نمایش نتایج 1 تا 40 از 40

نام تاپیک: کتابخانهء امنیت نرم افزار

  1. #1

    کتابخانهء امنیت نرم افزار

    سلام؛

    هرگاه کتابی مرتبط با حوزهء امنیت نرم افزار منتشر شد ، عنوان و مشخصات و مختصر و چکیده ای از محتوای کتاب به این Thread اضافه خواهد شد .

    ----

    Windows NT/2000 Native API Reference
    مرجع جامع توابع کرنل ( سطح کاربر و سطح کرنل ) همراه با مثال و کدهای اجرائی





    Windows NT/2000 Native API Reference is absolutely unique. Currently, documentation on WIndows NT's native APIs can only be found through access to the source code or occasionally Web sites where people have chosen to share bits of insight gained through reverse engineering. This book provides the first complete reference to the API functions native to Windows NT and covers the set of services that are offered by Windows NT to both kernel- and user-mode programs. Ideal for the intermediate and advanced level user- and kernel-mode developers of Windows systems, this books is devoted to the NT native API and consists of documentation of the 210 routines included in the API. Also included
    are all the functions added in Windows 2000.


    کتابی برای مطالعه کردن نیست ؛ ولی به عنوان یک مرجع باید در دسترس باشه .

    ----

    Undocumented Windows NT
    مرور اجمالی معماری ویندوزهای مبتنی بر NT همراه با بررسی اجزاء امنیتی این محیط . نویسندگان این کتاب اولین نقطه ضعف امنیتی ویندوز رو که به Privilage Scalation منجر میشد کشف کرده اند و کتاب واقعا" با ارزش و خواندنی است هر چند که انگلیسی اش افتضاح است ( هر سه نویسنده اش هندی هستند و گویا ادیتور هم از بیخ عرب بوده )













    Dissects the Win32 interface, deconstructs the underlying APIs, and deciphers the Memory Management architecture to help you understand operations, fix flaws, and enhance performance. Uncovers both the strengths and weaknesses, and reveals how you can
    make any Windows NT system more stable and secure






    ----

    Undocumented Windows 2000 Secrets
    احتمالا" بهترین کتاب امنیتی ست که تا بحال منتشر شده ، با بررسی عمیق عملکرد کرنل ویندوز و اجزاء اصلی اون . مطالعه اش برای کسانی که به توسعه Kernel Driver فکر میکنند ضروریه .





    In the days of DOS and Windows 3.x, several knowing authors wrote books about undocumented features about these operating systems - essential details for programmers accidentally or intentionally missing from the original Microsoft documentation. This tradition continued when Windows 3.11 evolved into Windows 95 and its successors. However, when the first usable Version of Windows NT (Version 3.5) surfaced in 1995, none of the renowned writers of "undocumented" books took any notice.


    It lasted until 1999, until the first "Undocumented Windows NT" book was finally published by Prasad Dabak, Sandeep Phadke, and Milind Borate from India. The next leap forward was Gary Nebbett's "Windows NT/2000 Native API Reference" (2000), comprehensively documenting an essential subset of the NT kernel's huge, but largely undocumented, programming interface. My book "Undocumented Windows 2000 Secrets" is intended to be one more piece in this mosaic.





    My main intention in writing this book was to lead the readers through some of the basic, but hidden, mechanisms of the Windows 2000 and NT 4.0 kernel with the help of detailed sample code. My point of view is that a programmer always gets the most thorough understanding of an operating system by experimenting with it. The sample programs discussed in my book and packed onto the book's companion CD should serve as starting points for further exploration, and the text surrounding them provides the necessary theoretical background needed to get started.
    I would be the happiest man on earth if my book would spur the inquiring minds of developers everywhere, kicking off an avalanche of research that unveils all mysteries that still surround most parts of the Windows NT/2000 kernel. I never believed that treating the operating system as a black box was a good programming paradigm. And I still don't believe it.










    ----

    Reversing: Secrets of Reverse Engineering
    مقدمات مهندسی معکوس نرم افزار - اشکالات فنی کتاب نشون میده نگارنده و ویراستاران فنی افراد چندان با سوادی نبوده اند اما شکل و قالب کتاب برای جهت گیری و آشنائی با فضا و محیط بحث مناسبه و میشه از نواقصش چشمپوشی کرد .





    Beginning with a basic primer on reverse engineering-including computer internals, operating systems, and assembly language-and then discussing the various
    applications of reverse engineering, this book provides readers with practical, in-depth techniques for software reverse engineering. The book is broken into two parts, the first deals with security-related reverse engineering and the second explores the more practical aspects of reverse engineering. In addition, the author explains how to reverse engineer a third-party software library to improve interfacing and how to reverse engineer a competitor's software to build a better product.
    * The first popular book to show how software reverse engineering can help defend against security threats, speed up development, and unlock the secrets of competitive products
    * Helps developers plug security holes by demonstrating how hackers exploit reverse engineering techniques to crack copy-protection schemes and identify software targets for viruses and other malware
    * Offers a primer on advanced reverse-engineering, delving into "disassembly"-code-level reverse engineering-and explaining how to decipher assembly language

    ----

    ادامه دارد ...
    UNIX is simple. It just takes a genius to understand its simplicity
    -- Dennis Ritchie

  2. #2

    Rootkits : Subverting the Windows Kernel
    نویسندگان این کتاب ، مدیران سایت Rootkit.com هستند ، هر چند که محتویات این کتاب چنانکه انتظار میرفت بالاتر از حد و اندازه متوسط نبود ، ولی بهر حال چه برای کسانی که مایلند بیشتر دربارهء روتکیتها بدونن چه برای کسانی که میخوان کارشون رو با کد نویسی شروع کنن ، کتاب مفیدی خواهد بود.


