Code Warriors: NSA's Code Breakers and the Secret Intelligence War Against the Soviet Union
Stephen Budiansky - 2016
The National Security Agency grew out of the legendary codebreaking programs of World War II that turned the tide of Allied victory by cracking the famed Enigma machine and other seemingly impenetrable German and Japanese codes. But things became murky in the postwar years, when our intelligence community found itself targeting not battlefield enemies, but suspected spies, foreign leaders, and even American citizens. Now Stephen Budiansky--a longtime expert in cryptology--tells the fascinating story of how the NSA came to be, and of its central, often fraught and controversial role in the major events of the Cold War, from the Korean War to the Cuban Missile Crisis to Vietnam and beyond. He also guides us through the fascinating challenges faced by cryptanalysts, and how they broke some of the most complicated codes of the twentieth century. A riveting, essential history of the underbelly of the Cold War.
Threat Modeling: Designing for Security
Adam Shostack - 2014
Dobbs Jolt Award Finalist since Bruce Schneier's Secrets and Lies and Applied Cryptography!Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies.Systems security managers, you'll find tools and a framework for structured thinking about what can go wrong. Software developers, you'll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you'll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling.Provides a unique how-to for security and software developers who need to design secure products and systems and test their designs Explains how to threat model and explores various threat modeling approaches, such as asset-centric, attacker-centric and software-centric Provides effective approaches and techniques that have been proven at Microsoft and elsewhere Offers actionable how-to advice not tied to any specific software, operating system, or programming language Authored by a Microsoft professional who is one of the most prominent threat modeling experts in the world As more software is delivered on the Internet or operates on Internet-connected devices, the design of secure software is absolutely critical. Make sure you're ready with Threat Modeling: Designing for Security.
Penetration Testing: A Hands-On Introduction to Hacking
Georgia Weidman - 2014
This beginner-friendly book opens with some basics of programming and helps you navigate Kali Linux, an operating system that comes preloaded with useful computer security tools like Wireshark and Metasploit. You'll learn about gathering information on a target, social engineering, capturing network traffic, analyzing vulnerabilities, developing exploits, and more. Hands-on examples discuss even advanced topics like mobile device security and bypassing anti-virus software.
Linkers and Loaders
John R. Levine - 1999
But do you know how to use them to their greatest possible advantage? Only now, with the publication of Linkers & Loaders, is there an authoritative book devoted entirely to these deep-seated compile-time and run-time processes. The book begins with a detailed and comparative account of linking and loading that illustrates the differences among various compilers and operating systems. On top of this foundation, the author presents clear practical advice to help you create faster, cleaner code. You'll learn to avoid the pitfalls associated with Windows DLLs, take advantage of the space-saving, performance-improving techniques supported by many modern linkers, make the best use of the UNIX ELF library scheme, and much more. If you're serious about programming, you'll devour this unique guide to one of the field's least understood topics. Linkers & Loaders is also an ideal supplementary text for compiler and operating systems courses.
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
Michael Sikorski - 2011
When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring.For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way.You'll learn how to:Set up a safe virtual environment to analyze malware Quickly extract network signatures and host-based indicators Use key analysis tools like IDA Pro, OllyDbg, and WinDbg Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques Use your newfound knowledge of Windows internals for malware analysis Develop a methodology for unpacking malware and get practical experience with five of the most popular packers Analyze special cases of malware with shellcode, C++, and 64-bit code Hands-on labs throughout the book challenge you to practice and synthesize your skills as you dissect real malware samples, and pages of detailed dissections offer an over-the-shoulder look at how the pros do it. You'll learn how to crack open malware to see how it really works, determine what damage it has done, thoroughly clean your network, and ensure that the malware never comes back.Malware analysis is a cat-and-mouse game with rules that are constantly changing, so make sure you have the fundamentals. Whether you're tasked with securing one network or a thousand networks, or you're making a living as a malware analyst, you'll find what you need to succeed in Practical Malware Analysis.
Geekonomics: The Real Cost of Insecure Software
David Rice - 2007
It explains why low-quality software is continually distributed, why consumers willingly purchase unreliable software, why governments leave the industry alone, and what can be done to improve matters.
Hacking the Xbox: An Introduction to Reverse Engineering
Andrew Huang - 2003
The book progresses into a discussion of the Xbox security mechanisms and other advanced hacking topics, with an emphasis on educating the readers on the important subjects of computer security and reverse engineering. Hacking the Xbox includes numerous practical guides, such as where to get hacking gear, soldering techniques, debugging tips and an Xbox hardware reference guide.Hacking the Xbox also confronts the social and political issues facing today's hacker by looking forward and discussing the impact of today's legal challenges on legitimate reverse engineering activities. The book includes a chapter written by the Electronic Frontier Foundation (EFF) about the rights and responsibilities of hackers, and concludes by discussing the latest trends and vulnerabilities in secure PC platforms.
Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World
Joseph Menn - 2019
Though until now it has remained mostly anonymous, its members invented the concept of hacktivism, released the top tool for testing password security, and created what was for years the best technique for controlling computers from afar, forcing giant companies to work harder to protect customers. They contributed to the development of Tor, the most important privacy tool on the net, and helped build cyberweapons that advanced US security without injuring anyone. With its origins in the earliest days of the Internet, the cDc is full of oddball characters -- activists, artists, even future politicians. Many of these hackers have become top executives and advisors walking the corridors of power in Washington and Silicon Valley. The most famous is former Texas Congressman and current presidential candidate Beto O'Rourke, whose time in the cDc set him up to found a tech business, launch an alternative publication in El Paso, and make long-shot bets on unconventional campaigns.Today, the group and its followers are battling electoral misinformation, making personal data safer, and battling to keep technology a force for good instead of for surveillance and oppression. Cult of the Dead Cow shows how governments, corporations, and criminals came to hold immense power over individuals and how we can fight back against them.
