David Alves | Cybersecurity 🚀
What are your favorite #CyberSecurity books? 🤔 I’m trying to make a list here! 📝 Any suggestions? 🚀
Book mentions in this thread
The Smartest Person in the Room
by Christian EspinosaCyberattack-an ominous word that strikes fear in the hearts of nearly everyone, especially business owners, CEOs, and executives. With cyberattacks resulting in often devastating results, it's no wonder executives hire the best and brightest of the IT world for protection. But are you doing enough? Do you understand your risks? What if the brightest aren't always the best choice for your company? In The Smartest Person in the Room, Christian Espinosa shows you how to leverage your company's smartest minds to your benefit and theirs. Learn from Christian's own journey from cybersecurity engineer to company CEO. He describes why a high IQ is a lost superpower when effective communication, true intelligence, and self-confidence are not embraced. With his seven-step methodology and stories from the field, Christian helps you develop your team's technical minds so they become better humans and strong leaders who excel in every role. This book provides you with an enlightening perspective of how to turn your biggest unknown weakness into your strongest defense.
The 8 Layers of the OSI Cake
by Jeremy MartinAn essential anti-phishing desk reference for anyone with anemail address Phishing Dark Waters addresses the growing and continuingscourge of phishing emails, and provides actionable defensivetechniques and tools to help you steer clear of malicious emails.Phishing is analyzed from the viewpoint of human decision-makingand the impact of deliberate influence and manipulation on therecipient. With expert guidance, this book provides insight intothe financial, corporate espionage, nation state, and identitytheft goals of the attackers, and teaches you how to spot a spoofede-mail or cloned website. Included are detailed examples of highprofile breaches at Target, RSA, Coca Cola, and the AP, as well asan examination of sample scams including the Nigerian 419,financial themes, and post high-profile event attacks. Learn how toprotect yourself and your organization using anti-phishing tools,and how to create your own phish to use as part of a securityawareness program. Phishing is a social engineering technique through email thatdeceives users into taking an action that is not in their bestinterest, but usually with the goal of disclosing information orinstalling malware on the victim's computer. Phishing DarkWaters explains the phishing process and techniques, and thedefenses available to keep scammers at bay. Learn what a phish is, and the deceptive ways they've beenused Understand decision-making, and the sneaky ways phishers reelyou in Recognize different types of phish, and know what to do whenyou catch one Use phishing as part of your security awareness program forheightened protection Attempts to deal with the growing number of phishing incidentsinclude legislation, user training, public awareness, and technicalsecurity, but phishing still exploits the natural way humansrespond to certain situations. Phishing Dark Waters is anindispensible guide to recognizing and blocking the phish, keepingyou, your organization, and your finances safe.
Intelligence-Driven Incident Response
by Scott J. RobertsUsing a well-conceived incident response plan in the aftermath of an online security breach enables your team to identify attackers and learn how they operate. But, only when you approach incident response with a cyber threat intelligence mindset will you truly understand the value of that information. With this practical guide, you’ll learn the fundamentals of intelligence analysis, as well as the best ways to incorporate these techniques into your incident response process. Each method reinforces the other: threat intelligence supports and augments incident response, while incident response generates useful threat intelligence. This book helps incident managers, malware analysts, reverse engineers, digital forensics specialists, and intelligence analysts understand, implement, and benefit from this relationship. In three parts, this in-depth book includes: The fundamentals: get an introduction to cyber threat intelligence, the intelligence process, the incident-response process, and how they all work together Practical application: walk through the intelligence-driven incident response (IDIR) process using the F3EAD process—Find, Fix Finish, Exploit, Analyze, and Disseminate The way forward: explore big-picture aspects of IDIR that go beyond individual incident-response investigations, including intelligence team building
Tribe of Hackers
by Marcus J. CareyTribe of Hackers: Cybersecurity Advice from the Best Hackers in the World (9781119643371) was previously published as Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World (9781793464187). While this version features a new cover design and introduction, the remaining content is the same as the prior release and should not be considered a new or updated product. Looking for real-world advice from leading cybersecurity experts? You’ve found your tribe. Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World is your guide to joining the ranks of hundreds of thousands of cybersecurity professionals around the world. Whether you’re just joining the industry, climbing the corporate ladder, or considering consulting, Tribe of Hackers offers the practical know-how, industry perspectives, and technical insight you need to succeed in the rapidly growing information security market. This unique guide includes inspiring interviews from 70 security experts, including Lesley Carhart, Ming Chow, Bruce Potter, Robert M. Lee, and Jayson E. Street. Get the scoop on the biggest cybersecurity myths and misconceptions about security Learn what qualities and credentials you need to advance in the cybersecurity field Uncover which life hacks are worth your while Understand how social media and the Internet of Things has changed cybersecurity Discover what it takes to make the move from the corporate world to your own cybersecurity venture Find your favorite hackers online and continue the conversation Tribe of Hackers is a must-have resource for security professionals who are looking to advance their careers, gain a fresh perspective, and get serious about cybersecurity with thought-provoking insights from the world’s most noteworthy hackers and influential security specialists.