    Rootkits are the ultimate backdoor, giving hackers ongoing and virtually undetectable access to the systems they exploit. Now, two of the world's leading experts have written the first comprehensive guide to rootkits: what they are, how they work, how to build them, and how to detect them. Rootkit.com's Greg Hoglund and James Butler created and teach Black Hat's legendary course in rootkits. In this book, they reveal never-before-told offensive aspects of rootkit technology--learn how attackers can get in and stay in for years, without detection.

    Hoglund and Butler show exactly how to subvert the Windows XP and Windows 2000 kernels, teaching concepts that are easily applied to virtually any modern operating system, from Windows Server 2003 to Linux and UNIX. Using extensive downloadable examples, they teach rootkit programming techniques that can be used for a wide range of software, from white hat security tools to operating system drivers and debuggers.
    UNIX is simple. It just takes a genius to understand its simplicity
    -- Dennis Ritchie

  3. #3
    Microsoft Windows Internals, Fourth Edition: Microsoft Windows Server(TM) 2003, Windows XP, and Windows 2000
    نویسنده کتاب ، Mark E. Russinovich که مدیر سایت SysInternals و نویسنده ابزارهای مفیدی مانند FileMon هم هست ، به جرات یکی از قویترین افراد فعال در زمینه انتشار جزئیات فنی اجزاء زیر ساختی ویندوز است ، و کتابهاش و البته وبلاگش همیشه خواندنی است ، روتکیت شرکت سونی و جنجالهای بعد اون ، مدیون نرم افزار معروفش یعنی Rootkit Revealer هستند .




    The classic, in-depth developer's guide to the Windows kernel now covers Windows .NET Server 2003, Windows XP, and Windows 2000. Written by noted Windows internals experts David Solomon and Mark Russinovich in collaboration with the Microsoft Windows .NET Server product development team, this book packs the latest concepts and terms, kernel and source code specifics, undocumented interfaces, component and tool descriptions, and architectural perspectives that reveal the inner workings of the operating system. Special callouts highlight information that is specific to a particular version of Windows, and an advanced troubleshooting section helps you more easily decipher-and exploit-system operations and performance.

    ----
    UNIX is simple. It just takes a genius to understand its simplicity
    -- Dennis Ritchie

  4. #4
    The Shellcoder's Handbook : Discovering and Exploiting Security Holes
    کشف نقاط ضعف امنیتی و توسعه کد مخرب ، برای پلت فرمهای مختلف در چند کلمه توصیف کنندهء محتویات این کتابه . کتابی که به درد تازه کارها بخوره نیست و افرادی که کمی تجربه دارند هم چیز جدیدی ازش یاد نخواهند گرفت ، صرفا" تلاش شده تا به برخی از ترفندهای اشاره بشه و همون موارد محدود عمیقا" بررسی بشن ؛ اگه کسی وقت آزاد داره نگاه کردنش بد نیست .




    • Examines where security holes come from, how to discover them, how hackers exploit them and take control of systems on a daily basis, and most importantly, how to close these security holes so they never occur again
    • A unique author team-a blend of industry and underground experts- explain the techniques that readers can use to uncover security holes in any software or operating system
    • Shows how to pinpoint vulnerabilities in popular operating systems (including Windows, Linux, and Solaris) and applications (including MS SQL Server and Oracle databases)
    • Details how to deal with discovered vulnerabilities, sharing some previously unpublished advanced exploits and techniques
    UNIX is simple. It just takes a genius to understand its simplicity
    -- Dennis Ritchie

  5. #5
    Hacker Disassembling Uncovered
    Kris KAspersky نویسندهء خوبیه و سبک خاصی برای انتقال مفهوم داره که واقعا منحصر به فرده . تو این کتاب در مورد Disassembler و روشهای تجزیه و تحلیل خروجی Disassembler ها و نزدیک شدن به منطق و ویژگیهای کد اصلی مطالب با ارزش و مفیدی وجود داره که مطالعه اش واقعا قابل توصیه است . دو محیط اصلی که در این کتاب روی اونها تمرکز وجود داره ویژوال سی و بورلند سی است هر چند گاهی هم به دلفی اشاره شده .


    Text shows how to analyze programs without its source code, using a debugger and a disassembler. Covers hacking methods including virtual functions, local and global variables, branching, loops, objects and their hierarchy, and mathematical operators. For intermediate to advanced level programmers

    ----

    Hacker Debugging Uncovered
    این کتاب هم به سبک و سیاق کتاب قبلی و برای بررسی نحوهء عملکرد دیباگرها و نحوهء استفاده صحیح از یک دیباگر به نیل به مقاصد مختلف مهندسی معکوس نوشته شده . شاید مثل کتاب قبلی قوی و منحصر به فرد نباشه و شاید محتویاتش یکدست و یکپارچه نباشند اما باز هم مطالعه اش قابل توصیه است .




    Tips for the practical use of debuggers, such as NuMega SoftIce, Microsoft Visual Studio Debugger, and Microsoft Kernel Debugger, with minimum binding to a specific environment are disclosed in this debugger guide. How debuggers operate and how to overcome obstacles and repair debuggers is demonstrated. Programmers will learn how to look at what is inside a computer system, how to reconstruct the operating algorithm of a program distributed without source code, how to modify the program, and how to debug drivers. The use of debugging applications and drivers in Windows and Unix operating systems on Intel Pentium/DEC Alpha-based processors is also detailed.
    UNIX is simple. It just takes a genius to understand its simplicity
    -- Dennis Ritchie

  6. #6
    CD Cracking Uncovered: Protection Against Unsanctioned CD Copying
    روشهای فیزیکی مبتنی بر CD برای حفاظت از نرم افزار و مقابله با رونویسی غیر مجاز نرم افزارها و محتویات چند رسانه ای محور این کتابه . بخش قابل توجهی از محتویات این کتاب به این شکل جای دیگه ای پیدا نمیشه و بدون تردید بهترین کتاب قابل پیشنهاد در این زمینه است و البته ژانر خاصی که Kris KAspersky برای ارائه مطالبش داره ، باعث میشه مطالعه این کتاب حتی برای کسانی که قرار نیست خیلی جدی در این زمینه کار کنند ، جالب و آموزنده و مفید باشه . CD همراه کتاب حاوی سورس کد و نسخه اجرائی تمام برنامه های موجود در کتاب است که با استفاده از کدهای همین کتاب و با یه سری دستکاری خیلی خیلی ساده حتی بدون نیاز به Reverse Engineering موفق شدم تعدادی از سی دی های مالتی مدیای سونی رو کپی کنم و اگر کسی مایله از نرم افزارش جدی تر از گذشته حفاظت کنه ، مطالعهء کتابی مثل این غیر قابل چشم پوشیه .