The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler
Chris Eagle - 2008
With IDA Pro, you live in a source code-optional world. IDA can automatically analyze the millions of opcodes that make up an executable and present you with a disassembly. But at that point, your work is just beginning. With The IDA Pro Book, you'll learn how to turn that mountain of mnemonics into something you can actually use.Hailed by the creator of IDA Pro as the "long-awaited" and "information-packed" guide to IDA, The IDA Pro Book covers everything from the very first steps to advanced automation techniques. While other disassemblers slow your analysis with inflexibility, IDA invites you to customize its output for improved readability and usefulness. You'll save time and effort as you learn to:Identify known library routines, so you can focus your analysis on other areas of the code Extend IDA to support new processors and filetypes, making disassembly possible for new or obscure architectures Explore popular plug-ins that make writing IDA scripts easier, allow collaborative reverse engineering, and much more Utilize IDA's built-in debugger to tackle obfuscated code that would defeat a stand-alone disassembler You'll still need serious assembly skills to tackle the toughest executables, but IDA makes things a lot easier. Whether you're analyzing the software on a black box or conducting hard-core vulnerability research, a mastery of IDA Pro is crucial to your success. Take your skills to the next level with The IDA Pro Book.
Reversing: Secrets of Reverse Engineering
Eldad Eilam - 2005
The book is broken into two parts, the first deals with security-related reverse engineering and the second explores the more practical aspects of reverse engineering. In addition, the author explains how to reverse engineer a third-party software library to improve interfacing and how to reverse engineer a competitor's software to build a better product. * The first popular book to show how software reverse engineering can help defend against security threats, speed up development, and unlock the secrets of competitive products * Helps developers plug security holes by demonstrating how hackers exploit reverse engineering techniques to crack copy-protection schemes and identify software targets for viruses and other malware * Offers a primer on advanced reverse-engineering, delving into disassembly-code-level reverse engineering-and explaining how to decipher assembly language
How to Break Software: A Practical Guide to Testing
James A. Whittaker - 2002
Instead of relying on a rigid plan, it should be intelligence, insight, experience and a "nose for where the bugs are hiding" that guide testers. This book helps testers develop this insight. The techniques presented here allow testers to go off-script. Full description
The Implementation (TCP/IP Illustrated, Volume 2)
Gary R. Wright - 1995
"TCP/IP Illustrated, Volume 2" contains a thorough explanation of how TCP/IP protocols are implemented. There isn't a more practical or up-to-date bookothis volume is the only one to cover the de facto standard implementation from the 4.4BSD-Lite release, the foundation for TCP/IP implementations run daily on hundreds of thousands of systems worldwide. Combining 500 illustrations with 15,000 lines of real, working code, "TCP/IP Illustrated, Volume 2" uses a teach-by-example approach to help you master TCP/IP implementation. You will learn about such topics as the relationship between the sockets API and the protocol suite, and the differences between a host implementation and a router. In addition, the book covers the newest features of the 4.4BSD-Lite release, including multicasting, long fat pipe support, window scale, timestamp options, and protection against wrapped sequence numbers, and many other topics. Comprehensive in scope, based on a working standard, and thoroughly illustrated, this book is an indispensable resource for anyone working with TCP/IP.
The Protocols (TCP/IP Illustrated, Volume 1)
W. Richard Stevens - 1993
In eight chapters, it provides the most thorough coverage of TCP available. It also covers the newest TCP/IP features, including multicasting, path MTU discovery and long fat pipes. The author describes various protocols, including ARP, ICMP and UDP. He utilizes network diagnostic tools to actually show the protocols in action. He also explains how to avoid silly window syndrome (SWS) by using numerous helpful diagrams. This book gives you a broader understanding of concepts like connection establishment, timeout, retransmission and fragmentation. It is ideal for anyone wanting to gain a greater understanding of how the TCP/IP protocols work.
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
Gordon Fyodor Lyon - 2009
From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book suits all levels of security and networking professionals. A 42-page reference guide documents every Nmap feature and option, while the rest of the book demonstrates how to apply those features to quickly solve real-world tasks. Examples and diagrams show actual communication on the wire. Topics include subverting firewalls and intrusion detection systems, optimizing Nmap performance, and automating common networking tasks with the Nmap Scripting Engine. Hints and instructions are provided for common uses such as taking network inventory, penetration testing, detecting rogue wireless access points, and quashing network worm outbreaks. Nmap runs on Windows, Linux, and Mac OS X.Nmap's original author, Gordon "Fyodor" Lyon, wrote this book to share everything he has learned about network scanning during more than 11 years of Nmap development. Visit http: //nmap.org/book for more information and sample chapters.
Exploding the Phone: The Untold Story of the Teenagers and Outlaws Who Hacked Ma Bell
Phil Lapsley - 2013
Starting with Alexander Graham Bell's revolutionary "harmonic telegraph," by the middle of the twentieth century the phone system had grown into something extraordinary, a web of cutting-edge switching machines and human operators that linked together millions of people like never before. But the network had a billion-dollar flaw, and once people discovered it, things would never be the same.Exploding the Phone tells this story in full for the first time. It traces the birth of long-distance communication and the telephone, the rise of AT&T's monopoly, the creation of the sophisticated machines that made it all work, and the discovery of Ma Bell's Achilles' heel. Phil Lapsley expertly weaves together the clandestine underground of "phone phreaks" who turned the network into their electronic playground, the mobsters who exploited its flaws to avoid the feds, the explosion of telephone hacking in the counterculture, and the war between the phreaks, the phone company, and the FBI.The product of extensive original research, Exploding the Phone is a ground-breaking, captivating book.