Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
Disclaimer
Introduction
What is a stack?
What is a buffer?
What is stack overflow?
What is a heap?
What is heap corruption?
Memory layout
What is shellcode?
Computer architecture
Registers
General purpose registers
Instruction pointer
Flags registers
Segment registers
Endianness
System calls
What are syscalls?
Summary
Lab Setup
Configuring the attacker machine
Configuring Linux victim machine
Configuring Windows victim machine
Configuring Ubuntu for assembly x86
Networking
Summary
Assembly Language in Linux
Assembly language code structure
Data types
Hello world
Stack
Data manipulation
The mov instruction
Data swapping
Load effective address
Arithmetic operations
Loops
Controlling the flow
Procedures
Logical operations
Bitwise operations
Bit-shifting operations
Arithmetic shift operation
Logical shift
Rotate operation
Summary
Reverse Engineering
Debugging in Linux
Debugging in Windows
Summary
Creating Shellcode
The basics
Bad characters
The relative address technique
The jmp-call technique
The stack technique
The execve syscall
TCP bind shell
Reverse TCP shell
Generating shellcode using Metasploit
Summary
Buffer Overflow Attacks
Stack overflow on Linux
Stack overflow on Windows
Summary
Exploit Development – Part 1
Fuzzing and controlling instruction pointer
Using Metasploit Framework and PEDA
Injecting shellcode
A complete example of buffer overflow
Summary
Exploit Development – Part 2
Injecting shellcode
Return-oriented programming
Structured exception handling
Summary
Real-World Scenarios – Part 1
Freefloat FTP Server
Fuzzing
Controlling the instruction pointer
Injecting shellcode
An example
Summary
Real-World Scenarios – Part 2
Sync Breeze Enterprise
Fuzzing
Controlling the instruction pointer
Injecting shell code
Summary
Real-World Scenarios – Part 3
Easy File Sharing Web Server
Fuzzing
Controlling SEH
Injecting shellcode
Summary
Detection and Prevention
System approach
Compiler approach
Developer approach
Summary
Other Books You May Enjoy
Leave a review - let other readers know what you think
← Prev
Back
Next →
← Prev
Back
Next →