Hacking the Xbox: An Introduction to Reverse Engineering


Andrew Huang - 2003
    The book progresses into a discussion of the Xbox security mechanisms and other advanced hacking topics, with an emphasis on educating the readers on the important subjects of computer security and reverse engineering. Hacking the Xbox includes numerous practical guides, such as where to get hacking gear, soldering techniques, debugging tips and an Xbox hardware reference guide.Hacking the Xbox also confronts the social and political issues facing today's hacker by looking forward and discussing the impact of today's legal challenges on legitimate reverse engineering activities. The book includes a chapter written by the Electronic Frontier Foundation (EFF) about the rights and responsibilities of hackers, and concludes by discussing the latest trends and vulnerabilities in secure PC platforms.

The Linux Command Line


William E. Shotts Jr. - 2012
    Available here:readmeaway.com/download?i=1593279523The Linux Command Line, 2nd Edition: A Complete Introduction PDF by William ShottsRead The Linux Command Line, 2nd Edition: A Complete Introduction PDF from No Starch Press,William ShottsDownload William Shotts’s PDF E-book The Linux Command Line, 2nd Edition: A Complete Introduction

A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security


Tobias Klein - 2011
    In this one-of-a-kind account, you'll see how the developers responsible for these flaws patched the bugs—or failed to respond at all. As you follow Klein on his journey, you'll gain deep technical knowledge and insight into how hackers approach difficult problems and experience the true joys (and frustrations) of bug hunting.Along the way you'll learn how to:Use field-tested techniques to find bugs, like identifying and tracing user input data and reverse engineering Exploit vulnerabilities like NULL pointer dereferences, buffer overflows, and type conversion flaws Develop proof of concept code that verifies the security flaw Report bugs to vendors or third party brokersA Bug Hunter's Diary is packed with real-world examples of vulnerable code and the custom programs used to find and test bugs. Whether you're hunting bugs for fun, for profit, or to make the world a safer place, you'll learn valuable new skills by looking over the shoulder of a professional bug hunter in action.

The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws


Dafydd Stuttard - 2007
    The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications. The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results.The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger," Dafydd developed the popular Burp Suite of web application hack tools.

Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software


Michael Sikorski - 2011
    When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring.For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way.You'll learn how to:Set up a safe virtual environment to analyze malware Quickly extract network signatures and host-based indicators Use key analysis tools like IDA Pro, OllyDbg, and WinDbg Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques Use your newfound knowledge of Windows internals for malware analysis Develop a methodology for unpacking malware and get practical experience with five of the most popular packers Analyze special cases of malware with shellcode, C++, and 64-bit code Hands-on labs throughout the book challenge you to practice and synthesize your skills as you dissect real malware samples, and pages of detailed dissections offer an over-the-shoulder look at how the pros do it. You'll learn how to crack open malware to see how it really works, determine what damage it has done, thoroughly clean your network, and ensure that the malware never comes back.Malware analysis is a cat-and-mouse game with rules that are constantly changing, so make sure you have the fundamentals. Whether you're tasked with securing one network or a thousand networks, or you're making a living as a malware analyst, you'll find what you need to succeed in Practical Malware Analysis.

Hacking: The Art of Exploitation


Jon Erickson - 2003
    This book explains the technical aspects of hacking, including stack based overflows, heap based overflows, string exploits, return-into-libc, shellcode, and cryptographic attacks on 802.11b.

The Practice of Network Security Monitoring: Understanding Incident Detection and Response


Richard Bejtlich - 2013
    The most effective computer security strategies integrate network security monitoring (NSM): the collection and analysis of data to help you detect and respond to intrusions.In The Practice of Network Security Monitoring, Mandiant CSO Richard Bejtlich shows you how to use NSM to add a robust layer of protection around your networks — no prior experience required. To help you avoid costly and inflexible solutions, he teaches you how to deploy, build, and run an NSM operation using open source software and vendor-neutral tools.You'll learn how to:Determine where to deploy NSM platforms, and size them for the monitored networks Deploy stand-alone or distributed NSM installations Use command line and graphical packet analysis tools, and NSM consoles Interpret network evidence from server-side and client-side intrusions Integrate threat intelligence into NSM software to identify sophisticated adversaries There's no foolproof way to keep attackers out of your network. But when they get in, you'll be prepared. The Practice of Network Security Monitoring will show you how to build a security net to detect, contain, and control them. Attacks are inevitable, but losing sensitive data shouldn't be.

The Book of PoC||GTFO


Manul Laphroaig - 2017
    Until now, the journal has only been available online or printed and distributed for free at hacker conferences worldwide.Consistent with the journal's quirky, biblical style, this book comes with all the trimmings: a leatherette cover, ribbon bookmark, bible paper, and gilt-edged pages. The book features more than 80 technical essays from numerous famous hackers, authors of classics like "Reliable Code Execution on a Tamagotchi," "ELFs are Dorky, Elves are Cool," "Burning a Phone," "Forget Not the Humble Timing Attack," and "A Sermon on Hacker Privilege." Twenty-four full-color pages by Ange Albertini illustrate many of the clever tricks described in the text.

Absolute OpenBSD: Unix for the Practical Paranoid


Michael W. Lucas - 2003
    The author assumes a knowledge of basic UNIX commands, design, and permissions. The book takes you through the intricacies of the platform and teaches how to manage your system, offering friendly explanations, background information, troubleshooting suggestions, and copious examples throughout.

