Book picks similar to
Linux Forensics by Philip Polstra
security
programming-it
hacking
0000000
Hacking the Xbox: An Introduction to Reverse Engineering
Andrew Huang - 2003
The book progresses into a discussion of the Xbox security mechanisms and other advanced hacking topics, with an emphasis on educating the readers on the important subjects of computer security and reverse engineering. Hacking the Xbox includes numerous practical guides, such as where to get hacking gear, soldering techniques, debugging tips and an Xbox hardware reference guide.Hacking the Xbox also confronts the social and political issues facing today's hacker by looking forward and discussing the impact of today's legal challenges on legitimate reverse engineering activities. The book includes a chapter written by the Electronic Frontier Foundation (EFF) about the rights and responsibilities of hackers, and concludes by discussing the latest trends and vulnerabilities in secure PC platforms.
Unauthorised Access: Physical Penetration Testing for IT Security Teams
Wil Allsopp - 2009
IT teams are now increasingly requesting physical penetration tests, but there is little available in terms of training. The goal of the test is to demonstrate any deficiencies in operating procedures concerning physical security.Featuring a Foreword written by world-renowned hacker Kevin D. Mitnick and lead author of The Art of Intrusion and The Art of Deception, this book is the first guide to planning and performing a physical penetration test. Inside, IT security expert Wil Allsopp guides you through the entire process from gathering intelligence, getting inside, dealing with threats, staying hidden (often in plain sight), and getting access to networks and data.Teaches IT security teams how to break into their own facility in order to defend against such attacks, which is often overlooked by IT security teams but is of critical importance Deals with intelligence gathering, such as getting access building blueprints and satellite imagery, hacking security cameras, planting bugs, and eavesdropping on security channels Includes safeguards for consultants paid to probe facilities unbeknown to staff Covers preparing the report and presenting it to management In order to defend data, you need to think like a thief-let Unauthorised Access show you how to get inside.
The Tangled Web: A Guide to Securing Modern Web Applications
Michal Zalewski - 2011
Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape.In The Tangled Web, Michal Zalewski, one of the world's top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they're fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. You'll learn how to:Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing Leverage many variants of the same-origin policy to safely compartmentalize complex web applications and protect user credentials in case of XSS bugs Build mashups and embed gadgets without getting stung by the tricky frame navigation policy Embed or host user-supplied content without running into the trap of content sniffing For quick reference, "Security Engineering Cheat Sheets" at the end of each chapter offer ready solutions to problems you're most likely to encounter. With coverage extending as far as planned HTML5 features, The Tangled Web will help you create secure web applications that stand the test of time.
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
Gordon Fyodor Lyon - 2009
From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book suits all levels of security and networking professionals. A 42-page reference guide documents every Nmap feature and option, while the rest of the book demonstrates how to apply those features to quickly solve real-world tasks. Examples and diagrams show actual communication on the wire. Topics include subverting firewalls and intrusion detection systems, optimizing Nmap performance, and automating common networking tasks with the Nmap Scripting Engine. Hints and instructions are provided for common uses such as taking network inventory, penetration testing, detecting rogue wireless access points, and quashing network worm outbreaks. Nmap runs on Windows, Linux, and Mac OS X.Nmap's original author, Gordon "Fyodor" Lyon, wrote this book to share everything he has learned about network scanning during more than 11 years of Nmap development. Visit http: //nmap.org/book for more information and sample chapters.
Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems
Chris Sanders - 2007
But how do you interpret those packets once you've captured them? And how can those packets help you to better understand what's going on under the hood of your network? Practical Packet Analysis shows how to use Wireshark to capture and then analyze packets as you take an indepth look at real-world packet analysis and network troubleshooting. The way the pros do it.Wireshark (derived from the Ethereal project), has become the world's most popular network sniffing application. But while Wireshark comes with documentation, there's not a whole lot of information to show you how to use it in real-world scenarios. Practical Packet Analysis shows you how to:Use packet analysis to tackle common network problems, such as loss of connectivity, slow networks, malware infections, and more Build customized capture and display filters Tap into live network communication Graph traffic patterns to visualize the data flowing across your network Use advanced Wireshark features to understand confusing packets Build statistics and reports to help you better explain technical network information to non-technical usersBecause net-centric computing requires a deep understanding of network communication at the packet level, Practical Packet Analysis is a must have for any network technician, administrator, or engineer troubleshooting network problems of any kind.
Nmap Cookbook: The Fat-free Guide to Network Scanning
Nicholas Marsh - 2010
Every Nmap feature is covered with visual examples to help you quickly understand and identify proper usage for practical results.Topics covered include:* Installation on Windows, Mac OS X, Unix/Linux platforms* Basic and advanced scanning techniques* Network inventory and security auditing* Firewall evasion techniques* Zenmap - A graphical front-end for Nmap* NSE - The Nmap Scripting Engine* Ndiff - A Nmap scan comparison utilitySimplified coverage of Nmap 5.00 features.
Secrets and Lies: Digital Security in a Networked World
Bruce Schneier - 2000
Identity Theft. Corporate Espionage. National secrets compromised. Can anyone promise security in our digital world?The man who introduced cryptography to the boardroom says no. But in this fascinating read, he shows us how to come closer by developing security measures in terms of context, tools, and strategy. Security is a process, not a product – one that system administrators and corporate executives alike must understand to survive.This edition updated with new information about post-9/11 security.
