“Our new reality is zero-day, APT, and state-sponsored attacks. Today, more than ever, security professionals need to get into the hacker’s mind, methods, and toolbox to successfully deter such relentless assaults. This edition brings readers abreast with the latest attack vectors and arms them for these continually evolving threats.” --Brett Wahlin, CSO, Sony Network Entertainment
“Stop taking punches--let’s change the game; it’s time for a paradigm shift in the way we secure our networks, and Hacking Exposed 7 is the playbook for bringing pain to our adversaries.” --Shawn Henry, former Executive Assistant Director, FBI
Bolster your system’s security and defeat the tools and tactics of cyber-criminals with expert advice and defense strategies from the world-renowned Hacking Exposed team. Case studies expose the hacker’s latest devious methods and illustrate field-tested remedies. Find out how to block infrastructure hacks, minimize advanced persistent threats, neutralize malicious code, secure web and database applications, and fortify UNIX networks. Hacking Exposed 7: Network Security Secrets & Solutions contains all-new visual maps and a comprehensive “countermeasures cookbook.”Obstruct APTs and web-based meta-exploits Defend against UNIX-based root access and buffer overflow hacks Block SQL injection, spear phishing, and embedded-code attacks Detect and terminate rootkits, Trojans, bots, worms, and malware Lock down remote access using smartcards and hardware tokens Protect 802.11 WLANs with multilayered encryption and gateways Plug holes in VoIP, social networking, cloud, and Web 2.0 services Learn about the latest iPhone and Android attacks and how to protect yourself
Fortify your network and avert digital catastrophe with proven strategies from a team of security experts. Completely updated and featuring 12 new chapters, Gray Hat Hacking: The Ethical Hacker's Handbook, Fourth Edition explains the enemy’s current weapons, skills, and tactics and offers field-tested remedies, case studies, and ready-to-deploy testing labs. Find out how hackers gain access, overtake network devices, script and inject malicious code, and plunder Web applications and browsers. Android-based exploits, reverse engineering techniques, and cyber law are thoroughly covered in this state-of-the-art resource.Build and launch spoofing exploits with Ettercap and Evilgrade Induce error conditions and crash software using fuzzers Hack Cisco routers, switches, and network hardware Use advanced reverse engineering to exploit Windows and Linux software Bypass Windows Access Control and memory protection schemes Scan for flaws in Web applications using Fiddler and the x5 plugin Learn the use-after-free technique used in recent zero days Bypass Web authentication via MySQL type conversion and MD5 injection attacks Inject your shellcode into a browser's memory using the latest Heap Spray techniques Hijack Web browsers with Metasploit and the BeEF Injection Framework Neutralize ransomware before it takes control of your desktop Dissect Android malware with JEB and DAD decompilers Find one-day vulnerabilities with binary diffing
Memory forensics is the art of analyzing computer memory (RAM)to solve digital crimes. As a follow-up to the best seller MalwareAnalyst's Cookbook, experts in the fields of malware, security, anddigital forensics bring you a step-by-step guide to memoryforensics—now the most sought after skill in the digitalforensics and incident response fields.
Beginning with introductory concepts and moving toward theadvanced, The Art of Memory Forensics: Detecting Malware andThreats in Windows, Linux, and Mac Memory is based on a five daytraining course that the authors have presented to hundreds ofstudents. It is the only book on the market that focusesexclusively on memory forensics and how to deploy such techniquesproperly. Discover memory forensics techniques:How volatile memory analysis improves digitalinvestigationsProper investigative steps for detecting stealth malware andadvanced threatsHow to use free, open source tools for conducting thoroughmemory forensicsWays to acquire memory from suspect systems in a forensicallysound manner
The next era of malware and security breaches are moresophisticated and targeted, and the volatile memory of a computeris often overlooked or destroyed as part of the incident responseprocess. The Art of Memory Forensics explains the latesttechnological innovations in digital forensics to help bridge thisgap. It covers the most popular and recently released versions ofWindows, Linux, and Mac, including both the 32 and 64-biteditions.
