Targeting American utility companies, NATO, and electric grids in Eastern Europe, the strikes became ever more brazen, eventually leading to the first-ever blackouts triggered by hackers. They culminated in the summer of 2017 when malware known as NotPetya was unleashed, compromising, disrupting, and paralyzing some of the world's largest companies. At the attack's epicenter in Ukraine, ATMs froze. The railway and postal systems shut down. NotPetya spread around the world, inflicting an unprecedented ten billions of dollars in damage--the largest, most penetrating cyberattack the world had ever seen.The hackers behind these attacks are quickly gaining a reputation as the most dangerous team of cyberwarriors in the internet's history: Sandworm. Believed to be working in the service of Russia's military intelligence agency, they represent a persistent, highly skilled, state-sponsored hacking force, one whose talents are matched by their willingness to launch broad, unrestrained attacks on the most critical infrastructure of their adversaries. They target government and private sector, military and civilians alike.From WIRED senior writer Andy Greenberg comes Sandworm, the true story of the desperate hunt to identify and track those attackers. It considers the danger this force poses to our national stability and security. And as the Kremlin's role in manipulating foreign governments and sparking chaos globally comes into greater focus, Sandworm reveals the realities not just of Russia's global digital offensive, but of an era where warfare ceases to be waged on the battlefield--where the line between digital and physical conflict begins to blur, with world-shaking implications.

    Using sample charts, graphics, case studies, and war stories, Yankee Group Security Expert Andrew Jaquith demonstrates exactly how to establish effective metrics based on your organization's unique requirements. You'll discover how to quantify hard-to-measure security activities, compile and analyze all relevant data, identify strengths and weaknesses, set cost-effective priorities for improvement, and craft compelling messages for senior management. Security Metrics successfully bridges management's quantitative viewpoint with the nuts-and-bolts approach typically taken by security professionals. It brings together expert solutions drawn from Jaquith's extensive consulting work in the software, aerospace, and financial services industries, including new metrics presented nowhere else. You'll learn how to: - Replace nonstop crisis response with a systematic approach to security improvement - Understand the differences between "good" and "bad" metrics - Measure coverage and control, vulnerability management, password quality, patch latency, benchmark scoring, and business-adjusted risk - Quantify the effectiveness of security acquisition, implementation, and other program activities - Organize, aggregate, and analyze your data to bring out key insights - Use visualization to understand and communicate security issues more clearly - Capture valuable data from firewalls and antivirus logs, third-party auditor reports, and other resources - Implement balanced scorecards that present compact, holistic views of organizational security effectiveness Whether you're an engineer or consultant responsible for security and reporting to management-or an executive who needs better information for decision-making-Security Metrics is the resource you have been searching for. Andrew Jaquith, program manager for Yankee Group's Security Solutions and Services Decision Service, advises enterprise clients on prioritizing and managing security resources. He also helps security vendors develop product, service, and go-to-market strategies for reaching enterprise customers. He co-founded @stake, Inc., a security consulting pioneer acquired by Symantec Corporation in 2004. His application security and metrics research has been featured in CIO, CSO, InformationWeek, IEEE Security and Privacy, and The Economist. Foreword Preface Acknowledgments About the Author Chapter 1 Introduction: Escaping the Hamster Wheel of Pain Chapter 2 Defining Security Metrics Chapter 3 Diagnosing Problems and Measuring Technical Security Chapter 4 Measuring Program Effectiveness Chapter 5 Analysis Techniques Chapter 6 Visualization Chapter 7 Automating Metrics Calculations Chapter 8 Designing Security Scorecards Index

    Topics include Linux command line basics, filesystems, networking, BASH basics, package management, logging, and the Linux kernel and drivers.If you're getting started along the exciting path of hacking, cybersecurity, and pentesting, Linux Basics for Hackers is an excellent first step. Using Kali Linux, an advanced penetration testing distribution of Linux, you'll learn the basics of using the Linux operating system and acquire the tools and techniques you'll need to take control of a Linux environment.First, you'll learn how to install Kali on a virtual machine and get an introduction to basic Linux concepts. Next, you'll tackle broader Linux topics like manipulating text, controlling file and directory permissions, and managing user environment variables. You'll then focus in on foundational hacking concepts like security and anonymity and learn scripting skills with bash and Python. Practical tutorials and exercises throughout will reinforce and test your skills as you learn how to: - Cover your tracks by changing your network information and manipulating the rsyslog logging utility - Write a tool to scan for network connections, and connect and listen to wireless networks - Keep your internet activity stealthy using Tor, proxy servers, VPNs, and encrypted email - Write a bash script to scan open ports for potential targets - Use and abuse services like MySQL, Apache web server, and OpenSSH - Build your own hacking tools, such as a remote video spy camera and a password crackerHacking is complex, and there is no single way in. Why not start at the beginning with Linux Basics for Hackers?

