Download or read book The Ghidra Book written by Chris Eagle and published by No Starch Press. This book was released on 2020-09-08 with total page 610 pages. Available in PDF, EPUB and Kindle. Book excerpt: A guide to using the Ghidra software reverse engineering tool suite. The result of more than a decade of research and development within the NSA, the Ghidra platform was developed to address some of the agency's most challenging reverse-engineering problems. With the open-source release of this formerly restricted tool suite, one of the world's most capable disassemblers and intuitive decompilers is now in the hands of cybersecurity defenders everywhere -- and The Ghidra Book is the one and only guide you need to master it. In addition to discussing RE techniques useful in analyzing software and malware of all kinds, the book thoroughly introduces Ghidra's components, features, and unique capacity for group collaboration. You'll learn how to: Navigate a disassembly Use Ghidra's built-in decompiler to expedite analysis Analyze obfuscated binaries Extend Ghidra to recognize new data types Build new Ghidra analyzers and loaders Add support for new processors and instruction sets Script Ghidra tasks to automate workflows Set up and use a collaborative reverse engineering environment Designed for beginner and advanced users alike, The Ghidra Book will effectively prepare you to meet the needs and challenges of RE, so you can analyze files like a pro.

Download or read book Ghidra Software Reverse Engineering for Beginners written by A. P. David and published by Packt Publishing Ltd. This book was released on 2021-01-08 with total page 322 pages. Available in PDF, EPUB and Kindle. Book excerpt: Detect potentials bugs in your code or program and develop your own tools using the Ghidra reverse engineering framework developed by the NSA project Key FeaturesMake the most of Ghidra on different platforms such as Linux, Windows, and macOSLeverage a variety of plug-ins and extensions to perform disassembly, assembly, decompilation, and scriptingDiscover how you can meet your cybersecurity needs by creating custom patches and toolsBook Description Ghidra, an open source software reverse engineering (SRE) framework created by the NSA research directorate, enables users to analyze compiled code on any platform, whether Linux, Windows, or macOS. This book is a starting point for developers interested in leveraging Ghidra to create patches and extend tool capabilities to meet their cybersecurity needs. You'll begin by installing Ghidra and exploring its features, and gradually learn how to automate reverse engineering tasks using Ghidra plug-ins. You'll then see how to set up an environment to perform malware analysis using Ghidra and how to use it in the headless mode. As you progress, you'll use Ghidra scripting to automate the task of identifying vulnerabilities in executable binaries. The book also covers advanced topics such as developing Ghidra plug-ins, developing your own GUI, incorporating new process architectures if needed, and contributing to the Ghidra project. By the end of this Ghidra book, you'll have developed the skills you need to harness the power of Ghidra for analyzing and avoiding potential vulnerabilities in code and networks. What you will learnGet to grips with using Ghidra's features, plug-ins, and extensionsUnderstand how you can contribute to GhidraFocus on reverse engineering malware and perform binary auditingAutomate reverse engineering tasks with Ghidra plug-insBecome well-versed with developing your own Ghidra extensions, scripts, and featuresAutomate the task of looking for vulnerabilities in executable binaries using Ghidra scriptingFind out how to use Ghidra in the headless modeWho this book is for This SRE book is for developers, software engineers, or any IT professional with some understanding of cybersecurity essentials. Prior knowledge of Java or Python, along with experience in programming or developing applications, is required before getting started with this book.

Download or read book Practical Reverse Engineering written by Bruce Dang and published by John Wiley & Sons. This book was released on 2014-02-03 with total page 384 pages. Available in PDF, EPUB and Kindle. Book excerpt: Analyzing how hacks are done, so as to stop them in the future Reverse engineering is the process of analyzing hardware or software and understanding it, without having access to the source code or design documents. Hackers are able to reverse engineer systems and exploit what they find with scary results. Now the good guys can use the same tools to thwart these threats. Practical Reverse Engineering goes under the hood of reverse engineering for security analysts, security engineers, and system programmers, so they can learn how to use these same processes to stop hackers in their tracks. The book covers x86, x64, and ARM (the first book to cover all three); Windows kernel-mode code rootkits and drivers; virtual machine protection techniques; and much more. Best of all, it offers a systematic approach to the material, with plenty of hands-on exercises and real-world examples. Offers a systematic approach to understanding reverse engineering, with hands-on exercises and real-world examples Covers x86, x64, and advanced RISC machine (ARM) architectures as well as deobfuscation and virtual machine protection techniques Provides special coverage of Windows kernel-mode code (rootkits/drivers), a topic not often covered elsewhere, and explains how to analyze drivers step by step Demystifies topics that have a steep learning curve Includes a bonus chapter on reverse engineering tools Practical Reverse Engineering: Using x86, x64, ARM, Windows Kernel, and Reversing Tools provides crucial, up-to-date guidance for a broad range of IT professionals.

