|
The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System
This may have been posted before...
The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System Overview While forensic analysis has proven to be a valuable investigative tool in the field of computer security, utilizing anti-forensic technology makes it possible to maintain a covert operational foothold for extended periods, even in a high-security environment. Adopting an approach that favors full disclosure, the updated Second Edition of The Rootkit Arsenal presents the most accessible, timely, and complete coverage of forensic countermeasures. This book covers more topics, in greater depth, than any other currently available. In doing so the author forges through the murky back alleys of the Internet, shedding light on material that has traditionally been poorly documented, partially documented, or intentionally undocumented. The range of topics presented includes how to: • Evade post-mortem analysis • Frustrate attempts to reverse engineer your command & control modules • Defeat live incident response • Undermine the process of memory analysis • Modify subsystem internals to feed misinformation to the outside • Entrench your code in fortified regions of execution • Design and implement covert channels • Unearth new avenues of attack http://www.mediafire.com/?hd5nrw5hykt |
Grey Hat Python
Python is fast becoming the programming language of choice for hackers, reverse engineers, and software testers because it's easy to write quickly, and it has the low-level support and libraries that make hackers happy. But until now, there has been no real manual on how to use Python for a variety of hacking tasks. You had to dig through forum posts and man pages, endlessly tweaking your own code to get everything working. Not anymore. Gray Hat Python explains the concepts behind hacking tools and techniques like debuggers, trojans, fuzzers, and emulators. But author Justin Seitz goes beyond theory, showing you how to harness existing Python-based security tools - and how to build your own when the pre-built ones won't cut it. You'll learn how to: Automate tedious reversing and security tasks Design and program your own debugger Learn how to fuzz Windows drivers and create powerful fuzzers from scratch Have fun with code and library injection, soft and hard hooking techniques, and other software trickery Sniff secure traffic out of an encrypted web browser session Use PyDBG, Immunity Debugger, Sulley, IDAPython, PyEMU, and more http://www.mediafire.com/view/?grjsbq1dddebpsq |
Inside Windows Debugging
A Practical Guide to Debugging and Tracing Strategies in Windows Use Windows debuggers throughout the development cycle��and build better software Rethink your use of Windows debugging and tracing tools��and learn how to make them a key part of test-driven software development. Led by a member of the Windows Fundamentals Team at Microsoft, you��ll apply expert debugging and tracing techniques��and sharpen your C++ and C# code analysis skills��through practical examples and common scenarios. Learn why experienced developers use debuggers in every step of the development process, and not just when bugs appear. Discover how to: Go behind the scenes to examine how powerful Windows debuggers work Catch bugs early in the development cycle with static and runtime analysis tools Gain practical strategies to tackle the most common code defects Apply expert tricks to handle user-mode and kernel-mode debugging tasks Implement postmortem techniques such as JIT and dump debugging Debug the concurrency and security aspects of your software Use debuggers to analyze interactions between your code and the operating system Analyze software behavior with Xperf and the Event Tracing for Windows (ETW) framework A Bit of Background Chapter 1 Software Development in Windows Windows Evolution Windows Architecture Windows Developer Interface Microsoft Developer Tools Summary Debugging for Fun and Profit Chapter 2 Getting Started Introducing the Debugging Tools User-Mode Debugging Kernel-Mode Debugging Summary Chapter 3 How Windows Debuggers Work User-Mode Debugging Kernel-Mode Debugging Managed-Code Debugging Script Debugging Remote Debugging Summary Chapter 4 Postmortem Debugging Just-in-Time Debugging Dump Debugging Summary Chapter 5 Beyond the Basics Noninvasive Debugging Data Breakpoints Scripting the Debugger WOW64 Debugging Windows Debugging Hooks (GFLAGS) Summary Chapter 6 Code Analysis Tools Static Code Analysis Runtime Code Analysis Summary Chapter 7 Expert Debugging Tricks Essential Tricks More Useful Tricks Kernel-Mode Debugging Tricks Summary Chapter 8 