Muutke küpsiste eelistusi

E-raamat: iOS Hacker's Handbook

4.08/5 (115 hinnangut Goodreads-ist)
, , , , ,
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 30-Apr-2012
  • Kirjastus: John Wiley & Sons Inc
  • Keel: eng
  • ISBN-13: 9781118240755
Teised raamatud teemal:
  • Formaat - EPUB+DRM
  • Hind: 34,12 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
iOS Hacker's HandbookSuurem pilt
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 30-Apr-2012
  • Kirjastus: John Wiley & Sons Inc
  • Keel: eng
  • ISBN-13: 9781118240755
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

Describes the security architecture of iOS and offers information on such topics as encryption, jailbreaks, code signing, sandboxing, iPhone fuzzing, and ROP payloads, along with ways to defend iOS devices.

Discover all the security risks and exploits that can threaten iOS-based mobile devices

iOS is Apple's mobile operating system for the iPhone and iPad. With the introduction of iOS5, many security issues have come to light. This book explains and discusses them all. The award-winning author team, experts in Mac and iOS security, examines the vulnerabilities and the internals of iOS to show how attacks can be mitigated. The book explains how the operating system works, its overall security architecture, and the security risks associated with it, as well as exploits, rootkits, and other payloads developed for it.

  • Covers iOS security architecture, vulnerability hunting, exploit writing, and how iOS jailbreaks work
  • Explores iOS enterprise and encryption, code signing and memory protection, sandboxing, iPhone fuzzing, exploitation, ROP payloads, and baseband attacks
  • Also examines kernel debugging and exploitation
  • Companion website includes source code and tools to facilitate your efforts

iOS Hacker's Handbook arms you with the tools needed to identify, understand, and foil iOS attacks.