    The cause of their failure was a complete mystery.Five months later, a seemingly unrelated event occurred. A computer security firm in Belarus was called in to troubleshoot some computers in Iran that were caught in a reboot loop—crashing and rebooting repeatedly. At first, technicians with the firm believed the malicious code they found on the machines was a simple, routine piece of malware. But as they and other experts around the world investigated, they discovered a virus of unparalleled complexity and mysterious provenance and intent. They had, they soon learned, stumbled upon the world’s first digital weapon.Stuxnet, as it came to be known, was unlike any other virus or worm built before: It was the first attack that reached beyond the computers it targeted to physically destroy the equipment those computers controlled. It was an ingenious attack, jointly engineered by the United States and Israel, that worked exactly as planned, until the rebooting machines gave it all away. And the discovery of Stuxnet was just the beginning: Once the digital weapon was uncovered and deciphered, it provided clues to other tools lurking in the wild. Soon, security experts found and exposed not one but three highly sophisticated digital spy tools that came from the same labs that created Stuxnet. The discoveries gave the world its first look at the scope and sophistication of nation-state surveillance and warfare in the digital age.Kim Zetter, a senior reporter at Wired, has covered hackers and computer security since 1999 and is one of the top journalists in the world on this beat. She was among the first reporters to cover Stuxnet after its discovery and has authored many of the most comprehensive articles about it. In COUNTDOWN TO ZERO DAY: Stuxnet and the Launch of the World’s First Digital Weapon, Zetter expands on this work to show how the code was designed and unleashed and how its use opened a Pandora’s Box, ushering in an age of digital warfare in which any country’s infrastructure—power grids, nuclear plants, oil pipelines, dams—is vulnerable to the same kind of attack with potentially devastating results. A sophisticated digital strike on portions of the power grid, for example, could plunge half the U.S. into darkness for weeks or longer, having a domino effect on all other critical infrastructures dependent on electricity.

    It then builds systematically to cover all the steps involved in writing, testing, and debugging assembly programs. It also provides valuable how-to information on using procedures and macros. The only guide to assembly programming covering both DOS and Linux, the book presents working example programs for both operating system, and introduces Conditional Assembly -- a technique for assembling for both DOS and Linux systems from a single source file.

    Building on the successful top-down approach of previous editions, this fourth edition continues with an early emphasis on application-layer paradigms and application programming interfaces, encouraging a hands-on experience with protocols and networking concepts.

    You’ll learn about authenticated encryption, secure randomness, hash functions, block ciphers, and public-key techniques such as RSA and elliptic curve cryptography.You’ll also learn: - Key concepts in cryptography, such as computational security, attacker models, and forward secrecy - The strengths and limitations of the TLS protocol behind HTTPS secure websites - Quantum computation and post-quantum cryptography - About various vulnerabilities by examining numerous code examples and use cases - How to choose the best algorithm or protocol and ask vendors the right questionsEach chapter includes a discussion of common implementation mistakes using real-world examples and details what could go wrong and how to avoid these pitfalls. Whether you’re a seasoned practitioner or a beginner looking to dive into the field, Serious Cryptography will provide a complete survey of modern encryption and its applications.

    Now, the criminal hackers readers have grown to both love and hate try to cover their tracks and vanish into thin air... Stealing the Network: How to Own an Identity is the 3rd book in the Stealing series, and continues in the tradition created by its predecessors by delivering real-world network attack methodologies and hacking techniques within a context of unique and original fictional accounts created by some of the world's leading security professionals and computer technologists. The seminal works in TechnoFiction, this STN collection yet again breaks new ground by casting light upon the mechanics and methods used by those lurking on the darker side of the Internet, engaging in the fastest growing crime in the world: Identity theft.Cast upon a backdrop of Evasion, surviving characters from How to Own a Continent find themselves on the run, fleeing from both authority and adversary, now using their technical prowess in a way they never expected--to survive.

    The SY0-301 version covers every aspect of the SY0-301 exam, and includes the same elements readers raved about in the previous version. Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action. The author uses many of the same analogies and explanations he's honed in the classroom that have helped hundreds of students master the Security+ content. You'll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what's important. Over 450 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes a 100 question pre-test, a 100 question post-test, and practice test questions at the end of every chapter. Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You'll be ready to take and pass the exam the first time you take it. If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you'll be a step ahead for other exams. This SY0-301 study guide is for any IT or security professional interested in advancing in their field, and a must read for anyone striving to master the basics of IT systems security. The author supplements the book with blog posts here: http: //blogs.getcertifiedgetahead.com/. This page provides a full listing of mobile device apps from the author: http: //learnzapp.com/partners/darrilgibson/

