But just how does the magic happen?In Black Hat Python, the latest from Justin Seitz (author of the best-selling Gray Hat Python), you'll explore the darker side of Python's capabilities writing network sniffers, manipulating packets, infecting virtual machines, creating stealthy trojans, and more. You'll learn how to:Create a trojan command-and-control using GitHubDetect sandboxing and automate common malware tasks, like keylogging and screenshottingEscalate Windows privileges with creative process controlUse offensive memory forensics tricks to retrieve password hashes and inject shellcode into a virtual machineExtend the popular Burp Suite web-hacking toolAbuse Windows COM automation to perform a man-in-the-browser attackExfiltrate data from a network most sneakilyInsider techniques and creative challenges throughout show you how to extend the hacks and how to write your own exploits.When it comes to offensive security, your ability to create powerful tools on the fly is indispensable. Learn how in Black Hat Python."

    But how do you interpret those packets once you've captured them? And how can those packets help you to better understand what's going on under the hood of your network? Practical Packet Analysis shows how to use Wireshark to capture and then analyze packets as you take an indepth look at real-world packet analysis and network troubleshooting. The way the pros do it.Wireshark (derived from the Ethereal project), has become the world's most popular network sniffing application. But while Wireshark comes with documentation, there's not a whole lot of information to show you how to use it in real-world scenarios. Practical Packet Analysis shows you how to:Use packet analysis to tackle common network problems, such as loss of connectivity, slow networks, malware infections, and more Build customized capture and display filters Tap into live network communication Graph traffic patterns to visualize the data flowing across your network Use advanced Wireshark features to understand confusing packets Build statistics and reports to help you better explain technical network information to non-technical usersBecause net-centric computing requires a deep understanding of network communication at the packet level, Practical Packet Analysis is a must have for any network technician, administrator, or engineer troubleshooting network problems of any kind.

    And this may sound weirdly obvious, but every single one of those pieces of software was written by a programmer. Programmers are thus among the most quietly influential people on the planet. As we live in a world made of software, they're the architects. The decisions they make guide our behavior. When they make something newly easy to do, we do a lot more of it. If they make it hard or impossible to do something, we do less of it.If we want to understand how today's world works, we ought to understand something about coders. Who exactly are the people that are building today's world? What makes them tick? What type of personality is drawn to writing software? And perhaps most interestingly -- what does it do to them?One of the first pieces of coding a newbie learns is the program to make the computer say "Hello, world!" Like that piece of code, Clive Thompson's book is a delightful place to begin to understand this vocation, which is both a profession and a way of life, and which essentially didn't exist little more than a generation ago, but now is considered just about the only safe bet we can make about what the future holds. Thompson takes us close to some of the great coders of our time, and unpacks the surprising history of the field, beginning with the first great coders, who were women. Ironically, if we're going to traffic in stereotypes, women are arguably "naturally" better at coding than men, but they were written out of the history, and shoved out of the seats, for reasons that are illuminating. Now programming is indeed, if not a pure brotopia, at least an awfully homogenous community, which attracts people from a very narrow band of backgrounds and personality types. As Thompson learns, the consequences of that are significant - not least being a fetish for disruption at scale that doesn't leave much time for pondering larger moral issues of collateral damage. At the same time, coding is a marvelous new art form that has improved the world in innumerable ways, and Thompson reckons deeply, as no one before him has, with what great coding in fact looks like, who creates it, and where they come from. To get as close to his subject has he can, he picks up the thread of his own long-abandoned coding practice, and tries his mightiest to up his game, with some surprising results.More and more, any serious engagement with the world demands an engagement with code and its consequences, and to understand code, we must understand coders. In that regard, Clive Thompson's Hello, World! is a marvelous and delightful master class.

