Writing Security Tools and Exploits--latest from Syngress

Syngress Publishing Announces Publication 
of "Writing Security Tools and Exploits"

Book Shows How Exploits Were Developed, Why the Code was Vulnerable, and
What Can Be Done to Stop It

Contact: Amy Pedersen
781-681-5151 x12
amy@syngress.com

Rockland, MA--Syngress Publishing, Inc., today announced
the publication of Writing Security Tools and Exploits (ISBN: 1597499978),
written by James C. Foster and Vincent Liu.

Exploits. In information technology circles, the term exploits has become
synonymous with vulnerabilities. It is a scary word that keeps admins up
at night wondering if they purchased the best firewalls, configured the
new host-based intrusion prevention system correctly, and patched the
entire environment. It's also a topic that can enter the security
water-cooler discussions faster than McAfee's new wicked antivirus
software or Symantec's latest acquisition. Exploits are proof that the
computer science or software programming community still does not have an
understanding of how to design, create, and implement secure code. Writing
Security Tools and Exploits shows readers how to write the security tools
other books only teach them to use.


Writing Security Tools and Exploits
James C. Foster and Vincent Liu 
ISBN: 159749978
PRICE: $49.95 U.S.
PAGE COUNT: 656 PP

Inside the book coverage:
-Write Solid Shellcode
 Learn the techniques used to make the most out of vulnerabilities by
 employing the correct shellcode.
-Reverse Connection Shellcode
 See how reverse connection shellcode makes a connection from a hacked
 system to a different system where it can be caught using network tools
 such as netcat.
-Buffer Overflow Exploits 
 Find techniques to protect against buffer overflows such as allocating
 buffers for string operations dynamically on the heap.
-Heap Overflows
 Heap overflows have become the most prominent software security bugs. See
 how they can have varying exploitation techniques and consequences.
-Format Strings
 Format string vulnerabilities occur when programmers pass externally
 supplied data to a printf function (or similar) as part of the format
 string argument.
-Race Conditions
 Nearly all race condition exploits are written from a local attacker’s
 perspective and have the potential to escalate privileges, overwrite
 files, or compromise protected data.
-Exploitable Integer Bugs
 See how integer bugs are harder for a researcher to spot than stack
 overflow vulnerabilities and learn why the implications of integer
 calculation errors are less understood by developers as a whole.
-Code for Nessus
 Use NASLs to check for security vulnerabilities or misconfigurations.
-Metasploit Framework (MSF)
 Use MSF and its components, msfweb, msfconsole, and msfcli, as an
 exploitation platform.
-Meterpreter Extensions
 Use the power of the Meterpreter payload system to load custom-written
 DLLs into an exploited process's address space.


About the Authors

James C. Foster, Fellow, is the Executive Director of Global Product
Development for Computer Sciences Corporation where he is responsible for
the vision, strategy, and development for CSC managed security services and
solutions. Additionally, Foster is currently a contributing Editor at
Information Security Magazine and resides on the Mitre OVAL Board of
Directors. Foster is a seasoned speaker and has presented throughout North
America at conferences, technology forums, security summits, and research
symposiums with highlights at the  Microsoft Security Summit, BlackHat
USA, BlackHat Windows, MIT Research Forum, SANS, MilCon, TechGov, InfoSec
World, and the Thomson Conference. He also is commonly asked to comment on
pertinent security issues and has been sited in Time, Forbes, Washington
Post, USAToday, Information Security Magazine, Baseline, Computer World,
Secure Computing, and the MIT Technologist. Foster was invited and resided
on the executive panel for the 2005 State of Regulatory Compliance Summit
at the National Press Club in Washington, D.C. Foster is also a well
published author with multiple commercial and educational papers, and has
authored in over fifteen books, including "Buffer Overflow Attacks," and
"Sockets, Shellcode, Porting, and Coding."

Vincent Liu is an IT security specialist at a Fortune 100 company where he
leads the attack and penetration and reverse engineering teams. Before
moving to his current position, Vincent worked as a consultant with the
Ernst & Young Advanced Security Center and as an analyst at the National
Security Agency. He has extensive experience conducting attack and
penetration engagements, reviewing web applications, and performing
forensic analysis. He is lead developer for the Metasploit Anti-Forensics
project and a contributor to the Metasploit Framework. Vincent was a
contributing author to "Sockets, Shellcode, Porting, and Coding," and has
presented at BlackHat, ToorCon, and Microsoft BlueHat.

Background Information
Syngress Publishing (www.syngress.com), headquartered in Rockland,
Massachusetts, is an independent publisher of print and electronic
reference materials for Information Technology professionals seeking skill
enhancement and career advancement. Distributed throughout Europe, Asia,
and the U.S. and Canada, Syngress titles have been translated into twenty
languages. The Company's pioneering customer support program,
solutions@syngress.com, extends the value of every Syngress title with
regular information updates and customer-driven author forums. For more
information on Syngress products, contact Amy Pedersen at 781-681-5151 or
email amy@syngress.com. Syngress books are distributed in the United
States and Canada by O'Reilly Media, Inc.