Common Debugging Scenarios, Part 1 Debugging Access Violations Debugging Heap Corruptions Debugging Stack Corruptions Debugging Stack Overflows Debugging Handle Leaks Debugging User-Mode Memory Leaks Debugging Kernel-Mode Memory Leaks Summary Chapter 9 Common Debugging Scenarios, Part 2 Debugging Race Conditions Debugging Deadlocks Debugging Access-Check Problems Summary Chapter 10 Debugging System Internals The Windows Console Subsystem Anatomy of System Calls Summary Observing and Analyzing Software Behavior Chapter 11 Introducing Xperf Acquiring Xperf Your First Xperf Investigation Xperf��s Strengths and Limitations Summary Chapter 12 Inside ETW ETW Architecture Existing ETW Instrumentation in Windows Understanding ETW Stack-Walk Events Adding ETW Logging to Your Code Boot Tracing in ETW Summary Chapter 13 Common Tracing Scenarios Analyzing Blocked Time Analyzing Memory Usage Tracing as a Debugging Aid Summary Appendix WinDbg User-Mode Debugging Quick Start Starting a User-Mode Debugging Session Fixing the Symbols Path Fixing the Sources Path Displaying the Command Line of the Target Process Control Flow Commands Listing Loaded Modules and Their Version Resolving Function Addresses Setting Code (Software) Breakpoints Setting Data (Hardware) Breakpoints Switching Between Threads Displaying Call Stacks Displaying Function Parameters Displaying Local Variables Displaying Data Members of Native Types Navigating Between Call Frames Listing Function Disassembly Displaying and Modifying Memory and Register Values Ending a User-Mode Debugging Session Appendix WinDbg Kernel-Mode Debugging Quick Start Starting a Kernel-Mode Debugging Session Switching Between CPU Contexts Displaying Process Information Displaying Thread Information Switching Process and Thread Contexts Listing Loaded Modules and Their Version Setting Code (Software) Breakpoints Inside Kernel-Mode Code Setting Code (Software) Breakpoints Inside User-Mode Code Setting Data (Hardware) Breakpoints Ending a Kernel-Mode Debugging Session http://www.mediafire.com/?4gakhmolq66pe34 |
Mark E. Russinovich, David A. Solomon and Alex Ionescu, "Windows Internals, Part 2"
English | ISBN: 0735665877 | 2012 | 674 pages | PDF, EPUB | 14 + 21 MB Delve inside Windows architecture and internals—and see how core components work behind the scenes. Led by three renowned internals experts, this classic guide is fully updated for Windows 7 and Windows Server 2008 R2—and now presents its coverage in two volumes. As always, you get critical insider perspectives on how Windows operates. And through hands-on experiments, you��ll experience its internal behavior firsthand—knowledge you can apply to improve application design, debugging, system performance, and support. In Part 2, you��ll examine: Core subsystems for I/O, storage, memory management, cache manager, and file systems Startup and shutdown processes Crash-dump analysis, including troubleshooting tools and techniques https://rapidshare.com/files/596428805/0735665877_Internals.pdf https://rapidshare.com/files/2666560101/0735665877_Internals.epub |
finally! been waiting for that...
here`s part 1 again (pdf): http://www31.zippyshare.com/v/52397894/file.html |
Quote:
The book is writen by my fellow countrymen. |
Synopsis:
The only guide for software developers who must learn and implement cryptography safely and cost effectively. The book begins with a chapter that introduces the subject of cryptography to the reader. The second chapter discusses how to implement large integer arithmetic as required by RSA and ECC public key algorithms The subsequent chapters discuss the implementation of symmetric ciphers, one-way hashes, message authentication codes, combined authentication and encryption modes, public key cryptography and finally portable coding practices. Each chapter includes in-depth discussion on memory/size/speed performance trade-offs as well as what cryptographic problems are solved with the specific topics at hand. * The author is the developer of the industry standard cryptographic suite of tools called LibTom * A regular expert speaker at industry conferences and events on this development * The book has a companion Web site with over 300-pages of text on implementing multiple precision arithmetic http://www.mediafire.com/view/?42cr5299lbnorrl |
Rich Feature Set of Wireshark Explored in Hakin9 OnDemand 07/2012
Download here: Quote:
|
A Guide to Kernel Exploitation: Attacking the Core
Quote:
Quote:
|
Metasploit Penetration Testing Cookbook
Quote:
|
Guide to Assembly Language - A Concise Introduction
Quote:
|
The IDA Pro Book - 2nd Edition - Chris Eagle (MOBI+EPUB for kindle and other readers) No PDF!