"A great overview of the new threats created by mobile devices. ...The authors have heaps of experience in the topics and bring that to every chapter." -- Slashdot
Hacking Exposed Mobile continues in the great tradition of the Hacking Exposed series, arming business leaders and technology practitioners with an in-depth understanding of the latest attacks and countermeasures--so they can leverage the power of mobile platforms while ensuring that security risks are contained." -- Jamil Farshchi, Senior Business Leader of Strategic Planning and Initiatives, VISA
CEH Certified Ethical Hacker All-in-One Exam Guide, Second EditionComplete coverage of all CEH exam objectives Ideal as both a study tool and an on-the-job resource Electronic content includes hundreds of practice exam questions
CEH Certified Ethical Hacker Practice Exams, Second Edition650+ practice exam questions covering all CEH exam objectives Realistic questions with detailed answer explanations NEW pre-assessment test
CEH Quick Review GuideFinal overview of key exam topics
CEH Certified Ethical Hacker Bundle, Second Edition covers all exam topics, including:Introduction to ethical hacking Reconnaissance and footprinting Scanning and enumeration Sniffing and evasion Attacking a system Hacking web servers and applications Wireless network hacking Trojans and other attacks Cryptography Social engineering and physical security Penetration testing
This book will walk you through exploring and harnessing the vast potential of Wireshark, the world's foremost network protocol analyzer.
The book begins by introducing you to the foundations of Wireshark and showing you how to browse the numerous features it provides. You'll be walked through using these features to detect and analyze the different types of attacks that can occur on a network. As you progress through the chapters of this book, you'll learn to perform sniffing on a network, analyze clear-text traffic on the wire, recognize botnet threats, and analyze Layer 2 and Layer 3 attacks along with other common hacks.
By the end of this book, you will be able to fully utilize the features of Wireshark that will help you securely administer your network.
Fortunately, there are ways to inoculate and protect yourcomputer. Computer Viruses For Dummies helps you:Understand the risks and analyze your PC’s currentconditionSelect, install, and configure antivirus softwareScan your computer and e-mailRid your computer of viruses it’s already caughtUpdate antivirus software and install security patchesUse firewalls and spyware blockersProtect handheld PDAs from virusesAdopt safe computing practices, especially with e-mail and whenyou’re surfing the Net
Written by Peter H. Gregory, coauthor of CISSP ForDummies and Security + For Dummies, Computer VirusesFor Dummies goes beyond viruses to explain other nasty computerinfections like Trojan horses, HiJackers, worms, phishing scams,spyware, and hoaxes. It also profiles major antivirus software tohelp you choose the best program(s) for your needs.
Remember, if you don’t protect your computer, not only doyou risk having your computer infiltrated and your datacontaminated, you risk unknowingly transmitting a virus, worm, orother foul computer germ to everybody in your address book! Thisguide will help you properly immunize your PC with antivirussoftware now and install updates and security patches that are likebooster shots to keep your software protected against newviruses.
Learn how to improve the security posture of your organization and defend against some of the most pervasive network attacks. Malware, Rootkits & Botnets: A Beginner's Guide explains the nature, sophistication, and danger of these risks and offers best practices for thwarting them.
After reviewing the current threat landscape, the book describes the entire threat lifecycle, explaining how cybercriminals create, deploy, and manage the malware, rootkits, and botnets under their control. You'll learn proven techniques for identifying and mitigating these malicious attacks. Templates, checklists, and examples give you the hands-on help you need to get started protecting your network right away.
Malware, Rootkits & Botnets: A Beginner's Guide features:Lingo--Common security terms defined so that you're in the know on the job IMHO--Frank and relevant opinions based on the author's years of industry experience Budget Note--Tips for getting security technologies and processes into your organization's budget In Actual Practice--Exceptions to the rules of security explained in real-world contexts Your Plan--Customizable checklists you can use on the job now Into Action--Tips on how, why, and when to apply new skills and techniques at work
Get complete coverage of all the material included on version 8 of the EC-Council's Computer Hacking Forensic Investigator exam from this comprehensive resource. Written by an expert information security professional and educator, this authoritative guide addresses the tools and techniques required to successfully conduct a computer forensic investigation. You'll find learning objectives at the beginning of each chapter, exam tips, practice exam questions, and in-depth explanations. Designed to help you pass this challenging exam, this definitive volume also serves as an essential on-the-job reference.