    A manual on protecting CDs against illegal copying, this book shows how crackers copy CDs using various access methods. The methods covered include the CDFS driver, cooked mode, SPTI, ASPI, the SCSI port, and the MSCDEX driver. Explained is how to prevent cracker break-ins using protections based on nonstandard CD formats such as the CD driver and weak CD sectors. Information on CD functioning fundamentals and tips related to CD protection in a format free of math and assembling-such as data formats, the scrambler, the Reed-Solomon coder/encoder, the CIRC coder/encoder, and a weak-sectors generator-are also provided. The main program interfaces, which provide direct control via peripheral devices on the application level in UNIX, Novell, and Windows 9x/NT/2000/XP, are considered, as is how to read and write RAW sectors.

    UNIX is simple. It just takes a genius to understand its simplicity
    -- Dennis Ritchie

  7. #7

    Malware: Fighting Malicious Code
    بررسی نحوه توسعه و انتشار کدهای مخرب و روشهای کشف و جلوگیری از انتشار و تخریب ، محور مطالب این کتابه . چنان که باید فنی نیست ، اما رئوس مطالب و ایده های موجود در اون ، میتونه برای هر کسی که به اندازه کافی علاقه منده برای پیدا کردن مسیر کافی باشه .

    Keep control of your systems out of the hands of unknown attackers

    Ignoring the threat of malware is one of the most reckless things you can do in today's increasingly hostile computing environment. Malware is malicious code planted on your computer, and it can give the attacker a truly alarming degree of control over your system, network, and data-all without your knowledge! Written for computer pros and savvy home users by computer security expert Edward Skoudis, Malware: Fighting Malicious Code covers everything you need to know about malware, and how to defeat it!

    This book devotes a full chapter to each type of malware-viruses, worms, malicious code delivered through Web browsers and e-mail clients, backdoors, Trojan horses, user-level RootKits, and kernel-level manipulation. You'll learn about the characteristics and methods of attack, evolutionary trends, and how to defend against each type of attack. Real-world examples of malware attacks help you translate thought into action, and a special defender's toolbox chapter shows how to build your own inexpensive code analysis lab to investigate new malware specimens on your own. Throughout, Skoudis' clear, engaging style makes the material approachable and enjoyable to learn. This book includes:
    • Solutions and examples that cover both UNIX® and Windows®
    • Practical, time-tested, real-world actions you can take to secure your systems
    • Instructions for building your own inexpensive malware code analysis lab so you can get familiar with attack and defensive tools harmlessly!
    Malware: Fighting Malicious Code is intended for system administrators, network personnel, security personnel, savvy home computer users, and anyone else interested in
    keeping their systems safe from attackers.

    UNIX is simple. It just takes a genius to understand its simplicity
    -- Dennis Ritchie

  8. #8
    Disassembling Code : IDA Pro and SoftICE
    این کتاب که همین امروز منتشر شد ، به مطالعه و تجزیه و تحلیل خروجی Disassembler ها خصوصا" IDA اختصاص داره و ضمن ارائه روشهای متداول آنالیز باینری ، نحوهء کاربرد IDA در کنار SoftICe رو برای بررسی عملکرد باینریهای ویندوز آموزش میده . از همین نویسنده قبلا" کتاب Windows Assembly Master Book رو خوندم که هر چند Master Book ای برای هیچ چیز بود ، اما دو سه بخشش واقعا" مفید و به درد بخور بود ، احتمالا" این کتاب هم چیز خوبی باشه .




    This book describes how software code analysis tools such as IDA Pro are used to disassemble programs written in high-level languages and recognize different elements of disassembled code in order to debug applications in less time. Also described are the basics of Assembly language programming (MASM) and the system and format of commands for the Intel microprocessor. Aspects of disassembling, analyzing, and debugging software code are considered in detail, and an overview of contemporary disassemblers and debuggers used when analyzing executable code is provided. The basics of working with these tools and their operating principles are also included, and emphasis is placed on analyzing software code and identifying the main structure of those languages in which they were written.



  9. #9
    Exploiting Software : How to Break Code
    محور مطالب این کتاب معرفی نقاط ضعف متداول نرم افزاری و روشهای عمومی جلوگیری از سوء استفاده از این نقائص است . نویسندهء کتاب یعنی Greg که مدیر اصلی Rootkit.com است و کتاب Subverting the Windows Kernel رو ازش قبلا" معرفی کرده ام ، سعی کرده کتابی با حد و اندازه مقدماتی - متوسط بنویسه که برای افراد غیر متخصص که علاقه مند به عمیقتر شدن در ابعاد فنی نقطه ضعفهای نرم افزاری هستند هم مفید باشه ؛ بنابراین برای کسانی که دانش فنی چندانی ندارند نقطه شروع خوبیه و برای کسانی که تجربه دارند نوعی اتلاف وقت . مجموعا" کتاب قابل توصیه ایه هر چند اونقدر که در موردش مانور شده ، فنی و عمیق نیست .