    More importantly, this book provides a framework for thinking about computer organization and design that will enable the reader to continue the lifetime of learning necessary for staying at the forefront of this competitive discipline. --John Crawford Intel Fellow Director of Microprocessor Architecture, Intel The performance of software systems is dramatically affected by how well software designers understand the basic hardware technologies at work in a system. Similarly, hardware designers must understand the far reaching effects their design decisions have on software applications. For readers in either category, this classic introduction to the field provides a deep look into the computer. It demonstrates the relationship between the software and hardware and focuses on the foundational concepts that are the basis for current computer design. Using a distinctive learning by evolution approach the authors present each idea from its first principles, guiding readers through a series of worked examples that incrementally add more complex instructions until they ha

    The exam is designed to ensure that someone who is handling computer security in a company has a standardized body of knowledge. The book is composed of 10 domains of the Common Body of Knowledge. In each section, it defines each domain. It also provides tips on how to prepare for the exam and take the exam. It also contains CISSP practice quizzes to test ones knowledge. The first domain provides information about risk analysis and mitigation. It also discusses security governance. The second domain discusses different techniques for access control, which is the basis for all the security disciplines. The third domain explains the concepts behind cryptography, which is a secure way of communicating that is understood only by certain recipients. Domain 5 discusses security system design, which is fundamental for operating the system and software security components. Domain 6 is a critical domain in the Common Body of Knowledge, the Business Continuity Planning, and Disaster Recovery Planning. It is the final control against extreme events such as injury, loss of life, or failure of an organization. Domains 7, 8, and 9 discuss telecommunications and network security, application development security, and the operations domain, respectively. Domain 10 focuses on the major legal systems that provide a framework in determining the laws about information system.

    The SY0-301 version covers every aspect of the SY0-301 exam, and includes the same elements readers raved about in the previous version. Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action. The author uses many of the same analogies and explanations he’s honed in the classroom that have helped hundreds of students master the Security+ content. You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important. Over 400 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes a 100 question pre-test, a 100 question post-test, and practice test questions at the end of every chapter. Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it. If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-401 study guide is for any IT or security professional interested in advancing in their field, and a must read for anyone striving to master the basics of IT systems security. The author also posts related blogs to supplement the book at http://blogs.getcertifiedgetahead.com/.

    Principles of Information Security, Third Edition builds on internationally recognized standards and bodies of knowledge to provide the knowledge and skills that information systems students need for their future roles as business decision-makers. Coverage includes key knowledge areas of the CISSP (Certified Information Systems Security Professional), as well as risk management, cryptography, physical security, and more. The third edition has retained the real-world examples and scenarios that made previous editions so successful, but has updated the content to reflect technology's latest capabilities and trends. With this emphasis on currency and comprehensive coverage, readers can feel confident that they are using a standards-based, content-driven resource to prepare them for their work in the field.

    IT teams are now increasingly requesting physical penetration tests, but there is little available in terms of training. The goal of the test is to demonstrate any deficiencies in operating procedures concerning physical security.Featuring a Foreword written by world-renowned hacker Kevin D. Mitnick and lead author of The Art of Intrusion and The Art of Deception, this book is the first guide to planning and performing a physical penetration test. Inside, IT security expert Wil Allsopp guides you through the entire process from gathering intelligence, getting inside, dealing with threats, staying hidden (often in plain sight), and getting access to networks and data.Teaches IT security teams how to break into their own facility in order to defend against such attacks, which is often overlooked by IT security teams but is of critical importance Deals with intelligence gathering, such as getting access building blueprints and satellite imagery, hacking security cameras, planting bugs, and eavesdropping on security channels Includes safeguards for consultants paid to probe facilities unbeknown to staff Covers preparing the report and presenting it to management In order to defend data, you need to think like a thief-let Unauthorised Access show you how to get inside.