CHFI Computer Hacking Forensic Investigator Certification All-in-One Exam Guide covers all exam topics, including:Computer forensics investigation process Setting up a computer forensics lab First responder procedures Search and seizure laws Collecting and transporting digital evidence Understanding hard disks and file systems Recovering deleted files and partitions Windows forensics Forensics investigations using the AccessData Forensic Toolkit (FTK) and Guidance Software's EnCase Forensic Network, wireless, and mobile forensics Investigating web attacks Preparing investigative reports Becoming an expert witness
Electronic content includes:300 practice exam questions Test engine that provides full-length practice exams and customized quizzes by chapter or by exam domain
In Mike Meyers’ CompTIA Security+ Certification Guide (Exam SY0-401), the bestselling author and leading authority on CompTIA A+ certification brings his highly effective methodology to IT security for the first time. Like the exam, this book goes beyond knowledge application and is designed to ensure that security personnel anticipate security risks and guard against them. Meyers’ “in the trenches” voice and the clarity of his explanations make his books the bestselling self-study resources available for professional certification.Electronic content includes: 20+ lab simulations, 1+ hour of video training from Meyers, and hundreds of practice exam questions McGraw-Hill Professional is a Platinum-Level CompTIA Authorized Partner CAQC Authorized (CompTIA Approved Quality Curriculum) Includes Mike's toolbox of favorite network security related freeware/shareware
Fully revised to include cutting-edge new tools for your security arsenal, Anti-Hacker Tool Kit, Fourth Edition reveals how to protect your network from a wide range of nefarious exploits. You'll get detailed explanations of each tool’s function along with best practices for configuration and implementation illustrated by code samples and up-to-date, real-world case studies. This new edition includes references to short videos that demonstrate several of the tools in action. Organized by category, this practical guide makes it easy to quickly find the solution you need to safeguard your system from the latest, most devastating hacks.
Demonstrates how to configure and use these and other essential tools:Virtual machines and emulators: Oracle VirtualBox, VMware Player, VirtualPC, Parallels, and open-source options Vulnerability scanners: OpenVAS, Metasploit File system monitors: AIDE, Samhain, Tripwire Windows auditing tools: Nbtstat, Cain, MBSA, PsTools Command-line networking tools: Netcat, Cryptcat, Ncat, Socat Port forwarders and redirectors: SSH, Datapipe, FPipe, WinRelay Port scanners: Nmap, THC-Amap Network sniffers and injectors: WinDump, Wireshark, ettercap, hping, kismet, aircrack, snort Network defenses: firewalls, packet filters, and intrusion detection systems War dialers: ToneLoc, THC-Scan, WarVOX Web application hacking utilities: Nikto, HTTP utilities, ZAP, Sqlmap Password cracking and brute-force tools: John the Ripper, L0phtCrack, HashCat, pwdump, THC-Hydra Forensic utilities: dd, Sleuth Kit, Autopsy, Security Onion Privacy tools: Ghostery, Tor, GnuPG, Truecrypt, Pidgin-OTR
The F0rb1dd3n Network can be read as a stand-alone story or as an illustration of the issues described in STAR. Throughout The F0rb1dd3n Network are “Easter eggs —references, hints, phrases, and more that will lead readers to insights into hacker culture. Drawing on The F0rb1dd3n Network, STAR explains the various aspects of reconnaissance; the scanning phase of an attack; the attacker’s search for network weaknesses and vulnerabilities to exploit; the various angles of attack used by the characters in the story; basic methods of erasing information and obscuring an attacker’s presence on a computer system; and the underlying hacking culture.Revised edition includes a completely NEW STAR Section (Part 2)Utilizes actual hacking and security tools in its story- helps to familiarize a newbie with the many devices and their codeIntroduces basic hacking techniques in real life context for ease of learning
* Visual Payloads
View attacks as visible to the end user, including notation of variants.
* Timeline of Mobile Hoaxes and Threats
Understand the history of major attacks and horizon for emerging threates.