You will need to convert them to a PDF. Quote:
|
Visual Studio 2012 Cookbook
Book Description
There��s a new technology wave coming, and for Microsoft this is reflected in Windows 8, HTML5 web development, .NET 4.5 and C++11. Riding that wave is a new version of their flagship development tool, Visual Studio 2012, and ��Visual Studio 2012 Cookbook�� has you putting the new features into practice from the get-go! Among the exciting new features of Visual Studio 2012 is support for Windows 8, HTML5 and asynchronous development, as well as Team Foundation Server 2012 integration. ��Visual Studio 2012 Cookbook�� doesn��t waste time explaining what you already know from prior Visual Studio versions; instead you��ll see targeted and focused recipes on only new features so that you can get up to speed and back to work faster. ��Visual Studio 2012 Cookbook�� empowers you to take advantage of all the new features in Visual Studio 2012 so that you can develop applications for the next technology wave. The task-based recipes in this guide will have you up and running with improvements like support for Windows 8 development, HTML5 and JavaScript, .NET 4.5, asynchronous code and C++11. And since most people don��t develop alone, you��ll also see how the new team development features of Visual Studio 2012 and Team Foundation Server 2012 can help your whole team work smarter, not harder. Time is short and you��re in a hurry, so ��Visual Studio 2012 Cookbook�� will help you discover what��s new by way of a simple recipe format that is quick and easy to digest. What will you learn from this book
Approach ��Visual Studio 2012 Cookbook�� is a concise and practical cookbook with recipes which get you up and running straight away with all the new functionality of Visual Studio 2012. Who this book is written for If you are a developer excited about the new features introduced in Visual Studio 2012, then no matter what your programming language of choice is, ��Visual Studio 2012 Cookbook�� is for you. You should have a good knowledge of working with previous versions of Visual Studio to enjoy the recipes in this book. Book Details
Download http://prefiles.com/4fxlcbcc27yj/Packtpub.Visual.Studio.2012.Cookbook.Sep.2012.rar |
Threads primer: a guide to multithreaded programming
Providing an overview of the Solaris and POSIX multithreading architectures, this book explains threads at a level that is completely accessible to programmers and system architects with no previous knowledge of threads. Covers the business and technical benefits of threaded programs, along with discussions of third party software that is threaded, pointing out the benefits. For programmers, system architects, and technical programmer managers.More »
Quote:
|
Introducing Microsoft SQL Server 2012
Book Description
Publication Date: April 7, 2012 :eek: Introducing Microsoft® SQL Server® 2012 explores the exciting enhancements and new capabilities engineered into SQL Server, ranging from improvements in operation to those in reporting and management. This book is for anyone who has an interest in SQL Server 2012 and wants to understand its capabilities, including database administrators, application developers, and technical decision makers. hxxps://rapidshare.com/files/1864398163/Introducing%20Microsoft%20SQL%20Server%202012.rar |
Quote:
|
The Art of Unpacking
======================= by Mark Vincent Yason Abstract: Unpacking is an art—it is a mental challenge and is one of the most exciting mind games in the reverse engineering field. In some cases, the reverser needs to know the internals of the operating system in order to identify or solve very difficult anti-reversing tricks employed by packers/protectors, patience and cleverness are also major factors in a successful unpack. This challenge involves researchers creating the packers and on the other side, the researchers that are determined to bypass these protections. The main purpose of this paper is to present anti-reversing techniques employed by executable packers/protectors and also discusses techniques and publicly available tools that can be used to bypass or disable this protections. This information will allow researchers, especially, malcode analysts to identify these techniques when utilized by packed malicious code, and then be able decide the next move when these anti-reversing techniques impede successful analysis. As a secondary purpose, the information presented can also be used by researchers that are planning to add some level of protection in their software by slowing down reversers from analyzing their protected code, but of course, nothing will stop a skilled, informed, and determined reverser. Table of Contents........................................................................................................................... 2 1. INTRODUCTION..................................................................................................................... 3 2. TECHNIQUES: DEBUGGER DETECTION..................................................................................... 4 2.1. PEB.BeingDebugged Flag: IsDebuggerPresent() ................................................................ 4 2.2. PEB.NtGlobalFlag, Heap Flags ......................................................................................... 5 2.3. DebugPort: CheckRemoteDebuggerPresent() / NtQueryInformationProcess()........................ 6 2.4. Debugger Interrupts ...................................................................................................... 7 2.5. Timing Checks ..............................................................................................................8 2.6. SeDebugPrivilege .......................................................................................................... 9 2.7. Parent Process ............................................................................................................ 10 2.8. DebugObject: NtQueryObject() ..................................................................................... 11 2.9. Debugger Window ....................................................................................................... 12 2.10. Debugger Process ................................................................................................... 12 2.11. Device Drivers ........................................................................................................ 12 2.12. OllyDbg: Guard Pages.............................................................................................. 13 3. TECHNIQUES: BREAKPOINT AND PATCHING DETECTION.......................................................... 14 3.1. Software Breakpoint Detection...................................................................................... 14 3.2. Hardware Breakpoint Detection..................................................................................... 15 3.3. Patching Detection via Code Checksum Calculation.......................................................... 16 4. TECHNIQUES: ANTI-ANALYSIS.............................................................................................. 17 4.1. Encryption and Compression......................................................................................... 17 4.2. Garbage Code and Code Permutation............................................................................. 18 4.3. Anti-Disassembly ........................................................................................................ 20 5. TECHNIQUES : DEBUGGER ATTACKS ..................................................................................... 22 5.1. Misdirection and Stopping Execution via Exceptions ......................................................... 22 5.2. Blocking Input ............................................................................................................ 23 5.3. ThreadHideFromDebugger ............................................................................................ 24 5.4. Disabling Breakpoints .................................................................................................. 25 5.5. Unhandled Exception Filter ........................................................................................... 26 5.6. OllyDbg: OutputDebugString() Format String Bug ........................................................... 26 6. TECHNIQUES : ADVANCED AND OTHER TECHNIQUES .............................................................. 27 6.1. Process Injection......................................................................................................... 27 6.2. Debugger Blocker........................................................................................................ 28 6.3. TLS Callbacks ............................................................................................................. 29 6.4. Stolen Bytes ...............................................................................................................30 6.5. API Redirection ........................................................................................................... 31 6.6. Multi-Threaded Packers................................................................................................ 32 6.7. Virtual Machines.......................................................................................................... 32 7. TOOLS ............................................................................................................................... 34 7.1. OllyDbg...................................................................................................................... 34 7.2. Ollyscript.................................................................................................................... 34 7.3. Olly Advanced............................................................................................................. 34 7.4. OllyDump...................................................................................................................34 7.5. ImpRec ...................................................................................................................... 34 8. REFERENCES....................................................................................................................... 35 |
I found an interesting book called Algorithmic Cryptanalysis. I spent around 30 minutes trying to find a working download link for this. At first glance, this book seems to give a lot of insight to cryptography reversing.