Defensive Security Handbook: Best Practices for Securing Infrastructure
Lee Brotherston - 2017
For companies obliged to improvise, this pragmatic guide provides a security-101 handbook with steps, tools, processes, and ideas to help you drive maximum-security improvement at little or no cost.Each chapter in this book provides step-by-step instructions for dealing with a specific issue, including breaches and disasters, compliance, network infrastructure and password management, vulnerability scanning, and penetration testing, among others. Network engineers, system administrators, and security professionals will learn tools and techniques to help improve security in sensible, manageable chunks.Learn fundamentals of starting or redesigning an InfoSec programCreate a base set of policies, standards, and proceduresPlan and design incident response, disaster recovery, compliance, and physical securityBolster Microsoft and Unix systems, network infrastructure, and password managementUse segmentation practices and designs to compartmentalize your networkExplore automated process and tools for vulnerability managementSecurely develop code to reduce exploitable errorsUnderstand basic penetration testing concepts through purple teamingDelve into IDS, IPS, SOC, logging, and monitoring
Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers
T.J. O'Connor - 2012
Instead of relying on another attacker's tools, this book will teach you to forge your own weapons using the Python programming language. This book demonstrates how to write Python scripts to automate large-scale network attacks, extract metadata, and investigate forensic artifacts. It also shows how to write code to intercept and analyze network traffic using Python, craft and spoof wireless frames to attack wireless and Bluetooth devices, and how to data-mine popular social media websites and evade modern anti-virus.
Zero Day: The Threat In Cyberspace
Robert O'Harrow Jr. - 2013
For more than a year, Washington Post reporter Robert O'Harrow has explored the threats proliferating in our digital universe. This eBook is a compilation of that reporting. With chapters built around real people, including hackers, security researchers and corporate executives, this book will help regular people, lawmakers and businesses better understand the mind-bending challenge of keeping the internet safe from hackers and security breaches -- and all out war.
Working with UNIX Processes
Jesse Storimer - 2011
Want to impress your coworkers and write the fastest, most efficient, stable code you ever have? Don't reinvent the wheel. Reuse decades of research into battle-tested, highly optimized, and proven techniques available on any Unix system.This book will teach you what you need to know so that you can write your own servers, debug your entire stack when things go awry, and understand how things are working under the hood.http://www.jstorimer.com/products/wor...
Cissp (Isc)2 Certified Information Systems Security Professional Official Study Guide
James Michael Stewart - 2003
This comprehensive book will guide readers through CISSP exam topics, including: Access ControlApplication Development SecurityBusiness Continuity and Disaster Recovery PlanningCryptographyInformation Security Governance and Risk Management Legal, Regulations, Investigations and ComplianceOperations SecurityPhysical (Environmental) SecuritySecurity Architecture and DesignTelecommunications and Network SecurityThis study guide will be complete with 100% coverage of the exam objectives, real world scenarios, hands-on exercises, and challenging review questions, both in the book as well via the exclusive Sybex Test Engine.
The Hobbyist's Guide to the RTL-SDR: Really Cheap Software Defined Radio
Carl Laufer - 2014
The RTL-SDR is a super cheap software defined radio based on DVB-T TV dongles that can be found for under $20. This book is about tips and tutorials that show you how to get the most out of your RTL-SDR dongle. Some projects described in this book are also compatible with other wideband SDRs like the HackRF, Airspy and SDR Play. What's in the book Learn how to set up your RTL-SDR with various free software defined radio programs such as SDR#, HDSDR, SDR-Radio and more. Learn all the little tricks and oddities that the dongle has. A whole chapter dedicated to improving the RTL-SDR's performance. Dozens of tutorials for fun RTL-SDR based projects such as ADS-B aircraft radar, AIS boat radar, ACARS decoding, receiving NOAA and Meteor-M2 weather satellite images, listening to and following trunked radios, decoding digital voice P25/DMR signals, decoding weather balloon telemetry, receiving DAB radio, analysing GSM and listening to TETRA signals, decoding pagers, receiving various HF signals such as ham radio modes, weatherfax and DRM radio, decoding digital D-STAR voice, an introduction to GNU Radio, decoding RDS, decoding APRS, measuring filters and SWR with low cost equipment, and many many more projects! Guide to antennas, cables and adapters. This book is updated every 3-4 months to ensure information is fresh and up to date. Updates are available for free for all customers. Note: To update the book you must manually contact Kindle support and request the update. Last updated to edition 4.1 on 15 June 2015.
Data Structures (SIE)
Seymour Lipschutz - 1986
The classic and popular text is back with refreshed pedagogy and programming problems helps the students to have an upper hand on the practical understanding of the subject. Salient Features: Expanded discussion on Recursion (Backtracking, Simulating Recursion), Spanning Trees. Covers all important topics like Strings, Arrays, Linked Lists, Trees Highly illustrative with over 300 figures and 400 solved and unsolved exercises Content 1.Introduction and Overview 2.Preliminaries 3.String Processing 4.Arrays, Records and Pointers 5.Linked Lists 6.S tacks, Queues, Recursion 7.Trees 8.Graphs and Their Applications 9.Sorting and Searching About the Author: Seymour Lipschutz Seymour Lipschutz, Professor of Mathematics, Temple University
The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System
Bill Blunden - 2009
Adopting an approach that favors full disclosure, The Rootkit Arsenal presents the most accessible, timely, and complete coverage of rootkit technology. This book covers more topics, in greater depth, than any other currently available. In doing so the author forges through the murky back alleys of the Internet, shedding light on material that has traditionally been poorly documented, partially documented, or intentionally undocumented.The spectrum of topics covered includes how to:* Hook kernel structures on multi-processor systems* Use a kernel debugger to reverse system internals* Inject call gates to create a back door into Ring-0* Use detour patches to sidestep group policy* Modify privilege levels on Vista by altering kernel objects* Utilize bootkit technology* Defeat live incident response and post-mortem forensics* Implement code armoring to protect your deliverables* Establish covert channels using the WSK and NDIS 6.0