Individuals, corporations, and even governments are facing new threats from targeted attacks. Targeted Cyber Attacks examines real-world examples of directed attacks and provides insight into what techniques and resources are used to stage these attacks so that you can counter them more effectively.
Aditya K Sood (Ph.D) is a Lead Architect for Cloud Threat Labs at Elastica. Dr. Sood has research interests in malware automation and analysis, application security, secure software design and cybercrime. He has worked on a number of projects pertaining to penetration testing specializing in product/appliance security, networks, mobile and web applications while serving Fortune 500 clients for IOActive, KPMG and others. He has authored several papers for various magazines and journals including IEEE, Elsevier, CrossTalk, ISACA, Virus Bulletin, Usenix and others. His work has been featured in several media outlets including Associated Press, Fox News, The Register, Guardian, Business Insider, Kaspersky Threatpost, CBC and others. He has been an active speaker at industry conferences and presented at BlackHat, DEFCON, HackInTheBox, RSA, Virus Bulletin, OWASP and many others. Dr. Sood obtained his Phd from Michigan State University in Computer Sciences. Dr. Sood is also an author of "Targeted Cyber Attacks" book published by Syngress.
Company Website: http://www.elastica.net
Personal Website: http://adityaksood.secniche.org
Dr. Richard Enbody is an Associate Professor in the Department of Computer Science and Engineering. He joined the faculty in 1987 after earning his Ph.D. in Computer Science from the University of Minnesota. Richard received his B.A. in Mathematics from Carleton College in Northfield, Minnesota in 1976, and spent six years teaching high school mathematics in Vermont and New Hampshire. Richard has published research in a variety of areas, but mostly in computer security and computer architecture. He holds two nanotechnology patents from his collaboration with Physicists. Together with Bill Punch he published a textbook using Python in CS1: The Practice of Computing Using Python (Addison-Wesley, 2010), now in its second edition. When not teaching, Richard plays hockey, squash, canoes, as well as a host of family activities.
In our interconnected world, cyberspace is a key topic that transcends borders and should influence (as well as be influenced by) international relations. As such, both national and international laws will need careful evaluation to help ensure the conviction of cybercriminals, support companies that work internationally, and protect national security. On December 8 and 9, 2014, the Raymond and Beverly Sackler U.S.-U.K. Scientific Forum "Cybersecurity Dilemmas: Technology, Policy, and Incentives" examined a broad range of topics including cybersecurity and international relations, privacy, rational cybersecurity, and accelerating progress in cybersecurity. This report summarizes the presentations and discussions from this forum.
The modern security practitioner has shifted from a predominantly protective site and assets manager to a leading contributor to overall organisational resilience. Accordingly, The Security Consultant's Handbook sets out a holistic overview of the essential core knowledge, emerging opportunities and approaches to corporate thinking that are increasingly demanded by employers and buyers in the security market.
This book provides essential direction for those who want to succeed in security, either individually or as part of a team. It also aims to stimulate some fresh ideas and provide new market routes for security professionals who may feel that they are underappreciated and overexerted in traditional business domains.Product overview
Distilling the author’s fifteen years’ experience as a security practitioner, and incorporating the results of some fifty interviews with leading security practitioners and a review of a wide range of supporting business literature, The Security Consultant’s Handbook provides a wealth of knowledge for the modern security practitioner, covering:Entrepreneurial practice (including business intelligence, intellectual property rights, emerging markets, business funding and business networking)Management practice (including the security function’s move from basement to boardroom, fitting security into the wider context of organisational resilience, security management leadership, adding value and professional proficiency)Legislation and regulation (including relevant UK and international laws such as the Human Rights Act 1998, the Data Protection Act 1998 and the Geneva Conventions)Private investigations (including surveillance techniques, tracing missing people, witness statements and evidence, and surveillance and the law)Information and cyber security (including why information needs protection, intelligence and espionage, cyber security threats, and mitigation approaches such as the ISO 27001 standard for information security management)Protective security (including risk assessment methods, person-focused threat assessments, protective security roles, piracy and firearms)Safer business travel (including government assistance, safety tips, responding to crime, kidnapping, protective approaches to travel security and corporate liability)Personal and organisational resilience (including workplace initiatives, crisis management, and international standards such as ISO 22320, ISO 22301 and PAS 200)
Featuring case studies, checklists and helpful chapter summaries, The Security Consultant's Handbook aims to be a practical and enabling guide for security officers and contractors. Its purpose is to plug information gaps or provoke new ideas, and provide a real-world support tool for those who want to offer their clients safe, proportionate and value-driven security services.About the author
Richard Bingley is a senior lecturer in security and organisational resilience at Buckinghamshire New University, and co-founder of CSARN, the popular business security advisory network. He has more than fifteen years’ experience in a range of high-profile security and communications roles, including as a close protection operative at London’s 2012 Olympics and in Russia for the 2014 Winter Olympic Games. He is a licensed close protection operative in the UK, and holds a postgraduate certificate in teaching and learning in higher education. Richard is the author of two previous books: Arms Trade: Just the Facts(2003) and Terrorism: Just the Facts (2004).
Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes. As a follow-up to the best seller Malware Analyst's Cookbook, experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics—now the most sought after skill in the digital forensics and incident response fields.
Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory is based on a five day training course that the authors have presented to hundreds of students. It is the only book on the market that focuses exclusively on memory forensics and how to deploy such techniques properly. Discover memory forensics techniques:How volatile memory analysis improves digital investigations Proper investigative steps for detecting stealth malware and advanced threats How to use free, open source tools for conducting thorough memory forensics Ways to acquire memory from suspect systems in a forensically sound manner
The next era of malware and security breaches are more sophisticated and targeted, and the volatile memory of a computer is often overlooked or destroyed as part of the incident response process. The Art of Memory Forensics explains the latest technological innovations in digital forensics to help bridge this gap. It covers the most popular and recently released versions of Windows, Linux, and Mac, including both the 32 and 64-bit editions.
After reading this book, you should be able to use these tools to do some testing and even working on penetration projects. You just need to remember not to use these techniques in a production environment without having a formal approval.