Attacking network protocols : a hacker's guide to capture, analysis, and exploitation
By: Forshaw, James
Material type:
BookPublisher: San Francisco : NO Starch Press, c2018.Description: xxiv, 310 p. : ill. ; 24 cm.ISBN: 9781593277505; 1593277504; 9781593278441; 1593278446Subject(s): Computer network protocols | Computer networks -- Security measures | COMPUTERS / Computer LiteracyDDC classification: 004.62 FO AT Online resources: Location Map | Item type | Home library | Call number | Status | Notes | Date due | Barcode | Item holds |
|---|---|---|---|---|---|---|---|
| REGULAR | University of Wollongong in Dubai Main Collection | 004.62 FO AT (Browse shelf) | Available | April 2018 | T0059518 |
, Shelving location: Main Collection Close shelf browser
|
No cover image available |
|
|
|
|
No cover image available | ||
| 004.62 CO IN Internetworking with TCP/IP. | 004.62 CO IN Internetworking with TCP/IP / | 004.62 DO OS OSPF and IS-IS : | 004.62 FO AT Attacking network protocols : | 004.62 HA IP IPv6 essentials / | 004.62 RO HA Handbook on session initiation protocol : | 004.62 ST TC TCP/IP illustrated / |
Machine generated contents note: 1.The Basics of Networking
Network Architecture and Protocols
The Internet Protocol Suite
Data Encapsulation
Headers, Footers, and Addresses
Data Transmission
Network Routing
My Model for Network Protocol Analysis
Final Words
2.Capturing Application Traffic
Passive Network Traffic Capture
Quick Primer for Wireshark
Alternative Passive Capture Techniques
System Call Tracing
The strace Utility on Linux
Monitoring Network Connections with DTrace
Process Monitor on Windows
Advantages and Disadvantages of Passive Capture
Active Network Traffic Capture
Network Proxies
Port-Forwarding Proxy
SOCKS Proxy
HTTP Proxies
Forwarding an HTTP Proxy
Reverse HTTP Proxy
3.Network Protocol Structures
Binary Protocol Structures
Numeric Data
Booleans
Bit Flags
Binary Endian
Text and Human-Readable Data
Variable Binary Length Data
Dates and Times
Contents note continued: POSIX/Unix Time
Windows FILETIME
Tag, Length, Value Pattern
Multiplexing and Fragmentation
Network Address Information
Structured Binary Formats
Text Protocol Structures
Text Booleans
Variable-Length Data
Structured Text Formats
Encoding Binary Data
Hex Encoding
Base64
4.Advanced Application Traffic Capture
Rerouting Traffic
Using Traceroute
Routing Tables
Configuring a Router
Enabling Routing on Windows
Enabling Routing on *nix
Network Address Translation
Enabling SNAT
Configuring SNAT on Linux
Enabling DNAT
Forwarding Traffic to a Gateway
DHCP Spoofing
ARP Poisoning
5.Analysis From The Wire
The Traffic-Producing Application: SuperFunkyChat
Starting the Server
Starting Clients
Communicating Between Clients
A Crash Course in Analysis with Wireshark
Contents note continued: Generating Network Traffic and Capturing Packets
Basic Analysis
Reading the Contents of a TCP Session
Identifying Packet Structure with Hex Dump
Viewing Individual Packets
Determining the Protocol Structure
Testing Our Assumptions
Dissecting the Protocol with Python
Developing Wireshark Dissectors in Lua
Creating the Dissector
The Lua Dissection
Parsing a Message Packet
Using a Proxy to Actively Analyze Traffic
Setting Up the Proxy
Protocol Analysis Using a Proxy
Adding Basic Protocol Parsing
Changing Protocol Behavior
6.Application Reverse Engineering
Compilers, Interpreters, and Assemblers
Interpreted Languages
Compiled Languages
Static vs. Dynamic Linking
The x86 Architecture
The Instruction Set Architecture
CPU Registers
Program Flow
Operating System Basics
Executable File Formats
Sections
Processes and Threads
Contents note continued: Operating System Networking Interface
Application Binary Interface
Static Reverse Engineering
A Quick Guide to Using IDA Pro Free Edition
Analyzing Stack Variables and Arguments
Identifying Key Functionality
Dynamic Reverse Engineering
Setting Breakpoints
Debugger Windows
Where to Set Breakpoints?
