- Author: John Wiley & Sons
- Language: English
- Published: 2014
- Page:577
- Format: pdf
- Size: 9 MB
CONTENTS
Chapter 1 Looking at the Ecosystem 1
Understanding Android’s Roots 1Chapter 2 Android Security Design and Architecture 25
Understanding Android Stakeholders 7
Grasping Ecosystem Complexities 15
Understanding Android System Architecture 25Chapter 3 Rooting Your Device 57
Understanding Security Boundaries and Enforcement 27
Looking Closer at the Layers 34
Complex Security, Complex Exploits 55
Understanding the Partition Layout 58Chapter 4 Reviewing Application Security 83
Understanding the Boot Process 60
Locked and Unlocked Boot Loaders 62
Rooting with an Unlocked Boot Loader 65
Rooting with a Locked Boot Loader 68
History of Known Attacks 73
Common Issues 83Chapter 5 Understanding Android’s Attack Surface 129
Case Study: Mobile Security App 91
Case Study: SIP Client 120
An Attack Terminology Primer 130Chapter 6 Finding Vulnerabilities with Fuzz Testing 177
Classifying Attack Surfaces 133
Remote Attack Surfaces 134
Physical Adjacency 154
Local Attack Surfaces 161
Physical Attack Surfaces 168
Third-Party Modifi cations 174
Fuzzing Background 177Chapter 7 Debugging and Analyzing Vulnerabilities 205
Fuzzing on Android 181
Fuzzing Broadcast Receivers 183
Fuzzing Chrome for Android 188
Fuzzing the USB Attack Surface 197
Getting All Available Information 205Chapter 8 Exploiting User Space Software 263
Choosing a Toolchain 207
Debugging with Crash Dumps 208
Remote Debugging 211
Debugging Dalvik Code 212
Debugging Native Code 221
Debugging Mixed Code 243
Alternative Debugging Techniques 243
Vulnerability Analysis 246
Memory Corruption Basics 263Chapter 9 Return Oriented Programming 291
A History of Public Exploits 275
Exploiting the Android Browser 284
History and Motivation 291Chapter 10 Hacking and Attacking the Kernel 309
Basics of ROP on ARM 294
Case Study: Android 4.0.1 Linker 300
Android’s Linux Kernel 309Chapter 11 Attacking the Radio Interface Layer 367
Extracting Kernels 310
Running Custom Kernel Code 316
Debugging the Kernel 336
Exploiting the Kernel 348
Introduction to the RIL 368Chapter 12 Exploit Mitigations 391
Short Message Service (SMS) 375
Interacting with the Modem 379
Classifying Mitigations 392Chapter 13 Hardware Attacks 423
Code Signing 392
Hardening the Heap 394
Protecting Against Integer Overfl ows 394
Preventing Data Execution 396
Address Space Layout Randomization 398
Protecting the Stack 400
Format String Protections 401
Read-Only Relocations 403
Sandboxing 404
Fortifying Source Code 405
Access Control Mechanisms 407
Protecting the Kernel 408
Other Hardening Measures 411
Summary of Exploit Mitigations 414
Disabling Mitigation Features 415
Overcoming Exploit Mitigations 418
Looking to the Future 420
Interfacing with Hardware Devices 424
Identifying Components 456
Intercepting, Monitoring, and Injecting Data 459
Stealing Secrets and Firmware 469
Pitfalls 479
DOWNLOAD HERE
No comments:
Post a Comment