EC-Council Certified Secure Programmer
EC-Council Certified Secure Programmer EC-Council Certified Secure Programmer
Page 42• Starting a Winsock 2 API• Accepting Connections:o AcceptEx• WinSock: TransmitFile and TransmitPackets• Grabbing a Web Page Using Winsock• Generic File – Grabbing Application• Writing Client Applications• TCP Client Application Sample Code• Writing Server Applications• TCP Server Application Sample Code• Winsock Secure Socket Extensions• WSADeleteSocketPeerTargetName• WSAImpersonateSocketPeer• WSAQuerySocketSecurity• WSARevertImpersonation• WSASetSocketPeerTargetName• WSASetSocketSecurity Function• SOCKET_SECURITY_SETTINGS• Using WinSock to Execute a Web Attack• Using Winsock to Execute a Remote Buffer Overflow• MDACDos ApplicationModule 26: Writing Shellcodes• Shellcode Introduction• Shellcode Development Tools• Remote Shellcode• Port Binding Shellcode• FreeBSD Port Binding Shellcodehttp://www.eccouncil.orgEC-Council
• Clean Port Binding Shellcodeo Clean Port Binding Shellcode: sckcode• Socket Descriptor Reuse Shellcodeo Socket Descriptor Reuse Shellcode in Co Socket Descriptor Reuse Shellcode: Sample Code• Local Shellcode• execve• Executing /bin/sh• Byte Code• setuid Shellcode• chroot Shellcode• Breaking of chroot jails in Traditional Way• Breaking Out of Chroot Jails on Linux Kernels• Windows Shellcode• Shellcode Examples• Steps to Execute Shell Code Assembly• The Write System Call• Linux Shellcode for “Hello, world!”• The Write System Call in FreeBSD• execve Shellcode in C• FreeBSD execve jmp/call Style• FreeBSD execve Push Style• FreeBSD execve Push Style, Several Arguments• Implementation of execve on Linux• Linux Push execve Shellcode• System Calls• The Socket System Calla. The Socket System Call: Sample Code AnalysisPage 43http://www.eccouncil.orgEC-Council
- Page 1 and 2: Page 1EC-Council CertifiedSecure Pr
- Page 3: Course DescriptionEC-Council Certif
- Page 8 and 9: • Microsoft SDL Threat Modeling T
- Page 11 and 12: • Countermeasure against Buffer O
- Page 13 and 14: • Using Variable Arguments Proper
- Page 15 and 16: o Code for GSS Client• Java Serve
- Page 17 and 18: • .NET Frameworko .NET Framework
- Page 19: o Design Considerationso Applicatio
- Page 22 and 23: Page 22o Web Application Fingerprin
- Page 24 and 25: Page 24• SQL Server Security Mode
- Page 26 and 27: Page 26• SQL Server 2005o Step 1:
- Page 28 and 29: Page 28• Application Configuratio
- Page 30 and 31: Page 30• Preventing Automatic Sub
- Page 32 and 33: • Validation Process in XML• XM
- Page 34 and 35: • Preventing Repurposing• SiteL
- Page 36 and 37: Page 36• Authorization Controls
- Page 38 and 39: Page 38Module 22: Secure Xcode Prog
- Page 40 and 41: Page 40• Obfuscation Sample Code
- Page 44 and 45: Page 44• The Bind System Call•
- Page 46 and 47: Page 46• Figures: Fake Chunk, Ove
- Page 48 and 49: Page 48• The wiretap Library• A
- Page 50 and 51: Page 50• Security and Trust Servi
- Page 52 and 53: Page 52• SSL Certificates• Veri
- Page 54 and 55: • Avoiding unvalidated redirects
• Clean Port Binding Shellcodeo Clean Port Binding Shellcode: sckcode• Socket Descriptor Reuse Shellcodeo Socket Descriptor Reuse Shellcode in Co Socket Descriptor Reuse Shellcode: Sample Code• Local Shellcode• execve• Executing /bin/sh• Byte Code• setuid Shellcode• chroot Shellcode• Breaking of chroot jails in Traditional Way• Breaking Out of Chroot Jails on Linux Kernels• Windows Shellcode• Shellcode Examples• Steps to Execute Shell Code Assembly• The Write System Call• Linux Shellcode for “Hello, world!”• The Write System Call in FreeBSD• execve Shellcode in C• FreeBSD execve jmp/call Style• FreeBSD execve Push Style• FreeBSD execve Push Style, Several Arguments• Implementation of execve on Linux• Linux Push execve Shellcode• System Calls• The Socket System Calla. The Socket System Call: Sample Code AnalysisPage 43http://www.eccouncil.org<strong>EC</strong>-<strong>Council</strong>