Automotive Holiday Deals Books Holiday Gift Guide Shop Men's Cyber Monday Deals Week Learn more nav_sap_SWP_6M_fly_beacon Indie for the Holidays egg_2015 Fire TV Stick Grocery Gifts for Her Amazon Gift Card Offer mithc mithc mithc  Amazon Echo Starting at $49.99 Kindle Voyage R6 Siege Shop Now HTL
Profile for Nagareshwar Talekar > Reviews


Nagareshwar Tale...'s Profile

Customer Reviews: 3
Top Reviewer Ranking: 14,883,523
Helpful Votes: 62

Community Features
Review Discussion Boards
Top Reviewers

Guidelines: Learn more about the ins and outs of Your Profile.

Reviews Written by
Nagareshwar Talekar RSS Feed (Bangalore, India)

Page: 1
A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security
A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security
by Tobias Klein
Edition: Paperback
Price: $28.60
83 used & new from $19.29

3 of 3 people found the following review helpful
5.0 out of 5 stars Bug Hunting Showcased in most Spectacular Way, December 22, 2011
Once upon a time there were bounty hunters running in the wild to nab those `Most Wanted' criminals and walk away with big bucks. Now we have bug hunters running wild in their computer world not only to put their name on wall of fame but also to reap those rich rewards.

Here in this latest book "Bug Hunter's Diary" we have similar story of another great and inspiring bug hunter, Tobias Klein.

This book gives valuable insights on different techniques of bug hunting and exploiting them successfully. Each of the chapters in this book conforms to the each of the vulnerability discovered by author and written in his own words and style.

Before you proceed to reading, it is good idea to get some basic knowledge on driver concepts including its life cycle, IRP, IOCTL and debugging. As three of eight chapters here deal with driver bugs, this prep will help you to feel at home later on.

If you are new to vulnerability research, I suggest you to start with Appendix A which refreshes concept of stack overflow with practical example, NULL pointer dereferences, type conversion, GOT exploitation techniques which are essential to understand main chapters. Appendix B describes debugging tools along with commands for Solaris(mdb), Linux (gdb), Windows (windbg) and shows how to setup VMware for Kernel Debugging. Final Appendix talks about exploit mitigation techniques such as ASLR, GS, NX, DEP and finishes with detailed description on RELRO for ELF (Linux).

Though fuzzing is most common method used for bug hunting these days, author has used it only in final chapter and rest of the bugs were based on manual & his ingenious approach, that's what separates men from boys.

In chap 2, author talks about the first victim, VLC media player. He starts with traversing the source code, listing all demuxers dealing with different video formats, traces through the input data and finally finds Stack Overflow bug in TiVo demuxer code. Then he goes onto show how he manipulated sample Tivo video file to successfully exploit it.

In chap 3, author switches to one of his exceptional exploitation of NULL pointer dereference vulnerability in a network driver of Solaris Kernel. With source code it may be easy to find this bug but successfull exploitation of this bug was just amazing where author mapped the Zero/NULL page and then passed the controlled attack vectors through IOCTL to gain the root. Notable thing here is that vendor took more than year to patch the bug and author has to just wait in vain but do nothing. In fact real bounty hunting stories are not as sweet as they are shown on the screen.

Next chapter deals with tricky Type Conversion vulnerability in FFmpeg multimedia library (Linux). This is popular library used by Google Chrome, VLC Media Player, MPlayer etc. Here he finds bug beautiful bug in one of the demuxer code, (4xm.c file) dealing with 4X movie format. Conversion from user-controlled unsigned int media file to signed int caused the serious issue which author was able to exploit successfully to trigger remote code execution. Another job well done.

In chap 5, author shows us another interesting vulnerability in Cisco's WebEx ActiveX control for Internet Explorer [Windows]. Being researcher, he started with reversing this Activex control to find trivial string buffer overflow vulnerability. Then he realized that he could have done with by simply fuzzing. However it is interesting to see how author uses the tools like COMRaider, WinDbg, IDAPro in tandem to discover and exploit it.