Introduction xv
Chapter 1 iOS Security Basics
1(14)
iOS Hardware/Device Types
2(1)
How Apple Protects the App Store
2(1)
Understanding Security Threats
3(2)
Understanding iOS Security Architecture
5(4)
The Reduced Attack Surface
5(1)
The Stripped-Down iOS
6(1)
Privilege Separation
6(1)
Code Signing
7(1)
Data Execution Prevention
7(1)
Address Space Layout Randomization
8(1)
Sandboxing
8(1)
A Brief History of iOS Attacks
9(5)
Libtiff
9(1)
Fun with SMS
10(1)
The Ikee Worm
10(1)
Storm8
11(1)
SpyPhone
12(1)
Pwn2Own 2010
13(1)
Jailbreakme.com 2 ("Star")
13(1)
Jailbreakme.com 3 ("Saffron")
14(1)
Summary
14(1)
Chapter 2 iOS in the Enterprise
15(32)
iOS Configuration Management
16(10)
Mobile Configuration Profiles
16(2)
iPhone Configuration Utility
18(1)
Creating a Configuration Profile
18(2)
Installing the Configuration Profile
20(5)
Updating Profiles
25(1)
Removing Profiles
25(1)
Applications and Provisioning Profiles
26(1)
Mobile Device Management
26(19)
MDM Network Communication
27(1)
Lion Server Profile Manager
28(1)
Setting Up Profile Manager
29(6)
Creating Settings
35(3)
Enrolling Devices
38(7)
Summary
45(2)
Chapter 3 Encryption
47(22)
Data Protection
47(4)
Data Protection API
48(3)
Attacking Data Protection
51(17)
Attacking User Passcodes
51(4)
iPhone Data Protection Tools
55(1)
Installation Prerequisites
55(3)
Building the Ramdisk
58(3)
Booting Ramdisk
61(1)
Brute-Force Attacking Four-Digit Passcodes
62(2)
Dumping Keychain
64(1)
Dumping Data Partition
65(1)
Decrypting Data Partition
66(2)
Summary
68(1)
Chapter 4 Code Signing and Memory Protections
69(38)
Understanding Mandatory Access Control
70(4)
AMFI Hooks
71(1)
AMFI and execv
72(2)
How Provisioning Works
74(4)
Understanding the Provisioning Profile
74(3)
How the Provisioning File Is Validated
77(1)
Understanding Application Signing
78(1)
Inside Entitlements
79(1)
How Code Signing Enforcement Works
80(9)
Collecting and Verifying Signing Information
80(4)
How Signatures Are Enforced on Processes
84(4)
How the iOS Ensures No Changes Are Made to Signed Pages
88(1)
Discovering Dynamic Code Signing
89(6)
Why MobileSafari Is So Special
89(2)
How the Kernel Handles JIT
91(3)
Attacking Inside MobileSafari
94(1)
Breaking Code Signing
95(9)
Altering iOS Shellcode
96(5)
Using Meterpreter on iOS
101(2)
Gaining App Store Approval
103(1)
Summary
104(3)
Chapter 5 Sandboxing
107(32)
Understanding the Sandbox
108(1)
Sandboxing Your Apps
109(7)
Understanding the Sandbox Implementation
116(21)
Understanding User Space Library Implementation
117(4)
Into the Kernel
121(1)
Implementing TrustedBSD
121(2)
Handling Configuration from User Space
123(2)
Policy Enforcement
125(1)
How Profile Bytecode Works
126(7)
How Sandboxing Impacts App Store versus Platform Applications
133(4)
Summary
137(2)
Chapter 6 Fuzzing iOS Applications
139(46)
How Fuzzing Works
139(2)
The Recipe for Fuzzing
141(3)
Mutation-Based ("Dumb") Fuzzing
141(1)
Generation-Based ("Smart") Fuzzing
142(1)
Submitting and Monitoring the Test Cases
143(1)
Fuzzing Safari
144(4)
Choosing an Interface
144(1)
Generating Test Cases
144(1)
Testing and Monitoring the Application
145(3)
Adventures in PDF Fuzzing
148(5)
Quick Look Fuzzing
153(2)
Fuzzing with the Simulator
155(3)
Fuzzing MobileSafari
158(2)
Selecting the Interface to Fuzz
158(1)
Generating the Test Case
158(1)
Fuzzing and Monitoring MobileSafari
158(2)
PPT Fuzzing Fun
160(2)
SMS Fuzzing
162(22)
SMS Basics
163(2)
Focusing on the Protocol Data Unit Mode
165(2)
Using PDUspy
167(1)
Using User Data Header Information
167(1)
Working with Concatenated Messages
168(1)
Using Other Types of UDH Data
169(1)
Generation-Based Fuzzing with Sulley
170(5)
SMS iOS Injection
175(2)
Monitoring SMS
177(5)
SMS Bugs
182(2)
Summary
184(1)
Chapter 7 Exploitation
185(34)
Exploiting Bug Classes
186(2)
Object Lifetime Vulnerabilities
186(2)
Understanding the iOS System Allocator
188(2)
Regions
188(1)
Allocation
189(1)
Deallocation
189(1)
Taming the iOS Allocator
190(10)
Tools of the Trade
190(1)
Learning Alloc/Dealloc Basics
191(4)
Exploiting Arithmetic Vulnerabilities
195(3)
Exploiting Object Lifetime Issues
198(2)
Understanding TCMalloc
200(2)
Large Object Allocation and Deallocation
201(1)
Small Object Allocation
201(1)
Small Object Deallocation
202(1)
Taming TCMalloc
202(9)
Obtaining a Predictable Heap Layout
