Book picks similar to
Solaris Security by Peter H. Gregory
computers
security
unix
unread
Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation
Bruce Dang - 2014
Reverse engineering is not about reading assembly code, but actually understanding how different pieces/components in a system work. To reverse engineer a system is to understand how it is constructed and how it works. The book provides: Coverage of x86, x64, and ARM. In the past x86 was the most common architecture on the PC; however, times have changed and x64 is becoming the dominant architecture. It brings new complexity and constructs previously not present in x86. ARM ("Advanced RISC Machine) "is very common in embedded / consumer electronic devices; for example, most if not all cell phones run on ARM. All of apple's i-devices run on ARM. This book will be the first book to cover all three.Discussion of Windows kernel-mode code (rootkits/drivers). This topic has a steep learning curve so most practitioners stay away from this area because it is highly complex. However, this book will provide a concise treatment of this topic and explain how to analyze drivers step-by-step.The book uses real world examples from the public domain. The best way to learn is through a combination of concept discussions, examples, and exercises. This book uses real-world trojans / rootkits as examples congruent with real-life scenariosHands-on exercises. End-of-chapter exercises in the form of conceptual questions and hands-on analysis so so readers can solidify their understanding of the concepts and build confidence. The exercises are also meant to teach readers about topics not covered in the book.
IPv6 Essentials
Silvia Hagen - 2002
It guides you through everything you need to know to get started, including how to configure IPv6 on hosts and routers and which applications currently support IPv6. The new IPv6 protocols offers extended address space, scalability, improved support for security, real-time traffic support, and auto-configuration so that even a novice user can connect a machine to the Internet. Aimed at system and network administrators, engineers, network designers, and IT managers, this book will help you understand, plan for, design, and integrate IPv6 into your current IPv4 infrastructure.Beginning with a short history of IPv6, author Silvia Hagen provides an overview of new functionality and discusses why we need IPv6. Hagen also shares exhaustive discussions of the new IPv6 header format and Extension Headers, IPv6 address and ICMPv6 message format, Security, QoS, Mobility and, last but not least, offers a Quick Start Guide for different operating systems. IPv6 Essentials, Second Edition also covers:In-depth technical guide to IPv6 Mechanisms and Case Studies that show how to integrate IPv6 into your network without interruption of IPv4 services Routing protocols and upper layer protocols Security in IPv6: concepts and requirements. Includes the IPSEC framework and security elements available for authentication and encryption Quality of Service: covers the elements available for QoS in IPv6 and how they can be implemented Detailed discussion of DHCPv6 and Mobile IPv6 Discussion of migration cost and business case Getting started on different operating systems: Sun Solaris, Linux, BSD, Windows XP, and Cisco routersWhether you're ready to start implementing IPv6 today or are planning your strategy for the future, IPv6 Essentials, Second Edition will provide the solid foundation you need to get started."Silvia's look at IPv6 is always refreshing as she translates complex technology features into business drivers and genuine end-user benefits to enable building new business concepts based on end to end models." Latif Ladid, President IPv6 Forum, Chair EU IPv6 Task Force
Unauthorised Access: Physical Penetration Testing for IT Security Teams
Wil Allsopp - 2009
IT teams are now increasingly requesting physical penetration tests, but there is little available in terms of training. The goal of the test is to demonstrate any deficiencies in operating procedures concerning physical security.Featuring a Foreword written by world-renowned hacker Kevin D. Mitnick and lead author of The Art of Intrusion and The Art of Deception, this book is the first guide to planning and performing a physical penetration test. Inside, IT security expert Wil Allsopp guides you through the entire process from gathering intelligence, getting inside, dealing with threats, staying hidden (often in plain sight), and getting access to networks and data.Teaches IT security teams how to break into their own facility in order to defend against such attacks, which is often overlooked by IT security teams but is of critical importance Deals with intelligence gathering, such as getting access building blueprints and satellite imagery, hacking security cameras, planting bugs, and eavesdropping on security channels Includes safeguards for consultants paid to probe facilities unbeknown to staff Covers preparing the report and presenting it to management In order to defend data, you need to think like a thief-let Unauthorised Access show you how to get inside.
