But just how does the magic happen?In Black Hat Python, the latest from Justin Seitz (author of the best-selling Gray Hat Python), you'll explore the darker side of Python's capabilities writing network sniffers, manipulating packets, infecting virtual machines, creating stealthy trojans, and more. You'll learn how to:Create a trojan command-and-control using GitHubDetect sandboxing and automate common malware tasks, like keylogging and screenshottingEscalate Windows privileges with creative process controlUse offensive memory forensics tricks to retrieve password hashes and inject shellcode into a virtual machineExtend the popular Burp Suite web-hacking toolAbuse Windows COM automation to perform a man-in-the-browser attackExfiltrate data from a network most sneakilyInsider techniques and creative challenges throughout show you how to extend the hacks and how to write your own exploits.When it comes to offensive security, your ability to create powerful tools on the fly is indispensable. Learn how in Black Hat Python."

    But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors.Once you've built your foundation for penetration testing, you'll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You'll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks.Learn how to:Find and exploit unmaintained, misconfigured, and unpatched systems Perform reconnaissance and find valuable information about your target Bypass anti-virus technologies and circumvent security controls Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery Use the Meterpreter shell to launch further attacks from inside the network Harness standalone Metasploit utilities, third-party tools, and plug-ins Learn how to write your own Meterpreter post exploitation modules and scripts You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else's to the test, Metasploit: The Penetration Tester's Guide will take you there and beyond.

    In Turing’s Cathedral, George Dyson focuses on a small group of men and women, led by John von Neumann at the Institute for Advanced Study in Princeton, New Jersey, who built one of the first computers to realize Alan Turing’s vision of a Universal Machine. Their work would break the distinction between numbers that mean things and numbers that do things—and our universe would never be the same. Using five kilobytes of memory (the amount allocated to displaying the cursor on a computer desktop of today), they achieved unprecedented success in both weather prediction and nuclear weapons design, while tackling, in their spare time, problems ranging from the evolution of viruses to the evolution of stars. Dyson’s account, both historic and prophetic, sheds important new light on how the digital universe exploded in the aftermath of World War II. The proliferation of both codes and machines was paralleled by two historic developments: the decoding of self-replicating sequences in biology and the invention of the hydrogen bomb. It’s no coincidence that the most destructive and the most constructive of human inventions appeared at exactly the same time.  How did code take over the world? In retracing how Alan Turing’s one-dimensional model became John von Neumann’s two-dimensional implementation, Turing’s Cathedral offers a series of provocative suggestions as to where the digital universe, now fully three-dimensional, may be heading next.

    According to the August Forrester Report, 56 percent of IT managers interviewed at Global 2,500 companies are already using some type of open source software in their infrastructure and another 6 percent will install it in the next two years. This revolutionary model for collaborative software development is being embraced and studied by many of the biggest players in the high-tech industry, from Sun Microsystems to IBM to Intel.The Cathedral & the Bazaar is a must for anyone who cares about the future of the computer industry or the dynamics of the information economy. Already, billions of dollars have been made and lost based on the ideas in this book. Its conclusions will be studied, debated, and implemented for years to come. According to Bob Young, "This is Eric Raymond's great contribution to the success of the open source revolution, to the adoption of Linux-based operating systems, and to the success of open source users and the companies that supply them."The interest in open source software development has grown enormously in the past year. This revised and expanded paperback edition includes new material on open source developments in 1999 and 2000. Raymond's clear and effective writing style accurately describing the benefits of open source software has been key to its success. With major vendors creating acceptance for open source within companies, independent vendors will become the open source story in 2001.

    Navy intelligence officer, David Locke Hall was a federal prosecutor when a bizarre-sounding website, CRACK99, came to his attention. It looked like Craigslist on acid, but what it sold was anything but amateurish: thousands of high-tech software products used largely by the military, and for mere pennies on the dollar. Want to purchase satellite tracking software? No problem. Aerospace and aviation simulations? No problem. Communications systems designs? No problem. Software for Marine One, the presidential helicopter? No problem. With delivery times and customer service to rival the world’s most successful e-tailers, anybody, anywhere—including rogue regimes, terrorists, and countries forbidden from doing business with the United States—had access to these goods for any purpose whatsoever.But who was behind CRACK99, and where were they? The Justice Department discouraged potentially costly, risky cases like this, preferring the low-hanging fruit that scored points from politicians and the public. But Hall and his colleagues were determined to find the culprit. They bought CRACK99's products for delivery in the United States, buying more and more to appeal to the budding entrepreneur in the man they identified as Xiang Li. After winning his confidence, they lured him to Saipan—a U.S. commonwealth territory where Hall’s own father had stormed the beaches with the marines during World War II. There they set up an audacious sting that culminated in Xiang Li's capture and imprisonment. The value of the goods offered by CRACK99? A cool $100 million.An eye-opening look at cybercrime and its chilling consequences for national security, CRACK99 reads like a caper that resonates with every amazing detail.