Defensive Security Handbook
by Lee BrotherstonDespite the increase of high-profile hacks, record-breaking data leaks, and ransomware attacks, many organizations don’t have the budget to establish or outsource an information security (InfoSec) program, forcing them to learn on the job. For companies obliged to improvise, this pragmatic guide provides a security-101 handbook with steps, tools, processes, and ideas to help you drive maximum-security improvement at little or no cost. Each chapter in this book provides step-by-step instructions for dealing with a specific issue, including breaches and disasters, compliance, network infrastructure and password management, vulnerability scanning, and penetration testing, among others. Network engineers, system administrators, and security professionals will learn tools and techniques to help improve security in sensible, manageable chunks. Learn fundamentals of starting or redesigning an InfoSec program Create a base set of policies, standards, and procedures Plan and design incident response, disaster recovery, compliance, and physical security Bolster Microsoft and Unix systems, network infrastructure, and password management Use segmentation practices and designs to compartmentalize your network Explore automated process and tools for vulnerability management Securely develop code to reduce exploitable errors Understand basic penetration testing concepts through purple teaming Delve into IDS, IPS, SOC, logging, and monitoring
The Web Application Hacker's Handbook
by Dafydd StuttardThe highly successful security book returns with a new edition, completely updated Web applications are the front door to most organizations, exposing them to attacks that may disclose personal information, execute fraudulent transactions, or compromise ordinary users. This practical book has been completely updated and revised to discuss the latest step-by-step techniques for attacking and defending the range of ever-evolving web applications. You'll explore the various new technologies employed in web applications that have appeared since the first edition and review the new attack techniques that have been developed, particularly in relation to the client side. Reveals how to overcome the new technologies and techniques aimed at defending web applications against attacks that have appeared since the previous edition Discusses new remoting frameworks, HTML5, cross-domain integration techniques, UI redress, framebusting, HTTP parameter pollution, hybrid file attacks, and more Features a companion web site hosted by the authors that allows readers to try out the attacks described, gives answers to the questions that are posed at the end of each chapter, and provides a summarized methodology and checklist of tasks Focusing on the areas of web application security where things have changed in recent years, this book is the most current resource on the critical topic of discovering, exploiting, and preventing web application security flaws. Also available as a set with, CEHv8: Certified Hacker Version 8 Study Guide, Ethical Hacking and Web Hacking Set, 9781119072171.
Alice and Bob Learn Application Security
by Tanya JancaLearn application security from the very start, with this comprehensive and approachable guide! Alice and Bob Learn Application Security is an accessible and thorough resource for anyone seeking to incorporate, from the beginning of the System Development Life Cycle, best security practices in software development. This book covers all the basic subjects such as threat modeling and security testing, but also dives deep into more complex and advanced topics for securing modern software systems and architectures. Throughout, the book offers analogies, stories of the characters Alice and Bob, real-life examples, technical explanations and diagrams to ensure maximum clarity of the many abstract and complicated subjects. Topics include: · Secure requirements, design, coding, and deployment · Security Testing (all forms) · Common Pitfalls · Application Security Programs · Securing Modern Applications · Software Developer Security Hygiene Alice and Bob Learn Application Security is perfect for aspiring application security engineers and practicing software developers, as well as software project managers, penetration testers, and chief information security officers who seek to build or improve their application security programs. Alice and Bob Learn Application Security illustrates all the included concepts with easy-to-understand examples and concrete practical applications, furthering the reader’s ability to grasp and retain the foundational and advanced topics contained within.
by Christopher HadnagyThe first book to reveal and dissect the technical aspect of many social engineering maneuvers From elicitation, pretexting, influence and manipulation all aspects of social engineering are picked apart, discussed and explained by using real world examples, personal experience and the science behind them to unraveled the mystery in social engineering. Kevin Mitnick—one of the most famous social engineers in the world—popularized the term “social engineering.” He explained that it is much easier to trick someone into revealing a password for a system than to exert the effort of hacking into the system. Mitnick claims that this social engineering tactic was the single-most effective method in his arsenal. This indispensable book examines a variety of maneuvers that are aimed at deceiving unsuspecting victims, while it also addresses ways to prevent social engineering threats. Examines social engineering, the science of influencing a target to perform a desired task or divulge information Arms you with invaluable information about the many methods of trickery that hackers use in order to gather information with the intent of executing identity theft, fraud, or gaining computer system access Reveals vital steps for preventing social engineering threats Social Engineering: The Art of Human Hacking does its part to prepare you against nefarious hackers—now you can do your part by putting to good use the critical information within its pages.
The Basics of Hacking and Penetration Testing
by Patrick EngebretsonThe Basics of Hacking and Penetration Testing, Second Edition, serves as an introduction to the steps required to complete a penetration test or perform an ethical hack from beginning to end. The book teaches students how to properly utilize and interpret the results of the modern-day hacking tools required to complete a penetration test. It provides a simple and clean explanation of how to effectively utilize these tools, along with a four-step methodology for conducting a penetration test or hack, thus equipping students with the know-how required to jump start their careers and gain a better understanding of offensive security. Each chapter contains hands-on examples and exercises that are designed to teach learners how to interpret results and utilize those results in later phases. Tool coverage includes: Backtrack Linux, Google reconnaissance, MetaGooFil, dig, Nmap, Nessus, Metasploit, Fast Track Autopwn, Netcat, and Hacker Defender rootkit. This is complemented by PowerPoint slides for use in class. This book is an ideal resource for security consultants, beginning InfoSec professionals, and students. Each chapter contains hands-on examples and exercises that are designed to teach you how to interpret the results and utilize those results in later phases. Written by an author who works in the field as a Penetration Tester and who teaches Offensive Security, Penetration Testing, and Ethical Hacking, and Exploitation classes at Dakota State University. Utilizes the Kali Linux distribution and focuses on the seminal tools required to complete a penetration test.
