The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler


Chris Eagle - 2008
    With IDA Pro, you live in a source code-optional world. IDA can automatically analyze the millions of opcodes that make up an executable and present you with a disassembly. But at that point, your work is just beginning. With The IDA Pro Book, you'll learn how to turn that mountain of mnemonics into something you can actually use.Hailed by the creator of IDA Pro as the "long-awaited" and "information-packed" guide to IDA, The IDA Pro Book covers everything from the very first steps to advanced automation techniques. While other disassemblers slow your analysis with inflexibility, IDA invites you to customize its output for improved readability and usefulness. You'll save time and effort as you learn to:Identify known library routines, so you can focus your analysis on other areas of the code Extend IDA to support new processors and filetypes, making disassembly possible for new or obscure architectures Explore popular plug-ins that make writing IDA scripts easier, allow collaborative reverse engineering, and much more Utilize IDA's built-in debugger to tackle obfuscated code that would defeat a stand-alone disassembler You'll still need serious assembly skills to tackle the toughest executables, but IDA makes things a lot easier. Whether you're analyzing the software on a black box or conducting hard-core vulnerability research, a mastery of IDA Pro is crucial to your success. Take your skills to the next level with The IDA Pro Book.

Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers


Andy Greenberg - 2019
    Targeting American utility companies, NATO, and electric grids in Eastern Europe, the strikes became ever more brazen, eventually leading to the first-ever blackouts triggered by hackers. They culminated in the summer of 2017 when malware known as NotPetya was unleashed, compromising, disrupting, and paralyzing some of the world's largest companies. At the attack's epicenter in Ukraine, ATMs froze. The railway and postal systems shut down. NotPetya spread around the world, inflicting an unprecedented ten billions of dollars in damage--the largest, most penetrating cyberattack the world had ever seen.The hackers behind these attacks are quickly gaining a reputation as the most dangerous team of cyberwarriors in the internet's history: Sandworm. Believed to be working in the service of Russia's military intelligence agency, they represent a persistent, highly skilled, state-sponsored hacking force, one whose talents are matched by their willingness to launch broad, unrestrained attacks on the most critical infrastructure of their adversaries. They target government and private sector, military and civilians alike.From WIRED senior writer Andy Greenberg comes Sandworm, the true story of the desperate hunt to identify and track those attackers. It considers the danger this force poses to our national stability and security. And as the Kremlin's role in manipulating foreign governments and sparking chaos globally comes into greater focus, Sandworm reveals the realities not just of Russia's global digital offensive, but of an era where warfare ceases to be waged on the battlefield--where the line between digital and physical conflict begins to blur, with world-shaking implications.

The Tcp/IP Guide: A Comprehensive, Illustrated Internet Protocols Reference


Charles Kozierok - 2005
    It details the core protocols that make TCP/IP internetworks function, and the most important classical TCP/IP applications. Its personal, easy-going writing style lets anyone understand the dozens of protocols and technologies that run the Internet, with full coverage of PPP, ARP, IP, IPv6, IP NAT, IPSec, Mobile IP, ICMP, RIP, BGP, TCP, UDP, DNS, DHCP, SNMP, FTP, SMTP, NNTP, HTTP, Telnet and much more. The author offers not only a detailed view of the TCP/IP protocol suite, but also describes networking fundamentals and the important OSI Reference Model.

Linux Bible


Christopher Negus - 2005
    Whether you're new to Linux or need a reliable update and reference, this is an excellent resource. Veteran bestselling author Christopher Negus provides a complete tutorial packed with major updates, revisions, and hands-on exercises so that you can confidently start using Linux today. Offers a complete restructure, complete with exercises, to make the book a better learning tool Places a strong focus on the Linux command line tools and can be used with all distributions and versions of Linux Features in-depth coverage of the tools that a power user and a Linux administrator need to get startedThis practical learning tool is ideal for anyone eager to set up a new Linux desktop system at home or curious to learn how to manage Linux server systems at work.

The Book of PoC||GTFO


Manul Laphroaig - 2017
    Until now, the journal has only been available online or printed and distributed for free at hacker conferences worldwide.Consistent with the journal's quirky, biblical style, this book comes with all the trimmings: a leatherette cover, ribbon bookmark, bible paper, and gilt-edged pages. The book features more than 80 technical essays from numerous famous hackers, authors of classics like "Reliable Code Execution on a Tamagotchi," "ELFs are Dorky, Elves are Cool," "Burning a Phone," "Forget Not the Humble Timing Attack," and "A Sermon on Hacker Privilege." Twenty-four full-color pages by Ange Albertini illustrate many of the clever tricks described in the text.