    Rather than being a sideline participant, leverage the valuable insights Hacking Exposed 6 provides to help yourself, your company, and your country fight cyber-crime." —From the Foreword by Dave DeWalt, President and CEO, McAfee, Inc."For security to be successful in any company, you must ‘think evil' and be attuned to your ‘real risk'...Hacking Expose 6 defines both." —Patrick Heim, CISO, Kaiser Permanente"The definitive resource to understanding the hacking mindset and the defenses against it." —Vince Rossi, CEO & President, St. Bernard Software"Identity theft costs billions every year and unless you understand the threat, you will be destined to be a victim of it. Hacking Exposed 6 gives you the tools you need to prevent being a victim." —Bill Loesch, CTO, Guard ID Systems"This book is current, comprehensive, thoughtful, backed by experience, and appropriately free of vendor-bias-prized features for any security practitioner in need of information." —Kip Boyle, CISO, PEMCO Mutual Insurance Company"The Hacking Exposed series has become the definitive reference for security professionals from the moment it was first released, and the 6th edition maintains its place on my bookshelf," —Jeff Moss, Founder of the popular Black Hat Security ConferenceMeet the formidable demands of security in today's hyperconnected world with expert guidance from the world-renowned Hacking Exposed team. Following the time-tested "attack-countermeasure" philosophy, this 10th anniversary edition has been fully overhauled to cover the latest insidious weapons in the hacker's extensive arsenal.New and updated material: New chapter on hacking hardware, including lock bumping, access card cloning, RFID hacks, USB U3 exploits, and Bluetooth device hijacking Updated Windows attacks and countermeasures, including new Vista and Server 2008 vulnerabilities and Metasploit exploits The latest UNIX Trojan and rootkit techniques and dangling pointer and input validation exploits New wireless and RFID security tools, including multilayered encryption and gateways All-new tracerouting and eavesdropping techniques used to target network hardware and Cisco devices Updated DoS, man-in-the-middle, DNS poisoning, and buffer overflow coverage VPN and VoIP exploits, including Google and TFTP tricks, SIP flooding, and IPsec hacking Fully updated chapters on hacking the Internet user, web hacking, and securing code

    Every new attack is described in the form of a lab exercise with rich illustrations of all the steps associated. You will practically implement various attacks as you go along. If you are an IT security professional or a security consultant who wants to get started with wireless testing with Backtrack, or just plain inquisitive about wireless security and hacking, then this book is for you. The book assumes that you have familiarity with Backtrack and basic wireless concepts.

    Covers e-mail security, IP security, Web security, and network management security. Includes a concise section on the discipline of cryptography-covering algorithms and protocols underlying network security applications, encryption, hash functions, digital signatures, and key exchange. For system engineers, engineers, programmers, system managers, network managers, product marketing personnel, and system support specialists.

    That's the philosophy behind ethical hacking, and it's a growing field. Prepare for certification in this important area with this advanced study guide that covers all exam objectives for the challenging CEH Certified Ethical Hackers exam. The book provides full coverage of exam topics, real-world examples, and a CD with additional materials for extra review and practice. Covers ethics and legal issues, footprinting, scanning, enumeration, system hacking, trojans and backdoors, sniffers, denial of service, social engineering, session hijacking, hacking Web servers, Web application vulnerabilities, and more Walks you through exam topics and includes plenty of real-world scenarios to help reinforce concepts Includes a CD with review questions, bonus exams, and more study tools This is the ideal guide to prepare you for the new CEH certification exam. Reviews

    Jon has done a wonderful job of updating the material. I am very impressed at how fresh the new examples seem." - Steve McConnell, author, Code CompleteWhen programmers list their favorite books, Jon Bentley's collection of programming pearls is commonly included among the classics. Just as natural pearls grow from grains of sand that irritate oysters, programming pearls have grown from real problems that have irritated real programmers. With origins beyond solid engineering, in the realm of insight and creativity, Bentley's pearls offer unique and clever solutions to those nagging problems. Illustrated by programs designed as much for fun as for instruction, the book is filled with lucid and witty descriptions of practical programming techniques and fundamental design principles. It is not at all surprising that Programming Pearls has been so highly valued by programmers at every level of experience. In this revision, the first in 14 years, Bentley has substantially updated his essays to reflect current programming methods and environments. In addition, there are three new essays on (1) testing, debugging, and timing; (2) set representations; and (3) string problems. All the original programs have been rewritten, and an equal amount of new code has been generated. Implementations of all the programs, in C or C++, are now available on the Web.What remains the same in this new edition is Bentley's focus on the hard core of programming problems and his delivery of workable solutions to those problems. Whether you are new to Bentley's classic or are revisiting his work for some fresh insight, this book is sure to make your own list of favorites.

    This text concisely describes the Python language and its programming environment for those readers already familiar with languages such as C and C++.