The Mac Hacker'S Handbook 9780470395363 在线 免费 umd 下载 txt pdf mobi pmlz

免费下载书籍地址：PDF下载地址

精美图片

The Mac Hacker'S Handbook 9780470395363书籍详细信息

• ISBN：9780470395363
• 作者：暂无作者
• 出版社：暂无出版社
• 出版时间：2009-03
• 页数：384
• 价格：259.20
• 纸张：胶版纸
• 装帧：平装
• 开本：16开
• 语言：未知
• 丛书：暂无丛书
• TAG：暂无
• 豆瓣评分：暂无豆瓣评分

内容简介：

　　As more and more vulnerabilities are found in the Mac OS X

(Leopard) operating system, security researchers are realizing the

importance of developing proof-of-concept exploits for those

vulnerabilities. This unique tome is the first book to uncover the

flaws in the Mac OS X operating system—and how to deal with them.

Written by two white hat hackers, this book is aimed at making

vital information known so that you can find ways to secure your

Mac OS X systems, and examines the sorts of attacks that are

prevented by Leopard’s security defenses, what attacks aren’t, and

how to best handle those weaknesses.

书籍目录：

Foreword.

Introduction.

Part I Mac OS X Basics.

Chapter 1 Mac OS X Architecture.

Basics.

XNU.

Mach.

BSD.

I/O Kit.

Darwin and Friends.

Tools of the Trade.

Ktrace/DTrace.

Objective-C.

Universal Binaries and the Mach-O File Format.

Universal Binaries.

Mach-O File Format.

Example.

Bundles.

launchd.

Leopard Security.

Library Randomization.

Executable Heap.

Stack Protection (propolice).

Firewall.

Sandboxing (Seatbelt).

References.

Chapter 2 Mac OS X Parlance.

Bonjour!.

Get an IP Address.

Set Up Name Translation.

Service Discovery.

Bonjour.

mDNSResponder.

Source Code.

QuickTime.

.mov.

RTSP.

Conclusion.

References.

Chapter 3 Attack Surface.

Searching the Server Side.

Nonstandard Listening Processes.

Cutting into the Client Side.

Safari.

All of Safari’s Children.

Safe File Types.

Having Your Cake.

Conclusion .

References.

Part II Discovering Vulnerabilities.

Chapter 4 Tracing and Debugging.

Pathetic ptrace.

Good Ol’ GDB.

DTrace.

D Programming Language.

Describing Probes.

Example: Using Dtrace.

Example: Using ltrace.

Example: Instruction Tracer/Code-Coverage Monitor.

Example: Memory Tracer.

PyDbg.

PyDbg Basics.

Memory Searching.

In-Memory Fuzzing.

Binary Code Coverage with Pai Mei.

iTunes Hates You.

Conclusion.

References.

Chapter 5 Finding Bugs.

Bug-Hunting Strategies.

Old-School Source-Code Analysis.

Getting to the Source.

Code Coverage.

CanSecWest 2008 Bug.

vi + Changelog = Leopard 0-day.

Apple’s Prerelease-Vulnerability Collection.

Fuzz Fun.

Network Fuzzing.

File Fuzzing.

Conclusion.

References.

Chapter 6 Reverse Engineering.

Disassembly Oddities.

EIP-Relative Data Addressing.

Messed-Up Jump Tables.

Identifying Missed Functions.

Reversing Obj-C.

Cleaning Up Obj-C.

Shedding Light on objc_msgSend Calls.

Case Study.

Patching Binaries.

Conclusion.

References.

Part III Exploitation.

Chapter 7 Exploiting Stack Overflows.

Stack Basics.

Stack Usage on PowerPC.

Stack Usage on x86.

Smashing the Stack on PowerPC.

Smashing the Stack on x86.

Exploiting the x86 Nonexecutable Stack.

Return into system().

Executing the Payload from the Heap.

Finding Useful Instruction Sequences.

PowerPC.

x86.

Conclusion.

References.

Chapter 8 Exploiting Heap Overflows.

The Heap.

The Scalable Zone Allocator.

Regions.

Freeing and Allocating Memory.

Overwriting Heap Metadata.

Arbitrary 4-Byte Overwrite.

Large Arbitrary Memory Overwrite.

Obtaining Code Execution.

Taming the Heap with Feng Shui.

Fill ’Er Up.

Feng Shui.

WebKit’s JavaScript.

Case Study.

Feng Shui Example.

Heap Spray.

References.

Chapter 9 Exploit Payloads.

Mac OS X Exploit Payload Development.

Restoring Privileges.

Forking a New Process.

Executing a Shell.

Encoders and Decoders.

Staged Payload Execution.

Payload Components.

PowerPC Exploit Payload.

execve_binsh.

system.

decode_longxor.

tcp_listen 231.

tcp_connect.

tcp_find.

dup2_std_fds.

vfork.