* Overview of Mobile Malware Families
Identify and understand groups of mobile malicious code and their variations.
* Taxonomy of Mobile Malware
Bring order to known samples based on infection, distribution, and payload strategies.
* Phishing, SMishing, and Vishing Attacks
Detect and mitigate phone-based phishing (vishing) and SMS phishing (SMishing) techniques.
* Operating System and Device Vulnerabilities
Analyze unique OS security issues and examine offensive mobile device threats.
* Analyze Mobile Malware
Design a sandbox for dynamic software analysis and use MobileSandbox to analyze mobile malware.
* Forensic Analysis of Mobile Malware
Conduct forensic analysis of mobile devices and learn key differences in mobile forensics.
* Debugging and Disassembling Mobile Malware
Use IDA and other tools to reverse-engineer samples of malicious code for analysis.
* Mobile Malware Mitigation Measures
Qualify risk, understand threats to mobile assets, defend against attacks, and remediate incidents.
* Understand the History and Threat Landscape of Rapidly Emerging Mobile Attacks
* Analyze Mobile Device/Platform Vulnerabilities and Exploits
* Mitigate Current and Future Mobile Malware Threats
Save yourself time, money, and frustration by becoming your own computer guru. The Healthy PC: Preventive Care, Home Remedies, and Green Computing, Second Edition shows you how to find out what's wrong with your PC and solve the problems yourself. You'll get expert tips for making your PC start up faster, keeping its hard drive in good shape, and updating Windows with the latest security fixes. This hands-on guide also explains how to protect your PC for free using Microsoft Security Essentials, use the Internet safely, and configure parental controls to protect your children both online and offline.Disable unnecessary startup items and boost virtual memory Defragment your PC's hard disk and reclaim wasted space Armor your PC against attacks, viruses, malware, and spyware Protect Windows by applying the latest patches and fixes Lock down your wired and wireless Internet and network connections against intruders Surf safely and reduce risks from e-mail, IM, and social networking Keep your children safe online Maximize your PC's memory and add external hard drives Upgrade to Windows 7 and transfer your files and settings
Guy Hart-Davis is the author of more than 70 computer books, including iPad and iPhone Administrator's Guide, Integrating Macs into Windows Networks, Mac OS X System Administration, and How to Do Everything: iPad and iTunes, Sixth Edition.
While Barrett investigated the cutting edge of technology crime, the U.S. government struggled to catch up. Britain, however, was a different story. In the late 1990s, the Queen herself had declared safe e-commerce a national security priority. Agents from the London-based National Hi-Tech Crime Unit sought out Barrett and enlisted his help. They also sent detective Andrew Crocker, a Welsh former boxer, to Russia to track down and prosecute the hackers—and to find out who they worked for.
Fatal System Error penetrates both the Russian cyber-mob and the American mafia as the two fight over the Internet’s massive spoils. It takes readers into the murky hacker underground, traveling the globe from San Francisco to Costa Rica, London, and Russia. Using unprecedented access to mob businesses and Russian officials, it shows how top criminals earned protection from the Russian government—and how Barrett Lyon and Andrew Crocker got closer to the titans of the underground economy than any previous outsider. Together, their stories explain why cybercrime is much worse than you thought—and why the Internet might not survive.
Thoroughly revised for the April 2015 exam update, SSCP Systems Security Certified Practitioner All-in-One Exam Guide, Second Edition enables you to take the exam with complete confidence. To aid in self-study, each chapter includes Exam Tips that highlight key exam information, chapter summaries that reinforce salient points, and end-of-chapter questions that are an accurate reflection of the content and question format of the real exam.
Beyond exam prep, the practical examples and real-world insights offered in this guide make it an ideal on-the-job reference for IT security professionals. You will learn the security concepts, tools, and procedures needed to employ and enforce solid security policies and effectively react to security incidents.Features 100% coverage of the revised SSCP Common Body of Knowledge (CBK), effective April 2015 Electronic content contains two full-length, customizable practice exams in the Total Tester exam engine Written by a bestselling IT security certification and training expert
Cyber Security, Cyber Crime and Cyber Forensics: Applications and Perspectives provides broad coverage of technical and socio-economic perspectives for utilizing information and communication technologies and developing practical solutions in cyber security, cyber crime and cyber forensics.