Metasploit: The Penetration Tester's Guide
David Kennedy - 2011
But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors.Once you've built your foundation for penetration testing, you'll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You'll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks.Learn how to:Find and exploit unmaintained, misconfigured, and unpatched systems Perform reconnaissance and find valuable information about your target Bypass anti-virus technologies and circumvent security controls Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery Use the Meterpreter shell to launch further attacks from inside the network Harness standalone Metasploit utilities, third-party tools, and plug-ins Learn how to write your own Meterpreter post exploitation modules and scripts You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else's to the test, Metasploit: The Penetration Tester's Guide will take you there and beyond.
DNS and BIND
Cricket Liu - 1996
This book brings you up-to-date with the latest changes in this crucial service.The fifth edition covers BIND 9.3.2, the most recent release of the BIND 9 series, as well as BIND 8.4.7. BIND 9.3.2 contains further improvements in security and IPv6 support, and important new features such as internationalized domain names, ENUM (electronic numbering), and SPF (the Sender Policy Framework).Whether you're an administrator involved with DNS on a daily basis or a user who wants to be more informed about the Internet and how it works, you'll find that this book is essential reading.Topics include:What DNS does, how it works, and when you need to use it How to find your own place in the Internet's namespace Setting up name servers Using MX records to route mail Configuring hosts to use DNS name servers Subdividing domains (parenting) Securing your name server: restricting who can query your server, preventing unauthorized zone transfers, avoiding bogus servers, etc. The DNS Security Extensions (DNSSEC) and Transaction Signatures (TSIG) Mapping one name to several servers for load sharing Dynamic updates, asynchronous notification of change to a zone, and incremental zone transfers Troubleshooting: using nslookup and dig, reading debugging output, common problems DNS programming using the resolver library and Perl's Net::DNS module
Hacking Exposed: Network Security Secrets & Solutions
Joel Scambray - 2003
Rather than being a sideline participant, leverage the valuable insights Hacking Exposed 6 provides to help yourself, your company, and your country fight cyber-crime." From the Foreword by Dave DeWalt, President and CEO, McAfee, Inc."For security to be successful in any company, you must ‘think evil' and be attuned to your ‘real risk'...Hacking Expose 6 defines both." Patrick Heim, CISO, Kaiser Permanente"The definitive resource to understanding the hacking mindset and the defenses against it." Vince Rossi, CEO & President, St. Bernard Software"Identity theft costs billions every year and unless you understand the threat, you will be destined to be a victim of it. Hacking Exposed 6 gives you the tools you need to prevent being a victim." Bill Loesch, CTO, Guard ID Systems"This book is current, comprehensive, thoughtful, backed by experience, and appropriately free of vendor-bias-prized features for any security practitioner in need of information." Kip Boyle, CISO, PEMCO Mutual Insurance Company"The Hacking Exposed series has become the definitive reference for security professionals from the moment it was first released, and the 6th edition maintains its place on my bookshelf," Jeff Moss, Founder of the popular Black Hat Security ConferenceMeet the formidable demands of security in today's hyperconnected world with expert guidance from the world-renowned Hacking Exposed team. Following the time-tested "attack-countermeasure" philosophy, this 10th anniversary edition has been fully overhauled to cover the latest insidious weapons in the hacker's extensive arsenal.New and updated material:
New chapter on hacking hardware, including lock bumping, access card cloning, RFID hacks, USB U3 exploits, and Bluetooth device hijacking
Updated Windows attacks and countermeasures, including new Vista and Server 2008 vulnerabilities and Metasploit exploits
The latest UNIX Trojan and rootkit techniques and dangling pointer and input validation exploits
New wireless and RFID security tools, including multilayered encryption and gateways
All-new tracerouting and eavesdropping techniques used to target network hardware and Cisco devices
Updated DoS, man-in-the-middle, DNS poisoning, and buffer overflow coverage
VPN and VoIP exploits, including Google and TFTP tricks, SIP flooding, and IPsec hacking
Fully updated chapters on hacking the Internet user, web hacking, and securing code
Learning Perl
Randal L. Schwartz - 1993