Information: Hardcover: 519 pages Publisher: Chapman and Hall/CRC (June 15, 2009) Language: English ISBN-10: 1420070029 ISBN-13: 978-1420070026 Download: Code:
http://rghost.net/42373232Code:
http://www.spaadyshare.net/71vg8xg8ai80/Joux,%20Algorithmic%20Cryptanalysis,%20CRC,%202009.pdf |
Quote:
|
Quote:
PHP Code:
|
Quote:
http://www.blackhat.com/presentations/bh-usa-07/Yason/Whitepaper/bh-usa-07-yason-WP.pdf |
Inside Windows Debugging: A Practical Guide to Debugging and Tracing Strategies in Windows
English | 2012 | 592 Pages | ISBN: 0735662789 | PDF | 38 MB Code:
http://extabit.com/file/28dc44vnkpssp |
Professional C Plus Plus 2nd Edition 2011 Wrox pubblisher
| 86.03 MB Code:
http://www2.zippyshare.com/v/82942829/file.html |
For those interested in a comprehensive book IDA with some examples
Quote:
|
Quote:
for it in EPUB/MOBI format look for the post bytypedef above; or, for it in PDF format, google for "theidaprobook" and take the first link! Best regards, bilbo |
Quote:
PHP Code:
|
2 Attachment(s)
The Art of Assembly Language
|
Hackers: Heroes of the Computer Revolution (25th Anniversary Edition)
Publisher: O'Reilly Media 2010 | 528 Pages | ISBN: 1449388396 | PDF | 12 MB Code:
http://extabit.com/file/29g1vn63wy58e/ |
Quote:
|
xtiaoshi
here another link for the ebook Hackers: Heroes of the Computer Revolution (25th Anniversary Edition) Publisher: O'Reilly Media 2010 | 528 Pages | ISBN: 1449388396 | PDF | 12 MB Code:
http://rghost.net/42793834 |
nikkapedd
Thanks you. |
Windows PowerShell Pocket Reference, Second Edition
Oreilly 2013 | ISBN-10: 1449320961 | PDF, EPUB | 208 pages | 5 MB Code:
http://rapidgator.net/file/68584442/1449320961_WinPow.rar.html |
Does anyone have this book Malware Forensics Field Guide for Windows Systems: Digital Forensics Field Guides
http://www.amazon.com/Malware-Forensics-Field-Windows-Systems/dp/1597494720/ref=pd_ybh_1 |
Quote:
http://rghost.net/42838874 |
Does anyone have this book?
The Old New Thing: Practical Development Throughout the Evolution of Windows - Raymond Chen (Author) http://www.amazon.com/gp/product/0321440307/ref=ox_sc_act_title_1?ie=UTF8&psc=1&smid=ATVPDKIKX0DER |
Professional Parallel Programming with C Master Parallel Extensions with NET4 2010
| Wrox pubblisher | (23.37 MB) Code:
http://www3.zippyshare.com/v/34479448/file.html |
Quote:
|
Free ebook from Microsoft Press
Programming Windows 8 Apps with HTML, CSS, and JavaScript Microsoft Press Oct2012 | Free | PDF | Epub | Mobi Code:
all downloads at this link |
deepzero: thx for your replay..
does anyone have this book .. i dont seem to find the proper link:( http://www.amazon.com/Know-Your-Enemy-Learning-Security/dp/0321166469/ref=sr_1_7?ie=UTF8&qid=1358408190&sr=8-7&keywords=know+your+enemy |
@NeOXOeN you are right that book you want cannot be found to download for free only to pay
|
| All times are GMT +8. The time now is 03:45. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX