Gray Hat Hacking : The Ethical Hacker's Handbook - Softcover

About the Author

Shon Harris, CISSP, MCSE, is the president of Logical Security, a security consultant, a former engineer in the Air Force’s Information Warfare unit, an instructor and an author. She has authored two best selling CISSP books, was a contributing author to the book, Hacker’s Challenge, and a contributing author to the book Gray Hat Hacking. Shon has consulted for a variety of companies in many different industries. Shon has taught computer and information security to a wide range of clients, some of which have included RSA, Department of Defense, Department of Energy, West Point, National Security Agency (NSA), Bank of America, Defense Information Systems Agency (DISA), BMC, Intel, and many more. Shon was recognized as one of the top 25 women in the Information Security field by Information Security Magazine. She has been asked by McGraw-Hill to develop McGraw-Hill’s new security textbook series that will be sold to universities, colleges, and technical schools throughout the world. Shon is currently writing a CISA book to be published by McGraw-Hill in 2008. Additionally, Shon writes security articles for Information Security Magazine and Windows 2000 Magazine and other leading industry journals.

From the Back Cover

Detect, ethically disclose, and repair security flaws before malicious hackers wreak havoc

Avoid devastating network attacks by acquiring the advanced skills malicious hackers and computer criminals are using today. Gray Hat Hacking: The Ethical Hacker’s Handbook takes you to the next level by explaining, line-by-line, the code behind the latest and most insidious hacking techniques, as well as their countermeasures. Many of the attacks described have been used to successfully carry out online fraud, identity theft, extortion, denial of service attacks, and access to critical and confidential data. Malicious hackers are dedicated to bringing about mayhem and destruction--this book will teach you how to identify and stop them.

• Plan, script, and execute widespread security tests using redteaming approaches
• Carry out advanced vulnerability assessments, penetration tests, code scans, and system auditing tests
• Use the latest target discovery and fingerprinting tools: Paketto Keiretsu, Xprobe2, P0f, Amap, Winfingerprint
• Generate error conditions and crashes within programs using fuzzers
• Automate pen-tests with Python Survival Skills, Core Impact, CANVAS, and Metasploit
• Deploy the latest sniffing tools/techniques: Ettercap, Dsniff, SMB/LANMan credential sniffing, Kerbsniff/Kerbcrack
• Understand passive vs. active sniffing, including MAC flooding, ARP cache poisoning, MAC duplicating, and DNS poisoning
• Use various classes of Reverse Engineering tools: Debugging, Code Coverage, Profiling, Flow Analysis, and Memory Monitoring Tools
• Create proof of concept exploits using stack operations, local and remote buffer overflows, and heap overflows