Download or read book Reversing written by Eldad Eilam and published by John Wiley & Sons. This book was released on 2011-12-12 with total page 630 pages. Available in PDF, EPUB and Kindle. Book excerpt: Beginning with a basic primer on reverse engineering-including computer internals, operating systems, and assembly language-and then discussing the various applications of reverse engineering, this book provides readers with practical, in-depth techniques for software reverse engineering. The book is broken into two parts, the first deals with security-related reverse engineering and the second explores the more practical aspects of reverse engineering. In addition, the author explains how to reverse engineer a third-party software library to improve interfacing and how to reverse engineer a competitor's software to build a better product. * The first popular book to show how software reverse engineering can help defend against security threats, speed up development, and unlock the secrets of competitive products * Helps developers plug security holes by demonstrating how hackers exploit reverse engineering techniques to crack copy-protection schemes and identify software targets for viruses and other malware * Offers a primer on advanced reverse-engineering, delving into "disassembly"-code-level reverse engineering-and explaining how to decipher assembly language

Download or read book Practical Malware Analysis written by Michael Sikorski and published by No Starch Press. This book was released on 2012-02-01 with total page 802 pages. Available in PDF, EPUB and Kindle. Book excerpt: Malware analysis is big business, and attacks can cost a company dearly. When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring. For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way. You'll learn how to: –Set up a safe virtual environment to analyze malware –Quickly extract network signatures and host-based indicators –Use key analysis tools like IDA Pro, OllyDbg, and WinDbg –Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques –Use your newfound knowledge of Windows internals for malware analysis –Develop a methodology for unpacking malware and get practical experience with five of the most popular packers –Analyze special cases of malware with shellcode, C++, and 64-bit code Hands-on labs throughout the book challenge you to practice and synthesize your skills as you dissect real malware samples, and pages of detailed dissections offer an over-the-shoulder look at how the pros do it. You'll learn how to crack open malware to see how it really works, determine what damage it has done, thoroughly clean your network, and ensure that the malware never comes back. Malware analysis is a cat-and-mouse game with rules that are constantly changing, so make sure you have the fundamentals. Whether you're tasked with securing one network or a thousand networks, or you're making a living as a malware analyst, you'll find what you need to succeed in Practical Malware Analysis.

Download or read book Implementing Reverse Engineering written by Jitender Narula and published by BPB Publications. This book was released on 2021-08-27 with total page 567 pages. Available in PDF, EPUB and Kindle. Book excerpt: More practical less theory KEY FEATURES ● In-depth practical demonstration with multiple examples of reverse engineering concepts. ● Provides a step-by-step approach to reverse engineering, including assembly instructions. ● Helps security researchers to crack application code and logic using reverse engineering open source tools. ● Reverse engineering strategies for simple-to-complex applications like Wannacry ransomware and Windows calculator. DESCRIPTION The book ‘Implementing Reverse Engineering’ begins with a step-by-step explanation of the fundamentals of reverse engineering. You will learn how to use reverse engineering to find bugs and hacks in real-world applications. This book is divided into three sections. The first section is an exploration of the reverse engineering process. The second section explains reverse engineering of applications, and the third section is a collection of real-world use-cases with solutions. The first section introduces the basic concepts of a computing system and the data building blocks of the computing system. This section also includes open-source tools such as CFF Explorer, Ghidra, Cutter, and x32dbg. The second section goes over various reverse engineering practicals on various applications to give users hands-on experience. In the third section, reverse engineering of Wannacry ransomware, a well-known Windows application, and various exercises are demonstrated step by step. In a very detailed and step-by-step manner, you will practice and understand different assembly instructions, types of code calling conventions, assembly patterns of applications with the printf function, pointers, array, structure, scanf, strcpy function, decision, and loop control structures. You will learn how to use open-source tools for reverse engineering such as portable executable editors, disassemblers, and debuggers. WHAT YOU WILL LEARN ● Understand different code calling conventions like CDECL, STDCALL, and FASTCALL with practical illustrations. ● Analyze and break WannaCry ransomware using Ghidra. ● Using Cutter, reconstruct application logic from the assembly code. ● Hack the Windows calculator to modify its behavior. WHO THIS BOOK IS FOR This book is for cybersecurity researchers, bug bounty hunters, software developers, software testers, and software quality assurance experts who want to perform reverse engineering for advanced security from attacks. Interested readers can also be from high schools or universities (with a Computer Science background). Basic programming knowledge is helpful but not required. TABLE OF CONTENTS 1. Impact of Reverse Engineering 2. Understanding Architecture of x86 machines 3. Up and Running with Reverse Engineering tools 4. Walkthrough on Assembly Instructions 5. Types of Code Calling Conventions 6. Reverse Engineering Pattern of Basic Code 7. Reverse Engineering Pattern of the printf() Program 8. Reverse Engineering Pattern of the Pointer Program 9. Reverse Engineering Pattern of the Decision Control Structure 10. Reverse Engineering Pattern of the Loop Control Structure 11. Array Code Pattern in Reverse Engineering 12. Structure Code Pattern in Reverse Engineering 13. Scanf Program Pattern in Reverse Engineering 14. strcpy Program Pattern in Reverse Engineering 15. Simple Interest Code Pattern in Reverse Engineering 16. Breaking Wannacry Ransomware with Reverse Engineering 17. Generate Pseudo Code from the Binary File 18. Fun with Windows Calculator Using Reverse Engineering

