sign in sign up
<<
Home , Hacker

Gray Hat Hacking: The Ethical ’s Handbook

The rise of hacking exploits and their potential The benefits derived from the book are to cause havoc to enterprises, nations, industries numerous and readers will be able to: and individuals has led to a need for more • Build and launch spoofing exploits with information on hacking. Gray Hat Hacking: The Ettercap and Evilgrade Ethical Hacker’s Handbook is written by a team • Hack Cisco routers, switches and By Allen Harper, Shon of experts with advanced knowledge in gray hat network hardware Harris, Jonathan Ness, Chris Eagle, Gideon Lenkey, hacking and penetration testing, and the book • Bypass Windows Access Control and Terron Williams includes proven strategies and techniques meant memory-protection schemes to fortify user networks and help prevent current • Use advanced reverse-engineering to exploit Reviewed by Ibe Etea, CISA, and emerging digital catastrophes. Windows and Linux software and learn the use- CRISC, CA, CFE, CIA, CRMA, The book offers a variety of hacking tools after-free technique in recent zero-day exploits a corporate governance, and weapons, case studies, mitigating remedies • Neutralize before it takes control internal controls, fraud and against attacks, and ready-to-deploy models. It of their desktop enterprise risk assurance gives an overview of modern hacking tools and • Find one-day vulnerabilities with binary diffing professional. Etea also serves techniques such as Android-based exploits and and other similar techniques as a member on the advisory reverse-engineering techniques. It also outlines The book itself is broken into three parts council of the Association of the ethical considerations of hacking, including and has 23 chapters. The first part prepares Certified Fraud Examiners existing cyberlaws. The book was compiled by a the readers with essential tools and techniques, (ACFE). team of experts with years of experience in the such as programming and reverse engineering. field, demonstrated by the depth and accuracy It describes the distinctions between black, of this book. Gray Hat Hacking highlights gray and white hat and their respective important points in its note bookmarks and characteristics. The second part delves deep into lists useful links and references in each chapter. advanced penetration techniques and exploits, Additionally, practical codes and command with hands-on testing labs, covered beyond what structures bring theory to real-life scenarios, is available in print and other materials on the which are included in the book as engaging subject. The final part covers Android , illustrations, graphics and tables. ransomware, 64-bit malware and next-generation Do you have The book succeeds in giving a holistic guide to reverse engineering. something the subject of gray hat hacking by addressing the The book delivers a comprehensive and to say about different facets of the subject, from definitions up-to-date compilation of the gray hat hacker’s this article? to legal developments in the area. It also tools and materials, with downloadable hands-on Visit the Journal provides up-to-date granular threat profiles, labs that can be replicated by readers. Since the pages of the ISACA processes, techniques, commands and tools that last edition, 12 new chapters have been added web site (www.isaca. are utilized in modern-day hacking. All of this and many of the gaps from the previous edition org/journal), find the is achieved while keeping to the key theme of have been addressed. article and choose the Comments tab to the gray hat—responsible and truly ethical in share your thoughts. its intentions and the materials prescribed. A EDITOR’S NOTE key aspect of the book’s coverage is a focus on Gray Hat Hacking: The Ethical Hacker’s Go directly to the article: programming, which is needed in order to be able Handbook is available from the ISACA® to create exploits or review source code. Fuzzing Bookstore. For information, see the ISACA techniques and shellcode creation are also Bookstore Supplement in this issue of the reviewed, as are advanced penetration methods Journal, visit www.isaca.org/bookstore, and exploits. contact support at https://support.isaca.org/ or telephone +1.847.660.5650.

18 ISACA JOURNAL VOLUME 3, 2015