The Shellcoder's Handbook

The black hats have kept up with security enhancements. Have you? In the technological arena, three years is a lifetime. Since the first edition of this book was published in 2004, built-in security measures on compilers and operating systems have become commonplace, but are still far from perfect. Arbitrary-code execution vulnerabilities still allow attackers to run code of their choice on your system--with disastrous results. In a nutshell, this book is about code and data and what happens when the two become confused. You'll work with the basic building blocks of security bugs--assembler, source code, the stack, the heap, and so on. You'll experiment, explore, and understand the systems you're running--and how to better protect them. * Become familiar with security holes in Windows, Linux, Solaris, Mac OS X, and Cisco's IOS * Learn how to write customized tools to protect your systems, not just how to use ready-made ones * Use a working exploit to verify your assessment when auditing a network * Use proof-of-concept exploits to rate the significance of bugs in software you're developing * Assess the quality of purchased security products by performing penetration tests based on the information in this book * Understand how bugs are found and how exploits work at the lowest level