Attack and Defend Computer Security Set

Web Application Hacker’s Handbook 2e. There have been two broad trends that have evolved since the first edition and will be covered in detail in this edition:

1. Various new and modified technologies have appeared that are being used in web applications, including new remoting frameworks, HTML5, cross-domain integration techniques.
2. Many new attack techniques have been developed, particularly in relation to the client side, including UI redress (clickjacking), framebusting, HTTP parameter pollution, XML external entity injection, bypasses for new browser anti-XSS filters, hybrid file (GIFAR) attacks.

The web site to accompany the book contains:

• Code appearing in the book.
• Answers to the questions posed at the end of each chapter
• Links to tools discussed in the book.
• A summarized methodology and checklist of tasks

Malware Analyst’s Cookbook and DVD is a collection of problems, solutions, and practical examples designed to enhance the analytical capabilities of anyone who works with malware. Whether you’re tracking a Trojan across networks, performing an in-depth binary analysis, or inspecting a machine for potential infections, the recipes in this book will help you achieve your goals more quickly and accurately. The book goes beyond how to tackle challenges using free or inexpensive tools. It also includes a generous amount of source code in C, Python, and Perl that show how to extend your favorite tools or build your own from scratch. Complete coverage of: Classifying Malware, Manipulation of PE files, Packing and Unpacking, Dynamic Malware Analysis, Analyzing Malicious Documents, Analyzing Shellcode, Analyzing Malicious URL’s, Open Source Malware Research, Decoding and Decrypting, Analysis Tool Development, Attack Code, Working with DLLs, AntiRCE, AntiDebugging, AntiVM, Basics of Static analysis with IDA, Basics of Dynamic Analysis with Immunity/Olly, Physical memory forensics, Live/system forensics, Inter-process communication.

The DVD contains original, never-before-published custom programs from the authors to demonstrate concepts in the recipes. This tool set will include files required to complete reverse-engineering challenges and files required for the reader to follow along with exhibits/figures in the book.

Table of Contents

Book 1: The Web Application Hacker’s Handbook, 2nd Edition
Chapter 1 Web Application (In)security
Chapter 2 Core Defense Mechanisms
Chapter 3 Web Application Technologies
Chapter 4 Mapping the Application
Chapter 5 Bypassing Client-Side Controls
Chapter 6 Attacking Authentication
Chapter 7 Attacking Session Management
Chapter 8 Attacking Access Controls
Chapter 9 Attacking Data Stores
Chapter 10 Attacking Back-End Components
Chapter 11 Attacking Application Logic
Chapter 12 Attacking Users: Cross-Site Scripting
Chapter 13 Attacking Users: Other Techniques
Chapter 14 Automating Customized Attacks
Chapter 15 Exploiting Information Disclosure
Chapter 16 Attacking Native Compiled Applications
Chapter 17 Attacking Application Architecture
Chapter 18 Attacking the Application Server
Chapter 19 Finding Vulnerabilities in Source Code
Chapter 20 A Web Application Hacker’s Toolkit
Chapter 21 A Web Application Hacker’s Methodology

Book 2: Malware Analyst’s Cookbook and DVD
Chapter 1: Anonymizing Your Activities
Chapter 2: Honeypots
Chapter 3: Malware Classification
Chapter 4: Sandboxes and Multi-AV Scanners
Chapter 5: Researching Domains and IP Addresses
Chapter 6: Documents, Shellcode, and URLs
Chapter 7: Malware Labs
Chapter 8: Automation
Chapter 9: Dynamic Analysis
Chapter 10: Malware Forensics
Chapter 11: Debugging Malware
Chapter 12: De-obfuscation
Chapter 13: Working with DLLs
Chapter 14: Kernel Debugging
Chapter 15: Memory Forensics with Volatility
Chapter 16: Memory Forensics: Code Injection and Extraction
Chapter 17: Memory Forensics: Rootkits
Chapter 18: Memory Forensics: Network and Registry