    Tribe of Hackers wants to change that. We asked for industry, career, and personal advice from 70 cybersecurity luminaries who are ready to break down barriers and shatter ceilings. It's about time.This book can be a catalyst for change for anyone, from beginners trying to enter the industry, to practitioners looking to start their own firms. What tips do the founders of Dragos, Inc. and Duo Security have on starting a company? Do you need a college degree or certification to be a cybersecurity professional? What is the biggest bang-for-the-buck action your organization can take to improve its cybersecurity posture? What "life hacks" to real hackers use to make their own lives easier? What resources can women in cybersecurity utilize to maximize their potential?All proceeds from the book will go towards: Bunker Labs, Sickle Cell Disease Association of America, Rainforest Partnership, and Start-Up! Kid's Club.We can't wait to show you the most epic cybersecurity thought leadership collaborative effort, ever.(Source: Amazon.com)

    It examines Stallman's unique personality and how that personality has been at turns a driving force and a drawback in terms of the movement's overall success.Free as in Freedom examines one man's 20-year attempt to codify and communicate the ethics of 1970s era "hacking" culture in such a way that later generations might easily share and build upon the knowledge of their computing forebears. The book documents Stallman's personal evolution from teenage misfit to prescient adult hacker to political leader and examines how that evolution has shaped the free software movement. Like Alan Greenspan in the financial sector, Richard Stallman has assumed the role of tribal elder within the hacking community, a community that bills itself as anarchic and averse to central leadership or authority. How did this paradox come about? Free as in Freedom provides an answer. It also looks at how the latest twists and turns in the software marketplace have diminished Stallman's leadership role in some areas while augmenting it in others.Finally, Free as in Freedom examines both Stallman and the free software movement from historical viewpoint. Will future generations see Stallman as a genius or crackpot? The answer to that question depends partly on which side of the free software debate the reader currently stands and partly upon the reader's own outlook for the future. 100 years from now, when terms such as "computer," "operating system" and perhaps even "software" itself seem hopelessly quaint, will Richard Stallman's particular vision of freedom still resonate, or will it have taken its place alongside other utopian concepts on the 'ash-heap of history?'

    The most effective computer security strategies integrate network security monitoring (NSM): the collection and analysis of data to help you detect and respond to intrusions.In The Practice of Network Security Monitoring, Mandiant CSO Richard Bejtlich shows you how to use NSM to add a robust layer of protection around your networks — no prior experience required. To help you avoid costly and inflexible solutions, he teaches you how to deploy, build, and run an NSM operation using open source software and vendor-neutral tools.You'll learn how to:Determine where to deploy NSM platforms, and size them for the monitored networks Deploy stand-alone or distributed NSM installations Use command line and graphical packet analysis tools, and NSM consoles Interpret network evidence from server-side and client-side intrusions Integrate threat intelligence into NSM software to identify sophisticated adversaries There's no foolproof way to keep attackers out of your network. But when they get in, you'll be prepared. The Practice of Network Security Monitoring will show you how to build a security net to detect, contain, and control them. Attacks are inevitable, but losing sensitive data shouldn't be.

    The book is rich with historical detail and characters, as well as astonishing revelations about espionage carried out in recent times by the UK, US, and China. Using unique access to the National Security Agency, GCHQ, Chinese officials, and senior executives from some of the most powerful global technology companies, Gordon Corera has gathered compelling stories from heads of state, hackers and spies of all stripes.Cyberspies is a ground-breaking exploration of the new space in which the worlds of espionage, diplomacy, international business, science, and technology collide.

