Book picks similar to
Mastering Modern Web Penetration Testing by Prakhar Prasad
security
penetration-test
cyber
software
Web Hacking 101
Peter Yaworski
With few exceptions, existing books are overly technical, only dedicate a single chapter to website vulnerabilities or don't include any real world examples. This book is different.Using publicly disclosed vulnerabilities, Web Hacking 101 explains common web vulnerabilities and will show you how to start finding vulnerabilities and collecting bounties. With over 30 examples, the book covers topics like:HTML InjectionCross site scripting (XSS)Cross site request forgery (CSRF)Open RedirectsRemote Code Execution (RCE)Application Logicand more...Each example includes a classification of the attack, a report link, the bounty paid, easy to understand description and key takeaways. After reading this book, your eyes will be opened to the wide array of vulnerabilities that exist and you'll likely never look at a website or API the same way.
The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
Dafydd Stuttard - 2007
The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications. The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results.The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger," Dafydd developed the popular Burp Suite of web application hack tools.
Kali Linux Revealed: Mastering the Penetration Testing Distribution
Raphaël Hertzog - 2017
They provided a secure and reliable foundation, allowing us to concentrate on securing our digital world.An amazing community has built up around Kali Linux. Every month, more than 300,000 of us download a version of Kali. We come together in online and real-world training rooms and grind through the sprawling Offensive Security Penetration Testing Labs, pursuing the near-legendary Offensive Security certifications. We come together on the Kali forums, some 40,000 strong, and hundreds of us at a time can be found on the Kali IRC channel. We gather at conferences and attend Kali Dojos to learn from the developers themselves how to best leverage Kali.However, the Kali team has never released an official Kali Linux manual, until now.In this book, we'll focus on the Kali Linux platform itself, and help you understand and maximize Kali from the ground up. The developers will walk you through Kali Linux features and fundamentals, provide a crash course in basic Linux commands and concepts, and then walk you through the most common Kali Linux installation scenarios. You'll learn how to configure, troubleshoot and secure Kali Linux and then dive into the powerful Debian package manager. Throughout this expansive section, you'll learn how to install and configure packages, how to update and upgrade your Kali installation, and how to create your own custom packages. Then you'll learn how to deploy your custom installation across massive enterprise networks. Finally, you'll be guided through advanced topics such as kernel compilation, custom ISO creation, industrial-strength encryption, and even how to install crypto kill switches to safeguard your sensitive information.Whether you're a veteran or an absolute n00b, this is the best place to start with Kali Linux, the security professional's platform of choice.
Metasploit: The Penetration Tester's Guide
David Kennedy - 2011
But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors.Once you've built your foundation for penetration testing, you'll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You'll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks.Learn how to:Find and exploit unmaintained, misconfigured, and unpatched systems Perform reconnaissance and find valuable information about your target Bypass anti-virus technologies and circumvent security controls Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery Use the Meterpreter shell to launch further attacks from inside the network Harness standalone Metasploit utilities, third-party tools, and plug-ins Learn how to write your own Meterpreter post exploitation modules and scripts You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else's to the test, Metasploit: The Penetration Tester's Guide will take you there and beyond.
Advanced Penetration Testing: Hacking the World's Most Secure Networks
Wil Allsopp - 2017
Featuring techniques not taught in any certification prep or covered by common defensive scanners, this book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data--even from organizations without a direct Internet connection--this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures.Typical penetration testing consists of low-level hackers attacking a system with a list of known vulnerabilities, and defenders preventing those hacks using an equally well-known list of defensive scans. The professional hackers and nation states on the forefront of today's threats operate at a much more complex level--and this book shows you how to defend your high security network.Use targeted social engineering pretexts to create the initial compromise Leave a command and control structure in place for long-term access Escalate privilege and breach networks, operating systems, and trust structures Infiltrate further using harvested credentials while expanding control Today's threats are organized, professionally-run, and very much for-profit. Financial institutions, health care organizations, law enforcement, government agencies, and other high-value targets need to harden their IT infrastructure and human capital against targeted advanced attacks from motivated professionals. Advanced Penetration Testing goes beyond Kali linux and Metasploit and to provide you advanced pen testing for high security networks.