How Linux Works: What Every Superuser Should Know


Brian Ward - 2004
    Some books try to give you copy-and-paste instructions for how to deal with every single system issue that may arise, but How Linux Works actually shows you how the Linux system functions so that you can come up with your own solutions. After a guided tour of filesystems, the boot sequence, system management basics, and networking, author Brian Ward delves into open-ended topics such as development tools, custom kernels, and buying hardware, all from an administrator's point of view. With a mixture of background theory and real-world examples, this book shows both "how" to administer Linux, and "why" each particular technique works, so that you will know how to make Linux work for you.

The Pentester BluePrint: Starting a Career as an Ethical Hacker


Phillip L. Wylie - 2020
    Accomplished pentester and author Phillip L. Wylie and cybersecurity researcher Kim Crawley walk you through the basic and advanced topics necessary to understand how to make a career out of finding vulnerabilities in systems, networks, and applications.You'll learn about the role of a penetration tester, what a pentest involves, and the prerequisite knowledge you'll need to start the educational journey of becoming a pentester. Discover how to develop a plan by assessing your current skillset and finding a starting place to begin growing your knowledge and skills. Finally, find out how to become employed as a pentester by using social media, networking strategies, and community involvement.Perfect for IT workers and entry-level information security professionals, The Pentester BluePrint also belongs on the bookshelves of anyone seeking to transition to the exciting and in-demand field of penetration testing.Written in a highly approachable and accessible style, The Pentester BluePrint avoids unnecessarily technical lingo in favor of concrete advice and practical strategies to help you get your start in pentesting. This book will teach you:The foundations of pentesting, including basic IT skills like operating systems, networking, and security systems The development of hacking skills and a hacker mindset Where to find educational options, including college and university classes, security training providers, volunteer work, and self-study Which certifications and degrees are most useful for gaining employment as a pentester How to get experience in the pentesting field, including labs, CTFs, and bug bounties

Counter Hack Reloaded: A Step-By-Step Guide to Computer Attacks and Effective Defenses


Edward Skoudis - 2005
    I asked other people and they didn't seem to know how these things work, or at least they couldn't explain them in a way that I could understand. Counter Hack Reloaded is the clearest explanation of these tools I have ever seen. Thank you!" --Stephen Northcutt, CEO, SANS Institute "Ed Skoudis does it again! With this new edition, Ed takes a phenomenal work to the next level! This book is a 'must-have' and a 'must-read' for anyone remotely associated with computers and computer security." --Harlan Carvey, CISSP, author of Windows Forensics and Incident Recovery "Ed Skoudis is a rare individual. He knows the innards of all the various systems, knows all the latest exploits and defenses, and yet is able to explain everything at just the right level. The first edition of Counter Hack was a fascinating read. It's technically intriguing and very clear. . . . A book on vulnerabilities, though, will get out of date, and so we definitely needed this updated and significantly rewritten second edition. This book is a wonderful overview of the field." --From the Foreword by Radia Perlman, series editor, The Radia Perlman Series in Computer Networking and Security; author of Interconnections; and coauthor of Network Security: Private Communications in a Public World "What a great partnership! Ed Skoudis and Tom Liston share an uncanny talent for explaining even the most challenging security concepts in a clear and enjoyable manner. Counter Hack Reloaded is an indispensable resource for those who want to improve their defenses and understand the mechanics of computer attacks." --Lenny Zeltser, coauthor of Malware: Fighting Malicious Code "Ed Skoudis does it again! With this new edition, Ed takes a phenomenal work to the next level! This book is a 'must-have' and a 'must-read' for anyone remotely associated with computers and computer security." --Harlan Carvey, CISSP, author of Windows Forensics and Incident Recovery "In addition to having breadth of knowledge about and probing insights into network security, Ed Skoudis's real strength is in his ability to show complex topics in an understandable form. By the time he's done, what started off as a hopeless conglomeration of acronyms starts to sound comfortable and familiar. This book is your best source for understanding attack strategies, attack tools, and the defenses against both." --William Stearns, network security expert, www.stearns.org "This book is a must-have for anyone in the Internet security game. It covers everything from the basic principles to the fine details of online attack methods and counter-strategies and is very engagingly written." --Warwick Ford, coauthor of Secure Electronic Commerce For years, Counter Hack has been the primary resource for every network/system administrator and security professional who needs a deep, hands-on understanding of hacker attacks and countermeasures. Now, leading network security expert Ed Skoudis, with Tom Liston, has thoroughly updated this best-selling guide, showing how to defeat today's newest, most sophisticated, and most destructive attacks.For this second edition, more than half the content is new and updated, including coverage of the latest hacker techniques for scanning networks, gaining and maintaining access, and preventing detection. The authors walk you through each attack and demystify every tool and tactic. You'll learn exactly how to establish effective defenses, recognize attacks in progress, and respond quickly and effectively in both UNIX/Linux and Windows environments.Important features of this new edition includeAll-new "anatomy-of-an-attack" scenarios and tools An all-new section on wireless hacking: war driving, wireless sniffing attacks, and more Fully updated coverage of reconnaissance tools, including Nmap port scanning and "Google hacking" New coverage of tools for gaining access, including uncovering Windows and Linux vulnerabilities with Metasploit New information on dangerous, hard-to-detect, kernel-mode rootkits

Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon


Kim Zetter - 2014
    The cause of their failure was a complete mystery.Five months later, a seemingly unrelated event occurred. A computer security firm in Belarus was called in to troubleshoot some computers in Iran that were caught in a reboot loop—crashing and rebooting repeatedly. At first, technicians with the firm believed the malicious code they found on the machines was a simple, routine piece of malware. But as they and other experts around the world investigated, they discovered a virus of unparalleled complexity and mysterious provenance and intent. They had, they soon learned, stumbled upon the world’s first digital weapon.Stuxnet, as it came to be known, was unlike any other virus or worm built before: It was the first attack that reached beyond the computers it targeted to physically destroy the equipment those computers controlled. It was an ingenious attack, jointly engineered by the United States and Israel, that worked exactly as planned, until the rebooting machines gave it all away. And the discovery of Stuxnet was just the beginning: Once the digital weapon was uncovered and deciphered, it provided clues to other tools lurking in the wild. Soon, security experts found and exposed not one but three highly sophisticated digital spy tools that came from the same labs that created Stuxnet. The discoveries gave the world its first look at the scope and sophistication of nation-state surveillance and warfare in the digital age.Kim Zetter, a senior reporter at Wired, has covered hackers and computer security since 1999 and is one of the top journalists in the world on this beat. She was among the first reporters to cover Stuxnet after its discovery and has authored many of the most comprehensive articles about it. In COUNTDOWN TO ZERO DAY: Stuxnet and the Launch of the World’s First Digital Weapon, Zetter expands on this work to show how the code was designed and unleashed and how its use opened a Pandora’s Box, ushering in an age of digital warfare in which any country’s infrastructure—power grids, nuclear plants, oil pipelines, dams—is vulnerable to the same kind of attack with potentially devastating results. A sophisticated digital strike on portions of the power grid, for example, could plunge half the U.S. into darkness for weeks or longer, having a domino effect on all other critical infrastructures dependent on electricity.

Learn You a Haskell for Great Good!


Miran Lipovača - 2011
    Learn You a Haskell for Great Good! introduces programmers familiar with imperative languages (such as C++, Java, or Python) to the unique aspects of functional programming. Packed with jokes, pop culture references, and the author's own hilarious artwork, Learn You a Haskell for Great Good! eases the learning curve of this complex language, and is a perfect starting point for any programmer looking to expand his or her horizons. The well-known web tutorial on which this book is based is widely regarded as the best way for beginners to learn Haskell, and receives over 30,000 unique visitors monthly.