The Hacker Playbook 2
by Peter KimJust as a professional athlete doesn't show up without a solid game plan, ethical hackers, IT professionals, and security researchers should not be unprepared, either. The Hacker Playbook provides them their own game plans. Written by a longtime security professional and CEO of Secure Planet, LLC, this step-by-step guide to the "game" of penetration hacking features hands-on examples and helpful advice from the top of the field. Through a series of football-style "plays," this straightforward guide gets to the root of many of the roadblocks people may face while penetration testing-including attacking different types of networks, pivoting through security controls, privilege escalation, and evading antivirus software. From "Pregame" research to "The Drive" and "The Lateral Pass," the practical plays listed can be read in order or referenced as needed. Either way, the valuable advice within will put you in the mindset of a penetration tester of a Fortune 500 company, regardless of your career or level of experience. This second version of The Hacker Playbook takes all the best "plays" from the original book and incorporates the latest attacks, tools, and lessons learned. Double the content compared to its predecessor, this guide further outlines building a lab, walks through test cases for attacks, and provides more customized code. Whether you're downing energy drinks while desperately looking for an exploit, or preparing for an exciting new job in IT security, this guide is an essential part of any ethical hacker's library-so there's no reason not to get in the game.
The Art of Memory Forensics
by Michael Hale LighMemory forensics provides cutting edge technology to help investigate digital attacks Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes. As a follow-up to the best seller Malware Analyst's Cookbook, experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics—now the most sought after skill in the digital forensics and incident response fields. Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory is based on a five day training course that the authors have presented to hundreds of students. It is the only book on the market that focuses exclusively on memory forensics and how to deploy such techniques properly. Discover memory forensics techniques: How volatile memory analysis improves digital investigations Proper investigative steps for detecting stealth malware and advanced threats How to use free, open source tools for conducting thorough memory forensics Ways to acquire memory from suspect systems in a forensically sound manner The next era of malware and security breaches are more sophisticated and targeted, and the volatile memory of a computer is often overlooked or destroyed as part of the incident response process. The Art of Memory Forensics explains the latest technological innovations in digital forensics to help bridge this gap. It covers the most popular and recently released versions of Windows, Linux, and Mac, including both the 32 and 64-bit editions.
by Ross AndersonMarket_Desc: · Computer programmers and computer engineers with no security background· Computer Security Professionals· Students · Professors Special Features: · Revision of best-selling first edition, 0471389226, 3/9/01, 24,000 copies sold· Updated with 200 more pages and new coverage of Vista, Xen, phishing, Google issues, declassified military doctrine, Richard Clarke issues , Skype, mobile fraud, music security issues (iTunes, etc.), antitrust issues and more· No other book covers the security of embedded applications (cars, postal meters, vending machines, phones, etc.)· The author is one of the world's foremost authorities on security design for companies like Microsoft, Intel, and VISA; the first edition is considered the seminal work in security design About The Book: The book's contents speak to the audience: working technical professional with no security background. To that end, all examples are for current technologies and applications. Using current, real-world examples the book covers basic Concepts of Security Engineering (including examples of systems and failures).The book is a security design manual for embedded systems, the only one of its kind, thought to be a seminal work and controversial in high-level circles because some security experts think the author is giving the bad guys as many secret algorithms as the good guys but that's what you really have to know if you want to build good security systems.
Windows Internals, Part 1
by Mark E. RussinovichDelve inside Windows architecture and internals - and see how core components work behind the scenes. This classic guide has been fully updated for Windows 8.1 and Windows Server 2012 R2, and now presents its coverage in three volumes: Book 1, User Mode; Book 2, Kernel Mode; Book 3, Device Driver Models. In Book 1, you'll plumb Windows fundamentals, independent of platform - server, desktop, tablet, phone, Xbox. Coverage focuses on high-level functional descriptions of the various Windows components and features that interact with, or are manipulated by, user mode programs, or applications. You'll also examine management mechanisms and operating system components that are implemented in user mode, such as service processes. As always, you get critical insider perspectives on how Windows operates. And through hands-on experiments, you'll experience its internal behavior firsthand - knowledge you can apply to improve application design, debugging, system performance, and support. Planned chapters: Concepts & Tools; System Architecture; Windows Application Support; Windows Store Apps; Graphics & the Desktop; Management Mechanisms; User Mode Memory Management; Security; Storage; Networking; Hyper-V.
The Pentester BluePrint
by Phillip L. WylieJUMPSTART YOUR NEW AND EXCITING CAREER AS A PENETRATION TESTER The Pentester BluePrint: Your Guide to Being a Pentester offers readers a chance to delve deeply into the world of the ethical, or "white-hat" hacker. Accomplished pentester and author Phillip L. Wylie and cybersecurity researcher Kim Crawley walk you through the basic and advanced topics necessary to understand how to make a career out of finding vulnerabilities in systems, networks, and applications. You'll learn about the role of a penetration tester, what a pentest involves, and the prerequisite knowledge you'll need to start the educational journey of becoming a pentester. Discover how to develop a plan by assessing your current skillset and finding a starting place to begin growing your knowledge and skills. Finally, find out how to become employed as a pentester by using social media, networking strategies, and community involvement. Perfect for IT workers and entry-level information security professionals, The Pentester BluePrint also belongs on the bookshelves of anyone seeking to transition to the exciting and in-demand field of penetration testing. Written in a highly approachable and accessible style, The Pentester BluePrint avoids unnecessarily technical lingo in favor of concrete advice and practical strategies to help you get your start in pentesting. This book will teach you: The foundations of pentesting, including basic IT skills like operating systems, networking, and security systems The development of hacking skills and a hacker mindset Where to find educational options, including college and university classes, security training providers, volunteer work, and self-study Which certifications and degrees are most useful for gaining employment as a pentester How to get experience in the pentesting field, including labs, CTFs, and bug bounties
Malware Data Science
by Joshua SaxeThis title shows you how to apply machine learning, statistics and data visualization as you build your own detection and intelligence system. Following an overview of basic reverse engineering concepts like static and dynamic analysis, you'll learn to measure code similarities in malware samples and use machine learning frameworks like scikit-learn and Keras to build and train your own detectors.