Download or read book Reverse Engineering Code with IDA Pro written by IOActive and published by Elsevier. This book was released on 2011-04-18 with total page 329 pages. Available in PDF, EPUB and Kindle. Book excerpt: If you want to master the art and science of reverse engineering code with IDA Pro for security R&D or software debugging, this is the book for you. Highly organized and sophisticated criminal entities are constantly developing more complex, obfuscated, and armored viruses, worms, Trojans, and botnets. IDA Pro's interactive interface and programmable development language provide you with complete control over code disassembly and debugging. This is the only book which focuses exclusively on the world's most powerful and popular took for reverse engineering code. - Reverse Engineer REAL Hostile Code To follow along with this chapter, you must download a file called !DANGER!INFECTEDMALWARE!DANGER!... 'nuff said - Portable Executable (PE) and Executable and Linking Formats (ELF) Understand the physical layout of PE and ELF files, and analyze the components that are essential to reverse engineering - Break Hostile Code Armor and Write your own Exploits Understand execution flow, trace functions, recover hard coded passwords, find vulnerable functions, backtrace execution, and craft a buffer overflow - Master Debugging Debug in IDA Pro, use a debugger while reverse engineering, perform heap and stack access modification, and use other debuggers - Stop Anti-Reversing Anti-reversing, like reverse engineering or coding in assembly, is an art form. The trick of course is to try to stop the person reversing the application. Find out how! - Track a Protocol through a Binary and Recover its Message Structure Trace execution flow from a read event, determine the structure of a protocol, determine if the protocol has any undocumented messages, and use IDA Pro to determine the functions that process a particular message - Develop IDA Scripts and Plug-ins Learn the basics of IDA scripting and syntax, and write IDC scripts and plug-ins to automate even the most complex tasks

Download or read book Rootkits and Bootkits written by Alex Matrosov and published by No Starch Press. This book was released on 2019-05-07 with total page 504 pages. Available in PDF, EPUB and Kindle. Book excerpt: Rootkits and Bootkits will teach you how to understand and counter sophisticated, advanced threats buried deep in a machine’s boot process or UEFI firmware. With the aid of numerous case studies and professional research from three of the world’s leading security experts, you’ll trace malware development over time from rootkits like TDL3 to present-day UEFI implants and examine how they infect a system, persist through reboot, and evade security software. As you inspect and dissect real malware, you’ll learn: • How Windows boots—including 32-bit, 64-bit, and UEFI mode—and where to find vulnerabilities • The details of boot process security mechanisms like Secure Boot, including an overview of Virtual Secure Mode (VSM) and Device Guard • Reverse engineering and forensic techniques for analyzing real malware, including bootkits like Rovnix/Carberp, Gapz, TDL4, and the infamous rootkits TDL3 and Festi • How to perform static and dynamic analysis using emulation and tools like Bochs and IDA Pro • How to better understand the delivery stage of threats against BIOS and UEFI firmware in order to create detection capabilities • How to use virtualization tools like VMware Workstation to reverse engineer bootkits and the Intel Chipsec tool to dig into forensic analysis Cybercrime syndicates and malicious actors will continue to write ever more persistent and covert attacks, but the game is not lost. Explore the cutting edge of malware analysis with Rootkits and Bootkits. Covers boot processes for Windows 32-bit and 64-bit operating systems.