    Computing hardware would have no value without software; software tells hardware what to do. Software therefore must have special authority within computing systems. All computer security problems stem from that fact, and Exploiting Software: How to Break Code shows you how to design your software so it's as resistant as possible to attack. Sure, everything's phrased in offensive terms (as instructions for the attacker, that is), but this book has at least as much value in showing designers what sorts of attacks their software will face (the book could serve as a checklist for part of a pre-release testing regimen). Plus, the clever reverse-engineering strategies that Greg Hoglund and Gary McGraw teach will be useful in many legitimate software projects. Consider this a recipe book for mayhem, or a compendium of lessons learned by others. It depends on your situation.
    آخرین ویرایش به وسیله Inprise : دوشنبه 14 آذر 1384 در 18:30 عصر

  10. #10
    Secure Coding in C
    شاید برای تجربهء توسعه صحیح کد با C حتی سایر زبانها و آشنائی با گلوگاههای امنیتی نرم افزار ، کتابی مانند این نوشته نشده باشه . نویسنده کتاب آقای Seacord این روزها یکی از متخصصین ارشد CERT ایالات متحده امریکاست و فرد مناسبیه برای نوشتن کتابی که تجربه سنگین برنامه نویس و دانش امنیتی لازم داره .





    Commonly exploited software vulnerabilities are usually caused by avoidable software defects. Having analyzed nearly 18,000 vulnerability reports over the past ten years, the CERT/Coordination Center (CERT/CC) has determined that a relatively small number of root causes account for most of them. This book identifies and explains these causes and shows the steps that can be taken to prevent exploitation. Moreover, this book encourages programmers to adopt security best practices and develop a security mindset that can help protect software from tomorrow's attacks, not just today's.

    Drawing on the CERT/CC's reports and conclusions, Robert Seacord systematically identifies the program errors most likely to lead to security breaches, shows how they can be exploited, reviews the potential consequences, and presents secure alternatives.

    Coverage includes technical detail on how to

    • Improve the overall security of any C/C++‎ application
    • Thwart buffer overflows and stack-smashing attacks that exploit insecure string manipulation logic
    • Avoid vulnerabilities and security flaws resulting from the incorrect use of dynamic memory management functions
    • Eliminate integer-related problems: integer overflows, sign errors, and truncation errors
    • Correctly use formatted output functions without introducing format-string vulnerabilities
    • Avoid I/O vulnerabilities, including race conditions
    Secure Coding in C and C++‎ presents hundreds of examples of secure code, insecure code, and exploits, implemented for Windows and Linux. If you're responsible for creating secure C or C++‎ software--or for keeping it safe--no other book offers you this much detailed, expert assistance.

  11. #11
    Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerabiity Research




    Book Description
    This is the first book available for the Metasploit Framework (MSF), which is the attack platform of choice for one of the fastest growing careers in IT security: Penetration Testing. The book and companion Web site will provide professional penetration testers and security researchers with a fully integrated suite of tools for discovering, running, and testing exploit code. This book discusses how to use the Metasploit Framework (MSF) as an exploitation platform. The book begins with a detailed discussion of the three MSF interfaces: msfweb, msfconsole, and msfcli .This chapter demonstrates all of the features offered by the MSF as an exploitation platform. With a solid understanding of MSF's capabilities, the book then details techniques for dramatically reducing the amount of time required for developing functional exploits. By working through a real-world vulnerabilities against a popular closed source applications, the reader will learn how to use the tools and MSF to quickly build reliable attacks as standalone exploits. The section will also explain how to integrate an exploit directly into the Metasploit Framework by providing a line-by-line analysis of an integrated exploit module. Details as to how the Metasploit engine drives the behind-the-scenes exploitation process will be covered, and along the way the reader will come to understand the advantages of exploitation frameworks. The final section of the book examines the Meterpreter payload system and teaches readers to develop completely new extensions that will integrate fluidly with the Metasploit Framework.

  12. #12
    19Deadly Sins of Software Security






    “Ninety-five percent of software bugs are caused by the same 19 programming flaws.” —Amit Yoran, Former Director of The Department of Homeland Security’s National Cyber Security Division

    Secure your software by eliminating code vulnerabilities from the start. This essential book for all software developers--regardless of platform, language, and type of application--outlines the 19 sins of software security and shows how to fix each one. Best-selling authors Michael Howard and David LeBlanc, who teach Microsoft employees how to write secure code, have partnered with John Viega, the man who uncovered the 19 deadly programming sins to write this hands-on guide. Detailed code examples throughout show the code defects as well as the fixes and defenses. If you write code, you need this book. Eliminate these security flaws from your code:
    • Buffer overruns
    • Format string problems
    • Integer overflows
    • SQL injection
    • Command injection
    • Failure to handle errors
    • Cross-site scripting
    • Failure to protect network traffic
    • Use of magic URLs and hidden forms
    • Improper use of SSL
    • Use of weak password-based systems
    • Failure to store and protect data securely
    • Information leakage
    • Trusting network address resolution
    • Improper file access
    • Race conditions
    • Unauthenticated key exchange
    • Failure to use cryptographically strong random numbers
    • Poor usability
    Michael Howard, CISSP, is an architect of the security process changes at Microsoft and a co-author of Processes to Produce Secure Software published by the Department of Homeland Security’s National Cyber Security Division. He is a Senior Security Program Manager in the Security Engineering Group at Microsoft Corporation and co-author of Writing Secure Code (Microsoft Press). David LeBlanc, Ph.D., is Chief Software Architect for Webroot Software, and was formerly Security Architect in the Office group at Microsoft. He is co-author of Writing Secure Code. John Viega is the CTO of Secure Software.