The Linux Programming Interface
by Michael KerriskThe Linux Programming Interface is the definitive guide to the Linux and UNIX programming interface—the interface employed by nearly every application that runs on a Linux or UNIX system. In this authoritative work, Linux programming expert Michael Kerrisk provides detailed descriptions of the system calls and library functions that you need in order to master the craft of system programming, and accompanies his explanations with clear, complete example programs. You'll find descriptions of over 500 system calls and library functions, and more than 200 example programs, 88 tables, and 115 diagrams. You'll learn how to: * Read and write files efficiently * Use signals, clocks, and timers * Create processes and execute programs * Write secure programs * Write multithreaded programs using POSIX threads * Build and use shared libraries * Perform interprocess communication using pipes, message queues, shared memory, and semaphores * Write network applications with the sockets API While The Linux Programming Interface covers a wealth of Linux-specific features, including epoll, inotify, and the /proc file system, its emphasis on UNIX standards (POSIX.1-2001/SUSv3 and POSIX.1-2008/SUSv4) makes it equally valuable to programmers working on other UNIX platforms. The Linux Programming Interface is the most comprehensive single-volume work on the Linux and UNIX programming interface, and a book that's destined to become a new classic.
Countdown to Zero Day
by Kim ZetterTop cybersecurity journalist Kim Zetter tells the story behind the virus that sabotaged Iran’s nuclear efforts and shows how its existence has ushered in a new age of warfare—one in which a digital attack can have the same destructive capability as a megaton bomb. In January 2010, inspectors with the International Atomic Energy Agency noticed that centrifuges at an Iranian uranium enrichment plant were failing at an unprecedented rate. The cause was a complete mystery—apparently as much to the technicians replacing the centrifuges as to the inspectors observing them. Then, five months later, a seemingly unrelated event occurred: A computer security firm in Belarus was called in to troubleshoot some computers in Iran that were crashing and rebooting repeatedly. At first, the firm’s programmers believed the malicious code on the machines was a simple, routine piece of malware. But as they and other experts around the world investigated, they discovered a mysterious virus of unparalleled complexity. They had, they soon learned, stumbled upon the world’s first digital weapon. For Stuxnet, as it came to be known, was unlike any other virus or worm built before: Rather than simply hijacking targeted computers or stealing information from them, it escaped the digital realm to wreak actual, physical destruction on a nuclear facility. In these pages, Wired journalist Kim Zetter draws on her extensive sources and expertise to tell the story behind Stuxnet’s planning, execution, and discovery, covering its genesis in the corridors of Bush’s White House and its unleashing on systems in Iran—and telling the spectacular, unlikely tale of the security geeks who managed to unravel a sabotage campaign years in the making. But Countdown to Zero Day ranges far beyond Stuxnet itself. Here, Zetter shows us how digital warfare developed in the US. She takes us inside today’s flourishing zero-day “grey markets,” in which intelligence agencies and militaries pay huge sums for the malicious code they need to carry out infiltrations and attacks. She reveals just how vulnerable many of our own critical systems are to Stuxnet-like strikes, from nation-state adversaries and anonymous hackers alike—and shows us just what might happen should our infrastructure be targeted by such an attack. Propelled by Zetter’s unique knowledge and access, and filled with eye-opening explanations of the technologies involved, Countdown to Zero Day is a comprehensive and prescient portrait of a world at the edge of a new kind of war.
This Is How They Tell Me the World Ends
by Nicole PerlrothFrom The New York Times cybersecurity reporter Nicole Perlroth, the untold story of the cyberweapons market-the most secretive, invisible, government-sponsored market on earth-and a terrifying first look at a new kind of global warfare. Zero day: a software bug that allows a hacker to break in and scamper through the world's computer networks invisibly until discovered. One of the most coveted tools in a spy's arsenal, a zero day has the power to tap into any iPhone, dismantle safety controls at a chemical plant, and shut down the power in an entire nation-just ask the Ukraine. Zero days are the blood diamonds of the security trade, pursued by nation states, defense contractors, cybercriminals, and security defenders alike. In this market, governments aren't regulators; they are clients-paying huge sums to hackers willing to turn over gaps in the Internet, and stay silent about them. For decades, the United States was the only player in this market. Now, it is just the biggest. Our primary adversaries are now in this market too, each with its own incentive to exploit the Internet's vast security holes for their own spy operations, or all-out cyberwar. This Is How They Tell Me the World Ends is cybersecurity reporter Nicole Perlroth's discovery, unpacked. A intrepid journalist unravels an opaque, code-driven market from the outside in-encountering spies, hackers, arms dealers, mercenaries, and a few unsung heroes along the way. As the stakes get higher and higher in the rush to push the world's critical infrastructure online, This Is How They Tell Me the World Ends is the urgent and alarming discovery of one of the world's most extreme threats.
by TJ O'ConnorViolent Python shows you how to move from a theoretical understanding of offensive computing concepts to a practical implementation. Instead of relying on another attacker's tools, this book will teach you to forge your own weapons using the Python programming language. This book demonstrates how to write Python scripts to automate large-scale network attacks, extract metadata, and investigate forensic artifacts. It also shows how to write code to intercept and analyze network traffic using Python, craft and spoof wireless frames to attack wireless and Bluetooth devices, and how to data-mine popular social media websites and evade modern anti-virus. Demonstrates how to write Python scripts to automate large-scale network attacks, extract metadata, and investigate forensic artifacts Write code to intercept and analyze network traffic using Python. Craft and spoof wireless frames to attack wireless and Bluetooth devices Data-mine popular social media websites and evade modern anti-virus
The Hacker and the State
by Ben BuchananThe threat of cyberwar can feel very Hollywood: nuclear codes hacked, power plants melting down, cities burning. In reality, state-sponsored hacking is covert, insidious, and constant. It is also much harder to prevent. Ben Buchanan reveals the cyberwar that's already here, reshaping the global contest for geopolitical advantage.
by David E. BockBy leading with practical data analysis and graphics, "Stats: Modeling the World" gets students " doing statistics" and " thinking statistically" from the start. Students understand what we find in data, why we find it interesting, and how we report it to others as a sound foundation for the challenges of inference. Instructors praise "Stats Modeling the World" as clear and accessible to students, and students report that they enjoy reading the text while learning how to do Statistics with the "Think, Show, "and "Tell "rubric and "What Can Go Wrong?" sections.