Bitcoin for the Befuddled


Conrad Barski - 2014
    Already used by people and companies around the world, many forecast that Bitcoin could radically transform the global economy. The value of a bitcoin has soared from less than a dollar in 2011 to well over $1000 in 2013, with many spikes and crashes along the way. The rise in value has brought Bitcoin into the public eye, but the cryptocurrency still confuses many people. Bitcoin for the Befuddled covers everything you need to know about Bitcoin—what it is, how it works, and how to acquire, store, and use bitcoins safely and securely. You'll also learn about Bitcoin's history, its complex cryptography, and its potential impact on trade and commerce. The book includes a humorous, full-color comic explaining Bitcoin concepts, plus a glossary of terms for easy reference.

Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation


Bruce Dang - 2014
    Reverse engineering is not about reading assembly code, but actually understanding how different pieces/components in a system work. To reverse engineer a system is to understand how it is constructed and how it works. The book provides: Coverage of x86, x64, and ARM. In the past x86 was the most common architecture on the PC; however, times have changed and x64 is becoming the dominant architecture. It brings new complexity and constructs previously not present in x86. ARM ("Advanced RISC Machine) "is very common in embedded / consumer electronic devices; for example, most if not all cell phones run on ARM. All of apple's i-devices run on ARM. This book will be the first book to cover all three.Discussion of Windows kernel-mode code (rootkits/drivers). This topic has a steep learning curve so most practitioners stay away from this area because it is highly complex. However, this book will provide a concise treatment of this topic and explain how to analyze drivers step-by-step.The book uses real world examples from the public domain. The best way to learn is through a combination of concept discussions, examples, and exercises. This book uses real-world trojans / rootkits as examples congruent with real-life scenariosHands-on exercises. End-of-chapter exercises in the form of conceptual questions and hands-on analysis so so readers can solidify their understanding of the concepts and build confidence. The exercises are also meant to teach readers about topics not covered in the book.

Hacking Linux Exposed: Linux Security Secrets & Solutions


Brian Hatch - 2001
    Hacking Exposed Linux provides the most up-to-date coverage available from a large team of topic-focused experts. The book is based on the latest security research and shows you, in full detail, how to lock out intruders and defend your Linux systems against catastrophic attacks.Secure Linux by using attacks and countermeasures from the latest OSSTMM researchFollow attack techniques of PSTN, ISDN, and PSDN over LinuxHarden VoIP, Bluetooth, RF, RFID, and IR devices on LinuxBlock Linux signal jamming, cloning, and eavesdropping attacksApply Trusted Computing and cryptography tools for your best defenseFix vulnerabilities in DNS, SMTP, and Web 2.0 servicesPrevent SPAM, Trojan, phishing, DoS, and DDoS exploitsFind and repair errors in C code with static analysis and Hoare Logic

The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler


Chris Eagle - 2008
    With IDA Pro, you live in a source code-optional world. IDA can automatically analyze the millions of opcodes that make up an executable and present you with a disassembly. But at that point, your work is just beginning. With The IDA Pro Book, you'll learn how to turn that mountain of mnemonics into something you can actually use.Hailed by the creator of IDA Pro as the "long-awaited" and "information-packed" guide to IDA, The IDA Pro Book covers everything from the very first steps to advanced automation techniques. While other disassemblers slow your analysis with inflexibility, IDA invites you to customize its output for improved readability and usefulness. You'll save time and effort as you learn to:Identify known library routines, so you can focus your analysis on other areas of the code Extend IDA to support new processors and filetypes, making disassembly possible for new or obscure architectures Explore popular plug-ins that make writing IDA scripts easier, allow collaborative reverse engineering, and much more Utilize IDA's built-in debugger to tackle obfuscated code that would defeat a stand-alone disassembler You'll still need serious assembly skills to tackle the toughest executables, but IDA makes things a lot easier. Whether you're analyzing the software on a black box or conducting hard-core vulnerability research, a mastery of IDA Pro is crucial to your success. Take your skills to the next level with The IDA Pro Book.

Unauthorised Access: Physical Penetration Testing for IT Security Teams


Wil Allsopp - 2009
    IT teams are now increasingly requesting physical penetration tests, but there is little available in terms of training. The goal of the test is to demonstrate any deficiencies in operating procedures concerning physical security.Featuring a Foreword written by world-renowned hacker Kevin D. Mitnick and lead author of The Art of Intrusion and The Art of Deception, this book is the first guide to planning and performing a physical penetration test. Inside, IT security expert Wil Allsopp guides you through the entire process from gathering intelligence, getting inside, dealing with threats, staying hidden (often in plain sight), and getting access to networks and data.Teaches IT security teams how to break into their own facility in order to defend against such attacks, which is often overlooked by IT security teams but is of critical importance Deals with intelligence gathering, such as getting access building blueprints and satellite imagery, hacking security cameras, planting bugs, and eavesdropping on security channels Includes safeguards for consultants paid to probe facilities unbeknown to staff Covers preparing the report and presenting it to management In order to defend data, you need to think like a thief-let Unauthorised Access show you how to get inside.

Black Hat Python: Python Programming for Hackers and Pentesters


Justin Seitz - 2014
    But just how does the magic happen?In Black Hat Python, the latest from Justin Seitz (author of the best-selling Gray Hat Python), you'll explore the darker side of Python's capabilities writing network sniffers, manipulating packets, infecting virtual machines, creating stealthy trojans, and more. You'll learn how to:Create a trojan command-and-control using GitHubDetect sandboxing and automate common malware tasks, like keylogging and screenshottingEscalate Windows privileges with creative process controlUse offensive memory forensics tricks to retrieve password hashes and inject shellcode into a virtual machineExtend the popular Burp Suite web-hacking toolAbuse Windows COM automation to perform a man-in-the-browser attackExfiltrate data from a network most sneakilyInsider techniques and creative challenges throughout show you how to extend the hacks and how to write your own exploits.When it comes to offensive security, your ability to create powerful tools on the fly is indispensable. Learn how in Black Hat Python."