Perhaps both. On the eighth floor of an ordinary-looking building in an otherwise residential district of southwest Moscow, in a room occupied by the Federal Security Service (FSB), is a box the size of a VHS player marked SORM. The Russian government's front line in the battle for the future of the Internet, SORM is the world's most intrusive listening device, monitoring e-mails, Internet usage, Skype, and all social networks. But for every hacker subcontracted by the FSB to interfere with Russia's antagonists abroad -- such as those who, in a massive denial-of-service attack, overwhelmed the entire Internet in neighboring Estonia -- there is a radical or an opportunist who is using the web to chip away at the power of the state at home. Drawing from scores of interviews personally conducted with numerous prominent officials in the Ministry of Communications and web-savvy activists challenging the state, Andrei Soldatov and Irina Borogan peel back the history of advanced surveillance systems in Russia. From research laboratories in Soviet-era labor camps, to the legalization of government monitoring of all telephone and Internet communications in the 1990s, to the present day, their incisive and alarming investigation into the Kremlin's massive online-surveillance state exposes just how easily a free global exchange can be coerced into becoming a tool of repression and geopolitical warfare. Dissidents, oligarchs, and some of the world's most dangerous hackers collide in the uniquely Russian virtual world of The Red Web.

    The concept is as old as the Devil's Advocate, the eleventh-century Vatican official charged with discrediting candidates for sainthood. Today, red teams are used widely in both the public and the private sector by those seeking to better understand the interests, intentions, and capabilities of institutional rivals. In the right circumstances, red teams can yield impressive results, giving businesses an edge over their competition, poking holes in vital intelligence estimates, and troubleshooting dangerous military missions long before boots are on the ground. But not all red teams are created equal; indeed, some cause more damage than they prevent. Drawing on a fascinating range of case studies, Red Team shows not only how to create and empower red teams, but also what to do with the information they produce. In this vivid, deeply-informed account, national security expert Micah Zenko provides the definitive book on this important strategy -- full of vital insights for decision makers of all kinds.

    I asked other people and they didn't seem to know how these things work, or at least they couldn't explain them in a way that I could understand. Counter Hack Reloaded is the clearest explanation of these tools I have ever seen. Thank you!" --Stephen Northcutt, CEO, SANS Institute "Ed Skoudis does it again! With this new edition, Ed takes a phenomenal work to the next level! This book is a 'must-have' and a 'must-read' for anyone remotely associated with computers and computer security." --Harlan Carvey, CISSP, author of Windows Forensics and Incident Recovery "Ed Skoudis is a rare individual. He knows the innards of all the various systems, knows all the latest exploits and defenses, and yet is able to explain everything at just the right level. The first edition of Counter Hack was a fascinating read. It's technically intriguing and very clear. . . . A book on vulnerabilities, though, will get out of date, and so we definitely needed this updated and significantly rewritten second edition. This book is a wonderful overview of the field." --From the Foreword by Radia Perlman, series editor, The Radia Perlman Series in Computer Networking and Security; author of Interconnections; and coauthor of Network Security: Private Communications in a Public World "What a great partnership! Ed Skoudis and Tom Liston share an uncanny talent for explaining even the most challenging security concepts in a clear and enjoyable manner. Counter Hack Reloaded is an indispensable resource for those who want to improve their defenses and understand the mechanics of computer attacks." --Lenny Zeltser, coauthor of Malware: Fighting Malicious Code "Ed Skoudis does it again! With this new edition, Ed takes a phenomenal work to the next level! This book is a 'must-have' and a 'must-read' for anyone remotely associated with computers and computer security." --Harlan Carvey, CISSP, author of Windows Forensics and Incident Recovery "In addition to having breadth of knowledge about and probing insights into network security, Ed Skoudis's real strength is in his ability to show complex topics in an understandable form. By the time he's done, what started off as a hopeless conglomeration of acronyms starts to sound comfortable and familiar. This book is your best source for understanding attack strategies, attack tools, and the defenses against both." --William Stearns, network security expert, www.stearns.org "This book is a must-have for anyone in the Internet security game. It covers everything from the basic principles to the fine details of online attack methods and counter-strategies and is very engagingly written." --Warwick Ford, coauthor of Secure Electronic Commerce For years, Counter Hack has been the primary resource for every network/system administrator and security professional who needs a deep, hands-on understanding of hacker attacks and countermeasures. Now, leading network security expert Ed Skoudis, with Tom Liston, has thoroughly updated this best-selling guide, showing how to defeat today's newest, most sophisticated, and most destructive attacks.For this second edition, more than half the content is new and updated, including coverage of the latest hacker techniques for scanning networks, gaining and maintaining access, and preventing detection. The authors walk you through each attack and demystify every tool and tactic. You'll learn exactly how to establish effective defenses, recognize attacks in progress, and respond quickly and effectively in both UNIX/Linux and Windows environments.Important features of this new edition includeAll-new "anatomy-of-an-attack" scenarios and tools An all-new section on wireless hacking: war driving, wireless sniffing attacks, and more Fully updated coverage of reconnaissance tools, including Nmap port scanning and "Google hacking" New coverage of tools for gaining access, including uncovering Windows and Linux vulnerabilities with Metasploit New information on dangerous, hard-to-detect, kernel-mode rootkits

