TAILIEUCHUNG - Ebook Gray hat hacking (3rd edition): Part 1

(BQ) Part 2 book "Gray hat hacking" has contents: Web application security vulnerabilities, VoIP attacks, passive analysis, client side browser exploits, advanced reverse engineering, intelligent fuzzing with sulley, closing the holes - mitigation, collecting malware and initial analysis, hacking malware,. and other contents. | CHAPTER Understanding and Detecting Content-Type Attacks Most enterprise network perimeters are protected by firewalls that block unsolicited network-based attacks. Most enterprise workstations have antivirus protection for widespread and well-known exploits. And most enterprise mail servers are protected by filtering software that strips malicious executables. In the face of these protections, malicious attackers have increasingly turned to exploiting vulnerabilities in client-side software such as Adobe Acrobat and Microsoft Office. If an attacker attaches a malicious PDF to an e-mail message, the network perimeter firewall will not block it, the workstation antivirus product likely will not detect it (see the “Obfuscation” section later in the chapter), the mail server will not strip it from the e-mail, and the victim may be tricked into opening the attachment via social engineering tactics. In this chapter, we cover the following topics: • How do content-type attacks work? • Which file formats are being exploited today? • Intro to the PDF file format • Analyzing a malicious PDF exploit • Tools to detect malicious PDF files • Tools to Test Your Protections Against Content-type Attacks • How to protect your environment from content-type attacks How Do Content-Type Attacks Work? The file format specifications of content file types such as PDF or DOC are long and involved (see the “References” section). Adobe Reader and Microsoft Office use thousands of lines of code to process even the simplest content file. Attackers attempt to exploit programming flaws in that code to induce memory corruption issues, resulting in their own attack code being run on the victim computer that opened the PDF or 341 16 Gray Hat Hacking, The Ethical Hacker’s Handbook, Third Edition 342 DOC file. These malicious files are usually sent as an e-mail attachment to a victim. Victims often do not even recognize they have been attacked because attackers use clever social engineering .

• An ninh - Bảo mật
• Gray hat hacking
• Web application security vulnerabilities
• Client side browser exploits
• Advanced reverse engineering
• Intelligent fuzzing with sulley
• Initial analysis
• Ethics of ethical hacking
• Ethical hacking
• The legal system
• Ethical disclosure
• Social engineering attacks
• Physical penetration attacks
• Insider attacks
• Ebook Gray hat python
• Gray hat python
• Python programming for hackers and reverse engineers
• Hackers and reverse engineers
• Hacking tools and techniques
• Python based tools
• CentOS Bible
• Windows Made Simple
• Excel 2010
• Third Edition Reviews
• Driving Technical Change
• General IPX
• Microsoft SharePoint
• Third Edition
• bảo mật mạng
• bảo mật hệ thống
• bảo mật thông tin
• chống hacker xâm nhập
• bảo mật máy tính
• bảo mật dữ liệu
• cách phòng chống virut
• an ninh mang
• chống xâm nhập dữ liệu