Info
- Utilizzare la checkbox di selezione a fianco di ciascun documento per attivare le funzionalità di stampa, invio email, download nei formati disponibili del (i) record.
Android security cookbook / / Keith Makan, Scott Alexander-Brown
| Android security cookbook / / Keith Makan, Scott Alexander-Brown |
| Autore | Makan Keith |
| Edizione | [1st edition] |
| Pubbl/distr/stampa | Birmingham : , : Packt Publishing, , 2013 |
| Descrizione fisica | 1 online resource (350 p.) |
| Disciplina | 005.258 |
| Altri autori (Persone) | Alexander-BrownScott |
| Soggetto topico |
Operating systems (Computers) - Security measures
Smartphones - Security measures |
| Soggetto genere / forma | Electronic books. |
| ISBN | 1-78216-717-X |
| Formato | Materiale a stampa  |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Cover; Copyright; Credits; About the Authors; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Android Development Tools; Introduction; Installing the Android Development Tools (ADT); Installing the Java Development Kit (JDK); Updating the API sources; Alternative installation of the ADT; Installing the Native Development Kit (NDK); Emulating Android; Creating Android Virtual Devices (AVDs); Using the Android Debug Bridge (ADB) to interact with the AVDs; Copying files off/onto an AVD; Installing applications onto the AVDs via ADB
Chapter 2: Engaging with Application SecurityIntroduction; Inspecting application certificates and signatures; Signing Android applications; Verifying application signatures; Inspecting the AndroidManifest.xml file; Interacting with the activity manager via ADB; Extracting application resources via ADB; Chapter 3: Android Security Assessment Tools; Introduction; Installing and setting up Santoku; Setting up drozer; Running a drozer session; Enumerating installed packages; Enumerating activities; Enumerating content providers; Enumerating services; Enumerating broadcast receivers Determining application attack surfacesLaunching activities; Writing a drozer module - a device enumeration module; Writing an application certificate enumerator; Chapter 4: Exploiting Applications; Introduction; Information disclosure via logcat; Inspecting network traffic; Passive intent sniffing via the activity manager; Attacking services; Attacking broadcast receivers; Enumerating vulnerable content providers; Extracting data from vulnerable content providers; Inserting data into content providers; Enumerating SQL-injection vulnerable content providers; Exploiting debuggable applications Man in the middle attacks on applicationsChapter 5: Protecting Applications; Introduction; Securing application components; Protecting components with custom permissions; Protecting content provider paths; Defending against SQL injection attack; Application signature verification (anti-tamper); Tamper protection by detecting the installer, emulator, and debug flag; Removing all log messages with ProGuard; Advanced code obfuscation with DexGuard; Chapter 6: Reverse Engineering Applications; Introduction; Compiling from Java to DEX; Decompiling DEX files; Interpreting the Dalvik bytecode Decompiling DEX to JavaDecompiling application native libraries; Debugging the Android processes using the GDB server; Chapter 7: Secure Networking; Introduction; Validating self-signed SSL certificates; Using StrongTrustManager from the OnionKit library; SSL pinning; Chapter 8: Native Exploitation and Analysis; Introduction; Inspecting file permissions; Cross-compiling native executables; Exploitation of race condition vulnerabilities; Stack memory corruption exploitation; Automated native Android fuzzing; Chapter 9: Encryption and Developing Device Administration Policies; Introduction Using cryptography libraries |
| Record Nr. | UNINA-9910453383103321 |
Makan Keith
|
||
| Birmingham : , : Packt Publishing, , 2013 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
Android security cookbook / / Keith Makan, Scott Alexander-Brown
| Android security cookbook / / Keith Makan, Scott Alexander-Brown |
| Autore | Makan Keith |
| Edizione | [1st edition] |
| Pubbl/distr/stampa | Birmingham : , : Packt Publishing, , 2013 |
| Descrizione fisica | 1 online resource (350 p.) |
| Disciplina | 005.258 |
| Altri autori (Persone) | Alexander-BrownScott |
| Soggetto topico |
Operating systems (Computers) - Security measures
Smartphones - Security measures |
| ISBN | 1-78216-717-X |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Cover; Copyright; Credits; About the Authors; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Android Development Tools; Introduction; Installing the Android Development Tools (ADT); Installing the Java Development Kit (JDK); Updating the API sources; Alternative installation of the ADT; Installing the Native Development Kit (NDK); Emulating Android; Creating Android Virtual Devices (AVDs); Using the Android Debug Bridge (ADB) to interact with the AVDs; Copying files off/onto an AVD; Installing applications onto the AVDs via ADB