Attribution of Advanced Persistent Threats
by Timo SteffensAn increasing number of countries develop capabilities for cyber-espionage and sabotage. The sheer number of reported network compromises suggests that some of these countries view cyber-means as integral and well-established elements of their strategical toolbox. At the same time the relevance of such attacks for society and politics is also increasing. Digital means were used to influence the US presidential election in 2016, repeatedly led to power outages in Ukraine, and caused economic losses of hundreds of millions of dollars with a malfunctioning ransomware. In all these cases the question who was behind the attacks is not only relevant from a legal perspective, but also has a political and social dimension. Attribution is the process of tracking and identifying the actors behind these cyber-attacks. Often it is considered an art, not a science. This book systematically analyses how hackers operate, which mistakes they make, and which traces they leave behind. Using examples from real cases the author explains the analytic methods used to ascertain the origin of Advanced Persistent Threats.
SCADA and Me
by Robert M. LeeAuthor Robert Lee created this wonderful illustrated guide to SCADA to educate and inform. Supervisory Control And Data Acquisition (SCADA) systems pervade every part of our technological life. They are embedded in hospitals, power grids, and manufacturing plants. Most systems were designed and deployed well before the modern day Internet and the incredible amount of cyber attacks we see in the news daily. SCADA systems are subject to those attacks and most are vulnerable. Understanding this vulnerability and moving the conversation towards protecting the critical infrastructure controlled by SCADA systems is the purpose of SCADA and Me. This easy-to-consume book is a must-have for anyone involved in cyber education.
Threat Intelligence and Me
by Robert M. LeeThreat Intelligence is a topic that has captivated the cybersecurity industry. Yet, the topic can be complex and quickly skewed. Author Robert M. Lee and illustrator Jeff Haas created this book to take a lighthearted look at the threat intelligence community and explain the concepts to analysts in a children's book format that is age-appropriate for all.Threat Intelligence and Me is the second work by Robert and Jeff who previously created SCADA and Me: A Book for Children and Management. Their previous work has been read by tens of thousands in the security community and beyond including foreign heads of state. Threat Intelligence and Me promises to reach an even wider audience while remaining easy-to-consume and humorous.
Cyber-Security and Information Warfare (Cybercrime and Cybersecurity Research)
by Nicholas J. DarasA variety of modern research methods in a number of innovating cyber-security techniques and information management technologies are provided in this book along with new related mathematical developments and support applications from engineering. This allows for the exploration of new approaches, useful practices and related problems for further investigation.Distinguished researchers and scientists coming from different scientific origins present their research and views concerning cyber-security, information warfare and communications systems.Graduate students, scientists and engineers interested in a broad spectrum of current theories, methods, and applications in interdisciplinary fields will find this book invaluable.Topics covered include: Electronic crime and ethics in cyberspace, new technologies in security systems/systems interfaces, economic information warfare, digital security in the economy, human factor evaluation of military security systems, cyber warfare, military communications, operational analysis and information warfare, and engineering applications to security systems/detection theory.
The Code Book
by Simon Singh"As gripping as a good thriller." --The Washington Post Unpack the science of secrecy and discover the methods behind cryptography--the encoding and decoding of information--in this clear and easy-to-understand young adult adaptation of the national bestseller that's perfect for this age of WikiLeaks, the Sony hack, and other events that reveal the extent to which our technology is never quite as secure as we want to believe. Coders and codebreakers alike will be fascinated by history's most mesmerizing stories of intrigue and cunning--from Julius Caesar and his Caeser cipher to the Allies' use of the Enigma machine to decode German messages during World War II. Accessible, compelling, and timely, The Code Book is sure to make readers see the past--and the future--in a whole new way. "Singh's power of explaining complex ideas is as dazzling as ever." --The Guardian
CISSP All-in-One Exam Guide
by Shon HarrisA new edition of Shon Harris’ bestselling exam prep guide—fully updated for the new CISSP 2018 Common Body of Knowledge This effective self-study guide fully prepares you for the challenging CISSP exam and offers 100% coverage of all exam domains. This edition has been thoroughly revised to cover the new CISSP 2018 Common Body of Knowledge, hot spot and drag and drop question formats, and more. CISSP All-in-One Exam Guide, Eighth Edition features hands-on exercises as well as “Notes,” “Tips,” and “Cautions” that provide real-world insight and call out potentially harmful situations. Each chapter features learning objectives, exam tips, and practice questions with in-depth answer explanations. Beyond exam prep, the guide also serves as an ideal on-the-job reference for IT security professionals. •Fully updated to cover 2018 exam objectives and question formats•Digital content includes access to the Total Tester test engine with 1500 practice questions, and flashcards•Serves as an essential on-the-job-reference
Cybersecurity Resilience Planning Handbook
by Geoffrey H. WoldThe first step in protecting your organization from cyber attack is to develop a plan for its defense. The Cybersecurity Resilience Planning Handbook, Second Edition, provides guidance for executive management, corporate counsel, IT management, and security administrators to help them understand cyber threats and build more secure and resilient systems. The Handbook risks. A detailed cybersecurity implementation plan is included to make the planning process both effective and efficient. The new, expanded Second Edition of the Handbook now offers more than 150 workflow tools – including risk assessment worksheets, checklists, forms, and policies – to help you build out and improve your cybersecurity program to meet cyber threats and challenges as they develop.