Written by three prominent members of the Perl community who each have several years of experience teaching Perl around the world, this edition has been updated to account for all the recent changes to the language up to Perl 5.8.Perl is the language for people who want to get work done. It started as a tool for Unix system administrators who needed something powerful for small tasks. Since then, Perl has blossomed into a full-featured programming language used for web programming, database manipulation, XML processing, and system administration--on practically all platforms--while remaining the favorite tool for the small daily tasks it was designed for. You might start using Perl because you need it, but you'll continue to use it because you love it.Informed by their years of success at teaching Perl as consultants, the authors have re-engineered the Llama to better match the pace and scope appropriate for readers getting started with Perl, while retaining the detailed discussion, thorough examples, and eclectic wit for which the Llama is famous.The book includes new exercises and solutions so you can practice what you've learned while it's still fresh in your mind. Here are just some of the topics covered:Perl variable typessubroutinesfile operationsregular expressionstext processingstrings and sortingprocess managementusing third party modulesIf you ask Perl programmers today what book they relied on most when they were learning Perl, you'll find that an overwhelming majority will point to the Llama. With good reason. Other books may teach you to program in Perl, but this book will turn you into a Perl programmer.
Web Database Applications with PHP and MySQL
Hugh E. Williams - 2002
Anyone with a modest knowledge of HTML and web site management can learn to create dynamic content through the PHP programming language and the MySQL database. This book gives you the background and tools to do the job safely and reliably.Web Database Applications with PHP and MySQL, Second Edition thoroughly reflects the needs of real-world applications. It goes into detail on such practical issues as validating input (do you know what a proper credit card number looks like?), logging in users, and using templates to give your dynamic web pages a standard look.But this book goes even further. It shows how JavaScript and PHP can be used in tandem to make a user's experience faster and more pleasant. It shows the correct way to handle errors in user input so that a site looks professional. It introduces the vast collection of powerful tools available in the PEAR repository and shows how to use some of the most popular tools.Even while it serves as an introduction to new programmers, the book does not omit critical tasks that web sites require. For instance, every site that allows updates must handle the possibility of multiple users accessing data at the same time. This book explains how to solve the problem in detail with locking.Through a sophisticated sample application--Hugh and Dave's Wine Store--all the important techniques of dynamic content are introduced. Good design is emphasized, such as dividing logic from presentation. The book introduces PHP 5 and MySQL 4.1 features, while providing techniques that can be used on older versions of the software that are still in widespread use.This new edition has been redesigned around the rich offerings of PEAR. Several of these, including the Template package and the database-independent query API, are fully integrated into examples and thoroughly described in the text. Topics include:Installation and configuration of Apache, MySQL, and PHP on Unix®, Windows®, and Mac OS® X systems Introductions to PHP, SQL, and MySQL administration Session management, including the use of a custom database for improved efficiency User input validation, security, and authentication The PEAR repository, plus details on the use of PEAR DB and Template classes Production of PDF reports
Learning the bash Shell
Cameron Newham - 1995
This book will teach you how to use bash's advanced command-line features, such as command history, command-line editing, and command completion.This book also introduces shell programming,a skill no UNIX or Linus user should be without. The book demonstrates what you can do with bash's programming features. You'll learn about flow control, signal handling, and command-line processing and I/O. There is also a chapter on debugging your bash programs.Finally, Learning the bash Shell, Third Edition, shows you how to acquire, install, configure, and customize bash, and gives advice to system administrators managing bash for their user communities.This Third Edition covers all of the features of bash Version 3.0, while still applying to Versions 1.x and 2.x. It includes a debugger for the bash shell, both as an extended example and as a useful piece of working code. Since shell scripts are a significant part of many software projects, the book also discusses how to write maintainable shell scripts. And, of course, it discusses the many features that have been introduced to bash over the years: one-dimensional arrays, parameter expansion, pattern-matching operations, new commands, and security improvements.Unfailingly practical and packed with examples and questions for future study, Learning the bash Shell Third Edition is a valuable asset for Linux and other UNIX users.--back cover
Sams Teach Yourself C++ in 21 Days
Jesse Liberty - 1994
It assumes no prior knowledge of programming and offers both solid instruction and the authors insights into best programming and learning practices. The book also provides a foundation for understanding object-oriented programming.
