Domain 7 is covered in this Chapter:

The malicious code area encompasses the principles, means and methods used by programs, applications and code segments to infect, abuse or otherwise impact the proper operation of an information processing system or network.

Introduction

As you begin this chapter, ask yourself "Hacker tools; can any good come from these?" The answer is yes. Even though these seemingly malicious programs were designed with bad intentions or as a simple proof of concept, many can be used to verify that a network can withstand common attacks. Although you will not want to launch attacks on your own network with any of the tools listed within this chapter, having knowledge of them will help you to learn what may be exploitable on your network. This chapter examines the malicious hacker programs, why they are problematic, and what you can do to protect yourself all of this while preparing for the SSCP exam.

So, does this mean that anyone who writes code is an evil hacker waking each day to stir your network up? No, it cannot all be blamed on hackers. Many times, the problem lies in the design of the application. From poor coding and back doors to buffer overflows, application exploits offer an easy path to damage and destruction. No matter what method is used, the attacker is sure to perform some type of reconnaissance. Be it probing, sniffing, or scanning, the attacker will need to determine what they are up against. This is serious...