Weekly Edition
Return to the Announcements page
| |||||||||||||
Writing Security Tools and Exploits--latest from Syngress
Syngress Publishing Announces Publication of "Writing Security Tools and Exploits" Book Shows How Exploits Were Developed, Why the Code was Vulnerable, and What Can Be Done to Stop It Contact: Amy Pedersen 781-681-5151 x12 amy@syngress.com Rockland, MA--Syngress Publishing, Inc., today announced the publication of Writing Security Tools and Exploits (ISBN: 1597499978), written by James C. Foster and Vincent Liu. Exploits. In information technology circles, the term exploits has become synonymous with vulnerabilities. It is a scary word that keeps admins up at night wondering if they purchased the best firewalls, configured the new host-based intrusion prevention system correctly, and patched the entire environment. It's also a topic that can enter the security water-cooler discussions faster than McAfee's new wicked antivirus software or Symantec's latest acquisition. Exploits are proof that the computer science or software programming community still does not have an understanding of how to design, create, and implement secure code. Writing Security Tools and Exploits shows readers how to write the security tools other books only teach them to use. Writing Security Tools and Exploits James C. Foster and Vincent Liu ISBN: 159749978 PRICE: $49.95 U.S. PAGE COUNT: 656 PP Inside the book coverage: -Write Solid Shellcode Learn the techniques used to make the most out of vulnerabilities by employing the correct shellcode. -Reverse Connection Shellcode See how reverse connection shellcode makes a connection from a hacked system to a different system where it can be caught using network tools such as netcat. -Buffer Overflow Exploits Find techniques to protect against buffer overflows such as allocating buffers for string operations dynamically on the heap. -Heap Overflows Heap overflows have become the most prominent software security bugs. See how they can have varying exploitation techniques and consequences. -Format Strings Format string vulnerabilities occur when programmers pass externally supplied data to a printf function (or similar) as part of the format string argument. -Race Conditions Nearly all race condition exploits are written from a local attackerâs perspective and have the potential to escalate privileges, overwrite files, or compromise protected data. -Exploitable Integer Bugs See how integer bugs are harder for a researcher to spot than stack overflow vulnerabilities and learn why the implications of integer calculation errors are less understood by developers as a whole. -Code for Nessus Use NASLs to check for security vulnerabilities or misconfigurations. -Metasploit Framework (MSF) Use MSF and its components, msfweb, msfconsole, and msfcli, as an exploitation platform. -Meterpreter Extensions Use the power of the Meterpreter payload system to load custom-written DLLs into an exploited process's address space. About the Authors James C. Foster, Fellow, is the Executive Director of Global Product Development for Computer Sciences Corporation where he is responsible for the vision, strategy, and development for CSC managed security services and solutions. Additionally, Foster is currently a contributing Editor at Information Security Magazine and resides on the Mitre OVAL Board of Directors. Foster is a seasoned speaker and has presented throughout North America at conferences, technology forums, security summits, and research symposiums with highlights at the Microsoft Security Summit, BlackHat USA, BlackHat Windows, MIT Research Forum, SANS, MilCon, TechGov, InfoSec World, and the Thomson Conference. He also is commonly asked to comment on pertinent security issues and has been sited in Time, Forbes, Washington Post, USAToday, Information Security Magazine, Baseline, Computer World, Secure Computing, and the MIT Technologist. Foster was invited and resided on the executive panel for the 2005 State of Regulatory Compliance Summit at the National Press Club in Washington, D.C. Foster is also a well published author with multiple commercial and educational papers, and has authored in over fifteen books, including "Buffer Overflow Attacks," and "Sockets, Shellcode, Porting, and Coding." Vincent Liu is an IT security specialist at a Fortune 100 company where he leads the attack and penetration and reverse engineering teams. Before moving to his current position, Vincent worked as a consultant with the Ernst & Young Advanced Security Center and as an analyst at the National Security Agency. He has extensive experience conducting attack and penetration engagements, reviewing web applications, and performing forensic analysis. He is lead developer for the Metasploit Anti-Forensics project and a contributor to the Metasploit Framework. Vincent was a contributing author to "Sockets, Shellcode, Porting, and Coding," and has presented at BlackHat, ToorCon, and Microsoft BlueHat. Background Information Syngress Publishing (www.syngress.com), headquartered in Rockland, Massachusetts, is an independent publisher of print and electronic reference materials for Information Technology professionals seeking skill enhancement and career advancement. Distributed throughout Europe, Asia, and the U.S. and Canada, Syngress titles have been translated into twenty languages. The Company's pioneering customer support program, solutions@syngress.com, extends the value of every Syngress title with regular information updates and customer-driven author forums. For more information on Syngress products, contact Amy Pedersen at 781-681-5151 or email amy@syngress.com. Syngress books are distributed in the United States and Canada by O'Reilly Media, Inc. (Log in to post comments)
|
|||||||||||||