    Bannon had long sensed that deep within America's soul lurked an explosive tension. Cambridge Analytica had the data to prove it, and in 2016 Bannon had a presidential campaign to use as his proving ground.Christopher Wylie might have seemed an unlikely figure to be at the center of such an operation. Canadian and liberal in his politics, he was only twenty-four when he got a job with a London firm that worked with the U.K. Ministry of Defense and was charged putatively with helping to build a team of data scientists to create new tools to identify and combat radical extremism online. In short order, those same military tools were turned to political purposes, and Cambridge Analytica was born. Wylie's decision to become a whistleblower prompted the largest data crime investigation in history. His story is both exposé and dire warning about a sudden problem born of very new and powerful capabilities. It has not only exposed the profound vulnerabilities and profound carelessness in the enormous companies that drive the attention economy, it has also exposed the profound vulnerabilities of democracy itself. What happened in 2016 was just a trial run. Ruthless actors are coming for your data, and they want to control what you think.

    Navy intelligence officer, David Locke Hall was a federal prosecutor when a bizarre-sounding website, CRACK99, came to his attention. It looked like Craigslist on acid, but what it sold was anything but amateurish: thousands of high-tech software products used largely by the military, and for mere pennies on the dollar. Want to purchase satellite tracking software? No problem. Aerospace and aviation simulations? No problem. Communications systems designs? No problem. Software for Marine One, the presidential helicopter? No problem. With delivery times and customer service to rival the world’s most successful e-tailers, anybody, anywhere—including rogue regimes, terrorists, and countries forbidden from doing business with the United States—had access to these goods for any purpose whatsoever.But who was behind CRACK99, and where were they? The Justice Department discouraged potentially costly, risky cases like this, preferring the low-hanging fruit that scored points from politicians and the public. But Hall and his colleagues were determined to find the culprit. They bought CRACK99's products for delivery in the United States, buying more and more to appeal to the budding entrepreneur in the man they identified as Xiang Li. After winning his confidence, they lured him to Saipan—a U.S. commonwealth territory where Hall’s own father had stormed the beaches with the marines during World War II. There they set up an audacious sting that culminated in Xiang Li's capture and imprisonment. The value of the goods offered by CRACK99? A cool $100 million.An eye-opening look at cybercrime and its chilling consequences for national security, CRACK99 reads like a caper that resonates with every amazing detail.

    The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications. The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results.The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger," Dafydd developed the popular Burp Suite of web application hack tools.

    Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy and as they specialize, they get better. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice. Here's straight talk on critical topics such as technical engineering basics, types of attack, specialized protection mechanisms, security psychology, policy, and more.

    With all our media now traveling a single network, an unprecedented potential is building for centralized control over what Americans see and hear. Could history repeat itself with the next industrial consolidation? Could the Internet—the entire flow of American information—come to be ruled by one corporate leviathan in possession of “the master switch”? That is the big question of Tim Wu’s pathbreaking book.As Wu’s sweeping history shows, each of the new media of the twentieth century—radio, telephone, television, and film—was born free and open. Each invited unrestricted use and enterprising experiment until some would-be mogul battled his way to total domination. Here are stories of an uncommon will to power, the power over information: Adolph Zukor, who took a technology once used as commonly as YouTube is today and made it the exclusive prerogative of a kingdom called Hollywood . . . NBC’s founder, David Sarnoff, who, to save his broadcast empire from disruptive visionaries, bullied one inventor (of electronic television) into alcoholic despair and another (this one of FM radio, and his boyhood friend) into suicide . . . And foremost, Theodore Vail, founder of the Bell System, the greatest information empire of all time, and a capitalist whose faith in Soviet-style central planning set the course of every information industry thereafter.Explaining how invention begets industry and industry begets empire—a progress often blessed by government, typically with stifling consequences for free expression and technical innovation alike—Wu identifies a time-honored pattern in the maneuvers of today’s great information powers: Apple, Google, and an eerily resurgent AT&T. A battle royal looms for the Internet’s future, and with almost every aspect of our lives now dependent on that network, this is one war we dare not tune out.Part industrial exposé, part meditation on what freedom requires in the information age, The Master Switch is a stirring illumination of a drama that has played out over decades in the shadows of our national life and now culminates with terrifying implications for our future.