Chapter 2: Engaging with Application SecurityIntroduction; Inspecting application certificates and signatures; Signing Android applications; Verifying application signatures; Inspecting the AndroidManifest.xml file; Interacting with the activity manager via ADB; Extracting application resources via ADB; Chapter 3: Android Security Assessment Tools; Introduction; Installing and setting up Santoku; Setting up drozer; Running a drozer session; Enumerating installed packages; Enumerating activities; Enumerating content providers; Enumerating services; Enumerating broadcast receivers Determining application attack surfacesLaunching activities; Writing a drozer module - a device enumeration module; Writing an application certificate enumerator; Chapter 4: Exploiting Applications; Introduction; Information disclosure via logcat; Inspecting network traffic; Passive intent sniffing via the activity manager; Attacking services; Attacking broadcast receivers; Enumerating vulnerable content providers; Extracting data from vulnerable content providers; Inserting data into content providers; Enumerating SQL-injection vulnerable content providers; Exploiting debuggable applications Man in the middle attacks on applicationsChapter 5: Protecting Applications; Introduction; Securing application components; Protecting components with custom permissions; Protecting content provider paths; Defending against SQL injection attack; Application signature verification (anti-tamper); Tamper protection by detecting the installer, emulator, and debug flag; Removing all log messages with ProGuard; Advanced code obfuscation with DexGuard; Chapter 6: Reverse Engineering Applications; Introduction; Compiling from Java to DEX; Decompiling DEX files; Interpreting the Dalvik bytecode Decompiling DEX to JavaDecompiling application native libraries; Debugging the Android processes using the GDB server; Chapter 7: Secure Networking; Introduction; Validating self-signed SSL certificates; Using StrongTrustManager from the OnionKit library; SSL pinning; Chapter 8: Native Exploitation and Analysis; Introduction; Inspecting file permissions; Cross-compiling native executables; Exploitation of race condition vulnerabilities; Stack memory corruption exploitation; Automated native Android fuzzing; Chapter 9: Encryption and Developing Device Administration Policies; Introduction Using cryptography libraries |
| Record Nr. | UNINA-9910790736703321 |
|
Makan Keith
|
||
| Birmingham : , : Packt Publishing, , 2013 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
Android security cookbook / / Keith Makan, Scott Alexander-Brown
| Android security cookbook / / Keith Makan, Scott Alexander-Brown |
| Autore | Makan Keith |
| Edizione | [1st edition] |
| Pubbl/distr/stampa | Birmingham : , : Packt Publishing, , 2013 |
| Descrizione fisica | 1 online resource (350 p.) |
| Disciplina | 005.258 |
| Altri autori (Persone) | Alexander-BrownScott |
| Soggetto topico |
Operating systems (Computers) - Security measures
Smartphones - Security measures |
| ISBN | 1-78216-717-X |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Cover; Copyright; Credits; About the Authors; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Android Development Tools; Introduction; Installing the Android Development Tools (ADT); Installing the Java Development Kit (JDK); Updating the API sources; Alternative installation of the ADT; Installing the Native Development Kit (NDK); Emulating Android; Creating Android Virtual Devices (AVDs); Using the Android Debug Bridge (ADB) to interact with the AVDs; Copying files off/onto an AVD; Installing applications onto the AVDs via ADB
Chapter 2: Engaging with Application SecurityIntroduction; Inspecting application certificates and signatures; Signing Android applications; Verifying application signatures; Inspecting the AndroidManifest.xml file; Interacting with the activity manager via ADB; Extracting application resources via ADB; Chapter 3: Android Security Assessment Tools; Introduction; Installing and setting up Santoku; Setting up drozer; Running a drozer session; Enumerating installed packages; Enumerating activities; Enumerating content providers; Enumerating services; Enumerating broadcast receivers Determining application attack surfacesLaunching activities; Writing a drozer module - a device enumeration module; Writing an application certificate enumerator; Chapter 4: Exploiting Applications; Introduction; Information disclosure via logcat; Inspecting network traffic; Passive intent sniffing via the activity manager; Attacking services; Attacking broadcast receivers; Enumerating vulnerable content providers; Extracting data from vulnerable content providers; Inserting data into content providers; Enumerating SQL-injection vulnerable content providers; Exploiting debuggable applications Man in the middle attacks on applicationsChapter 5: Protecting Applications; Introduction; Securing application components; Protecting components with custom permissions; Protecting content provider paths; Defending against SQL injection attack; Application signature verification (anti-tamper); Tamper protection by detecting the installer, emulator, and debug flag; Removing all log messages with ProGuard; Advanced code obfuscation with DexGuard; Chapter 6: Reverse Engineering Applications; Introduction; Compiling from Java to DEX; Decompiling DEX files; Interpreting the Dalvik bytecode Decompiling DEX to JavaDecompiling application native libraries; Debugging the Android processes using the GDB server; Chapter 7: Secure Networking; Introduction; Validating self-signed SSL certificates; Using StrongTrustManager from the OnionKit library; SSL pinning; Chapter 8: Native Exploitation and Analysis; Introduction; Inspecting file permissions; Cross-compiling native executables; Exploitation of race condition vulnerabilities; Stack memory corruption exploitation; Automated native Android fuzzing; Chapter 9: Encryption and Developing Device Administration Policies; Introduction Using cryptography libraries |
