Gray Hat Hacking, Second Edition

Have a Promotion Code?

Please enter it here:

Great deals and more!

Sign up for special offers, exclusive discounts, and new product announcements from McGraw-Hill Professional.



January 10, 2008


Electronic book text, 576 pages


0071595538 / 9780071595537

Adobe Digital Editions® is required to view your downloaded eBooks.
Click here to get Adobe Digital Editions
To learn more about eBooks please see our eBook FAQ.

If you're having problems installing due to firewall issues please go here:


Your Price



Main description

"A fantastic book for anyone looking to learn the tools and techniques needed to break in and stay in." --Bruce Potter, Founder, The Shmoo Group

"Very highly recommended whether you are a seasoned professional or just starting out in the security business." --Simple Nomad, Hacker

Table of contents

Part 1 - Introduction to Ethical DisclosureChapter 1 - Ethics of Ethical HackingChapter 2 - Ethical Hacking and the Legal SystemChapter 3 - Proper and Ethical DisclosurePart 2 - Penetration Testing and ToolsChapter 4 - Using MetasploitChapter 5 - Using the BackTrack LiveCD Linux DistributionPart 3 - Exploits 101Chapter 6 - Programming Survival SkillsChapter 7 - Basic Linux ExploitsChapter 8 - Advanced Linux ExploitsChapter 9 - Shell Code StrategiesChapter 10 - Writing Linux ShellcodeChapter 11 - Writing a Basic Windows ExploitPart 4 - Vulnerability AnalysisChapter 12 - Passive AnalysisChapter 13 - Advanced Static Analysis with Ida ProChapter 14 - Advanced Reverse Engineering Chapter 15 - Client-side Browser ExploitsChapter 16 - Exploiting Windows Access Control Model for Local Elevation of PrivilegeChapter 17 - Intelligent Fuzzing with Sulley Chapter 18 - From Vulnerability to ExploitChapter 19 - Closing the Holes: MitigationPart 5 - Malware AnalysisChapter 20 - Collecting Malware and Initial AnalysisChapter 21 - Hacking Malware

Author comments

Shon Harris, MCSE, CISSP, is the president of Logical Security, an educator, and a security consultant.

Allen Harper, CISSP, is the president and owner of n2netsecurity, Inc., in North Carolina.

Chris Eagle is the associate chairman of the Computer Science Department at the Naval Postgraduate School (NPS) in Monterey, California.

Jonathan Ness, CHFI, is a lead software security engineer at Microsoft.

Back cover copy

Uncover, plug, and ethically disclose security flaws

Prevent catastrophic network attacks by exposing security flaws, fixing them, and ethically reporting them to the software author. Fully expanded to cover the hacker's latest devious methods, Gray Hat Hacking: The Ethical Hacker's Handbook, Second Edition lays out each exploit alongside line-by-line code samples, detailed countermeasures, and moral disclosure procedures. Find out how to execute effective penetration tests, use fuzzers and sniffers, perform reverse engineering, and find security holes in Windows and Linux applications. You'll also learn how to trap and autopsy stealth worms, viruses, rootkits, adware, and malware.

  • Implement vulnerability testing, discovery, and reporting procedures that comply with applicable laws
  • Learn the basics of programming, stack operations, buffer overflow and heap vulnerabilities, and exploit development
  • Test and exploit systems using Metasploit and other tools
  • Break in to Windows and Linux systems with perl scripts, Python scripts, and customized C programs
  • Analyze source code using ITS4, RATS, FlawFinder, PREfast, Splint, and decompilers
  • Understand the role of IDA Pro scripts, FLAIR tools, and third-party plug-ins in discovering software vulnerabilities
  • Reverse-engineer software using decompiling, profiling, memory monitoring, and data flow analysis tools
  • Reveal client-side web browser vulnerabilities with MangleMe, AxEnum, and AxMan
  • Probe Windows Access Controls to discover insecure access tokens, security descriptors, DACLs, and ACEs
  • Find and examine malware and rootkits using honeypots, honeynets, and Norman SandBox technology


Copyright 2014 McGraw-Hill Global Education Holdings, LLC


Before you can enjoy free downloads from McGraw-Hill Professional, we ask that you please provide your email address and country.

Yes, I want to receive other special offer.