Rating:
Author: Tobias Klein
ISBN : B00652XO2I
New from $17.25
Format: PDF, EPUB
Download electronic versions of selected books Free A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security from with Mediafire Link Download Link
"This is one of the most interesting infosec books to come out in the last several years."
–Dino Dai Zovi, Information Security Professional
"Give a man an exploit and you make him a hacker for a day; teach a man to exploit bugs and you make him a hacker for a lifetime."
–Felix 'FX' Lindner
Seemingly simple bugs can have drastic consequences, allowing attackers to compromise systems, escalate local privileges, and otherwise wreak havoc on a system.
A Bug Hunter's Diary follows security expert Tobias Klein as he tracks down and exploits bugs in some of the world's most popular software, like Apple's iOS, the VLC media player, web browsers, and even the Mac OS X kernel. In this one-of-a-kind account, you'll see how the developers responsible for these flaws patched the bugs—or failed to respond at all. As you follow Klein on his journey, you'll gain deep technical knowledge and insight into how hackers approach difficult problems and experience the true joys (and frustrations) of bug hunting.
Along the way you'll learn how to:
- Use field-tested techniques to find bugs, like identifying and tracing user input data and reverse engineering
- Exploit vulnerabilities like NULL pointer dereferences, buffer overflows, and type conversion flaws
- Develop proof of concept code that verifies the security flaw
- Report bugs to vendors or third party brokers
A Bug Hunter's Diary is packed with real-world examples of vulnerable code and the custom programs used to find and test bugs. Whether you're hunting bugs for fun, for profit, or to make the world a safer place, you'll learn valuable new skills by looking over the shoulder of a professional bug hunter in action.
Download latest books on mediafire and other links compilation Free A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security [Kindle Edition]
- File Size: 2415 KB
- Print Length: 208 pages
- Publisher: No Starch Press; 1 edition (November 4, 2011)
- Sold by: Amazon Digital Services, Inc.
- Language: English
- ASIN: B00652XO2I
- Text-to-Speech: Enabled
X-Ray:
- Lending: Not Enabled
- Amazon Best Sellers Rank: #103,104 Paid in Kindle Store (See Top 100 Paid in Kindle Store)
- #2
in Books > Computers & Technology > Programming > Languages & Tools > Debugging - #11
in Kindle Store > Kindle eBooks > Computers & Technology > Systems Analysis & Design - #48
in Books > Computers & Technology > Computer Science > Systems Analysis & Design
- #2
in Books > Computers & Technology > Programming > Languages & Tools > Debugging - #11
in Kindle Store > Kindle eBooks > Computers & Technology > Systems Analysis & Design - #48
in Books > Computers & Technology > Computer Science > Systems Analysis & Design
Free A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security
A read of this book may change your view of computer software forever. The real world security holes that it discusses were found in extremely popular software on a variety of different platforms and clearly represent only a few samples of such holes that are common across most software.
While a fairly advanced level of programming knowledge both with high level languages such as C++ and also with low level assembly language is required to be able to fully understand just exactly how everything described in the book works, it isn't necessary to have that in depth knowledge in order to gain some benefit. Since the purpose of each code change is described in detail in the book those without such an in depth programming knowledge can simply take the author's word for it that a given code change will have a particular result and will still be able to gain a greater understanding of just how vulnerable software can be. These are after all real vulnerabilities that the author found in common software that have since been patched. So as well as demonstrating some of the ways in which holes can be found and exploited the author also demonstrates how he has contributed to helping the owners of this software to patch some of the holes in their software and so make the software safer to use.
Perhaps the things that most stand out about software security from this book are first of all just how easily some security holes can be found by someone who has sufficient experience in "bug hunting" and second, just how small a code change is needed in many instances in order to fix these security holes.
In the front of the book the author describes the goals that he had in writing the book and the book definitely achieves those goals.
Once upon a time there were bounty hunters running in the wild to nab those `Most Wanted' criminals and walk away with big bucks. Now we have bug hunters running wild in their computer world not only to put their name on wall of fame but also to reap those rich rewards.
Here in this latest book "Bug Hunter's Diary" we have similar story of another great and inspiring bug hunter, Tobias Klein.
This book gives valuable insights on different techniques of bug hunting and exploiting them successfully. Each of the chapters in this book conforms to the each of the vulnerability discovered by author and written in his own words and style.
Before you proceed to reading, it is good idea to get some basic knowledge on driver concepts including its life cycle, IRP, IOCTL and debugging. As three of eight chapters here deal with driver bugs, this prep will help you to feel at home later on.
If you are new to vulnerability research, I suggest you to start with Appendix A which refreshes concept of stack overflow with practical example, NULL pointer dereferences, type conversion, GOT exploitation techniques which are essential to understand main chapters. Appendix B describes debugging tools along with commands for Solaris(mdb), Linux (gdb), Windows (windbg) and shows how to setup VMware for Kernel Debugging. Final Appendix talks about exploit mitigation techniques such as ASLR, GS, NX, DEP and finishes with detailed description on RELRO for ELF (Linux).
Though fuzzing is most common method used for bug hunting these days, author has used it only in final chapter and rest of the bugs were based on manual & his ingenious approach, that's what separates men from boys.
In chap 2, author talks about the first victim, VLC media player.
-
Download Link 2