  13. #13



    Book Description
    Hacker extraordinaire Kevin Mitnick delivers the explosive encore to his bestselling The Art of Deception
    Kevin Mitnick, the world's most celebrated hacker, now devotes his life to helping businesses and governments combat data thieves, cybervandals, and other malicious computer intruders. In his bestselling The Art of Deception, Mitnick presented fictionalized case studies that illustrated how savvy computer crackers use "social engineering" to compromise even the most technically secure computer systems. Now, in his new book, Mitnick goes one step further, offering hair-raising stories of real-life computer break-ins-and showing how the victims could have prevented them. Mitnick's reputation within the hacker community gave him unique credibility with the perpetrators of these crimes, who freely shared their stories with him-and whose exploits Mitnick now reveals in detail for the first time, including:
    • A group of friends who won nearly a million dollars in Las Vegas by reverse-engineering slot machines
    • Two teenagers who were persuaded by terrorists to hack into the Lockheed Martin computer systems
    • Two convicts who joined forces to become hackers inside a Texas prison
    • A "Robin Hood" hacker who penetrated the computer systems of many prominent companies-andthen told them how he gained access
    With riveting "you are there" descriptions of real computer break-ins, indispensable tips on countermeasures security professionals need to implement now, and Mitnick's own acerbic commentary on the crimes he describes, this book is sure to reach a wide audience-and attract the attention of both law enforcement agencies and the media.


    Artists use lies to tell the truth while politicians use them to cover the truth up

  14. #14
    UNIX is simple. It just takes a genius to understand its simplicity
    -- Dennis Ritchie

  15. #15
    سلام به دوستان قدیمی و جدید. چند تا کتاب را معرفی می کنم و امیدوارم ایندفه دیگه وقت برای موندن داشته باشم و در خدمت دوستان باشم.

    Sockets, Shellcode, Porting, & Coding: Reverse Engineering Exploits and Tool Coding for Security Professionals [ILLUSTRATED] (Paperback)

    کتاب خوبی است و برای دوستانی که دانش متوسط به پایین دارند در این زمینه توصیه می شود.
    البته برای حرفه ایی ها چیز جدیدی ندارد.
    http://www.amazon.com/Sockets-Shellc...e=UTF8&s=books

    --------------------------------------------------------------------------------------------------
    Buffer Overflow Attacks:: Detect, Exploit, Prevent

    http://www.amazon.com/Buffer-Overflo...e=UTF8&s=books

  16. #16
    و کتابی برای تمام اسمبلی دوستان.
    Professional Assembly Language
    فقط در باره کتاب بگم که نویسنده اش :
    Rich has a bachelor of science degree in electrical engineering from Purdue University, where he worked
    on many assembly language projects. (Of course, this was back in the eight-bit processor days.)

    http://www.amazon.com/Professional-A...e=UTF8&s=books

    البته من نمی دونم چیش professional هست ولی basic رو خیلی خوب گفته.
    راستی این کتاب بر اساس AT&T اسمبلی هست پس Intel کارا و ویندوز کارا یه کم اولش مشکل دارند. فرقش و تو کتاب گفته.

  17. #17
    یک کتاب بسیار حرفه ایی از فرد بسیار حرفه ایی. به شدت به دوستانی که در زمینه Database و امنیت آن کار می کنند توصیه می کنم بخونند.

    The Database Hacker's Handbook: Defending Database Servers
    درباره نویسنده :
    David has found hundreds of vulnerabilities in many popular products, among which the most outstanding discoveries were in products by Microsoft, Oracle and IBM.


    http://www.amazon.com/Database-Hacke...e=UTF8&s=books

  18. #18

    Shellcoder’s Programming Uncovered

    کتاب ShellCoder's Programming uncovered نوشته Kris Kaspersky



  19. #19
    کتاب ضعیفیه اما واسه تازه کارها میتونه جالب باشه.
    Crackproof Your Software: Protect Your Software Against Crackers



  20. #20
    Hacking: The Art of Exploitation by Jon Erickson

    شیوه نگارشش رو خیلی دوست دارم.


  21. #21
    بابا اینجا چرا کتابهای جدید رو معرفی نمیکنید ؟
    Writing Security Tools and Exploits
    by James C. Foster

    Book Description
    Writing Security Tools and Exploits will be the foremost authority on vulnerability and security code and will serve as the premier educational reference for security professionals and software developers. The book will have over 600 pages of dedicated exploit, vulnerability, and tool code with corresponding instruction. Unlike other security and programming books that dedicate hundreds of pages to architecture and theory based flaws and exploits, this book will dive right into deep code analysis. Previously undisclosed security research in combination with superior programming techniques will be included in both the Local and Remote Code sections of the book.

    The book will be accompanied with a companion Web site containing both commented and uncommented versions of the source code examples presented throughout the book. In addition to the book source code, the CD will also contain a copy of the author-developed Hacker Code Library v1.0. The Hacker Code Library will include multiple attack classes and functions that can be utilized to quickly create security programs and scripts. These classes and functions will simplify exploit and vulnerability tool development to an extent never before possible with publicly available software.

    * Provides readers with working code to develop and modify the most common security tools including Nmap and Nessus
    * Learn to reverse engineer and write exploits for various operating systems, databases, and applications
    * Automate reporting and analysis of security log files

  22. #22
    Memory as a Programming Concept in C and C++‎
    by Frantisek Franek

    Book Description
    Assuming readers have a basic familiarity with C or C++‎, Frantisek Franek describes the techniques, methods and tools available to develop effective memory usage. The overwhelming majority of "bugs" and crashes in computer programming stem from problems of memory access, allocation, or deallocation. Such memory related errors are notoriously difficult to resolve. Moreover, the role that memory plays in C and C++‎ programming is a subject often overlooked in courses and in books. Most professional programmers learn about it entirely through actual experience of the problems it causes.