The Shellcoder's Handbook: Discovering and Exploiting Security Holes
Jack Koziol - 2004
This much-anticipated revision, written by the ultimate group of top security experts in the world, features 40 percent new content on how to find security holes in any operating system or applicationNew material addresses the many new exploitation techniques that have been discovered since the first edition, including attacking "unbreakable" software packages such as McAfee's Entercept, Mac OS X, XP, Office 2003, and VistaAlso features the first-ever published information on exploiting Cisco's IOS, with content that has never before been exploredThe companion Web site features downloadable code files
CISSP for Dummies [With CDROM]
Lawrence C. Miller - 2002
The topics covered in the exam include: network security, security management, systems development, cryptography, disaster recovery, law, and physical security. CISSP For Dummies, 3rd Edition is the bestselling guide that covers the CISSP exam and helps prepare those wanting to take this security exam. The 3rd Edition features 200 additional pages of new content to provide thorough coverage and reflect changes to the exam. Written by security experts and well-known Dummies authors, Peter Gregory and Larry Miller, this book is the perfect, no-nonsense guide to the CISSP certification, offering test-taking tips, resources, and self-assessment tools.Fully updated with 200 pages of new content for more thorough coverage and to reflect all exam changesSecurity experts Peter Gregory and Larry Miller bring practical real-world security expertiseCD-ROM includes hundreds of randomly generated test questions for readers to practice taking the test with both timed and untimed versions"CISSP For Dummies, 3rd Edition" can lead you down the rough road to certification successNote: CD-ROM/DVD and other supplementary materials are not included as part of eBook file.
Extreme Programming Installed
Ron Jeffries - 2000
Perfect for small teams producing software with fast-changing requirements, XP can save time and money while dramatically improving quality. In XP Installed, three participants in DaimlerChrysler's breakthrough XP project cover every key practice associated with XP implementation. The book consists of a connected collection of essays, presented in the order the practices would actually be implemented during a project. Ideal as both a start-to-finish tutorial and quick reference, the book demonstrates exactly how XP can promote better communication, quality, control, and predictability. An excellent complement to the best selling Extreme Programming Explained, it also works perfectly on a standalone basis, for any developer or team that wants to get rolling with XP fast.
Bash Cookbook: Solutions and Examples for Bash Users
Carl Albing - 2007
Scripting is a way to harness and customize the power of any Unix system, and it's an essential skill for any Unix users, including system administrators and professional OS X developers. But beneath this simple promise lies a treacherous ocean of variations in Unix commands and standards.bash Cookbook teaches shell scripting the way Unix masters practice the craft. It presents a variety of recipes and tricks for all levels of shell programmers so that anyone can become a proficient user of the most common Unix shell -- the bash shell -- and cygwin or other popular Unix emulation packages. Packed full of useful scripts, along with examples that explain how to create better scripts, this new cookbook gives professionals and power users everything they need to automate routine tasks and enable them to truly manage their systems -- rather than have their systems manage them.
Programming F# 3.0
Chris Smith - 2009
You’ll quickly discover the many advantages of the language, including access to all the great tools and libraries of the .NET platform.Reap the benefits of functional programming for your next project, whether you’re writing concurrent code, or building data- or math-intensive applications. With this comprehensive book, former F# team member Chris Smith gives you a head start on the fundamentals and walks you through advanced concepts of the F# language.Learn F#’s unique characteristics for building applicationsGain a solid understanding of F#’s core syntax, including object-oriented and imperative stylesMake your object-oriented code better by applying functional programming patternsUse advanced functional techniques, such as tail-recursion and computation expressionsTake advantage of multi-core processors with asynchronous workflows and parallel programmingUse new type providers for interacting with web services and information-rich environmentsLearn how well F# works as a scripting language