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
Gordon Fyodor Lyon - 2009
From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book suits all levels of security and networking professionals. A 42-page reference guide documents every Nmap feature and option, while the rest of the book demonstrates how to apply those features to quickly solve real-world tasks. Examples and diagrams show actual communication on the wire. Topics include subverting firewalls and intrusion detection systems, optimizing Nmap performance, and automating common networking tasks with the Nmap Scripting Engine. Hints and instructions are provided for common uses such as taking network inventory, penetration testing, detecting rogue wireless access points, and quashing network worm outbreaks. Nmap runs on Windows, Linux, and Mac OS X.Nmap's original author, Gordon "Fyodor" Lyon, wrote this book to share everything he has learned about network scanning during more than 11 years of Nmap development. Visit http: //nmap.org/book for more information and sample chapters.
Gray Hat Hacking: The Ethical Hacker's Handbook
Shon Harris - 2004
Section I: Exploits 202; Chapter 1: Survival; Chapter 2: Basic Exploits; Chapter 3: Advance Exploits; Chapter 4: Writing Shell Code; Section II: Vulnerability Analysis; Chapter 5: Passive Analysis; Chapter 6: Active Analysis; Chapter 7: Bug to Exploit; Chapter 8: Mitigation; Section III: Advanced System Hacks; Chapter 9: Advanced.
The Hacker Playbook 3: Practical Guide To Penetration Testing
Peter Kim - 2018
With a combination of new strategies, attacks, exploits, tips and tricks, you will be able to put yourself in the center of the action toward victory. The main purpose of this book is to answer questions as to why things are still broken. For instance, with all the different security products, secure code reviews, defense in depth, and penetration testing requirements, how are we still seeing massive security breaches happening to major corporations and governments? The real question we need to ask ourselves is, are all the safeguards we are putting in place working? This is what The Hacker Playbook 3 - Red Team Edition is all about. By now, we are all familiar with penetration testing, but what exactly is a Red Team? Red Teams simulate real-world, advanced attacks to test how well your organization's defensive teams respond if you were breached. They find the answers to questions like: Do your incident response teams have the right tools, skill sets, and people to detect and mitigate these attacks? How long would it take them to perform these tasks and is it adequate? This is where you, as a Red Teamer, come in to accurately test and validate the overall security program. THP3 will take your offensive hacking skills, thought processes, and attack paths to the next level. This book focuses on real-world campaigns and attacks, exposing you to different initial entry points, exploitation, custom malware, persistence, and lateral movement--all without getting caught! This heavily lab-based book will include multiple Virtual Machines, testing environments, and custom THP tools. So grab your helmet and let's go break things! For more information, visit http://thehackerplaybook.com/about/.
Linux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali
OccupyTheWeb - 2018
Topics include Linux command line basics, filesystems, networking, BASH basics, package management, logging, and the Linux kernel and drivers.If you're getting started along the exciting path of hacking, cybersecurity, and pentesting, Linux Basics for Hackers is an excellent first step. Using Kali Linux, an advanced penetration testing distribution of Linux, you'll learn the basics of using the Linux operating system and acquire the tools and techniques you'll need to take control of a Linux environment.First, you'll learn how to install Kali on a virtual machine and get an introduction to basic Linux concepts. Next, you'll tackle broader Linux topics like manipulating text, controlling file and directory permissions, and managing user environment variables. You'll then focus in on foundational hacking concepts like security and anonymity and learn scripting skills with bash and Python. Practical tutorials and exercises throughout will reinforce and test your skills as you learn how to: - Cover your tracks by changing your network information and manipulating the rsyslog logging utility - Write a tool to scan for network connections, and connect and listen to wireless networks - Keep your internet activity stealthy using Tor, proxy servers, VPNs, and encrypted email - Write a bash script to scan open ports for potential targets - Use and abuse services like MySQL, Apache web server, and OpenSSH - Build your own hacking tools, such as a remote video spy camera and a password crackerHacking is complex, and there is no single way in. Why not start at the beginning with Linux Basics for Hackers?
Stealing the Network: How to Own a Continent
Ryan Russell - 2004
While there will be the inevitable criticism that the material contained in the book could be used maliciously, the fact is that this knowledge is already in the hands of our enemies. This book is truly designed to inform while entertaining (and scaring) the reader, and it will instantly be in demand by readers of "Stealing the Network: How to Own the Box" * A meticulously detailed and technically accurate work of fiction that exposes the very real possibilities of such an event occurring* An informative and scary insight into the boundries of hacking and cyber-terrorism* Written by a team of the most accomplished cyber-security specialists in the world
Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers
T.J. O'Connor - 2012
Instead of relying on another attacker's tools, this book will teach you to forge your own weapons using the Python programming language. This book demonstrates how to write Python scripts to automate large-scale network attacks, extract metadata, and investigate forensic artifacts. It also shows how to write code to intercept and analyze network traffic using Python, craft and spoof wireless frames to attack wireless and Bluetooth devices, and how to data-mine popular social media websites and evade modern anti-virus.