202(2)
Tools for Debugging Heap Manipulation Code
204(2)
Exploiting Arithmetic Vulnerabilities with TCMalloc - Heap Feng Shui
206(5)
Exploiting Object Lifetime Issues with TCMalloc
211(1)
ASLR Challenges
211(2)
Case Study: Pwn2Own 2010
213(4)
Testing Infrastructure
217(1)
Summary
218(1)
Chapter 8 Return-Oriented Programming
219(30)
ARM Basics
220(2)
iOS Calling Convention
220(1)
System Calls Calling Convention
221(1)
ROP Introduction
222(10)
ROP and Heap Bugs
224(1)
Manually Constructing a ROP Payload
225(5)
Automating ROP Payload Construction
230(2)
What Can You Do with ROP on iOS?
232(3)
Testing ROP Payloads
232(3)
Examples of ROP Shellcode on iOS
235(12)
Exfiltrate File Content Payload
235(7)
Using ROP to Chain Two Exploits (JailBreakMe v3)
242(5)
Summary
247(2)
Chapter 9 Kernel Debugging and Exploitation
249(48)
Kernel Structure
249(1)
Kernel Debugging
250(6)
Kernel Extensions and IOKit Drivers
256(13)
Reversing the IOKit Driver Object Tree
257(4)
Finding Vulnerabilities in Kernel Extensions
261(3)
Finding Vulnerabilities in IOKit Drivers
264(1)
Attacking through Device Properties
265(1)
Attacking through External Traps and Methods
266(3)
Kernel Exploitation
269(27)
Arbitrary Memory Overwrite
269(1)
Patching a Vulnerability into the Kernel
270(1)
Choosing a Target to Overwrite
271(1)
Locating the System Call Table
272(1)
Constructing the Exploit
273(1)
Uninitialized Kernel Variables
274(5)
Kernel Stack Buffer Overflows
279(6)
Kernel Heap Buffer Overflows
285(1)
Kernel Heap Zone Allocator
286(5)
Kernel Heap Feng Shui
291(2)
Detecting the State of the Kernel Heap
293(1)
Exploiting the Kernel Heap Buffer Overflow
294(2)
Summary
296(1)
Chapter 10 Jailbreaking
297(30)
Why Jailbreak?
298(1)
Jailbreak Types
298(3)
Jailbreak Persistence
299(1)
Tethered Jailbreaks
299(1)
Untethered Jailbreaks
299(1)
Exploit Type
300(1)
Bootrom Level
300(1)
iBoot Level
300(1)
Userland Level
301(1)
Understanding the Jailbreaking Process
301(8)
Exploiting the Bootrom
302(1)
Booting the Ramdisk
303(1)
Jailbreaking the Filesystem
303(1)
Installing the Untethering Exploit
304(1)
Installing the AFC2 Service
305(1)
Installing Base Utilities
306(1)
Application Stashing
307(1)
Bundle Installation
307(2)
Post-Installation Process
309(1)
Executing Kernel Payloads and Patches
309(16)
Kernel State Reparation
309(1)
Privilege Escalation
310(2)
Kernel Patching
312(1)
security.mac.proc_enforce
312(1)
cs_enforcement_disable (kernel)
313(1)
cs_enforcement_disable (AMFI)
314(1)
PE_i_can_has_debugger
315(1)
vm_map_enter
316(2)
vm_map_protect
318(1)
AMFI Binary Trust Cache
319(1)
Task_for_pid 0
320(2)
Sandbox Patches
322(2)
Clearing the Caches
324(1)
Clean Return
324(1)
Summary
325(2)
Chapter 11 Baseband Attacks
327(38)
GSM Basics
329(2)
Setting up OpenBTS
331(4)
Hardware Required
331(1)
OpenBTS Installation and Configuration
332(3)
Closed Configuration and Asterisk Dialing Rules
335(1)
RTOSes Underneath the Stacks
335(7)
Nucleus PLUS
336(1)
ThreadX
337(1)
REX/OKL4/Iguana
337(1)
Heap Implementations
338(1)
Dynamic Memory in Nucleus PLUS
338(2)
Byte Pools in ThreadX
340(1)
The Qualcomm Modem Heap
341(1)
Vulnerability Analysis
342(6)
Obtaining and Extracting Baseband Firmware
343(1)
Loading Firmware Images into IDA Pro
344(1)
Application/Baseband Processor Interface
345(1)
Stack Traces and Baseband Core Dumps
345(1)
Attack Surface
346(1)
Static Analysis on Binary Code Like it's 1999
347(1)
Specification-Guided Fuzz Testing
348(1)
Exploiting the Baseband
348(14)
A Local Stack Buffer Overflow: AT+XAPP
348(2)
The ultrasn0w Unlock
350(6)
An Overflow Exploitable Over the Air
356(6)
Summary
362(3)
Appendix References 365(4)
Index 369
Charlie Miller is Principal Research Consultant at Accuvant Labs and a four-time CanSecWest Pwn2Own winner.

Dionysus Blazakis is an expert on iOS and OS X sandbox security mechanisms.

Dino Dai Zovi is coauthor of The Mac Hacker's Handbook and a popular conference speaker.

Stefan Esser is a PHP security expert and leading researcher of iOS security topics.

Vincenzo Iozzo is an independent security researcher focused on Mac OS X and smartphones.

Ralf-Philipp Weinmann holds a PhD in cryptography and has an extensive security background.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97811182407556e.html
Märksõnad: