通常配送無料 詳細
残り1点(入荷予定あり) 在庫状況について
この商品は、Amazon.co.jp が販売、発送します。 ギフトラッピングを利用できます。
Gray Hat Hacking The Ethi... がカートに入りました
コンディション: 中古品: 非常に良い
コメント: 美品。中古品のため商品によっては多少の汚れやキズがある場合がございます。プロダクトコード、DLコード、帯、応募ハガキ等は付属しません。管理ラベルは簡単に取れます。
この商品をお持ちですか? マーケットプレイスに出品する
裏表紙を表示 表紙を表示
サンプルを聴く 再生中... 一時停止   Audible オーディオエディションのサンプルをお聴きいただいています。
この画像を表示

Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition (英語) ペーパーバック – 2011/1/6

5つ星のうち 5.0 1 件のカスタマーレビュー

その他(2)の形式およびエディションを表示する 他のフォーマットおよびエディションを非表示にする
Amazon 価格
新品 中古品
Kindle版
"もう一度試してください。"
ペーパーバック
"もう一度試してください。"
¥ 5,739
¥ 5,678 ¥ 4,380

この商品には新版があります:


AmazonStudent

Amazon Student会員なら、この商品は+10%Amazonポイント還元(Amazonマーケットプレイスでのご注文は対象外)。無料体験でもれなくポイント1,000円分プレゼントキャンペーン実施中。


click to open popover

キャンペーンおよび追加情報

Kindle 端末は必要ありません。無料 Kindle アプリのいずれかをダウンロードすると、スマートフォン、タブレットPCで Kindle 本をお読みいただけます。

  • Apple
  • Android
  • Android

無料アプリを入手するには、Eメールアドレスを入力してください。



商品の説明

内容紹介

THE LATEST STRATEGIES FOR UNCOVERING TODAY'S MOST DEVASTATING ATTACKS

Thwart malicious network intrusion by using cutting-edge techniques for finding and fixing security flaws. Fully updated and expanded with nine new chapters, Gray Hat Hacking: The Ethical Hacker's Handbook, Third Edition details the most recent vulnerabilities and remedies along with legal disclosure methods. Learn from the experts how hackers target systems, defeat production schemes, write malicious code, and exploit flaws in Windows and Linux systems. Malware analysis, penetration testing, SCADA, VoIP, and Web security are also covered in this comprehensive resource.

  • Develop and launch exploits using BackTrack and Metasploit
  • Employ physical, social engineering, and insider attack techniques
  • Build Perl, Python, and Ruby scripts that initiate stack buffer overflows
  • Understand and prevent malicious content in Adobe, Office, and multimedia files
  • Detect and block client-side, Web server, VoIP, and SCADA attacks
  • Reverse engineer, fuzz, and decompile Windows and Linux software
  • Develop SQL injection, cross-site scripting, and forgery exploits
  • Trap malware and rootkits using honeypots and SandBoxes

著者について

Allen Harper, CISSP, a retired Marine Corps Major, is the president and founder of N2NetSecurity, Inc., and a faculty member for the Institute for Applied Network Security, He has worked as a security consultant for the Internal Revenue Service and for Logical Security, LLC.

Shon Harris, CISSP, MCSE, is the president of Logical Security, a security consultant, a former engineer in the Air Force’s Information Warfare unit, an instructor, and a bestselling author. She was recognized as one of the top 25 women in the Information Security field by Information Security Magazine.

Jonathan Ness is a software security engineer at Microsoft. He is a member of an Air National Guard unit where he leads network penetration tests against military facilities across the country and helps define the information warfare aggressor mission for the Air Force.

Chris Eagle is a senior lecturer in the Computer Science Department at the Naval Postgraduate School (NPS) in Monterey, California. A computer engineer/scientist for 25 years, his research interests include computer network attack and defense, computer forensics, and reverse/anti-reverse engineering. He can often be found teaching at Black Hat or spending late nights working on capture the flag at Defcon

Gideon J. Lenkey, CISSP co-founded Ra Security Systems, a network security monitoring and consultancy. He has provided advanced training to the FBI and is the sitting president of the FBI's InfraGard chapter in New Jersey.

Terron Williams, NSA IAM-IEM, CEH, CSSLP, works for Elster Electricity as a Senior Test Engineer with his primary focus on Smart Grid Security. He has served on the editorial board for Hakin9 Magazine.