Reverse Engineering Managed Languages
.NET Applications
Using ILSpy
Java Applications
Dealing with Obfuscation
Reverse Engineering Resources
7.Network Protocol Security
Encryption Algorithms
Substitution Ciphers
XOR Encryption
Random Number Generators
Symmetric Key Cryptography
Block Ciphers
Block Cipher Modes
Block Cipher Padding
Padding Oracle Attack
Stream Ciphers
Asymmetric Key Cryptography
RSA Algorithm
RSA Padding
Diffie
Hellman Key Exchange
Signature Algorithms
Cryptographic Hashing Algorithms
Asymmetric Signature Algorithms
Contents note continued: Message Authentication Codes
Public Key Infrastructure
X.509 Certificates
Verifying a Certificate Chain
Case Study: Transport Layer Security
The TLS Handshake
Initial Negotiation
Endpoint Authentication
Establishing Encryption
Meeting Security Requirements
8.Implementing The Network Protocol
Replaying Existing Captured Network Traffic
Capturing Traffic with Netcat
Using Python to Resend Captured UDP Traffic
Repurposing Our Analysis Proxy
Repurposing Existing Executable Code
Repurposing Code in .NET Applications
Repurposing Code in Java Applications
Unmanaged Executables
Encryption and Dealing with TLS
Learning About the Encryption In Use
Decrypting the TLS Traffic
9.The Root Causes Of Vulnerabilities
Vulnerability Classes
Remote Code Execution
Denial-of-Service
Information Disclosure
Authentication Bypass
Authorization Bypass
Contents note continued: Memory Corruption Vulnerabilities
Memory-Safe vs. Memory-Unsafe Programming Languages
Memory Buffer Overflows
Out-of-Bounds Buffer Indexing
Data Expansion Attack
Dynamic Memory Allocation Failures
Default or Hardcoded Credentials
User Enumeration
Incorrect Resource Access
Canonicalization
Verbose Errors
Memory Exhaustion Attacks
Storage Exhaustion Attacks
CPU Exhaustion Attacks
Algorithmic Complexity
Configurable Cryptography
Format String Vulnerabilities
Command Injection
SQL Injection
Text-Encoding Character Replacement
10.Finding And Exploiting Security Vulnerabilities
Fuzz Testing
The Simplest Fuzz Test
Mutation Fuzzer
Generating Test Cases
Vulnerability Triaging
Debugging Applications
Improving Your Chances of Finding the Root Cause of a Crash
Exploiting Common Vulnerabilities
Exploiting Memory Corruption Vulnerabilities
Contents note continued: Arbitrary Memory Write Vulnerability
Writing Shell Code
Getting Started
Simple Debugging Technique
Calling System Calls
Executing the Other Programs
Generating Shell Code with Metasploit
Memory Corruption Exploit Mitigations
Data Execution Prevention
Return-Oriented Programming Counter-Exploit
Address Space Layout Randomization (ASLR)
Detecting Stack Overflows with Memory Canaries
NETWORK PROTOCOL ANALYSIS TOOLKIT
Passive Network Protocol Capture and Analysis Tools
Microsoft Message Analyzer
TCPDump and LibPCAP
Wireshark
Active Network Capture and Analysis
Canape
Canape Core
Mallory
Network Connectivity and Protocol Testing
Hping
Netcat
Nmap
Web Application Testing
Burp Suite
Zed Attack Proxy (ZAP)
Mitmproxy
Fuzzing, Packet Generation, and Vulnerability Exploitation Frameworks
American Fuzzy Lop (AFL)
Kali Linux
Metasploit Framework
Scapy
Contents note continued: Sulley
Network Spoofing and Redirection
DNSMasq
Ettercap
Executable Reverse Engineering
Java Decompiler (JD)
IDA Pro
Hopper
ILSpy
.NET Reflector.
Attacking Network Protocols is a must-have for any penetration tester, bug hunter, or developer looking to understand and discover network vulnerabilities.