The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System


Bill Blunden - 2009
    Adopting an approach that favors full disclosure, The Rootkit Arsenal presents the most accessible, timely, and complete coverage of rootkit technology. This book covers more topics, in greater depth, than any other currently available. In doing so the author forges through the murky back alleys of the Internet, shedding light on material that has traditionally been poorly documented, partially documented, or intentionally undocumented.The spectrum of topics covered includes how to:* Hook kernel structures on multi-processor systems* Use a kernel debugger to reverse system internals* Inject call gates to create a back door into Ring-0* Use detour patches to sidestep group policy* Modify privilege levels on Vista by altering kernel objects* Utilize bootkit technology* Defeat live incident response and post-mortem forensics* Implement code armoring to protect your deliverables* Establish covert channels using the WSK and NDIS 6.0

Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World


Joseph Menn - 2019
    Though until now it has remained mostly anonymous, its members invented the concept of hacktivism, released the top tool for testing password security, and created what was for years the best technique for controlling computers from afar, forcing giant companies to work harder to protect customers. They contributed to the development of Tor, the most important privacy tool on the net, and helped build cyberweapons that advanced US security without injuring anyone. With its origins in the earliest days of the Internet, the cDc is full of oddball characters -- activists, artists, even future politicians. Many of these hackers have become top executives and advisors walking the corridors of power in Washington and Silicon Valley. The most famous is former Texas Congressman and current presidential candidate Beto O'Rourke, whose time in the cDc set him up to found a tech business, launch an alternative publication in El Paso, and make long-shot bets on unconventional campaigns.Today, the group and its followers are battling electoral misinformation, making personal data safer, and battling to keep technology a force for good instead of for surveillance and oppression. Cult of the Dead Cow shows how governments, corporations, and criminals came to hold immense power over individuals and how we can fight back against them.

The Cathedral & the Bazaar: Musings on Linux and Open Source by an Accidental Revolutionary


Eric S. Raymond - 1999
    According to the August Forrester Report, 56 percent of IT managers interviewed at Global 2,500 companies are already using some type of open source software in their infrastructure and another 6 percent will install it in the next two years. This revolutionary model for collaborative software development is being embraced and studied by many of the biggest players in the high-tech industry, from Sun Microsystems to IBM to Intel.The Cathedral & the Bazaar is a must for anyone who cares about the future of the computer industry or the dynamics of the information economy. Already, billions of dollars have been made and lost based on the ideas in this book. Its conclusions will be studied, debated, and implemented for years to come. According to Bob Young, "This is Eric Raymond's great contribution to the success of the open source revolution, to the adoption of Linux-based operating systems, and to the success of open source users and the companies that supply them."The interest in open source software development has grown enormously in the past year. This revised and expanded paperback edition includes new material on open source developments in 1999 and 2000. Raymond's clear and effective writing style accurately describing the benefits of open source software has been key to its success. With major vendors creating acceptance for open source within companies, independent vendors will become the open source story in 2001.

Bash Cookbook: Solutions and Examples for Bash Users


Carl Albing - 2007
    Scripting is a way to harness and customize the power of any Unix system, and it's an essential skill for any Unix users, including system administrators and professional OS X developers. But beneath this simple promise lies a treacherous ocean of variations in Unix commands and standards.bash Cookbook teaches shell scripting the way Unix masters practice the craft. It presents a variety of recipes and tricks for all levels of shell programmers so that anyone can become a proficient user of the most common Unix shell -- the bash shell -- and cygwin or other popular Unix emulation packages. Packed full of useful scripts, along with examples that explain how to create better scripts, this new cookbook gives professionals and power users everything they need to automate routine tasks and enable them to truly manage their systems -- rather than have their systems manage them.

Regular Expressions Cookbook


Jan Goyvaerts - 2009
    Every programmer can find uses for regular expressions, but their power doesn't come worry-free. Even seasoned users often suffer from poor performance, false positives, false negatives, or perplexing bugs. Regular Expressions Cookbook offers step-by-step instructions for some of the most common tasks involving this tool, with recipes for C#, Java, JavaScript, Perl, PHP, Python, Ruby, and VB.NET.With this book, you will:Understand the basics of regular expressions through a concise tutorial Use regular expressions effectively in several programming and scripting languages Learn how to validate and format input Manage words, lines, special characters, and numerical values Find solutions for using regular expressions in URLs, paths, markup, and data exchange Learn the nuances of more advanced regex features Understand how regular expressions' APIs, syntax, and behavior differ from language to language Write better regular expressions for custom needs Whether you're a novice or an experienced user, Regular Expressions Cookbook will help deepen your knowledge of this unique and irreplaceable tool. You'll learn powerful new tricks, avoid language-specific gotchas, and save valuable time with this huge library of proven solutions to difficult, real-world problems.