Book picks similar to
Mastering Metasploit by Nipun Jaswal
tech
security
toread2k17
imp
Backtrack 5 Wireless Penetration Testing Beginner's Guide
Vivek Ramachandran - 2011
Every new attack is described in the form of a lab exercise with rich illustrations of all the steps associated. You will practically implement various attacks as you go along. If you are an IT security professional or a security consultant who wants to get started with wireless testing with Backtrack, or just plain inquisitive about wireless security and hacking, then this book is for you. The book assumes that you have familiarity with Backtrack and basic wireless concepts.
Hacking Exposed: Network Security Secrets & Solutions
Joel Scambray - 2003
Rather than being a sideline participant, leverage the valuable insights Hacking Exposed 6 provides to help yourself, your company, and your country fight cyber-crime." From the Foreword by Dave DeWalt, President and CEO, McAfee, Inc."For security to be successful in any company, you must ‘think evil' and be attuned to your ‘real risk'...Hacking Expose 6 defines both." Patrick Heim, CISO, Kaiser Permanente"The definitive resource to understanding the hacking mindset and the defenses against it." Vince Rossi, CEO & President, St. Bernard Software"Identity theft costs billions every year and unless you understand the threat, you will be destined to be a victim of it. Hacking Exposed 6 gives you the tools you need to prevent being a victim." Bill Loesch, CTO, Guard ID Systems"This book is current, comprehensive, thoughtful, backed by experience, and appropriately free of vendor-bias-prized features for any security practitioner in need of information." Kip Boyle, CISO, PEMCO Mutual Insurance Company"The Hacking Exposed series has become the definitive reference for security professionals from the moment it was first released, and the 6th edition maintains its place on my bookshelf," Jeff Moss, Founder of the popular Black Hat Security ConferenceMeet the formidable demands of security in today's hyperconnected world with expert guidance from the world-renowned Hacking Exposed team. Following the time-tested "attack-countermeasure" philosophy, this 10th anniversary edition has been fully overhauled to cover the latest insidious weapons in the hacker's extensive arsenal.New and updated material:
New chapter on hacking hardware, including lock bumping, access card cloning, RFID hacks, USB U3 exploits, and Bluetooth device hijacking
Updated Windows attacks and countermeasures, including new Vista and Server 2008 vulnerabilities and Metasploit exploits
The latest UNIX Trojan and rootkit techniques and dangling pointer and input validation exploits
New wireless and RFID security tools, including multilayered encryption and gateways
All-new tracerouting and eavesdropping techniques used to target network hardware and Cisco devices
Updated DoS, man-in-the-middle, DNS poisoning, and buffer overflow coverage
VPN and VoIP exploits, including Google and TFTP tricks, SIP flooding, and IPsec hacking
Fully updated chapters on hacking the Internet user, web hacking, and securing code
CISSP for Dummies [With CDROM]
Lawrence C. Miller - 2002
The topics covered in the exam include: network security, security management, systems development, cryptography, disaster recovery, law, and physical security. CISSP For Dummies, 3rd Edition is the bestselling guide that covers the CISSP exam and helps prepare those wanting to take this security exam. The 3rd Edition features 200 additional pages of new content to provide thorough coverage and reflect changes to the exam. Written by security experts and well-known Dummies authors, Peter Gregory and Larry Miller, this book is the perfect, no-nonsense guide to the CISSP certification, offering test-taking tips, resources, and self-assessment tools.Fully updated with 200 pages of new content for more thorough coverage and to reflect all exam changesSecurity experts Peter Gregory and Larry Miller bring practical real-world security expertiseCD-ROM includes hundreds of randomly generated test questions for readers to practice taking the test with both timed and untimed versions"CISSP For Dummies, 3rd Edition" can lead you down the rough road to certification successNote: CD-ROM/DVD and other supplementary materials are not included as part of eBook file.
The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy
Patrick Engebretson - 2011
No prior hacking experience is needed. You learn how to properly utilize and interpret the results of modern day hacking tools, which are required to complete a penetration test. Tool coverage includes Backtrack Linux, Google reconnaissance, MetaGooFil, dig, