The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory


Michael Hale Ligh - 2014
    As a follow-up to the best seller Malware Analyst's Cookbook, experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics--now the most sought after skill in the digital forensics and incident response fields.Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory is based on a five day training course that the authors have presented to hundreds of students. It is the only book on the market that focuses exclusively on memory forensics and how to deploy such techniques properly. Discover memory forensics techniques:How volatile memory analysis improves digital investigations Proper investigative steps for detecting stealth malware and advanced threats How to use free, open source tools for conducting thorough memory forensics Ways to acquire memory from suspect systems in a forensically sound manner The next era of malware and security breaches are more sophisticated and targeted, and the volatile memory of a computer is often overlooked or destroyed as part of the incident response process. The Art of Memory Forensics explains the latest technological innovations in digital forensics to help bridge this gap. It covers the most popular and recently released versions of Windows, Linux, and Mac, including both the 32 and 64-bit editions.

The Tangled Web: A Guide to Securing Modern Web Applications


Michal Zalewski - 2011
    Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape.In The Tangled Web, Michal Zalewski, one of the world's top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they're fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. You'll learn how to:Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing Leverage many variants of the same-origin policy to safely compartmentalize complex web applications and protect user credentials in case of XSS bugs Build mashups and embed gadgets without getting stung by the tricky frame navigation policy Embed or host user-supplied content without running into the trap of content sniffing For quick reference, "Security Engineering Cheat Sheets" at the end of each chapter offer ready solutions to problems you're most likely to encounter. With coverage extending as far as planned HTML5 features, The Tangled Web will help you create secure web applications that stand the test of time.

How to Count (Programming for Mere Mortals, #1)


Steven Frank - 2011
    unsigned numbers- Floating point and fixed point arithmeticThis short, easily understood book will quickly get you thinking like a programmer.

The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws


Dafydd Stuttard - 2007
    The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications. The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results.The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger," Dafydd developed the popular Burp Suite of web application hack tools.

Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software


Michael Sikorski - 2011
    When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring.For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way.You'll learn how to:Set up a safe virtual environment to analyze malware Quickly extract network signatures and host-based indicators Use key analysis tools like IDA Pro, OllyDbg, and WinDbg Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques Use your newfound knowledge of Windows internals for malware analysis Develop a methodology for unpacking malware and get practical experience with five of the most popular packers Analyze special cases of malware with shellcode, C++, and 64-bit code Hands-on labs throughout the book challenge you to practice and synthesize your skills as you dissect real malware samples, and pages of detailed dissections offer an over-the-shoulder look at how the pros do it. You'll learn how to crack open malware to see how it really works, determine what damage it has done, thoroughly clean your network, and ensure that the malware never comes back.Malware analysis is a cat-and-mouse game with rules that are constantly changing, so make sure you have the fundamentals. Whether you're tasked with securing one network or a thousand networks, or you're making a living as a malware analyst, you'll find what you need to succeed in Practical Malware Analysis.

Networking for Systems Administrators (IT Mastery Book 5)


Michael W. Lucas - 2015
    Servers give sysadmins a incredible visibility into the network—once they know how to unlock it. Most sysadmins don’t need to understand window scaling, or the differences between IPv4 and IPv6 echo requests, or other intricacies of the TCP/IP protocols. You need only enough to deploy your own applications and get easy support from the network team.This book teaches you:•How modern networks really work•The essentials of TCP/IP•The next-generation protocol, IPv6•The right tools to diagnose network problems, and how to use them•Troubleshooting everything from the physical wire to DNS•How to see the traffic you send and receive•Connectivity testing•How to communicate with your network team to quickly resolve problemsA systems administrator doesn’t need to know the innards of TCP/IP, but knowing enough to diagnose your own network issues transforms a good sysadmin into a great one.

The Shellcoder's Handbook: Discovering and Exploiting Security Holes


Jack Koziol - 2004
    This much-anticipated revision, written by the ultimate group of top security experts in the world, features 40 percent new content on how to find security holes in any operating system or applicationNew material addresses the many new exploitation techniques that have been discovered since the first edition, including attacking "unbreakable" software packages such as McAfee's Entercept, Mac OS X, XP, Office 2003, and VistaAlso features the first-ever published information on exploiting Cisco's IOS, with content that has never before been exploredThe companion Web site features downloadable code files

CEH Certified Ethical Hacker Study Guide


Kimberly Graves - 2010
    That's the philosophy behind ethical hacking, and it's a growing field. Prepare for certification in this important area with this advanced study guide that covers all exam objectives for the challenging CEH Certified Ethical Hackers exam. The book provides full coverage of exam topics, real-world examples, and a CD with additional materials for extra review and practice. Covers ethics and legal issues, footprinting, scanning, enumeration, system hacking, trojans and backdoors, sniffers, denial of service, social engineering, session hijacking, hacking Web servers, Web application vulnerabilities, and more Walks you through exam topics and includes plenty of real-world scenarios to help reinforce concepts Includes a CD with review questions, bonus exams, and more study tools This is the ideal guide to prepare you for the new CEH certification exam. Reviews

Applied Cryptography: Protocols, Algorithms, and Source Code in C


Bruce Schneier - 1993
    … The book the National Security Agency wanted never to be published." –Wired Magazine "…monumental… fascinating… comprehensive… the definitive work on cryptography for computer programmers…" –Dr. Dobb's Journal"…easily ranks as one of the most authoritative in its field." —PC Magazine"…the bible of code hackers." –The Millennium Whole Earth CatalogThis new edition of the cryptography classic provides you with a comprehensive survey of modern cryptography. The book details how programmers and electronic communications professionals can use cryptography—the technique of enciphering and deciphering messages-to maintain the privacy of computer data. It describes dozens of cryptography algorithms, gives practical advice on how to implement them into cryptographic software, and shows how they can be used to solve security problems. Covering the latest developments in practical cryptographic techniques, this new edition shows programmers who design computer applications, networks, and storage systems how they can build security into their software and systems. What's new in the Second Edition? * New information on the Clipper Chip, including ways to defeat the key escrow mechanism * New encryption algorithms, including algorithms from the former Soviet Union and South Africa, and the RC4 stream cipher * The latest protocols for digital signatures, authentication, secure elections, digital cash, and more * More detailed information on key management and cryptographic implementations

Stealing the Network: The Complete Series Collector's Edition, Final Chapter, and DVD: The Complete Series


Johnny Long - 2009
    It combines stories that are fictional, with technology that is real. While none of the stories have happened, there is no reason why they could not. You could argue it provides a road map for criminal hackers, but I say it does something else: it provides a glimpse into the creative minds of some of today's best hackers, and even the best hackers will tell you that the game is a mental one' - from the Foreword to the first "Stealing the Network" book, "How to Own the Box", Jeff Moss, Founder & Director, Black Hat, Inc. and Founder of DEFCON. For the very first time, the complete "Stealing the Network" epic is available in an enormous, over 1000 page volume complete with the final chapter of the saga and a DVD filled with behind the scenes video footage! These groundbreaking books created a fictional world of hacker superheroes and villains based on real world technology, tools, and tactics. It is almost as if the authors peered into the future as many of the techniques and scenarios in these books have come to pass. This book contains all of the material from each of the four books in the "Stealing the Network" series. All of the stories and tech from: "How to Own the Box"; "How to Own a Continent"; "How to Own an Identity"; and, "How to Own a Shadow". Plus: finally - find out how the story ends! The final chapter is here! There is a DVD full of behind the scenes stories and insider info about the making of these cult classics! Now for the first time the entire series is one 1000 plus page book. The DVD contains 20 minutes of behind the scenes footage. Readers will finally learn the fate of 'Knuth' in the much anticipated final chapter.

Two Scoops of Django: Best Practices for Django 1.6


Daniel Roy Greenfeld - 2014
    

Windows 10: The Missing Manual


David Pogue - 2015
    Windows 10 (a free update to users of Windows 8 or Windows 7) fixes a number of the problems introduced by the revolution in Windows 8 and offers plenty of new features, such as the new Spartan web browser, Cortana voice-activated "personal assistant," new universal apps (that run on tablet, phone, and computer), and more. But to really get the most out of the new operating system, you're going to need a guide.Thankfully, Windows 10: The Missing Manual will be there to help. Like its predecessors, this book from the founder of Yahoo Tech, previous New York Times columnist, bestselling author, and Missing Manuals creator David Pogue illuminates its subject with technical insight, plenty of wit, and hardnosed objectivity for beginners, veteran standalone PC users, new tablet owners, and those who know their way around a network.

Black Hat Python: Python Programming for Hackers and Pentesters


Justin Seitz - 2014
    But just how does the magic happen?In Black Hat Python, the latest from Justin Seitz (author of the best-selling Gray Hat Python), you'll explore the darker side of Python's capabilities writing network sniffers, manipulating packets, infecting virtual machines, creating stealthy trojans, and more. You'll learn how to:Create a trojan command-and-control using GitHubDetect sandboxing and automate common malware tasks, like keylogging and screenshottingEscalate Windows privileges with creative process controlUse offensive memory forensics tricks to retrieve password hashes and inject shellcode into a virtual machineExtend the popular Burp Suite web-hacking toolAbuse Windows COM automation to perform a man-in-the-browser attackExfiltrate data from a network most sneakilyInsider techniques and creative challenges throughout show you how to extend the hacks and how to write your own exploits.When it comes to offensive security, your ability to create powerful tools on the fly is indispensable. Learn how in Black Hat Python."

Essential PHP Security


Chris Shiflett - 2005
    It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks.Security is an issue that demands attention, given the growing frequency of attacks on web sites. Essential PHP Security explains the most common types of attacks and how to write code that isn't susceptible to them. By examining specific attacks and the techniques used to protect against them, you will have a deeper understanding and appreciation of the safeguards you are about to learn in this book.In the much-needed (and highly-requested) Essential PHP Security, each chapter covers an aspect of a web application (such as form processing, database programming, session management, and authentication). Chapters describe potential attacks with examples and then explain techniques to help you prevent those attacks.Topics covered include:Preventing cross-site scripting (XSS) vulnerabilitiesProtecting against SQL injection attacksComplicating session hijacking attemptsYou are in good hands with author Chris Shiflett, an internationally-recognized expert in the field of PHP security. Shiflett is also the founder and President of Brain Bulb, a PHP consultancy that offers a variety of services to clients around the world.

Security Engineering: A Guide to Building Dependable Distributed Systems


Ross J. Anderson - 2008
    Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy and as they specialize, they get better. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice. Here's straight talk on critical topics such as technical engineering basics, types of attack, specialized protection mechanisms, security psychology, policy, and more.