Syngress Publishing Announces Publication of "Writing Security Tools and Exploits"
Book Shows How Exploits Were Developed, Why the Code was Vulnerable, and What Can Be Done to Stop It
Contact: Amy Pedersen
Rockland, MA--Syngress Publishing, Inc., today announced the publication of Writing Security Tools and Exploits (ISBN: 1597499978), written by James C. Foster and Vincent Liu.
Exploits. In information technology circles, the term exploits has become synonymous with vulnerabilities. It is a scary word that keeps admins up at night wondering if they purchased the best firewalls, configured the new host-based intrusion prevention system correctly, and patched the entire environment. It's also a topic that can enter the security water-cooler discussions faster than McAfee's new wicked antivirus software or Symantec's latest acquisition. Exploits are proof that the computer science or software programming community still does not have an understanding of how to design, create, and implement secure code. Writing Security Tools and Exploits shows readers how to write the security tools other books only teach them to use.
Writing Security Tools and Exploits
James C. Foster and Vincent Liu
PRICE: $49.95 U.S.
PAGE COUNT: 656 PP
Inside the book coverage:
-Write Solid Shellcode
Learn the techniques used to make the most out of vulnerabilities by employing the correct shellcode.
-Reverse Connection Shellcode
See how reverse connection shellcode makes a connection from a hacked system to a different system where it can be caught using network tools such as netcat.
-Buffer Overflow Exploits
Find techniques to protect against buffer overflows such as allocating buffers for string operations dynamically on the heap.
Heap overflows have become the most prominent software security bugs. See how they can have varying exploitation techniques and consequences.
Format string vulnerabilities occur when programmers pass externally supplied data to a printf function (or similar) as part of the format string argument.
Nearly all race condition exploits are written from a local attackerâ€™s perspective and have the potential to escalate privileges, overwrite files, or compromise protected data.
-Exploitable Integer Bugs
See how integer bugs are harder for a researcher to spot than stack overflow vulnerabilities and learn why the implications of integer calculation errors are less understood by developers as a whole.
-Code for Nessus
Use NASLs to check for security vulnerabilities or misconfigurations.
-Metasploit Framework (MSF)
Use MSF and its components, msfweb, msfconsole, and msfcli, as an exploitation platform.
Use the power of the Meterpreter payload system to load custom-written DLLs into an exploited process's address space.
About the Authors
James C. Foster, Fellow, is the Executive Director of Global Product
Development for Computer Sciences Corporation where he is responsible for
the vision, strategy, and development for CSC managed security services and
solutions. Additionally, Foster is currently a contributing Editor at
Information Security Magazine and resides on the Mitre OVAL Board of
Directors. Foster is a seasoned speaker and has presented throughout North
America at conferences, technology forums, security summits, and research
symposiums with highlights at the Microsoft Security Summit, BlackHat
USA, BlackHat Windows, MIT Research Forum, SANS, MilCon, TechGov, InfoSec
World, and the Thomson Conference. He also is commonly asked to comment on
pertinent security issues and has been sited in Time, Forbes, Washington
Post, USAToday, Information Security Magazine, Baseline, Computer World,
Secure Computing, and the MIT Technologist. Foster was invited and resided
on the executive panel for the 2005 State of Regulatory Compliance Summit
at the National Press Club in Washington, D.C. Foster is also a well
published author with multiple commercial and educational papers, and has
authored in over fifteen books, including "Buffer Overflow Attacks," and
"Sockets, Shellcode, Porting, and Coding."
Vincent Liu is an IT security specialist at a Fortune 100 company where he
leads the attack and penetration and reverse engineering teams. Before
moving to his current position, Vincent worked as a consultant with the
Ernst & Young Advanced Security Center and as an analyst at the National
Security Agency. He has extensive experience conducting attack and
penetration engagements, reviewing web applications, and performing
forensic analysis. He is lead developer for the Metasploit Anti-Forensics
project and a contributor to the Metasploit Framework. Vincent was a
contributing author to "Sockets, Shellcode, Porting, and Coding," and has
presented at BlackHat, ToorCon, and Microsoft BlueHat.
Syngress Publishing (