the Device
			RS-232 Overview
			RS-232 Pinout
			Exercise 25-1: Troubleshooting a Medical Device’s RS-232 Port
		Setting Up the Threat Lab
			ARM and MIPS Overview
			Lab 25-1: Setting Up Systems with QEMU
		Dynamic Analysis of IoT Malware
			Lab 25-2: IoT Malware Dynamic Analysis
			Platform for Architecture-Neutral Dynamic Analysis (PANDA)
			BeagleBone Black Board
		Reverse Engineering IoT Malware
			Crash-Course ARM/MIPS Instruction Set
			Lab 25-3: IDA Pro Remote Debugging and Reversing
			IoT Malware Reversing Exercise
		Summary
		For Further Reading
Index
	A
	B
	C
	D
	E
	F
	G
	H
	I
	J
	K
	L
	M
	N
	O
	P
	Q
	R
	S
	T
	U
	V
	W
	X
	Y
	Z




نظرات کاربران