Download or read book Mastering Reverse Engineering written by Reginald Wong and published by Packt Publishing Ltd. This book was released on 2018-10-31 with total page 423 pages. Available in PDF, EPUB and Kindle. Book excerpt: Implement reverse engineering techniques to analyze software, exploit software targets, and defend against security threats like malware and viruses. Key FeaturesAnalyze and improvise software and hardware with real-world examplesLearn advanced debugging and patching techniques with tools such as IDA Pro, x86dbg, and Radare2.Explore modern security techniques to identify, exploit, and avoid cyber threatsBook Description If you want to analyze software in order to exploit its weaknesses and strengthen its defenses, then you should explore reverse engineering. Reverse Engineering is a hackerfriendly tool used to expose security flaws and questionable privacy practices.In this book, you will learn how to analyse software even without having access to its source code or design documents. You will start off by learning the low-level language used to communicate with the computer and then move on to covering reverse engineering techniques. Next, you will explore analysis techniques using real-world tools such as IDA Pro and x86dbg. As you progress through the chapters, you will walk through use cases encountered in reverse engineering, such as encryption and compression, used to obfuscate code, and how to to identify and overcome anti-debugging and anti-analysis tricks. Lastly, you will learn how to analyse other types of files that contain code. By the end of this book, you will have the confidence to perform reverse engineering. What you will learnLearn core reverse engineeringIdentify and extract malware componentsExplore the tools used for reverse engineeringRun programs under non-native operating systemsUnderstand binary obfuscation techniquesIdentify and analyze anti-debugging and anti-analysis tricksWho this book is for If you are a security engineer or analyst or a system programmer and want to use reverse engineering to improve your software and hardware, this is the book for you. You will also find this book useful if you are a developer who wants to explore and learn reverse engineering. Having some programming/shell scripting knowledge is an added advantage.

Download or read book How Computers Really Work written by Matthew Justice and published by No Starch Press. This book was released on 2020-12-29 with total page 394 pages. Available in PDF, EPUB and Kindle. Book excerpt: An approachable, hands-on guide to understanding how computers work, from low-level circuits to high-level code. How Computers Really Work is a hands-on guide to the computing ecosystem: everything from circuits to memory and clock signals, machine code, programming languages, operating systems, and the internet. But you won't just read about these concepts, you'll test your knowledge with exercises, and practice what you learn with 41 optional hands-on projects. Build digital circuits, craft a guessing game, convert decimal numbers to binary, examine virtual memory usage, run your own web server, and more. Explore concepts like how to: Think like a software engineer as you use data to describe a real world concept Use Ohm's and Kirchhoff's laws to analyze an electrical circuit Think like a computer as you practice binary addition and execute a program in your mind, step-by-step The book's projects will have you translate your learning into action, as you: Learn how to use a multimeter to measure resistance, current, and voltage Build a half adder to see how logical operations in hardware can be combined to perform useful functions Write a program in assembly language, then examine the resulting machine code Learn to use a debugger, disassemble code, and hack a program to change its behavior without changing the source code Use a port scanner to see which internet ports your computer has open Run your own server and get a solid crash course on how the web works And since a picture is worth a thousand bytes, chapters are filled with detailed diagrams and illustrations to help clarify technical complexities. Requirements: The projects require a variety of hardware - electronics projects need a breadboard, power supply, and various circuit components; software projects are performed on a Raspberry Pi. Appendix B contains a complete list. Even if you skip the projects, the book's major concepts are clearly presented in the main text.