Chap 6 talks about one of the stunning bug in kernel driver of Avast Antivirus software running in dark world of Windows. He starts with looking at Driver's poor security settings that allowed anyone to send IOCTL. Then he gets into reversing IOCTL handler code in the driver using IDA and finally finds bug in one of memcpy() calls deep down the rabbit hole. Admirable thing here is that Avast has fixed this kernel driver bug in just 10 days. Not all bounty hunting stories are as bad as depicted on the screen ;)

In chap 7, author turns to MAC, finding bug in XNU Kernel driver. He downloads the kernel code, traverses through IOCTL handlers and finally discovers another Type Conversion bug leading to blue screen. Then author goes through another challenging cycle of debugging through his cross wired Linux system to script a successful exploit to pwn his MAC.

Final chapter deals with interesting vulnerability in iPhone. Author finally uses his own custom fuzzer, simple yet smart, to discover bug audio ringtone processing code. Though iPhone flunked many times during fuzzing, he continued through the tedious process and discovers this as well as similar bugs in mediaserverd deamon. Next he gets into debugging his iPhone through GDB on Linux, finally stopping at successful exploitation. Bounty hunters does not seem to stop anywhere until they nail the man they are after!


* Be warned - Highly technical and Toxic, Keep a can of beer beside you :)
* For better digestion, read one chapter at a time with clear and cool head
* Deep exposure to vuln discovery and exploitation techniques on Windows, Linux, Solaris, Mac & iPhone
* Detailed technical steps with screenshots and code snippets
* No exploit code due to strict German laws but author has published videos
* Author does not preach but shows you what amazing things one can do with right skills and great patience

When you finish this book, it will not be hard for you to acknowledge Tobias Klein as one of those rare, genius and versatile bug hunter. It takes a lot to master those traits, not just knowing about it but to get to the r00t, you can't express it in words.

"This in not just a book that will teach you the Art of Bug Hunting in most spectacular way but an great inspiration to all those wanna be Bug Hunters !"

Disclaimer: I have received this book from the publisher for special review. However the review remains genuine and unbiased.

BackTrack 5 Wireless Penetration Testing Beginner's Guide
BackTrack 5 Wireless Penetration Testing Beginner's Guide
by Vivek Ramachandran
Edition: Paperback
Price: $47.49
63 used & new from $33.20

25 of 26 people found the following review helpful
5.0 out of 5 stars Best book to master Wi-Fi Kung Fu, October 31, 2011
Disclaimer: I have received this book from the publisher for special review. And author is good friend of mine. However the review remains genuine and unbiased.

This book is highly technical & written completely from practical perspective. To get the best out of this book you need to parallely follow it up with your own setup as shown in first chapter. And at the end of it, there will be one more Wi-Fi ninja in the air.

Here is the complete chapter by chapter review,

First chapter starts with the famous line from `Abraham Lincoln' pressing on the importance of setting up the play ground,

"If I had eight hours to chop down a tree, I'd spend six hours sharpening my axe."

It lists both hardware/software requirements with 2 Wi-Fi enabled laptops, one injectible Wi-Fi card (Alfa AWUS036H) & a access point. Some more listing of alternative injectible Wi-Fi cards would have been better though. It is often difficult to get the right one especially for those who are outside USA/UK. In my initial days of wardriving, I remember waiting for entire year to get my first injectible USB dongle. And without the right card, you are on the back foot as you can't perform most of the attacks.

Remaining portion of first chapter shows how to install BackTrack, Setting up access point and wireless cards in detail with screenshots. Next one explains in brief about wireless frames and shows how to capture the Wi-Fi packets in the air and inject your own packets using Alfa card.