    Many accounts of the birth of personal computing have been written, but this is the first close look at the drug habits of the earliest pioneers." --New York TimesMost histories of the personal computer industry focus on technology or business. John Markoff's landmark book is about the culture and consciousness behind the first PCs--the culture being counter- and the consciousness expanded, sometimes chemically. It's a brilliant evocation of Stanford, California, in the 1960s and '70s, where a group of visionaries set out to turn computers into a means for freeing minds and information. In these pages one encounters Ken Kesey and the phone hacker Cap'n Crunch, est and LSD, The Whole Earth Catalog and the Homebrew Computer Lab. What the Dormouse Said is a poignant, funny, and inspiring book by one of the smartest technology writers around.

    The exam is designed to ensure that someone who is handling computer security in a company has a standardized body of knowledge. The book is composed of 10 domains of the Common Body of Knowledge. In each section, it defines each domain. It also provides tips on how to prepare for the exam and take the exam. It also contains CISSP practice quizzes to test ones knowledge. The first domain provides information about risk analysis and mitigation. It also discusses security governance. The second domain discusses different techniques for access control, which is the basis for all the security disciplines. The third domain explains the concepts behind cryptography, which is a secure way of communicating that is understood only by certain recipients. Domain 5 discusses security system design, which is fundamental for operating the system and software security components. Domain 6 is a critical domain in the Common Body of Knowledge, the Business Continuity Planning, and Disaster Recovery Planning. It is the final control against extreme events such as injury, loss of life, or failure of an organization. Domains 7, 8, and 9 discuss telecommunications and network security, application development security, and the operations domain, respectively. Domain 10 focuses on the major legal systems that provide a framework in determining the laws about information system.

    Until now, the journal has only been available online or printed and distributed for free at hacker conferences worldwide.Consistent with the journal's quirky, biblical style, this book comes with all the trimmings: a leatherette cover, ribbon bookmark, bible paper, and gilt-edged pages. The book features more than 80 technical essays from numerous famous hackers, authors of classics like "Reliable Code Execution on a Tamagotchi," "ELFs are Dorky, Elves are Cool," "Burning a Phone," "Forget Not the Humble Timing Attack," and "A Sermon on Hacker Privilege." Twenty-four full-color pages by Ange Albertini illustrate many of the clever tricks described in the text.

    Find the best of the magazine's writing in Best of 2600: A Hacker Odyssey, a collection of the strongest, most interesting, and often most controversial articles covering 24 years of changes in technology, all from a hacker's perspective. Included are stories about the creation of the infamous tone dialer "red box" that allowed hackers to make free phone calls from payphones, the founding of the Electronic Frontier Foundation, and the insecurity of modern locks.

    When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring.For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way.You'll learn how to:Set up a safe virtual environment to analyze malware Quickly extract network signatures and host-based indicators Use key analysis tools like IDA Pro, OllyDbg, and WinDbg Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques Use your newfound knowledge of Windows internals for malware analysis Develop a methodology for unpacking malware and get practical experience with five of the most popular packers Analyze special cases of malware with shellcode, C++, and 64-bit code Hands-on labs throughout the book challenge you to practice and synthesize your skills as you dissect real malware samples, and pages of detailed dissections offer an over-the-shoulder look at how the pros do it. You'll learn how to crack open malware to see how it really works, determine what damage it has done, thoroughly clean your network, and ensure that the malware never comes back.Malware analysis is a cat-and-mouse game with rules that are constantly changing, so make sure you have the fundamentals. Whether you're tasked with securing one network or a thousand networks, or you're making a living as a malware analyst, you'll find what you need to succeed in Practical Malware Analysis.

    Cryptography is vital to keeping information safe, in an era when the formula to do so becomes more and more challenging. Written by a team of world-renowned cryptography experts, this essential guide is the definitive introduction to all major areas of cryptography: message security, key negotiation, and key management. You'll learn how to think like a cryptographer. You'll discover techniques for building cryptography into products from the start and you'll examine the many technical changes in the field.After a basic overview of cryptography and what it means today, this indispensable resource covers such topics as block ciphers, block modes, hash functions, encryption modes, message authentication codes, implementation issues, negotiation protocols, and more. Helpful examples and hands-on exercises enhance your understanding of the multi-faceted field of cryptography.An author team of internationally recognized cryptography experts updates you on vital topics in the field of cryptography Shows you how to build cryptography into products from the start Examines updates and changes to cryptography Includes coverage on key servers, message security, authentication codes, new standards, block ciphers, message authentication codes, and more Cryptography Engineering gets you up to speed in the ever-evolving field of cryptography.