EC-Council Certified Secure Programmer

More documents

Recommendations

Info

Page 46• Figures: Fake Chunk, Overwritten Chunk• OpenSSL SSLv2 Malformed Client Key Remote Buffer Overflow Vulnerability CAN-2002-0656• Exploitation• Exploitation Sample Code• The Complication• Improving the Exploit• Integer Bug Exploits• Integer Wrapping• Program: Addition-Based Integer Wrapping• Multiplication-Based Integer Wrapping• Bypassing Size Checkso Unsigned Size Check Without Integer Wrappingo Signed Size Check Without Integer Wrapping• Using the Metasploit Framework• Determining Attack Vector• Finding the Offset: Overwriting the Return Address• The First Attack String• Overwriting EIP with a Known Pattern• Selecting a Control Vector• Finding a Return Address• Selecting the Search Method in the Metasploit Opcode Database• Search Method in Metasploit Opcode Database• Using the Return Address:o Inserting the Return Addresso Verifying Return Address Reliability• Nop Sleds: Increasing Reliability with a Nop Sled• Choosing a Payload and Encodero Listing Available Payloadshttp://www.eccouncil.orgEC-Council
o Determining Payload Variableso Generating the Payloado msfencode Options• List of Available Encoders• Choosing a Payload and Encoder: msfencode Results• msfweb Payload Generation• Setting msfweb Payload Options• msfweb Generated and Encoded Payload• Integrating Exploits into FrameworkPage 47Module 28: Programming Port Scanners and Hacking Tools• Port Scanner• Simple Port Scannerso Prerequisites for Writing a Port Scannero Port Scanner in C++o Port Scanner in C#o Building a Simple Port Scanner in VC++o Port Scanner in Javao Example JavaScript Port Scannero Port Scanner in ASP.Neto Port Scanner in Perlo Port Scanner in PHPo UDP Port Scanning in PHPo UDP Port Scanner in XML• libpcapo Capturing Packets• Packet Capturing Example• Saving Captured Packets to a Filehttp://www.eccouncil.orgEC-Council
Page 1 and 2: Page 1EC-Council CertifiedSecure Pr
Page 3: Course DescriptionEC-Council Certif
Page 8 and 9: • Microsoft SDL Threat Modeling T
Page 11 and 12: • Countermeasure against Buffer O
Page 13 and 14: • Using Variable Arguments Proper
Page 15 and 16: o Code for GSS Client• Java Serve
Page 17 and 18: • .NET Frameworko .NET Framework
Page 19: o Design Considerationso Applicatio
Page 22 and 23: Page 22o Web Application Fingerprin
Page 24 and 25: Page 24• SQL Server Security Mode
Page 26 and 27: Page 26• SQL Server 2005o Step 1:
Page 28 and 29: Page 28• Application Configuratio
Page 30 and 31: Page 30• Preventing Automatic Sub
Page 32 and 33: • Validation Process in XML• XM
Page 34 and 35: • Preventing Repurposing• SiteL
Page 36 and 37: Page 36• Authorization Controls
Page 38 and 39: Page 38Module 22: Secure Xcode Prog
Page 40 and 41: Page 40• Obfuscation Sample Code
Page 42 and 43: Page 42• Starting a Winsock 2 API
Page 44 and 45: Page 44• The Bind System Call•
Page 48 and 49: Page 48• The wiretap Library• A
Page 50 and 51: Page 50• Security and Trust Servi
Page 52 and 53: Page 52• SSL Certificates• Veri
Page 54 and 55: • Avoiding unvalidated redirects

EC-Council Certified Secure Programmer

Create successful ePaper yourself

Delete template?

Save as template?