The Hacker's Handbook

This handbook reveals those aspects of hacking least understood by network administrators. It analyzes subjects through a hacking/security dichotomy that details hacking maneuvers and defenses in the same context. Chapters are organized around specific components and tasks, providing theoretical background that prepares network defenders for the always-changing tools and techniques of intruders. Part I introduces programming, protocol, and attack concepts. Part II addresses subject areas (protocols, services, technologies, etc.) that may be vulnerable. Part III details consolidation activities that hackers may use following penetration.

Dave Aitel is the founder of Immunity, Inc. (www.immunitysec.com), with prior experience at both private industry security consulting companies and the National Security Agency. His tools, SPIKE and SPIKE Proxy, are widely regarded as the best black box application assessment tools available. Susan Young has worked in the security field for the past seven years, four of which have been spent in the security consulting arena, helping clients design and implement secure networks, training on security technologies, and conducting security assessments and penetration tests of client system or network defenses (so-called ethical hacking). Her experience has included consulting work in the defense sector and the financial industry, as well as time spent evaluating and deconstructing various security products. She currently works as a senior security consultant in the Boston area security practice of International Network Services (INS).

1. Introduction: The Chess Game, PART I: FOUNDATION MATERIAL, 2. Case Study in Subversion, 3. Know Your Opponent, 4. Anatomy of an Attack, 5. Your Defensive Arsenal, 6. Programming, 7. IP and Layer 2 Protocols, 8. The Protocols, PART II: SYSTEM AND NETWORK PENETRATION, 9. Domain Name System (DNS), 10. Directory Services, 11. Simple Mail Transfer Protocol (SMTP), 12. Hypertext Transfer Protocol (HTTP), 13. Database Hacking and Security, 14. Malware and Viruses, 15. Network Hardware, PART III: CONSOLIDATION, 16. Consolidating Gains, 17. After the Fall, 18. Conclusion, Index