Black Hat Python, 2nd Edition
by Justin SeitzIn Black Hat Python, the latest from Justin Seitz (author of the best-selling Gray Hat Python), you’ll explore the darker side of Python’s capabilities—writing network sniffers, manipulating packets, infecting virtual machines, creating stealthy trojans, and more. You’ll learn how to: Create a trojan command-and-control using GitHubDetect sandboxing and automate common malware tasks, like keylogging and screenshottingEscalate Windows privileges with creative process controlUse offensive memory forensics tricks to retrieve password hashes and inject shellcode into a virtual machineExtend the popular Burp Suite web-hacking toolAbuse Windows COM automation to perform a man-in-the-browser attackExfiltrate data from a network most sneakily Insider techniques and creative challenges throughout show you how to extend the hacks and how to write your own exploits. When it comes to offensive security, your ability to create powerful tools on the fly is indispensable. Learn how in Black Hat Python.
Bug Bounty Bootcamp
by Vickie LiBug Bounty Bootcamp teaches you how to hack web applications. You will learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them. You'll also learn how to navigate bug bounty programs set up by companies to reward security professionals for finding bugs in their web applications. Bug bounty programs are company-sponsored programs that invite researchers to search for vulnerabilities on their applications and reward them for their findings. This book is designed to help beginners with little to no security experience learn web hacking, find bugs, and stay competitive in this booming and lucrative industry. You'll start by learning how to choose a program, write quality bug reports, and maintain professional relationships in the industry. Then you'll learn how to set up a web hacking lab and use a proxy to capture traffic. In Part 3 of the book, you'll explore the mechanisms of common web vulnerabilities, like XSS, SQL injection, and template injection, and receive detailed advice on how to find them and bypass common protections. You'll also learn how to chain multiple bugs to maximize the impact of your vulnerabilities. Finally, the book touches on advanced techniques rarely covered in introductory hacking books but that are crucial to understand to hack web applications. You'll learn how to hack mobile apps, review an application's source code for security issues, find vulnerabilities in APIs, and automate your hacking process. By the end of the book, you'll have learned the tools and techniques necessary to be a competent web hacker and find bugs on a bug bounty program.
Silence on the Wire
by Michal Zalewski"This book will be riveting reading for security professionals and students, as well as technophiles interested in learning about how computer security fits into the big picture and high-level hackers seeking to broaden their understanding of their craft."--BOOK JACKET.
Kingdom of Lies
by Kate Fazzini"Kingdom of Lies is a brilliant and bold debut, as full of suspense as the best crime thrillers.” —Linda Fairstein, New York Times bestselling author of Blood Oath In the tradition of Michael Lewis and Tom Wolfe, a fascinating and frightening behind-the-scenes look at the interconnected cultures of hackers, security specialists, and law enforcement A 19-year-old Romanian student stumbles into a criminal ransomware ring in her village. Soon she is extorting Silicon Valley billionaires for millions -- without knowing the first thing about computers. A veteran cybersecurity specialist has built a deep network of top notch hackers in one of the world’s largest banks. But then the bank brings in a cadre of ex-military personnel to “help.” A cynical Russian only leaves his tiny New Jersey apartment only to hack sports cars at a high performance shop in Newark. But he opens his door to a consultant who needs his help. A hotel doorman in China once served in the People’s Army, stealing intellectual property from American companies. Now he uses his skills to build up a private side-business selling the data he takes from travelers to Shanghai’s commercial center. Kingdom of Lies follows the intertwined stories of cybercriminals and ethical hackers as they jump from criminal trend to criminal trend, crisis to crisis. A cybersecurity professional turned journalist, Kate Fazzini illuminates the many lies companies and governments tell us about our security, the lies criminals tell to get ahead, and the lies security leaders tell to make us think they are better at their jobs than they are. Like Traffic set in the cybercrime world, Kingdom of Lies is as entertaining as it is eye opening.
Security in Computing
by Charles P. Pfleeger And Shari Lawrence PfleegerThe New State of the Art in Information Security: Now Covers Cloud Computing, the Internet of Things, and Cyberwarfare Students and IT and security professionals have long relied on Security in Computing as the definitive guide to computer security attacks and countermeasures. Now, the authors have thoroughly updated this classic to reflect today’s newest technologies, attacks, standards, and trends. Security in Computing, Fifth Edition, offers complete, timely coverage of all aspects of computer security, including users, software, devices, operating systems, networks, and data. Reflecting rapidly evolving attacks, countermeasures, and computing environments, this new edition introduces best practices for authenticating users, preventing malicious code execution, using encryption, protecting privacy, implementing firewalls, detecting intrusions, and more. More than two hundred end-of-chapter exercises help the student to solidify lessons learned in each chapter. Combining breadth, depth, and exceptional clarity, this comprehensive guide builds carefully from simple to complex topics, so you always understand all you need to know before you move forward. You’ll start by mastering the field’s basic terms, principles, and concepts. Next, you’ll apply these basics in diverse situations and environments, learning to ”think like an attacker” and identify exploitable weaknesses. Then you will switch to defense, selecting the best available solutions and countermeasures. Finally, you’ll go beyond technology to understand crucial management issues in protecting infrastructure and data. New coverage includes A full chapter on securing cloud environments and managing their unique risks Extensive new coverage of security issues associated with user—web interaction New risks and techniques for safeguarding the Internet of Things A new primer on threats to privacy and how to guard it An assessment of computers and cyberwarfare–recent attacks and emerging risks Security flaws and risks associated with electronic voting systems
The Black Tulip (Penguin Classics)
by Alexandre Dumas pèreSet at the height of the "tulipomania" that gripped Holland in 17th century, this is the story of Cornelius van Baerle, a humble grower whose sole desire is to grow the perfect specimen of the tulip negra. When his godfather is murdered, Cornelius finds himself caught up in the deadly politics of the time, imprisoned and facing a death sentence. His jailor's daughter Rosa, holds both the key to his survival and his chance to produce the ultimate tulip.
