#The biggest in small world

Do you have question about this tutorials? You can ask here.

A Bug Hunters Diary

Title Content
Title A Bug Hunters Diary
Type Movie
Language English
Author Toians klein
[A Bug Hunters Diary]

Welcome to A Bug Hunter’s Diary. This book describes the life cycles of seven interesting, real-life software security vulnerabilities I found over the past several years. Each chapter focuses on one bug. I’ll explain how I found the bug, the steps I took to exploit it, and how the vendor eventually patched it. The Goals of This Book The primary goal of this book is to provide you with practical exposure to the world of bug hunting. After reading this book, you will have a better understanding of the approaches that bug hunters use to find security vulnerabilities, how they create proof-of-concept code to test the vulnerabilities, and how they can report vulnerabilities to the vendor. The secondary goal of this book is to tell the story behind each of these seven bugs. I think they deserve it. Who Should Read the Book This book is aimed at security researchers, security consultants, C/C++ programmers, penetration testers, and anyone else who wants to diveinto the exciting world of bug hunting. To get the most out of the book, you should have a solid grasp of the C programming language and be familiar with x86 assembly. If you are new to vulnerability research, this book will help you to get acquainted with the different aspects of hunting, exploiting, and reporting software vulnerabilities. If you are an already-experienced bug hunter, this book will offer a new perspective on familiar chal- lenges and will likely make you chuckle at times—or put a knowing smile on your face. Disclaimer The goal of this book is to teach readers how to identify, protect against, and mitigate software security vulnerabilities. Understanding the techniques used to find and exploit vulnerabilities is necessary to thoroughly grasp the underlying problems and appropriate mitigation techniques. Since 2007, it is no longer legal to create or distribute “hacking tools” in Germany, my home country. Such tools include simple port scanners as well as working exploits. Therefore, to comply with the law, no full working exploit code is provided in this book. The examples simply show the steps used to gain control of the exe­ cution flow (the instruction pointer or program counter control) of a vulnerable program

Chapter 1: Bug Hunting
Chapter 2: Back to the ’90s
Chapter 3: Escape from the WWW Zone
Chapter 4: NULL Pointer FTW
Chapter 5: Browse and You’re Owned
Chapter 6: One Kernel to Rule Them All
Chapter 7: A Bug Older Than 4.4BSD
Chapter 8: The Ringtone Massacre
Appendix A: Hints for Hunting
Appendix B: Debugging
Appendix C: Mitigation

Views: 1256
Publish time
6 years ago
2018-06-30 08:30:00

Please login/register to Leave a Reply

Digital.Spirit Digital.Spirit