    Discover how the basic TCP/IP technology has survived and evolved over two decades of exponential growth, and understand the TCP/IP protocols and technical advances. This edition explains emerging technologies such as Mobile IP, Virtual Private Networks, resource reservation with RSVP, and Ipv6. Comer reveals how to master TCP/IP and how the Internet works. The reader is required to have a modest background in the fundamentals of computer systems, but does not need sophisticated mathematics. As with previous editions, this edition provides an introduction to physical networks and then shows how they are combined to form an internet. It states design principles clearly, and discusses motivations and consequences. THIS NEW EDITION OF VOLUME 1: *Explains how voice and video are sent over IP internets and how IP Telephony operates *Describes Mobile IP (a technology that allows a computer to move fr

    But the state-of-the-art has moved forward dramatically since Meyers last updated this book in 1997. (For instance, there s now STL. Design patterns. Even new functionality being added through TR1 and Boost.) So Meyers has done a top-to-bottom rewrite, identifying the 55 most valuable techniques you need now to be exceptionally effective with C++. Over half of this edition s content is new. Templates broadly impact C++ development, and you ll find them everywhere. There s extensive coverage of multithreaded systems. There s an entirely new chapter on resource management. You ll find substantial new coverage of exceptions. Much is gained, but nothing s lost: You ll find the same depth of practical insight that first made Effective C++ a classic all those years ago. Bill Camarda, from the July 2005 href="http://www.barnesandnoble.com/newslet... Only

    Now, 10 years later and in the third edition, this classic still reigns supreme as the book written by an SQL master that teaches future SQL masters. These are not just tips and techniques; Joe also offers the best solutions to old and new challenges and conveys the way you need to think in order to get the most out of SQL programming efforts for both correctness and performance.In the third edition, Joe features new examples and updates to SQL-99, expanded sections of Query techniques, and a new section on schema design, with the same war-story teaching style that made the first and second editions of this book classics.

    The book covers all of the new CompTIA Security+ 2008 exam objectives and maps to the new Security+ 2008 exam. This updated edition features many all-new topics, including topics new to the CompTIA exams like cross site scripting, SQL injection, rootkits, and virtualization, as well as topics of increasing importance in the industry as a whole, like the latest breeds of attackers, Wi-Fi Protected Access 2, and Microsoft Windows Vista security.

    I hope it helps you too!

    Big Blue, as the company is known, tends to rely for its success on magical thinking but that magic ran out a long time ago. The company got in trouble back in the 1990s and had to hire for the first time an outside CEO, Lou Gerstner, to save the day. Gerstner pushed IBM into services with spectacular results but this hurt the company, too. As services have became commoditized IBM could only compete by offshoring the work and quality suffered. The other negative impact of Gerstner was his compensation which was for the first time in IBM history very high. Only the Watson family had become rich running IBM with later CEOs like John Opel and John Akers living comfortable lives with lots of perks, but they never got BIG RICH. That changed with Gerstner. Sam Palmisano an IBM lifer followed Gerstner as CEO and followed, too, the Gerstner playbook. Palmisano retired three years ago with a retirement package worth $241 million, replaced by IBM's first woman CEO, Ginni Rometty, who certainly expects a comparable golden parachute. In order to achieve these numbers, though, IBM has essentially sacrificed both its customers and employees. In order to have ever growing earnings per share the company has cut labor to the bone, off-shored everything it can, dropped quality, deliberately underbid contracts to win them then not performed. IBM's acquisition policy is one of buying companies to get their sales then cutting costs to the bone and under-delivering. This and share buybacks have kept earnings growing until this house of cards recently began to fall. Ginni Rometty, who will end up taking the fall for Palmisano's flawed strategy, has stated a very specific earnings goal for 2015 that she will destroy the company to achieve if she must. This book how IBM fell from grace, where it is headed, and what specifically can be done to save the company before it is too late.

    The RTFM contains the basic syntax for commonly used Linux and Windows command line tools, but it also encapsulates unique use cases for powerful tools such as Python and Windows PowerShell. The RTFM will repeatedly save you time looking up the hard to remember Windows nuances such as Windows wmic and dsquery command line tools, key registry values, scheduled tasks syntax, startup locations and Windows scripting. More importantly, it should teach you some new red team techniques.