by Brian KrebsNow a New York Times bestseller! There is a Threat Lurking Online with the Power to Destroy Your Finances, Steal Your Personal Data, and Endanger Your Life. In Spam Nation, investigative journalist and cybersecurity expert Brian Krebs unmasks the criminal masterminds driving some of the biggest spam and hacker operations targeting Americans and their bank accounts. Tracing the rise, fall, and alarming resurrection of the digital mafia behind the two largest spam pharmacies-and countless viruses, phishing, and spyware attacks-he delivers the first definitive narrative of the global spam problem and its threat to consumers everywhere. Blending cutting-edge research, investigative reporting, and firsthand interviews, this terrifying true story reveals how we unwittingly invite these digital thieves into our lives every day. From unassuming computer programmers right next door to digital mobsters like "Cosma"-who unleashed a massive malware attack that has stolen thousands of Americans' logins and passwords-Krebs uncovers the shocking lengths to which these people will go to profit from our data and our wallets. Not only are hundreds of thousands of Americans exposing themselves to fraud and dangerously toxic products from rogue online pharmacies, but even those who never open junk messages are at risk. As Krebs notes, spammers can-and do-hack into accounts through these emails, harvest personal information like usernames and passwords, and sell them on the digital black market. The fallout from this global epidemic doesn't just cost consumers and companies billions, it costs lives too. Fast-paced and utterly gripping, Spam Nation ultimately proposes concrete solutions for protecting ourselves online and stemming this tidal wave of cybercrime-before it's too late. "Krebs's talent for exposing the weaknesses in online security has earned him respect in the IT business and loathing among cybercriminals... His track record of scoops...has helped him become the rare blogger who supports himself on the strength of his reputation for hard-nosed reporting." -Bloomberg Businessweek
Moving Target Defense
by Sushil JajodiaOur cyber defenses are static and are governed by lengthy processes, e.g., for testing and security patch deployment. Adversaries could plan their attacks carefully over time and launch attacks at cyber speeds at any given moment. We need a new class of defensive strategies that would force adversaries to continually engage in reconnaissance and re-planning of their cyber operations. One such strategy is to present adversaries with a moving target where the attack surface of a system keeps changing. Moving Target Defense II: Application of Game Theory and Adversarial Modeling includes contributions from world experts in the cyber security field. In the first volume of MTD, we presented MTD approaches based on software transformations, and MTD approaches based on network and software stack configurations. In this second volume of MTD, a group of leading researchers describe game theoretic, cyber maneuver, and software transformation approaches for constructing and analyzing MTD systems. Designed as a professional book for practitioners and researchers working in the cyber security field, advanced -level students and researchers focused on computer science will also find this book valuable as a secondary text book or reference.
A Bug Hunter's Diary
by Tobias KleinKlein tracks down and exploits bugs in some of the world's most popular programs. Whether by browsing source code, poring over disassembly, or fuzzing live programs, readers get an over-the-shoulder glimpse into the world of a bug hunter as Klein unearths security flaws and uses them to take control of affected systems.
The Art of Software Security Assessment
by Mark DowdThe Definitive Insider’s Guide to Auditing Software Security This is one of the most detailed, sophisticated, and useful guides to software security auditing ever written. The authors are leading security consultants and researchers who have personally uncovered vulnerabilities in applications ranging from sendmail to Microsoft Exchange, Check Point VPN to Internet Explorer. Drawing on their extraordinary experience, they introduce a start-to-finish methodology for “ripping apart” applications to reveal even the most subtle and well-hidden security flaws. The Art of Software Security Assessment covers the full spectrum of software vulnerabilities in both UNIX/Linux and Windows environments. It demonstrates how to audit security in applications of all sizes and functions, including network and Web software. Moreover, it teaches using extensive examples of real code drawn from past flaws in many of the industry's highest-profile applications. Coverage includes • Code auditing: theory, practice, proven methodologies, and secrets of the trade • Bridging the gap between secure software design and post-implementation review • Performing architectural assessment: design review, threat modeling, and operational review • Identifying vulnerabilities related to memory management, data types, and malformed data • UNIX/Linux assessment: privileges, files, and processes • Windows-specific issues, including objects and the filesystem • Auditing interprocess communication, synchronization, and state • Evaluating network software: IP stacks, firewalls, and common application protocols • Auditing Web applications and technologies
File System Forensic Analysis
by Brian CarrierThe Definitive Guide to File System Analysis: Key Concepts and Hands-on Techniques Most digital evidence is stored within the computer's file system, but understanding how file systems work is one of the most technically challenging concepts for a digital investigator because there exists little documentation. Now, security expert Brian Carrier has written the definitive reference for everyone who wants to understand and be able to testify about how file system analysis is performed. Carrier begins with an overview of investigation and computer foundations and then gives an authoritative, comprehensive, and illustrated overview of contemporary volume and file systems: Crucial information for discovering hidden evidence, recovering deleted data, and validating your tools. Along the way, he describes data structures, analyzes example disk images, provides advanced investigation scenarios, and uses today's most valuable open source file system analysis tools—including tools he personally developed. Coverage includes Preserving the digital crime scene and duplicating hard disks for "dead analysis" Identifying hidden data on a disk's Host Protected Area (HPA) Reading source data: Direct versus BIOS access, dead versus live acquisition, error handling, and more Analyzing DOS, Apple, and GPT partitions; BSD disk labels; and Sun Volume Table of Contents using key concepts, data structures, and specific techniques Analyzing the contents of multiple disk volumes, such as RAID and disk spanning Analyzing FAT, NTFS, Ext2, Ext3, UFS1, and UFS2 file systems using key concepts, data structures, and specific techniques Finding evidence: File metadata, recovery of deleted files, data hiding locations, and more Using The Sleuth Kit (TSK), Autopsy Forensic Browser, and related open source tools When it comes to file system analysis, no other book offers this much detail or expertise. Whether you're a digital forensics specialist, incident response team member, law enforcement officer, corporate security specialist, or auditor, this book will become an indispensable resource for forensic investigations, no matter what analysis tools you use.