    Foreword by Gen. Michael V. Hayden (Retd.), Former Director of NSA & CIAIn the late 1970s, the National Security Agency still did not officially exist--those in the know referred to it dryly as the No Such Agency. So why, when NSA engineer Charles Gandy filed for a visa to visit Moscow, did the Russian Foreign Ministry assert with confidence that he was a spy?Outsmarting honey traps and encroaching deep enough into enemy territory to perform complicated technical investigations, Gandy accomplished his mission in Russia, but discovered more than State and CIA wanted him to know.Eric Haseltine's The Spy in Moscow Station tells of a time when--much like today--Russian spycraft had proven itself far beyond the best technology the U.S. had to offer. The perils of American arrogance mixed with bureaucratic infighting left the country unspeakably vulnerable to ultra-sophisticated Russian electronic surveillance and espionage.This is the true story of unorthodox, underdog intelligence officers who fought an uphill battle against their own government to prove that the KGB had pulled off the most devastating penetration of U.S. national security in history. If you think The Americans isn't riveting enough, you'll love this toe-curling nonfiction thriller.

    But how do you interpret those packets once you've captured them? And how can those packets help you to better understand what's going on under the hood of your network? Practical Packet Analysis shows how to use Wireshark to capture and then analyze packets as you take an indepth look at real-world packet analysis and network troubleshooting. The way the pros do it.Wireshark (derived from the Ethereal project), has become the world's most popular network sniffing application. But while Wireshark comes with documentation, there's not a whole lot of information to show you how to use it in real-world scenarios. Practical Packet Analysis shows you how to:Use packet analysis to tackle common network problems, such as loss of connectivity, slow networks, malware infections, and more Build customized capture and display filters Tap into live network communication Graph traffic patterns to visualize the data flowing across your network Use advanced Wireshark features to understand confusing packets Build statistics and reports to help you better explain technical network information to non-technical usersBecause net-centric computing requires a deep understanding of network communication at the packet level, Practical Packet Analysis is a must have for any network technician, administrator, or engineer troubleshooting network problems of any kind.

    Reverse engineering is not about reading assembly code, but actually understanding how different pieces/components in a system work. To reverse engineer a system is to understand how it is constructed and how it works. The book provides: Coverage of x86, x64, and ARM. In the past x86 was the most common architecture on the PC; however, times have changed and x64 is becoming the dominant architecture. It brings new complexity and constructs previously not present in x86. ARM ("Advanced RISC Machine) "is very common in embedded / consumer electronic devices; for example, most if not all cell phones run on ARM. All of apple's i-devices run on ARM. This book will be the first book to cover all three.Discussion of Windows kernel-mode code (rootkits/drivers). This topic has a steep learning curve so most practitioners stay away from this area because it is highly complex. However, this book will provide a concise treatment of this topic and explain how to analyze drivers step-by-step.The book uses real world examples from the public domain. The best way to learn is through a combination of concept discussions, examples, and exercises. This book uses real-world trojans / rootkits as examples congruent with real-life scenariosHands-on exercises. End-of-chapter exercises in the form of conceptual questions and hands-on analysis so so readers can solidify their understanding of the concepts and build confidence. The exercises are also meant to teach readers about topics not covered in the book.

    But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors.Once you've built your foundation for penetration testing, you'll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You'll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks.Learn how to:Find and exploit unmaintained, misconfigured, and unpatched systems Perform reconnaissance and find valuable information about your target Bypass anti-virus technologies and circumvent security controls Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery Use the Meterpreter shell to launch further attacks from inside the network Harness standalone Metasploit utilities, third-party tools, and plug-ins Learn how to write your own Meterpreter post exploitation modules and scripts You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else's to the test, Metasploit: The Penetration Tester's Guide will take you there and beyond.

    Now, THE OPERATORS will lead us even deeper into the war, its politics, and its major players at a time when such insight is demanded and desperately needed. Based on exclusive reporting in Afghanistan, Europe, the Middle East, and Washington, DC, this landmark work of journalism will elucidate as never before the United States' involvement in Afghanistan in vivid, unforgettable detail. Part wild travelogue, part expos, and part sobering analysis, THE OPERATORS promises an unprecedented behind-the-scenes account of the war from the only journalist uniquely poised to tell it.

    From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book suits all levels of security and networking professionals. A 42-page reference guide documents every Nmap feature and option, while the rest of the book demonstrates how to apply those features to quickly solve real-world tasks. Examples and diagrams show actual communication on the wire. Topics include subverting firewalls and intrusion detection systems, optimizing Nmap performance, and automating common networking tasks with the Nmap Scripting Engine. Hints and instructions are provided for common uses such as taking network inventory, penetration testing, detecting rogue wireless access points, and quashing network worm outbreaks. Nmap runs on Windows, Linux, and Mac OS X.Nmap's original author, Gordon "Fyodor" Lyon, wrote this book to share everything he has learned about network scanning during more than 11 years of Nmap development. Visit http: //nmap.org/book for more information and sample chapters.

    Every Nmap feature is covered with visual examples to help you quickly understand and identify proper usage for practical results.Topics covered include:* Installation on Windows, Mac OS X, Unix/Linux platforms* Basic and advanced scanning techniques* Network inventory and security auditing* Firewall evasion techniques* Zenmap - A graphical front-end for Nmap* NSE - The Nmap Scripting Engine* Ndiff - A Nmap scan comparison utilitySimplified coverage of Nmap 5.00 features.