Download or read book The Ghidra Book written by Chris Eagle and published by . This book was released on 2020 with total page 608 pages. Available in PDF, EPUB and Kindle. Book excerpt: The result of more than a decade of research and development within the NSA, the Ghidra platform was developed to address some of the agency's most challenging reverse-engineering problems. With the open-source release of this formerly restricted tool suite, one of the world's most capable disassemblers and intuitive decompilers is now in the hands of cybersecurity defenders everywhere -- and The Ghidra Book is the one and only guide you need to master it. In addition to discussing RE techniques useful in analyzing software and malware of all kinds, the book thoroughly introduces Ghidra's components, features, and unique capacity for group collaboration. You'll learn how to: •Navigate a disassembly •Use Ghidra's built-in decompiler to expedite analysis •Analyze obfuscated binaries •Extend Ghidra to recognize new data types •Build new Ghidra analyzers and loaders •Add support for new processors and instruction sets •Script Ghidra tasks to automate workflows •Set up and use a collaborative reverse engineering environment Designed for beginner and advanced users alike, The Ghidra Book will effectively prepare you to meet the needs and challenges of RE, so you can analyze files like a pro.

Download or read book Rootkit Arsenal written by Bill Blunden and published by Jones & Bartlett Publishers. This book was released on 2013 with total page 816 pages. Available in PDF, EPUB and Kindle. Book excerpt: While forensic analysis has proven to be a valuable investigative tool in the field of computer security, utilizing anti-forensic technology makes it possible to maintain a covert operational foothold for extended periods, even in a high-security environment. Adopting an approach that favors full disclosure, the updated Second Edition of The Rootkit Arsenal presents the most accessible, timely, and complete coverage of forensic countermeasures. This book covers more topics, in greater depth, than any other currently available. In doing so the author forges through the murky back alleys of the Internet, shedding light on material that has traditionally been poorly documented, partially documented, or intentionally undocumented. The range of topics presented includes how to: -Evade post-mortem analysis -Frustrate attempts to reverse engineer your command & control modules -Defeat live incident response -Undermine the process of memory analysis -Modify subsystem internals to feed misinformation to the outside -Entrench your code in fortified regions of execution -Design and implement covert channels -Unearth new avenues of attack

Download or read book The Ghidra Book written by Chris Eagle and published by No Starch Press. This book was released on 2020-09-01 with total page 610 pages. Available in PDF, EPUB and Kindle. Book excerpt: A guide to using the Ghidra software reverse engineering tool suite. The result of more than a decade of research and development within the NSA, the Ghidra platform was developed to address some of the agency's most challenging reverse-engineering problems. With the open-source release of this formerly restricted tool suite, one of the world's most capable disassemblers and intuitive decompilers is now in the hands of cybersecurity defenders everywhere -- and The Ghidra Book is the one and only guide you need to master it. In addition to discussing RE techniques useful in analyzing software and malware of all kinds, the book thoroughly introduces Ghidra's components, features, and unique capacity for group collaboration. You'll learn how to: Navigate a disassembly Use Ghidra's built-in decompiler to expedite analysis Analyze obfuscated binaries Extend Ghidra to recognize new data types Build new Ghidra analyzers and loaders Add support for new processors and instruction sets Script Ghidra tasks to automate workflows Set up and use a collaborative reverse engineering environment Designed for beginner and advanced users alike, The Ghidra Book will effectively prepare you to meet the needs and challenges of RE, so you can analyze files like a pro.

Download or read book The IDA Pro Book 2nd Edition written by Chris Eagle and published by No Starch Press. This book was released on 2011-07-11 with total page 676 pages. Available in PDF, EPUB and Kindle. Book excerpt: No source code? No problem. With IDA Pro, the interactive disassembler, you live in a source code-optional world. IDA can automatically analyze the millions of opcodes that make up an executable and present you with a disassembly. But at that point, your work is just beginning. With The IDA Pro Book, you'll learn how to turn that mountain of mnemonics into something you can actually use. Hailed by the creator of IDA Pro as "profound, comprehensive, and accurate," the second edition of The IDA Pro Book covers everything from the very first steps to advanced automation techniques. You'll find complete coverage of IDA's new Qt-based user interface, as well as increased coverage of the IDA debugger, the Bochs debugger, and IDA scripting (especially using IDAPython). But because humans are still smarter than computers, you'll even learn how to use IDA's latest interactive and scriptable interfaces to your advantage. Save time and effort as you learn to: –Navigate, comment, and modify disassembly –Identify known library routines, so you can focus your analysis on other areas of the code –Use code graphing to quickly make sense of cross references and function calls –Extend IDA to support new processors and filetypes using the SDK –Explore popular plug-ins that make writing IDA scripts easier, allow collaborative reverse engineering, and much more –Use IDA's built-in debugger to tackle hostile and obfuscated code Whether you're analyzing malware, conducting vulnerability research, or reverse engineering software, a mastery of IDA is crucial to your success. Take your skills to the next level with this 2nd edition of The IDA Pro Book.