Click Here to Kill Everybody
by Bruce SchneierA world of "smart" devices means the Internet can kill people. We need to act. Now. Everything is a computer. Ovens are computers that make things hot; refrigerators are computers that keep things cold. These computers—from home thermostats to chemical plants—are all online. The Internet, once a virtual abstraction, can now sense and touch the physical world. As we open our lives to this future, often called the Internet of Things, we are beginning to see its enormous potential in ideas like driverless cars, smart cities, and personal agents equipped with their own behavioral algorithms. But every knife cuts two ways. All computers can be hacked. And Internet-connected computers are the most vulnerable. Forget data theft: cutting-edge digital attackers can now crash your car, your pacemaker, and the nation’s power grid. In Click Here to Kill Everybody, renowned expert and best-selling author Bruce Schneier examines the hidden risks of this new reality. After exploring the full implications of a world populated by hyperconnected devices, Schneier reveals the hidden web of technical, political, and market forces that underpin the pervasive insecurities of today. He then offers common-sense choices for companies, governments, and individuals that can allow us to enjoy the benefits of this omnipotent age without falling prey to its vulnerabilities. From principles for a more resilient Internet of Things, to a recipe for sane government regulation and oversight, to a better way to understand a truly new environment, Schneier’s vision is required reading for anyone invested in human flourishing.
Open Source Intelligence Techniques
by Michael BazzellCompletely Rewritten Sixth Edition Sheds New Light on Open Source Intelligence Collection and Analysis Author Michael Bazzell has been well known in government circles for his ability to locate personal information about any target through Open Source Intelligence (OSINT). In this book, he shares his methods in great detail. Each step of his process is explained throughout twenty-five chapters of specialized websites, software solutions, and creative search techniques. Over 250 resources are identified with narrative tutorials and screen captures. This book will serve as a reference guide for anyone that is responsible for the collection of online content. It is written in a hands-on style that encourages the reader to execute the tutorials as they go. The search techniques offered will inspire analysts to "think outside the box" when scouring the internet for personal information. Much of the content of this book has never been discussed in any publication. Always thinking like a hacker, the author has identified new ways to use various technologies for an unintended purpose. This book will greatly improve anyone's online investigative skills. Among other techniques, you will learn how to locate: Hidden Social Network Content Cell Phone Subscriber Information Deleted Websites & Posts Missing Facebook Profile Data Full Twitter Account Data Alias Social Network Profiles Free Investigative Software Useful Browser Extensions Alternative Search Engine Results Website Owner Information Photo GPS & Metadata Live Streaming Social Content Social Content by Location IP Addresses of Users Additional User Accounts Sensitive Documents & Photos Private Email Addresses Duplicate Video Posts Mobile App Network Data Unlisted Addresses &#s Public Government Records Document Metadata Rental Vehicle Contracts Online Criminal Activity Personal Radio Communications Compromised Email Information Automated Collection Solutions Linux Investigative Programs Dark Web Content (Tor) Restricted YouTube Content Hidden Website Details Vehicle Registration Details
Behold a Pale Farce
by Bill BlundenThis book presents a data-driven message that exposes the cyberwar media campaign being directed by the Pentagon and its patronage networks. By demonstrating that the American public is being coerced by a threat that has been blown out of proportion—much like the run-up to the Gulf War or the global war on terror—this book discusses how the notion of cyberwar instills a crisis mentality that discourages formal risk assessment, making the public anxious and hence susceptible to ill-conceived solutions. With content that challenges conventional notions regarding cyber security, Behold a Pale Farce covers topics—including cybercrime; modern espionage; mass-surveillance systems; and the threats facing infrastructure targets such as the Federal Reserve, the stock exchange, and telecommunications—in a way that provides objective analysis rather than advocacy. This book is a must-read for anyone concerned with the recent emergence of Orwellian tools of mass interception that have developed under the guise of national security.
Black Hat Go
by Tom SteeleLike the best-selling Black Hat Python, Black Hat Go explores the darker side of the popular Go programming language. This collection of short scripts will help you test your systems, build and automate tools to fit your needs, and improve your offensive security skillset. In Black Hat Go, you'll learn how to write powerful and effective penetration testing tools in Go, a language revered for its speed and scalability. Start off with an introduction to Go fundamentals like data types, control structures, and error handling; then, dive into the deep end of Go's offensive capabilities as you learn how to: -Write a simple TCP proxy to use concurrency for non-parallel tasks -Create HTTP clients to perform common web interactions -Write a custom DNS server and proxy -Sniff and process packets using the gopacket library -Create extendable tools to expand program functionality -Write your own exploits with the help of insider techniques Black Hat Go will show you how to build powerful security tools to pen test huge networks, fast.