Every time you download a computer virus or click on a spam e-mail by accident, you are wasting money, endangering your computer, and risking the loss of personal and business information. This complete, revolutionary book has compiled all of the vital information you need to make sure that you are able to combat the billion dollar risk of incursive software infecting your home and work computers.
With How to Stop E-mail Spam, Spyware, and Computer Viruses from Ruining Your Computer, you will learn why there is so much spam in your inbox, how the spammer thinks, and what the goals of spyware and viruses actually are. Then, you will learn how you can start spam-proofing your inbox by never giving away personal information and using secure e-mail clients. You will learn how companies get spyware onto your hard drive and what you can do to block it from appearing. Learn which viruses have caused the most damage and how they can infect your computer. Then, discover which software is most effective at blocking the download and infestation of viruses onto your hard drives.
You will learn the value of a good firewall, what it does to stop the ill will of spammers and hackers, and what actions you can take to block the breach of your firewall and your computerâe(tm)s defenses. Learn how to remove spyware from your computer and make sure you are not giving away personal or valuable work information. This guide will also teach you how to lock down your inbox and desktop to keep that software from returning. Find out what to do when you do get a virus and how to return your computer to the state of security it was in beforehand.
Most importantly, with the valued input gathered from interviews with computer security and safety experts, you will learn how you became a target for all that spam. Discover what you are doing that makes it so easy for spammers to fill your inbox and how to safeguard your e-mail. Once you have tackled the source of the problems, as outlined in this book, you will have all the tools you need to combat the incursive and destructive effects of spam, spyware, and computer viruses.
Atlantic Publishing is a small, independent publishing company based in Ocala, Florida. Founded over twenty years ago in the company presidentâe(tm)s garage, Atlantic Publishing has grown to become a renowned resource for non-fiction books. Today, over 450 titles are in print covering subjects such as small business, healthy living, management, finance, careers, and real estate. Atlantic Publishing prides itself on producing award winning, high-quality manuals that give readers up-to-date, pertinent information, real-world examples, and case studies with expert advice. Every book has resources, contact information, and web sites of the products or companies discussed.
In June 1983, President Reagan watched the movie War Games, in which a teenager unwittingly hacks the Pentagon, and asked his top general if the scenario was plausible. The general said it was. This set in motion the first presidential directive on computer security.
From the 1991 Gulf War to conflicts in Haiti, Serbia, Syria, the former Soviet republics, Iraq, and Iran, where cyber warfare played a significant role, Dark Territory chronicles a little-known past that shines an unsettling light on our future. Fred Kaplan probes the inner corridors of the National Security Agency, the beyond-top-secret cyber units in the Pentagon, the “information warfare” squads of the military services, and the national security debates in the White House to reveal the details of the officers, policymakers, scientists, and spies who devised this new form of warfare and who have been planning—and (more often than people know) fighting—these wars for decades.
“An eye-opening history of our government’s efforts to effectively manage our national security in the face of the largely open global communications network established by the World Wide Web….Dark Territory is a page-turner [and] consistently surprising” (The New York Times).
The new edition builds on the well-established principles developed in the original edition and thoroughly updates that core knowledge. For anyone involved with computer security, including security administrators, system administrators, developers, and IT managers, Computer Security Basics 2nd Edition offers a clear overview of the security concepts you need to know, including access controls, malicious software, security policy, cryptography, biometrics, as well as government regulations and standards.
This handbook describes complicated concepts such as trusted systems, encryption, and mandatory access control in simple terms. It tells you what you need to know to understand the basics of computer security, and it will help you persuade your employees to practice safe computing.