| Record Nr. | UNINA-9910813033403321 |
|
Makan Keith
|
||
| Birmingham : , : Packt Publishing, , 2013 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
Penetration testing with the Bash shell : make the most of the Bash shell and Kali Linux's command-line-based security assessment tools / / Keith Makan
| Penetration testing with the Bash shell : make the most of the Bash shell and Kali Linux's command-line-based security assessment tools / / Keith Makan |
| Autore | Makan Keith |
| Edizione | [1st edition] |
| Pubbl/distr/stampa | Birmingham, England : , : Packt Publishing Ltd, , 2014 |
| Descrizione fisica | 1 online resource (151 p.) |
| Disciplina | 005.8092 |
| Collana | Community Experience Distilled |
| Soggetto topico |
Penetration testing (Computer security) - Examinations
User interfaces (Computer systems) - Design |
| Soggetto genere / forma | Electronic books. |
| ISBN | 1-84969-511-3 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Cover; Copyright; Credits; Disclaimer; About the Author; About the Reviewers; www.PacktPub.com; Preface; Chapter 1: Getting to Know Bash; Getting help from the man pages; Navigating and searching the filesystem; Navigating directories; Listing directory contents; Searching the filesystem; Directory traversal options; File testing options; File action options; Using I/O redirection; Redirecting output; Redirecting input; Using pipes; Getting to know grep; Regular expression language - a crash course; Regular expression matcher selection options; Regular expression matching control options
Output control optionsFile selection options; Summary; Further reading; Chapter 2: Customizing Your Shell; Formatting the terminal output; The prompt string; Prompt string customizations; Aliases; Customizing the command history; Protecting sensitive information from leakage; Customizing tab completion; Summary; Further reading; Chapter 3: Network Reconnaissance; Interrogating the Whois servers; Interrogating the DNS servers; Using Dig; Using dnsmap; Enumerating targets on the local network; Host discovery with Arping; Target enumeration with Nmap; Summary; Further reading Chapter 4: Exploitation and Reverse EngineeringUsing the Metasploit command-line interface; Getting started with msfcli; Using invocation modes with msfcli; Bash hacks and msfcli; Preparing payloads with Metasploit; Creating and deploying a payload; Disassembling binaries; Disassembling with Objdump; A note about the reverse engineering assembler code; Debugging binaries for dynamic analysis; Getting started with GDB; Setting execution breakpoints and watch points; Inspecting registers, memory values, and runtime information; Summary; Further reading Chapter 5: Network Exploitation and MonitoringMAC and ARP abuse; Spoofing MAC addresses; Abusing address resolution; Man-in-the-middle attacks; Ettercap DNS spoofing; Interrogating servers; SNMP interrogation; SMTP server interrogation; Brute-forcing authentication; Using Medusa; Traffic filtering with TCPDump; Getting started with TCPDump; Using the TCPDump packet filter; Assessing SSL implementation security; Using SSLyze; Bash hacks and SSLyze; Automated web application security assessment; Scanning with SkipFish; Scanning with Arachni; Summary; Further reading; Index |
| Record Nr. | UNINA-9910464783803321 |
|
Makan Keith
|
||
| Birmingham, England : , : Packt Publishing Ltd, , 2014 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
Penetration testing with the Bash shell : make the most of the Bash shell and Kali Linux's command-line-based security assessment tools / / Keith Makan
| Penetration testing with the Bash shell : make the most of the Bash shell and Kali Linux's command-line-based security assessment tools / / Keith Makan |
| Autore | Makan Keith |
| Edizione | [1st edition] |
| Pubbl/distr/stampa | Birmingham, England : , : Packt Publishing Ltd, , 2014 |
| Descrizione fisica | 1 online resource (151 p.) |
| Disciplina | 005.8092 |
| Collana | Community Experience Distilled |
| Soggetto topico |
Penetration testing (Computer security) - Examinations
User interfaces (Computer systems) - Design |
| ISBN | 1-84969-511-3 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Cover; Copyright; Credits; Disclaimer; About the Author; About the Reviewers; www.PacktPub.com; Preface; Chapter 1: Getting to Know Bash; Getting help from the man pages; Navigating and searching the filesystem; Navigating directories; Listing directory contents; Searching the filesystem; Directory traversal options; File testing options; File action options; Using I/O redirection; Redirecting output; Redirecting input; Using pipes; Getting to know grep; Regular expression language - a crash course; Regular expression matcher selection options; Regular expression matching control options