Testing Simple Components.

Putting Together Simple Payloads.

Intel x86 Exploit Payloads.

remote_execution_loop.

inject_bundle.

Testing Complex Components.

Conclusion.

References.

Chapter 10 Real-World Exploits.

QuickTime RTSP Content-Type Header Overflow.

Triggering the Vulnerability.

Exploitation on PowerPC.

Exploitation on x86.

mDNSResponder UPnP Location Header Overflow.

Triggering the Vulnerability.

Exploiting the Vulnerability.

Exploiting on PowerPC.

QuickTime QTJava toQTPointer() Memory Access.

Exploiting toQTPointer().

Obtaining Code Execution.

Conclusion.

References.

Part IV Post-Exploitation.

Chapter 11 Injecting, Hooking, and Swizzling.

Introduction to Mach.

Mach Abstractions.

Mach Security Model Mach Exceptions.

Mach Injection.

Remote Threads.

Remote Process Memory.

Loading a Dynamic Library or Bundle.

Inject-Bundle Usage.

Example: iSight Photo Capture.

Function Hooking.

Example: SSLSpy.

Objective-C Method Swizzling.

Example: iChat Spy.

Conclusion.

References.

Chapter 12 Rootkits.

Kernel Extensions.

Hello Kernel.

System Calls.

Hiding Files.

Hiding the Rootkit.

Maintaining Access across Reboots.

Controlling the Rootkit.

Creating the RPC Server.

Injecting Kernel RPC Servers.

Calling the Kernel RPC Server.

Remote Access.

Hardware-Virtualization Rootkits.

Hyperjacking.

Rootkit Hypervisor.

Conclusion.

References.

Index.

作者介绍：

　　CharlIe Millerwon the second CanSecWest Pwn2Own contest in

2008 and was named one of the Top 10 Computer Hackers of 2008 by

Popular Mechanics.

　　Dino Dai Zovi won the first CanSecWest Pwn2Own contest in 2007

and was named one of the 15 Most Influential People in Security by

eWEEK.

出版社信息：

暂无出版社相关信息，正在全力查找中！

书籍摘录：

暂无相关书籍摘录，正在全力查找中！

在线阅读/听书/购买/PDF下载地址：

在线阅读地址：The Mac Hacker'S Handbook 9780470395363在线阅读

在线听书地址：The Mac Hacker'S Handbook 9780470395363在线收听

在线购买地址：The Mac Hacker'S Handbook 9780470395363在线购买

原文赏析：

暂无原文赏析，正在全力查找中！

其它内容：

书籍介绍

As more and more vulnerabilities are found in the Mac OS X (Leopard) operating system, security researchers are realizing the importance of developing proof-of-concept exploits for those vulnerabilities. This unique tome is the first book to uncover the flaws in the Mac OS X operating system—and how to deal with them. Written by two white hat hackers, this book is aimed at making vital information known so that you can find ways to secure your Mac OS X systems, and examines the sorts of attacks that are prevented by Leopard’s security defenses, what attacks aren’t, and how to best handle those weaknesses.

书籍真实打分

故事情节：8分

人物塑造：3分

主题深度：4分

文字风格：6分

语言运用：3分

文笔流畅：8分

思想传递：5分

知识深度：3分

知识广度：7分

实用性：6分

章节划分：6分

结构布局：9分

新颖与独特：8分

情感共鸣：7分

引人入胜：8分

现实相关：3分

沉浸感：5分

事实准确性：7分

文化贡献：6分

网站评分

书籍多样性：6分

书籍信息完全性：8分

网站更新速度：6分

使用便利性：4分

书籍清晰度：9分

书籍格式兼容性：9分

是否包含广告：8分

加载速度：3分

安全性：9分

稳定性：6分

搜索功能：5分

下载便捷性：6分

下载点评

• 图书多(487+)
• 赞(119+)
• epub(515+)
• pdf(401+)
• 下载快(65+)
• 格式多(348+)
• 差评少(364+)
• 差评(404+)
• txt(124+)
• 品质不错(226+)
• 三星好评(629+)
• mobi(562+)
• 速度慢(450+)

下载评价

网友 寇***音：好，真的挺使用的！

网友 步***青：。。。。。好

网友 车***波：很好，下载出来的内容没有乱码。

网友 潘***丽：这里能在线转化，直接选择一款就可以了，用他这个转很方便的

网友 孙***夏：中评，比上不足比下有余

网友 冷***洁：不错，用着很方便

网友 石***烟：还可以吧，毕竟也是要成本的，付费应该的，更何况下载速度还挺快的

网友 谢***灵：推荐，啥格式都有

网友 曾***玉：直接选择epub/azw3/mobi就可以了，然后导入微信读书，体验百分百！！！

网友 敖***菡：是个好网站，很便捷

网友 冉***兮：如果满分一百分，我愿意给你99分，剩下一分怕你骄傲