Download E-books A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security PDF

By Tobias Klein

"This is likely one of the best infosec books to come back out within the final numerous years."
–Dino Dai Zovi, details safety Professional

"Give a guy an make the most and also you make him a hacker for an afternoon; train a guy to use insects and also you make him a hacker for a lifetime."
–Felix 'FX' Lindner

Seemingly basic insects may have drastic effects, permitting attackers to compromise structures, amplify neighborhood privileges, and differently wreak havoc on a system.

A trojan horse Hunter's Diary follows safeguard specialist Tobias Klein as he tracks down and exploits insects in the various world's hottest software program, like Apple's iOS, the VLC media participant, internet browsers, or even the Mac OS X kernel. during this exclusive account, you will see how the builders accountable for those flaws patched the bugs—or didn't reply in any respect. As you persist with Klein on his trip, you will achieve deep technical wisdom and perception into how hackers strategy tough difficulties and adventure the real joys (and frustrations) of trojan horse hunting.

Along the best way you are going to find out how to:

  • Use field-tested options to discover insects, like choosing and tracing consumer enter info and opposite engineering
  • Exploit vulnerabilities like NULL pointer dereferences, buffer overflows, and kind conversion flaws
  • Develop facts of idea code that verifies the safety flaw
  • Report insects to owners or 3rd get together brokers

A trojan horse Hunter's Diary is jam-packed with real-world examples of susceptible code and the customized courses used to discover and try out insects. no matter if you are looking insects for enjoyable, for revenue, or to make the realm a more secure position, you are going to examine necessary new abilities via taking a look over the shoulder of a pro malicious program hunter in action.

Show description

Read or Download A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security PDF

Best Computer Science books

Measuring the User Experience: Collecting, Analyzing, and Presenting Usability Metrics (Interactive Technologies)

Successfully measuring the usability of any product calls for selecting the right metric, employing it, and successfully utilizing the knowledge it unearths. Measuring the person event presents the 1st unmarried resource of sensible details to allow usability execs and product builders to just do that.

Programming Massively Parallel Processors: A Hands-on Approach (Applications of GPU Computing Series)

Programming vastly Parallel Processors discusses simple thoughts approximately parallel programming and GPU structure. ""Massively parallel"" refers back to the use of a giant variety of processors to accomplish a suite of computations in a coordinated parallel approach. The booklet info quite a few options for developing parallel courses.

Programming Language Pragmatics, Fourth Edition

Programming Language Pragmatics, Fourth version, is the main complete programming language textbook to be had at the present time. it really is unique and acclaimed for its built-in remedy of language layout and implementation, with an emphasis at the primary tradeoffs that proceed to force software program improvement.

Human-Computer Interaction (3rd Edition)

The second one variation of Human-Computer interplay tested itself as one of many vintage textbooks within the zone, with its vast assurance and rigorous strategy, this new version builds at the present strengths of the booklet, yet giving the textual content a extra student-friendly slant and enhancing the insurance in yes parts.

Extra info for A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security

Show sample text content

Mitre. org/cve/identifiers/index. html. bankruptcy three. break out from the WWW region observe Thursday, August 23, 2007 pricey Diary, I’ve consistently been a huge fan of vulnerabilities in working process kernels simply because they’re frequently really attention-grabbing, very robust, and tough to take advantage of. i latterly combed via numerous working procedure kernels looking for insects. one of many kernels that I searched via used to be the kernel of sunlight Solaris. And bet what? i used to be winning. notice On January 27, 2010, solar was once received by way of Oracle company. Oracle now quite often refers to Solaris as “Oracle Solaris. ” three. 1 Vulnerability Discovery because the release of OpenSolaris in June 2005, sunlight has made such a lot of its Solaris 10 working approach freely to be had as open resource, together with the kernel. So I downloaded the resource code[23] and began examining the kernel code, concentrating on the components that enforce the user-to-kernel interfaces, like IOCTLs and process calls. notice Input/output controls (IOCTLs) are used for communique among user-mode functions and the kernel. [24] Any user-to-kernel interface or API that ends up in details being omitted to the kernel for processing creates a possible assault vector. the main established are: IOCTLs procedure calls Filesystems community stack Hooks of third-party drivers The vulnerability that i discovered is likely one of the finest I’ve chanced on simply because its reason — an undefined blunders situation — is rare for an exploitable vulnerability (compared to the common overflow bugs). It impacts the implementation of the SIOCGTUNPARAM IOCTL name, that is a part of the IP-in-IP tunneling mechanism supplied via the Solaris kernel. [25] I took the subsequent steps to discover the vulnerability: Step 1: checklist the IOCTLs of the kernel. Step 2: determine the enter info. Step three: hint the enter information. those steps are defined intimately less than. Step 1: checklist the IOCTLs of the Kernel There are other ways to generate a listing of the IOCTLs of a kernel. subsequently, I easily searched the kernel resource code for the established IOCTL macros. each IOCTL will get its personal quantity, often created via a macro. reckoning on the IOCTL sort, the Solaris kernel defines the next macros: _IOR, _IOW, and _IOWR. To checklist the IOCTLs, I replaced to the listing the place I unpacked the kernel resource code and used the Unix grep command to look the code. solaris$ pwd /exports/home/tk/on-src/usr/src/uts solaris$ grep -rnw -e _IOR -e _IOW -e _IOWR * [.. ] common/sys/sockio. h:208:#define SIOCTONLINK _IOWR('i', one hundred forty five, struct sioc_addr req) common/sys/sockio. h:210:#define SIOCTMYSITE _IOWR('i', 146, struct sioc_addr req) common/sys/sockio. h:213:#define SIOCGTUNPARAM _IOR('i', 147, struct iftun_req) common/sys/sockio. h:216:#define SIOCSTUNPARAM _IOW('i', 148, struct iftun_req) common/sys/sockio. h:220:#define SIOCFIPSECONFIG _IOW('i', 149, zero) /* Flush coverage */ common/sys/sockio. h:221:#define SIOCSIPSECONFIG _IOW('i', one hundred fifty, zero) /* Set coverage */ common/sys/sockio. h:222:#define SIOCDIPSECONFIG _IOW('i', 151, zero) /* Delete coverage */ common/sys/sockio.

Rated 4.99 of 5 – based on 44 votes