Download or read book Learning Linux Binary Analysis written by Ryan "elfmaster" O'Neill and published by Packt Publishing Ltd. This book was released on 2016-02-29 with total page 282 pages. Available in PDF, EPUB and Kindle. Book excerpt: Uncover the secrets of Linux binary analysis with this handy guide About This Book Grasp the intricacies of the ELF binary format of UNIX and Linux Design tools for reverse engineering and binary forensic analysis Insights into UNIX and Linux memory infections, ELF viruses, and binary protection schemes Who This Book Is For If you are a software engineer or reverse engineer and want to learn more about Linux binary analysis, this book will provide you with all you need to implement solutions for binary analysis in areas of security, forensics, and antivirus. This book is great for both security enthusiasts and system level engineers. Some experience with the C programming language and the Linux command line is assumed. What You Will Learn Explore the internal workings of the ELF binary format Discover techniques for UNIX Virus infection and analysis Work with binary hardening and software anti-tamper methods Patch executables and process memory Bypass anti-debugging measures used in malware Perform advanced forensic analysis of binaries Design ELF-related tools in the C language Learn to operate on memory with ptrace In Detail Learning Linux Binary Analysis is packed with knowledge and code that will teach you the inner workings of the ELF format, and the methods used by hackers and security analysts for virus analysis, binary patching, software protection and more. This book will start by taking you through UNIX/Linux object utilities, and will move on to teaching you all about the ELF specimen. You will learn about process tracing, and will explore the different types of Linux and UNIX viruses, and how you can make use of ELF Virus Technology to deal with them. The latter half of the book discusses the usage of Kprobe instrumentation for kernel hacking, code patching, and debugging. You will discover how to detect and disinfect kernel-mode rootkits, and move on to analyze static code. Finally, you will be walked through complex userspace memory infection analysis. This book will lead you into territory that is uncharted even by some experts; right into the world of the computer hacker. Style and approach The material in this book provides detailed insight into the arcane arts of hacking, coding, reverse engineering Linux executables, and dissecting process memory. In the computer security industry these skills are priceless, and scarce. The tutorials are filled with knowledge gained through first hand experience, and are complemented with frequent examples including source code.

Download or read book Violent Python written by TJ O'Connor and published by Newnes. This book was released on 2012-12-28 with total page 289 pages. Available in PDF, EPUB and Kindle. Book excerpt: Violent Python shows you how to move from a theoretical understanding of offensive computing concepts to a practical implementation. Instead of relying on another attacker's tools, this book will teach you to forge your own weapons using the Python programming language. This book demonstrates how to write Python scripts to automate large-scale network attacks, extract metadata, and investigate forensic artifacts. It also shows how to write code to intercept and analyze network traffic using Python, craft and spoof wireless frames to attack wireless and Bluetooth devices, and how to data-mine popular social media websites and evade modern anti-virus. - Demonstrates how to write Python scripts to automate large-scale network attacks, extract metadata, and investigate forensic artifacts - Write code to intercept and analyze network traffic using Python. Craft and spoof wireless frames to attack wireless and Bluetooth devices - Data-mine popular social media websites and evade modern anti-virus

Download or read book Hacking APIs written by Corey J. Ball and published by No Starch Press. This book was released on 2022-07-05 with total page 362 pages. Available in PDF, EPUB and Kindle. Book excerpt: Hacking APIs is a crash course in web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure. Hacking APIs is a crash course on web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure. You’ll learn how REST and GraphQL APIs work in the wild and set up a streamlined API testing lab with Burp Suite and Postman. Then you’ll master tools useful for reconnaissance, endpoint analysis, and fuzzing, such as Kiterunner and OWASP Amass. Next, you’ll learn to perform common attacks, like those targeting an API’s authentication mechanisms and the injection vulnerabilities commonly found in web applications. You’ll also learn techniques for bypassing protections against these attacks. In the book’s nine guided labs, which target intentionally vulnerable APIs, you’ll practice: • Enumerating APIs users and endpoints using fuzzing techniques • Using Postman to discover an excessive data exposure vulnerability • Performing a JSON Web Token attack against an API authentication process • Combining multiple API attack techniques to perform a NoSQL injection • Attacking a GraphQL API to uncover a broken object level authorization vulnerability By the end of the book, you’ll be prepared to uncover those high-payout API bugs other hackers aren’t finding and improve the security of applications on the web.