Hacking: The Art of Exploitation
Jon Erickson - 2003
This book explains the technical aspects of hacking, including stack based overflows, heap based overflows, string exploits, return-into-libc, shellcode, and cryptographic attacks on 802.11b.
The Practice of Network Security Monitoring: Understanding Incident Detection and Response
Richard Bejtlich - 2013
The most effective computer security strategies integrate network security monitoring (NSM): the collection and analysis of data to help you detect and respond to intrusions.In The Practice of Network Security Monitoring, Mandiant CSO Richard Bejtlich shows you how to use NSM to add a robust layer of protection around your networks — no prior experience required. To help you avoid costly and inflexible solutions, he teaches you how to deploy, build, and run an NSM operation using open source software and vendor-neutral tools.You'll learn how to:Determine where to deploy NSM platforms, and size them for the monitored networks Deploy stand-alone or distributed NSM installations Use command line and graphical packet analysis tools, and NSM consoles Interpret network evidence from server-side and client-side intrusions Integrate threat intelligence into NSM software to identify sophisticated adversaries There's no foolproof way to keep attackers out of your network. But when they get in, you'll be prepared. The Practice of Network Security Monitoring will show you how to build a security net to detect, contain, and control them. Attacks are inevitable, but losing sensitive data shouldn't be.
The Hacker Diaries: Confessions of Teenage Hackers
Dan Verton - 2001
He was a normal kid...On February 7, 2000, Yahoo.com was the first victim of the biggest distributed denial-of-service attack ever to hit the Internet. On May 8th, Buy.com was battling a massive denial-of-service attack. Later that afternoon, eBay.com also reported significant outages of service, as did Amazon.com. Then CNN's global online news operation started to grind to a crawl. By the following day, Datek and E-Trade entered crisis mode...all thanks to an ordinary fourteen-year-old kid.Friends and neighbors were shocked to learn that the skinny, dark-haired, boy next door who loved playing basketball--almost as much as he loved computers--would cause millions of dollars worth of damage on the Internet and capture the attention of the online world--and the federal government. He was known online as Mafiaboy and, to the FBI, as the most notorious teenage hacker of all time. He did it all from his bedroom PC. And he's not alone.Computer hacking and Web site defacement has become a national pastime for America's teenagers, and according to the stories you'll read about in The Hacker Diaries--it is only the beginning. But who exactly are these kids and what motivates a hacker to strike? Why do average teenagers get involved in hacking in the first place? This compelling and revealing book sets out to answer these questions--and some of the answers will surprise you. Through fascinating interviews with FBI agents, criminal psychologists, law-enforcement officials--as well as current and former hackers--you'll get a glimpse inside the mind of today's teenage hacker. Learn how they think, find out what it was like for them growing up, and understand the internal and external pressures that pushed them deeper and deeper into the hacker underground. Every hacker has a life and story of his or her own. One teenager's insatiable curiosity as to how the family's VCR worked was enough to trigger a career of cracking into computer systems. This is a remarkable story of technological wizardry, creativity, dedication, youthful angst, frustration and disconnection from society, boredom, anger, and jail time. Teenage hackers are not all indifferent punks. They're just like every other kid and some of them probably live in your neighborhood. They're there. All you have to do is look.
Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World
Marcus J. Carey - 2019
Tribe of Hackers wants to change that. We asked for industry, career, and personal advice from 70 cybersecurity luminaries who are ready to break down barriers and shatter ceilings. It's about time.This book can be a catalyst for change for anyone, from beginners trying to enter the industry, to practitioners looking to start their own firms. What tips do the founders of Dragos, Inc. and Duo Security have on starting a company? Do you need a college degree or certification to be a cybersecurity professional? What is the biggest bang-for-the-buck action your organization can take to improve its cybersecurity posture? What "life hacks" to real hackers use to make their own lives easier? What resources can women in cybersecurity utilize to maximize their potential?All proceeds from the book will go towards: Bunker Labs, Sickle Cell Disease Association of America, Rainforest Partnership, and Start-Up! Kid's Club.We can't wait to show you the most epic cybersecurity thought leadership collaborative effort, ever.(Source: Amazon.com)