Topics include:Computer security conceptsSecurity breaches, such as viruses and other malicious programsAccess controlsSecurity policyWeb attacksCommunications and network securityEncryptionPhysical security and biometricsWireless network securityComputer security and requirements of the Orange BookOSI Model and TEMPEST
"A comprehensive and unparalleled overview of the topic by experts in the field."--Slashdot
Expose, pursue, and prosecute the perpetrators of advanced persistent threats (APTs) using the tested security techniques and real-world case studies featured in this one-of-a-kind guide. Reverse Deception: Organized Cyber Threat Counter-Exploitation shows how to assess your network’s vulnerabilities, zero in on targets, and effectively block intruders. Discover how to set up digital traps, misdirect and divert attackers, configure honeypots, mitigate encrypted crimeware, and identify malicious software groups. The expert authors provide full coverage of legal and ethical issues, operational vetting, and security team management.Establish the goals and scope of your reverse deception campaign Identify, analyze, and block APTs Engage and catch nefarious individuals and their organizations Assemble cyber-profiles, incident analyses, and intelligence reports Uncover, eliminate, and autopsy crimeware, trojans, and botnets Work with intrusion detection, anti-virus, and digital forensics tools Employ stealth honeynet, honeypot, and sandbox technologies Communicate and collaborate with legal teams and law enforcement
Anti-Hacker Toolkit, Fourth Edition is an essential aspect of any security professional's anti-hacking arsenal. It helps you to successfully troubleshoot the newest, toughest hacks yet seen. The book is grounded in real-world methodologies, technical rigor, and reflects the author's in-the-trenches experience in making computer technology usage and deployments safer and more secure for both businesses and consumers. The new edition covers all-new attacks and countermeasures for advanced persistent threats (APTs), infrastructure hacks, industrial automation and embedded devices, wireless security, the new SCADA protocol hacks, malware, web app security, social engineering, forensics tools, and more.
You’ll learn how to prepare a comprehensive defense--prior to attack--against the most invisible of attack types from the tools explained in this resource, all demonstrated by real-life case examples which have been updated for this new edition. The book is organized by attack type to allow you to quickly find what you need, analyze a tool's functionality, installation procedure, and configuration--supported by screen shots and code samples to foster crystal-clear understanding.Covers a very broad variety of attack types Written by a highly sought-after security consultant who works with Qualys security Brand-new chapters and content on advanced persistent threats, embedded technologies, and SCADA protocols, as well as updates to war dialers, backdoors, social engineering, social media portals, and more
Establish a holistic security stance by learning to view your unified communications infrastructure through the eyes of the nefarious cyber-criminal. Hacking Exposed Unified Communications & VoIP, Second Edition offers thoroughly expanded coverage of today’s rampant threats alongside ready-to deploy countermeasures. Find out how to block TDoS, toll fraud, voice SPAM, voice social engineering and phishing, eavesdropping, and man-in-the-middle exploits. This comprehensive guide features all-new chapters, case studies, and examples.See how hackers target vulnerable UC devices and entire networks Defend against TDoS, toll fraud, and service abuse Block calling number hacks and calling number spoofing Thwart voice social engineering and phishing exploits Employ voice spam mitigation products and filters Fortify Cisco Unified Communications Manager Use encryption to prevent eavesdropping and MITM attacks Avoid injection of malicious audio, video, and media files Use fuzzers to test and buttress your VoIP applications Learn about emerging technologies such as Microsoft Lync, OTT UC, other forms of UC, and cloud and WebRTC
The whole Edward Snowden affair reads like a hollywood blockbuster, and not the story of a young would-be geek, challenging the powers at be. Read the book and
Recognized as one of the best tools available for security professionals, specifically for the candidate who is striving to become a CISSP, the Official (ISC)²® Guide to the CISSP® CBK®, Fourth Edition is both up-to-date and relevant. Reflecting the significant changes in the CISSP CBK, this book provides a comprehensive guide to the eight domains.
Numerous illustrated examples and practical exercises are included in this book to demonstrate concepts and real-life scenarios. Endorsed by (ISC)² and compiled and reviewed by CISSPs and industry luminaries around the world, this textbook provides unrivaled preparation for the certification exam and is a reference that will serve you well into your career. Earning your CISSP is a respected achievement that validates your knowledge, skills, and experience in building and managing the security posture of your organization and provides you with membership to an elite network of professionals worldwide.
Computer Viruses and Malware is designed for a professional audience composed of researchers and practitioners in industry. This book is also suitable as a secondary text for advanced-level students in computer science.