Output control optionsFile selection options; Summary; Further reading; Chapter 2: Customizing Your Shell; Formatting the terminal output; The prompt string; Prompt string customizations; Aliases; Customizing the command history; Protecting sensitive information from leakage; Customizing tab completion; Summary; Further reading; Chapter 3: Network Reconnaissance; Interrogating the Whois servers; Interrogating the DNS servers; Using Dig; Using dnsmap; Enumerating targets on the local network; Host discovery with Arping; Target enumeration with Nmap; Summary; Further reading Chapter 4: Exploitation and Reverse EngineeringUsing the Metasploit command-line interface; Getting started with msfcli; Using invocation modes with msfcli; Bash hacks and msfcli; Preparing payloads with Metasploit; Creating and deploying a payload; Disassembling binaries; Disassembling with Objdump; A note about the reverse engineering assembler code; Debugging binaries for dynamic analysis; Getting started with GDB; Setting execution breakpoints and watch points; Inspecting registers, memory values, and runtime information; Summary; Further reading Chapter 5: Network Exploitation and MonitoringMAC and ARP abuse; Spoofing MAC addresses; Abusing address resolution; Man-in-the-middle attacks; Ettercap DNS spoofing; Interrogating servers; SNMP interrogation; SMTP server interrogation; Brute-forcing authentication; Using Medusa; Traffic filtering with TCPDump; Getting started with TCPDump; Using the TCPDump packet filter; Assessing SSL implementation security; Using SSLyze; Bash hacks and SSLyze; Automated web application security assessment; Scanning with SkipFish; Scanning with Arachni; Summary; Further reading; Index |
| Record Nr. | UNINA-9910786551403321 |
|
Makan Keith
|
||
| Birmingham, England : , : Packt Publishing Ltd, , 2014 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
Penetration testing with the Bash shell : make the most of the Bash shell and Kali Linux's command-line-based security assessment tools / / Keith Makan
| Penetration testing with the Bash shell : make the most of the Bash shell and Kali Linux's command-line-based security assessment tools / / Keith Makan |
| Autore | Makan Keith |
| Edizione | [1st edition] |
| Pubbl/distr/stampa | Birmingham, England : , : Packt Publishing Ltd, , 2014 |
| Descrizione fisica | 1 online resource (151 p.) |
| Disciplina | 005.8092 |
| Collana | Community Experience Distilled |
| Soggetto topico |
Penetration testing (Computer security) - Examinations
User interfaces (Computer systems) - Design |
| ISBN | 1-84969-511-3 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Cover; Copyright; Credits; Disclaimer; About the Author; About the Reviewers; www.PacktPub.com; Preface; Chapter 1: Getting to Know Bash; Getting help from the man pages; Navigating and searching the filesystem; Navigating directories; Listing directory contents; Searching the filesystem; Directory traversal options; File testing options; File action options; Using I/O redirection; Redirecting output; Redirecting input; Using pipes; Getting to know grep; Regular expression language - a crash course; Regular expression matcher selection options; Regular expression matching control options
Output control optionsFile selection options; Summary; Further reading; Chapter 2: Customizing Your Shell; Formatting the terminal output; The prompt string; Prompt string customizations; Aliases; Customizing the command history; Protecting sensitive information from leakage; Customizing tab completion; Summary; Further reading; Chapter 3: Network Reconnaissance; Interrogating the Whois servers; Interrogating the DNS servers; Using Dig; Using dnsmap; Enumerating targets on the local network; Host discovery with Arping; Target enumeration with Nmap; Summary; Further reading Chapter 4: Exploitation and Reverse EngineeringUsing the Metasploit command-line interface; Getting started with msfcli; Using invocation modes with msfcli; Bash hacks and msfcli; Preparing payloads with Metasploit; Creating and deploying a payload; Disassembling binaries; Disassembling with Objdump; A note about the reverse engineering assembler code; Debugging binaries for dynamic analysis; Getting started with GDB; Setting execution breakpoints and watch points; Inspecting registers, memory values, and runtime information; Summary; Further reading Chapter 5: Network Exploitation and MonitoringMAC and ARP abuse; Spoofing MAC addresses; Abusing address resolution; Man-in-the-middle attacks; Ettercap DNS spoofing; Interrogating servers; SNMP interrogation; SMTP server interrogation; Brute-forcing authentication; Using Medusa; Traffic filtering with TCPDump; Getting started with TCPDump; Using the TCPDump packet filter; Assessing SSL implementation security; Using SSLyze; Bash hacks and SSLyze; Automated web application security assessment; Scanning with SkipFish; Scanning with Arachni; Summary; Further reading; Index |
| Record Nr. | UNINA-9910816975903321 |
|
Makan Keith
|
||
| Birmingham, England : , : Packt Publishing Ltd, , 2014 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||