登録情報

  • ペーパーバック: 720ページ
  • 出版社: McGraw-Hill Osborne Media; 3版 (2011/1/6)
  • 言語: 英語
  • ISBN-10: 0071742557
  • ISBN-13: 978-0071742559
  • 発売日: 2011/1/6
  • 商品パッケージの寸法: 18.8 x 3.6 x 23.1 cm
  • おすすめ度: 5つ星のうち 5.0 1 件のカスタマーレビュー
  • Amazon 売れ筋ランキング: 洋書 - 204,251位 (洋書の売れ筋ランキングを見る)
  •  カタログ情報を更新する画像についてフィードバックを提供する、または さらに安い価格について知らせる

  • 目次を見る

カスタマーレビュー

5つ星のうち 5.0
星5つ
1
星4つ
0
星3つ
0
星2つ
0
星1つ
0
カスタマーレビューを表示
あなたのご意見やご感想を教えてください

トップカスタマーレビュー

形式: ペーパーバック
2版があった頃に気がついて欲しかったのですが、3版が出るとのことでずっと待ってました。
PART2までが知っておいた方が良い程度の知識が簡単に書かれていて、ソーシャルな話や
BackTrack、MetaSploitの使い方がちょっと書いてあります。(他のことも書かれています)
次にPART3で、メインであろうオーバーフローのお話が結構書いてあって、Windowsについても書かれています。
Windowsについては主にメモリープロテクションのお話で、項目の最後に参考文献も書かれているので結構親切です。
あとはContent-TypeAttacksって言うらしいんですが、pdfexploitの話や簡単なSQLInjectionの話もあります。

とりあえずほとんどのトピックを網羅している気がします。上記に挙げた以外にもいろいろなことが書かれています。
それでいて、章や各種トピック?の最後には参考文献というか参考サイトが書かれているので親切です。
wargameやCFなど好きな人には為になる本だと思います。

この手の本で、自分の中での順位が変わり
GrayHat > Hacking: 美しき策謀(2版) > ハッカー・プログラミング大全 攻撃編
副読本として
...続きを読む ›
コメント 1人のお客様がこれが役に立ったと考えています. このレビューは参考になりましたか? はい いいえ 評価を送る...
フィードバックありがとうございました。
申し訳ありませんが、お客様の投票の記録に失敗しました。もう一度試してください。
違反を報告

Amazon.com で最も参考になったカスタマーレビュー (beta)

Amazon.com: 5つ星のうち 4.5 15 件のカスタマーレビュー
73 人中、70人の方が、「このレビューが参考になった」と投票しています。
5つ星のうち 3.0 This book needs a reboot with a ruthless editor 2011/7/28
投稿者 Richard Bejtlich - (Amazon.com)
形式: ペーパーバック
Critical reviews are my least favorite aspect of my Amazon experience, but I believe readers expect me to be honest with them. Gray Hat Hacking, 3rd Ed (GHH3E) has a lot of potential, but it needs a reboot and a ruthless editor. I read and reviewed the original edition 6 1/2 years ago but skipped the 2nd Ed. This 3rd Ed (published in Jan 2011) features several exceptionally talented authors (such as Allen Harper and Chris Eagle), so my expectations remained high. Unfortunately, after finishing the book I had collected a pile of notes that I will try to transform into constructive commentary for a 4th Ed, which I would enjoy seeing!

The GHH team needs to revisit first principles and decide just what it is trying to accomplish. I recommend the authors ditch the first three chapters, or radically concentrate on the ethical disclosure debate. The rest of the so-called legal material reads like a brain dump, almost like a blog post that never finishes. In some cases the authors of the sections stray from their topic, such as the "Vendors Paying More Attention" section on p 71. Cut it out! Be ruthless! Similarly, the section on social engineering (ch 4) needs a major overhaul if it is to survive into the next edition.

Other chapters have issues. Ch 7, on BackTrack, is basically just installation instructions. Ch 17 only devotes 17 pages to Web app security; either remove it or add substantially to the material. Ch 18 is supposed to be about VoIP, but it's mainly a discussion of the VoIPER tool. Ch 19 is supposed to be about SCADA attacks, but it's really just talk of the Autodafe and TFTPFuzz tools. In ch 28, the author doesn't explain how Nepenthes acquires a malware sample, besides letting it run on a cable network for a few weeks. Having deployed Nepenthes I know how it works, but I expect a reader who wants to learn about Nepenthes would want to understand it based on the text he or she bought.

The organization of the book needs an overhaul too. It seems to promote a progress of less complicated to more complicated, but at this point it needs to be reconstructed in a fourth edition. Why does Part IV, Vulnerability Analysis, follow Part III, Exploiting? Doesn't exploiting require doing vulnerability analysis? In other cases, material seems redundant. Ch 28 and ch 29 cover similar material but are likely by different authors; I recommend combining them and dropping duplicate material.

