Network Architecture and Protocols
Headers, Footers, and Addresses
My Model for Network Protocol Analysis
2
CAPTURING APPLICATION TRAFFIC
Passive Network Traffic Capture
Alternative Passive Capture Techniques
Monitoring Network Connections with DTrace
Advantages and Disadvantages of Passive Capture
Active Network Traffic Capture
Multiplexing and Fragmentation
4
ADVANCED APPLICATION TRAFFIC CAPTURE
Forwarding Traffic to a Gateway
The Traffic-Producing Application: SuperFunkyChat
A Crash Course in Analysis with Wireshark
Generating Network Traffic and Capturing Packets
Reading the Contents of a TCP Session
Identifying Packet Structure with Hex Dump
Determining the Protocol Structure
Dissecting the Protocol with Python
Developing Wireshark Dissectors in Lua
Using a Proxy to Actively Analyze Traffic
Protocol Analysis Using a Proxy
6
APPLICATION REVERSE ENGINEERING
Compilers, Interpreters, and Assemblers
The Instruction Set Architecture
Operating System Networking Interface
A Quick Guide to Using IDA Pro Free Edition
Analyzing Stack Variables and Arguments
Reverse Engineering Managed Languages
Cryptographic Hashing Algorithms
Asymmetric Signature Algorithms
Case Study: Transport Layer Security
8
IMPLEMENTING THE NETWORK PROTOCOL
Replaying Existing Captured Network Traffic
Using Python to Resend Captured UDP Traffic
Repurposing Our Analysis Proxy
Repurposing Existing Executable Code
Repurposing Code in .NET Applications
Repurposing Code in Java Applications
Encryption and Dealing with TLS
Learning About the Encryption In Use
9
THE ROOT CAUSES OF VULNERABILITIES
Memory Corruption Vulnerabilities
Memory-Safe vs. Memory-Unsafe Programming Languages
Dynamic Memory Allocation Failures
Default or Hardcoded Credentials
Text-Encoding Character Replacement
10
FINDING AND EXPLOITING SECURITY VULNERABILITIES
Improving Your Chances of Finding the Root Cause of a Crash
Exploiting Common Vulnerabilities
Exploiting Memory Corruption Vulnerabilities
Arbitrary Memory Write Vulnerability
Generating Shell Code with Metasploit
Memory Corruption Exploit Mitigations
Return-Oriented Programming Counter-Exploit
Address Space Layout Randomization (ASLR)
Detecting Stack Overflows with Memory Canaries
NETWORK PROTOCOL ANALYSIS TOOLKIT
Passive Network Protocol Capture and Analysis Tools
Active Network Capture and Analysis
Network Connectivity and Protocol Testing
Fuzzing, Packet Generation, and Vulnerability Exploitation Frameworks
Network Spoofing and Redirection