  23. #23





    Publisher: Addison-Wesley Professional
    Language: english
    ISBN: 0321223918
    Paperback: 336 pages
    Data: October 6, 2004
    Format: CHM
    Description: Finding bugs and understanding what is really happening within code is a lostart. Only truly good programmers are able to emulate the processor in theirown mind (e.g. read the code and understand how it might work without goingto the trouble of running it). Adam Barr wonders how programmers aresupposed to build better programs if they do not know what is going on incode. The true pursuit of most software programmers is not creatingapplications from scratch; the reality of their day-to-day work is that theyusually have to deal with inherited code. This code, likely written by someoneelse, must be optimized, tweaked, and improved. Therefore, programmers whoare adept at reading, understanding, and improving code are in hot demand.These skills are drawn to the forefront with the help of this new book.This book is language-independent. The author borrows from his extensiveexperience at Microsoft Corporation and as an independent consultant to showhow programming skills can be honed by going through the exercise of findingthe bugs in existing code. By teaching programmers how to troubleshoot, it isthe author's belief that programmers will learn how to think like a programmer,and ultimately produce better software in a more timely fashion
    .
    UNIX is simple. It just takes a genius to understand its simplicity
    -- Dennis Ritchie

  24. #24




    Publisher: Syngress; 1 edition
    Language: english
    ISBN: 1932266720
    Paperback: 700 pages
    Data: November 20, 2004
    Format: PDF
    Description: The Programmer's Ultimate Security DeskRef is the only complete desk reference covering multiple languages and their inherent security issues. It will serve as the programming encyclopedia for almost every major language in use.

    While there are many books starting to address the broad subject of security best practices within the software development lifecycle, none has yet to address the overarching technical problems of incorrect function usage. Most books fail to draw the line from covering best practices security principles to actual code implementation. This book bridges that gap and covers the most popular programming languages such as Java, Perl, C++‎, C#‎, and Visual Basic.
    UNIX is simple. It just takes a genius to understand its simplicity
    -- Dennis Ritchie

  25. #25





    Publisher: Wiley
    Language: english
    ISBN: 0470080221
    Paperback: 190 pages
    Data: January 30, 2007
    Format: CHM
    Description: Knowledge is power, and the power can be yours
    While Oracle continues to improve the security features of its product, it still has a long way to go. David Litchfield has devoted years to relentlessly searching out the flaws in this ubiquitous database system and creating defenses against them. Now he offers you his complete arsenal to assess and defend your own Oracle systems.

    Like The Shellcoder's Handbook and The Database Hacker's Handbook, this in-depth guide explores every technique and tool used by black hat hackers to invade and compromise Oracle. It shows you how to find the weak spots and defend them. Without that knowledge, you have little chance of keeping your databases truly secure
    .
    UNIX is simple. It just takes a genius to understand its simplicity
    -- Dennis Ritchie

  26. #26





    Publisher: Microsoft Press
    Language: english
    ISBN: 073562187X
    Paperback: 592 pages
    Data: June 9, 2006
    Format: CHM
    Description: Your in-depth, hands-on, technical security-testing reference. Written for testers by testers, this guide highlights up-to-date tools, technologies, and techniques for helping find and eliminate security vulnerabilities in software.
    UNIX is simple. It just takes a genius to understand its simplicity
    -- Dennis Ritchie

  27. #27
    کاربر دائمی آواتار ICEMAN
    تاریخ عضویت
    تیر 1383
    محل زندگی
    Hyper-V
    پست
    476






    # Paperback: 576 pages
    # Publisher: Addison-Wesley Professional; 1 edition (June 29, 2007)
    # Language: English
    # ISBN-10: 0321446119
    # ISBN-13: 978-0321446114
    # Product Dimensions: 9.1 x 6.9 x 1.2 inches





    Book Description
    FUZZING

    Master One of Today’s Most Powerful Techniques for Revealing Security Flaws!
    Fuzzing has evolved into one of today’s most effective approaches to test software security. To “fuzz,” you attach a program’s inputs to a source of random data, and then systematically identify the failures that arise. Hackers have
    relied on fuzzing for years: Now, it’s your turn. In this book, renowned fuzzing experts show you how to use fuzzing to reveal weaknesses in your software before someone else does.

    Fuzzing is the first and only book to cover fuzzing from start to finish, bringing disciplined best practices to a technique that has traditionally been implemented informally. The authors begin by reviewing how fuzzing works and outlining its crucial advantages over other security testing methods. Next, they introduce state-of-the-art fuzzing techniques for finding vulnerabilities in network protocols, file formats, and web applications; demonstrate the use of automated fuzzing tools; and present several insightful case histories showing fuzzing at work. Coverage includes:

    • Why fuzzing simplifies test design and catches flaws other methods miss
    • The fuzzing process: from identifying inputs to assessing “exploitability”
    • Understanding the requirements for effective fuzzing
    • Comparing mutation-based and generation-based fuzzers
    • Using and automating environment variable and argument fuzzing
    • Mastering in-memory fuzzing techniques
    • Constructing custom fuzzing frameworks and tools
    • Implementing intelligent fault detection

    Attackers are already using fuzzing. You should, too. Whether you’re a developer, security engineer, tester, or QA specialist, this book teaches you how to build secure software.

    Foreword xix
    Preface xxi
    Acknowledgments xxv
    About the Author xxvii
    PARTI BACKGROUND 1
    Chapter 1 Vulnerability Discovery Methodologies 3
    Chapter 2 What Is Fuzzing? 21
    Chapter 3 Fuzzing Methods and Fuzzer Types 33
    Chapter 4 Data Representation and Analysis 45
    Chapter 5 Requirements for Effective Fuzzing 61
    PART II TARGETS AND AUTOMATION 71
    Chapter 6 Automation and Data Generation 73
    Chapter 7 Environment Variable and Argument Fuzzing 89
    Chapter 8 Environment Variable and Argument Fuzzing: Automation 103
    Chapter 9 Web Application and Server Fuzzing 113
    Chapter 10 Web Application and Server Fuzzing: Automation 137
    Chapter 11 File Format Fuzzing 169
    Chapter 12 File Format Fuzzing: Automation on UNIX 181
    Chapter 13 File Format Fuzzing: Automation on Windows 197
    Chapter 14 Network Protocol Fuzzing 223
    Chapter 15 Network Protocol Fuzzing: Automation on UNIX 235
    Chapter 16 Network Protocol Fuzzing: Automation on Windows 249
    Chapter 17 Web Browser Fuzzing 267
    Chapter 18 Web Browser Fuzzing: Automation 283
    Chapter 19 In-Memory Fuzzing 301
    Chapter 20 In-Memory Fuzzing: Automation 315
    PART III ADVANCED FUZZING TECHNOLOGIES 349
    Chapter 21 Fuzzing Frameworks 351
    Chapter 22 Automated Protocol Dissection 419
    Chapter 23 Fuzzer Tracking 437
    Chapter 24 Intelligent Fault Detection 471
    PART IV LOOKING FORWARD 495
    Chapter 25 Lessons Learned 497
    Chapter 26 Looking Forward 507
    Index 519

    About the Author

    MICHAEL SUTTON

    Michael Sutton is the Security Evangelist for SPI Dynamics. As Security Evangelist, Michael is responsible for identifying, researching, and presenting on emerging issues in the web application security industry. He is a frequent speaker at major information security conferences, has authored numerous articles, and is regularly quoted in the media on various information security topics.Michael is also a member of the Web Application Security Consortium (WASC), where he is project lead for the Web Application Security Statistics project.
    Prior to joining SPI Dynamics,Michael was a Director for iDefense/VeriSign, where he headed iDefense Labs, a team of world class researchers tasked with discovering and researching security vulnerabilities.Michael also established the Information Systems Assurance and Advisory Services (ISAAS) practice for Ernst & Young in Bermuda. He holds degrees from the University of Alberta and The George Washington University. Michael is a proud Canadian who understands that hockey is a religion and not a sport. Outside of the office, he is a Sergeant with the Fairfax Volunteer Fire Department.

    ADAM GREENE

    Adam Greene is an engineer for a large financial news company based in New York City. Previously, he served as an engineer for iDefense, an intelligence company located in Reston, VA. His interests in computer security lie mainly in reliable exploitation methods, fuzzing, and UNIX-based system auditing and exploit development.

    PEDRAM AMINI

    Pedram Amini currently leads the security research and product security assessment team at TippingPoint. Previously, he was the assistant director and one of the founding members of iDefense Labs. Despite the fancy titles, he spends much of his time in the shoes of a reverse engineer–developing automation tools, plug-ins, and scripts. His most recent projects (a.k.a. “babies”) include the PaiMei reverse engineering framework and the Sulley fuzzing framework.

    In conjunction with his passion, Pedram launched OpenRCE.org, a community website dedicated to the art and science of reverse engineering. He has presented at RECon, BlackHat, DefCon, ShmooCon, and ToorCon and taught numerous sold out reverse engineering courses. Pedram holds a computer science degree from Tulane University.

  28. #28



    This is the first book available for the Metasploit Framework (MSF), which is the attack platform of choice for one of the fastest growing careers in IT security: Penetration Testing. The book and companion Web site will provide professional penetration testers and security researchers with a fully integrated suite of tools for discovering, running, and testing exploit code. This book discusses how to use the Metasploit Framework (MSF) as an exploitation platform. The book begins with a detailed discussion of the three MSF interfaces: msfweb, msfconsole, and msfcli .This chapter demonstrates all of the features offered by the MSF as an exploitation platform. With a solid understanding of MSFs capabilities, the book then details techniques for dramatically reducing the amount of time required for developing functional exploits.
    By working through a real-world vulnerabilities against popular closed source applications, the reader will learn how to use the tools and MSF to quickly build reliable attacks as standalone exploits. The section will also explain how to integrate an exploit directly into the Metasploit Framework by providing a line-by-line analysis of an integrated exploit module. Details as to how the Metasploit engine drives the behind-the-scenes exploitation process will be covered, and along the way the reader will come to understand the advantages of exploitation frameworks. The final section of the book examines the Meterpreter payload system and teaches readers to develop completely new extensions that will integrate fluidly with the Metasploit Framework.
    · A November 2004 survey conducted by “CSO Magazine” stated that 42% of chief security officers considered penetration testing to be a security priority for their organizations
    · The Metasploit Framework is the most popular open source exploit platform, and there are no competing books
    · The book’s companion Web site offers all of the working code and exploits contained within the book



    UNIX is simple. It just takes a genius to understand its simplicity
    -- Dennis Ritchie

  29. #29
    UNIX is simple. It just takes a genius to understand its simplicity
    -- Dennis Ritchie

  30. #30
    UNIX is simple. It just takes a genius to understand its simplicity
    -- Dennis Ritchie

  31. #31

    The First In-Depth, Real-World, Insider’s Guide to Powerful Windows Debugging


    “Who says you can’t bottle experience? Between these covers is a wealth of information: a clear, logical approach to finding and eliminating bugs. This is an absolute must-have book for anyone who develops, tests, or supports software for Microsoft Windows.”

    -- Bob Wilton, Escalation Engineer, Critical Problem Resolution Team, Microsoft



    “An excellent reference for both intermediate and advanced debuggers: highly practical, and filled with tricks and strategies. This book stands out from all other Win32 debugging literature, thanks to its in-depth examples—including resolving intricate problems like stack and heap corruptions.”

    -- Kinshuman, Development Lead, Windows Core OS Division, Microsoft
    http://www.amazon.com/Advanced-Debug.../dp/0321374460

    For Windows developers, few tasks are more challenging than debugging—-or more crucial. Reliable and realistic information about Windows debugging has always been scarce. Now, with over 15 years of experience two of Microsoft’s system-level developers present a thorough and practical guide to Windows debugging ever written.



    Mario Hewardt and Daniel Pravat cover debugging throughout the entire application lifecycle and show how to make the most of the tools currently available—-including Microsoft’s powerful native debuggers and third-party solutions.



    To help you find real solutions fast, this book is organized around real-world debugging scenarios. Hewardt and Pravat use detailed code examples to illuminate the complex debugging challenges professional developers actually face. From core Windows operating system concepts to security, Windows® Vista™ and 64-bit debugging, they address emerging topics head-on—and nothing is ever oversimplified or glossed over!



    This book enables you to

    *
    Master today’s most powerful Windows debugging tools, including NTSD, CDB, WinDbg, KD, and ADPlus
    *
    Debug code that wasn’t designed or written for easy debugging
    *
    Understand debuggers “under the hood,” and manage symbols and sources efficiently
    *
    Debug complex memory corruptions related to stacks and heaps
    *
    Resolve complex security problems
    *
    Debug across processes: identity tracking, RPC debugger extensions, and tracking IPCs with Ethereal
    *
    Find and fix resource leaks, such as memory and handle leaks.
    *
    Debug common thread synchronization problems
    *
    Learn when and how to write custom debugger extensions
    *
    Perform “postmortem debugging” using crash dumps and Windows Error Reporting
    *
    Automate debugging with DebugDiag and the Analyze Debugger command



    Whether you’re a system-level or application developer, Advanced Windows Debugging delivers the deep understanding of debugging that could save you weeks on your very next project.



    Part I Overview

    Chapter 1 Introduction to the Tools

    Chapter 2 Introduction to the Debuggers

    Chapter 3 Debugger Uncovered

    Chapter 4 Managing Symbol and Source Files

    Part II Applied Debugging

    Chapter 5 Memory Corruptions Part I — Stacks

    Chapter 6 Memory Corruptions Part I — Heaps

    Chapter 7 Security

    Chapter 8 Inter-process Communication

    Chapter 9 Resource Leaks

    Chapter 10 Synchronization

    Part III Advanced Topics

    Chapter 11 Writing Custom Debugger Extensions

    Chapter 12 64-bit Debugging

    Chapter 13 Postmortem Debugging

    Chapter 14 Power Tools

    Chapter 15 Windows Vista Fundamentals

    Appendix A Application Verifier Test Settings

  32. #32

    Computer Security And Cryptography

    Computer Security And Cryptography




    Computer Security And Cryptography

    # Publisher: Wiley-Interscience (January 29, 2007)
    # Language: English
    # ISBN-10: 0471947830
    # ISBN-13: 978-0471947837

    Gain the skills and knowledge needed to create effective data security systems

    This book updates readers with all the tools, techniques, and concepts needed to understand and implement
    data security systems. It presents a wide range of topics for a thorough understanding of the factors that affect
    the efficiency of secrecy, authentication, and digital signature schema. Most importantly, readers gain hands-on
    experience in cryptanalysis and learn how to create effective cryptographic systems.

    The author contributed to the design and analysis of the Data Encryption Standard (DES), a widely used symmetric-key encryption algorithm. His recommendations are based on firsthand experience of what does and does not work.

    Thorough in its coverage, the book starts with a discussion of the history of cryptography, including a description of
    the basic encryption systems and many of the cipher systems used in the twentieth century. The author then discusses
    the theory of symmetric- and public-key cryptography. Readers not only discover what cryptography can do to protect
    sensitive data, but also learn the practical limitations of the technology. The book ends with two chapters that explore
    a wide range of cryptography applications.

    Three basic types of chapters are featured to facilitate learning:

    * Chapters that develop technical skills
    * Chapters that describe a cryptosystem and present a method of analysis
    * Chapters that describe a cryptosystem, present a method of analysis, and
    provide problems to test your grasp of the material and your ability to implement practical solutions

    With consumers becoming increasingly wary of identity
    theft and companies struggling to develop safe, secure
    systems, this book is essential reading for professionals
    in e-commerce and information technology. Written by a
    professor who teaches cryptography, it is also ideal for students.

  33. #33

    نقل قول: Computer Security And Cryptography

    اگر امكان داره يك كتاب در مورد هك هاي وب سابت هاي طراحي شده با asp.net و sql server معرفي كنيد. يا چيزي در اين مورد كه جلوي نفوذ به سايت رو تا حد امكان بگيره. با تشكر

  34. جمعه 06 اسفند 1389, 21:36 عصر

    دلیل
    تکراری

  35. #34

    Surreptitious Software

    Surreptitious Software



    Obfuscation, Watermarking, and Tamperproofing for Software Protection: Obfuscation, Watermarking, and Tamperproofing for Software Protection

    در یک کلمه ، فوق العادست ...

  36. #35

    نقل قول: کتابخانهء امنیت نرم افزار


  37. #36

    نقل قول: Surreptitious Software


  38. #37

    نقل قول: کتابخانهء امنیت نرم افزار


  39. #38

    نقل قول: Surreptitious Software


  40. #39

    نقل قول: Surreptitious Software

    Mac OS X and iOS Internals



    معادل Microsoft Windows Internals در Mac هست ، البته یک کتاب قدیمی هم با نام The Mac OS X Internals هم موجود هست که نکات خوبی درش آورده شده ولی من این کتاب رو ترجیح میدم .

  41. #40
    Everything that has a beginning has an end. ... The End?



برچسب های این تاپیک

قوانین ایجاد تاپیک در تالار

  • شما نمی توانید تاپیک جدید ایجاد کنید
  • شما نمی توانید به تاپیک ها پاسخ دهید
  • شما نمی توانید ضمیمه ارسال کنید
  • شما نمی توانید پاسخ هایتان را ویرایش کنید
  •