Exploiting Software: How to Break Code
Authors: Greg Hoglund and Gary McGraw
Pages: 512
Publisher: Addison-Wesley
ISBN: 0201786958
Introduction
Today, when software complexity is growing at a fast pace and IT infrastructure security is more important then ever before, software designers, developers and system administrators are faced with serious problems when it comes to designing, building and deploying a secure IT infrastructure.
It may sound like a really simple taks. We can always apply the “golden rule” of “security through obscurity”, and believe people out there are so stupid they won’t find a way to break into our systems. I believe these days are gone, forever. If you want to gain more knowledge on these very complex topics, keep reading, and keep an open mind!
About the authors
Greg Hoglund has been a pioneer in the area of software security for ten years. He created and documented the first Windows NT-based rootkit.
Gary McGraw, Ph.D., is CTO of Citigal, and is a world authority on software application security. McGraw coauthored “Java Security” (Wiley, 1996) and “Building Secure Software” (Addison-Wesley, 2002).
An audio interview with the authors is available here.
Inside the book
Conceptually, Exploiting software is divided into eight chapters. The book starts with a brief history of software, a historical path of software development, the root causes of the problems present in software products, and some examples of how deeply our lives could be affected when an important piece of software starts to behave abnormally, eventually crashing a whole system.
Finally, the authors share some toughts on the future of software development, with an emphasize on software security.
Next you learn about attack patterns. The authors define the terminology that should be commonly accepted and used in order to avoid confusion and misleading. There are several very important topics explained in this chapter, including the process of target software selection, target analysis, the process of observing software behavior and vulnerability discovery.
What follows is a very interesting discussion on reverse engineering and program understanding. In order to find a way to break into a computer system, a potential attacker must posess the ability to unravel the complexities of target software. This is called reverse engineering or simply reversing. To break a nontrivial target program, an attacker must understand how the software functions, and manipulate the software in usual, as well as unusual ways. This chapter will get you familiar with some handy tools (such as disassemblers, scripting engines, input generators, debuggers), as well as reverse engineering concepts, approaches and some real life examples of reversing and writing custom cracking tools.
We move on to find information on exploiting server software and exploiting client software.
The server software arena is plugged with several problems including but not limited to the trusted input problem, privilege escalation problem, injection points problem, exploiting trust through (mis)configuration, as well as specific techniques and attacks that can be applied to server software.
The client-side programs can also be subject to attack targets, as we can witness every day with tons of new viruses, worms, etc. Here the authors present several methods of breaking client software such as in-band signals, cross-site scripting, client side scripts and malicious code, content-based attacks and backwash attacks.
Computer systems are complex and therefore difficult to measure. Generally speaking, software is driven by external input and internal state. Clearly, the user can deeply affect the state of a running program by carefully crafting input – event malicious input meant to exploit the program. This forms the basis for more detailed discussion of these topics in chapter 6.
What you learn next is all about buffer overflows. The infamous buffer overflow remains the principal method used to exploit software by remotly injecting malicious code into a target. The buffer overflow has evolved over the years, as have a number of other attack techniques and, as a result, powerful new buffer overflow attacks have been developed. This chapter will certainly serve as a foundation as you come to grips with the subtle nature of buffer overflows.
The final chapter is about exercising ultimate control over the machine. This may sound very strange, but if we consider that all hardware is ultimately under the control of some kind of software and the most important part is embedded in microchips and in the OS kernel, this is a real threat. This chapter covers some very interesting topics such as subversive programs aka rootkits, the simple Windows XP kernel rootkit, call hooking, Trojan executable redirection, hiding files and directories, patching binary code, the hardware virus, low-level disk access, adding network support to a driver, and much more.
Final thoughts
“Exploiting Software” is a very exciting book, full of nitty-gritty details you need to be familiar with in order to understand how attackers find software holes and build exploits. These details are really valuable if you want a deep understanding of the concepts and practices behind system security.
As regards the audience profile, this book is not for newbies, neither for wannabe hackers or script-kiddies. To really appreciate the subjects covered in this book you must already have a deep understanding of system hardware, OS software architecture, network protocols and be proficient in programming (especially with C/C++ and Java).