It goes more interesting with chapter 3 showing how to bypass various wireless security restrictions such as hidden SSIDs, defeating MAC filters, bypassing WEP authentication etc. Next it shows how to really crack those 128 bit WEP keys using aircrack-ng tool. Finally it describes how we can use these cracked WEP/WPA passphrase to decrypt wireless data packets and directly connect to WEP/WPA network.

Chapter 5 explains various Denial of Service (DoS) attacks including De-Authentication, Dis-Association, CTS-RTS attack & spectrum jamming. It also shows how one can perform `Evil Twin' attack against legitimate Access point and how to setup rogue access point to gain backdoor entry into the network.

Often the weakest point lies at the client side, so the chapter 6 goes to describe all those attacks one can perform on wireless clients including Honeypot and Mis-Association attacks, Caffe Latte attack, De-Authenticaton and Dis-Association attacks, Hirte attack, AP-less WPA-Personal cracking etc. Next one shows how to perform wireless based Man-in-the-Middle (MITM) attacks and then use it for sniffing and hijacking of user sessions.

Chapter 8 focuses on WPA-enterprise based attacks such as exploiting the weakness in PEAP, EAP-TLS protocols. It ends with recommendation on secure wireless configuration using `WPA2-PSK with a strong passphrase' for smaller/medium size organizations and `WPA2-Enterprise with EAP-TLS' for larger organizations.

Final chapter touches very briefly on pen testing methodologies and then goes more into wireless pen testing using the attacks explained in previous chapters. It starts with step by step of discovery of wireless devices, finding unauthorized clients, rogue access points and then cracking the wireless encryption using the attacks demonstrated in previous chapters.

Highlights of the Book

* Very well written and enjoyable to read
* Practical and includes latest stuff from wireless field
* Every attack technique is very well shown with complete technical details and illustrative screenshots.
* Includes action items for reader to explore more and gain more expertise
* Pop Quiz at the end of each chapter ensures that you were not dozing off

After reading this book completely, one thing is sure that you would like to change its title from "Beginners guide" to "Not just Beginners guide". Even though its his first book, I am amazed with his style of writing and `connecting with reader' mentality making it easier to grasp and enjoyable to read on.

And here comes the final verdict,

"Written by wireless expert, this book goes beyond the words and highly recommended to anyone willing to master Wi-Fi Kung Fu."

The Rootkit Arsenal: Escape and Evasion: Escape and Evasion in the Dark Corners of the System
The Rootkit Arsenal: Escape and Evasion: Escape and Evasion in the Dark Corners of the System
by Bill Blunden
Edition: Paperback
Price: $49.95
32 used & new from $6.91

34 of 37 people found the following review helpful
5.0 out of 5 stars Awesome gigantic compilation on Rootkits, August 16, 2009
The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System

Wow...! This was my first reaction when I received this massive 900+ pages book from Amazon. I was just spell bounded and surprised to see such an enormous amount of information compiled on the lesser known area of computer security, the Rootkits.

The book starts with basics of system internals which is essential to understand the depth of Rootkits. It covers about various memory models, interrupts, TSR, Windows architecture etc in detail. Then it delves into explaining the ingredients of Rootkit including installing and launching of the Rootkit. All these system internals have been covered in very precise and concise manner.

The chapter 5 is where the real fun starts as it goes on elaborating all the hooking mechanisms from user land to kernel and then it describes various techniques for detecting these hooking mechanisms. Later chapters does awesome job of explaining the advanced Rootkit techniques. The Anti-Forensics section is just mind blowing, no explanation needed.

One of the salient features of this book is the code samples. Every technique mentioned in this book is illustrated with well explained, working code example. This along with Rootkit detection mechanisms explored in the book sets it apart from its predecessor, Rootkit - Subverting Windows Kernel.

Its clearly evident that author has taken great pain and patience to present the darkest topic of computer arena in a very simple and understandable manner in this gigantic compilation. By far this is the very good reference book and very well recommended for any one who wants to conquer the mysterious world of Rootkits.

Page: 1