For me, some of the chapters are on the right track and could lead the fourth edition to a more solid foundation. I recommend expanding Ch 16 (featuring nice coverage of a .pdf exploit). I would really like to see a chapter or more on Javascript for malicious purposes. Overall, I think the GHH team could be very successful if they looked for topics not covered in other books, and addressed those issues in GHH4E. Why try to summarize coding in C, assembly, Python, etc., into a chapter, when other subjects (like Javascript for the hacker/analyst) aren't really explained in any other book? Similarly, it's probably not necessary to cover social engineering, BackTrack, or Metasploit now that individual books are devoted to those concepts.

There's a lot of good technical information in GHH3E, but I don't see myself recommending it to analysts in a CIRT or similar group. I think if the book rebooted with a focus on specialized material not found elsewhere, leveraging the talents of people like Harper and Allen, GHH4E would be THE book to buy on those topics.
7 人中、6人の方が、「このレビューが参考になった」と投票しています。
5つ星のうち 3.0 "Gray" sums it up nicely 2011/12/7
投稿者 SenseiC - (Amazon.com)
形式: Kindle版 Amazonで購入
I had this as a supporting text along with "legend" (William Stallings) "Internetworking with TCP/IP" text for a graduate course on Advanced Networks and Network Security.

I agree with many of the reviews that several of the chapters needed some more significant editorial review just to deliver topics in a clear and concise manner. That said I also completely disagree with the "for white hats by white hats" characterization. The book offers reasonably good overviews of numerous topics plus realistic examples of how most penetration attempts unfold. It also offers an appropriate discussion without "rendering judgement" about the nuances and conflicting interests surrounding defect disclosures and/or remediation (patches).

While versions constantly evolve, GHH would do well to include/add/expand on Linux "pen testing" distributions (BackTrack, Network Security Toolkit, security tools distribution, etc.), but not really spend much time on the mundane (installing, Live images, etc.) and more on which tools prove the most effective (The powers Metasploit can unleash should scare just about anyone!).

I also find it somewhat surprising with the pervasiveness of malware that only two chapters of the book focus on malware. Likewise I find it amazing that the book has a "one-chapter 'chat' on programming" (so often poor code exposes/provides the exploitation vector), but doesn't even mention CWE (Common Weakness Enumeration), etc. except as a footnote/reference.

As always the "Kindle edition" of a book leaves much to desire (especially the PC/Tablet "version" of the reader software). Someday someone at Amazon will look at an well-designed Adobe PDF and say, "Oh! I get it."

SenseiC bows out.
1 人中、1人の方が、「このレビューが参考になった」と投票しています。
5つ星のうち 5.0 Excellent, relevant book that is no fluff 2013/10/11
投稿者 Jason Z. - (Amazon.com)
形式: ペーパーバック Amazonで購入
I just got done reading this book and I was quite impressed. I've read many other books on the same subjects and this handbook delivers the material without all the fluff. It shows the most popular (some of the most effective) tools and how they are used. I really love Ch. 6 about the "Insider Attacks" as it shows from start to finish how an attacker could leverage themselves as a domain admin with relative ease. While there are books alone written for each chapter this handbook sums each chapter up in a clear concise way especially if you are already a bit familiar with the tools and techniques. I would say that this book isn't written for a novice or someone who hasn't already have great understand of basic networking (TCP/IP) or systems experience.

There are excellent chapters about exploits, shellcodes and how to write and use them as well as some excellent examples of each. As with any book like this it is important to practice the techniques in a lab to have the info "stick". Overall, one of the more interesting books I've read that is not like the typical chapters you would see in a book related to becoming a "Certified Ethical Hacker".
5つ星のうち 5.0 Wealth of information -- beyond the basics. 2014/12/18
投稿者 Dennis S. Furr - (Amazon.com)
形式: ペーパーバック
This is an excellent book written for today. The issues listed in this book is very current and allows the reader to gain very practical knowledge around current security issues while gaining knowledge that can be applied regardless of future events. General knowledge, and specific knowledge is shared. How to run a social engineering attack tells you what to expect when someone runs a social engineering attack against your organization.

The book also covers several well known tools that every admin should be aware of for use in Hacking.
I recommend getting this book and sharing it with the system admin and security team of any company. Several aspects are basic, but all areas covered are important to those charged with defending their networks.
1 人中、1人の方が、「このレビューが参考になった」と投票しています。
5つ星のうち 5.0 GREAT BOOK 2013/5/30
投稿者 Dennis Schillinger - (Amazon.com)
形式: ペーパーバック Amazonで購入
This book was perfect for my class. I was able to find what I needed to help me through it.
これらのレビューは参考になりましたか? ご意見はクチコミでお聞かせください。


フィードバック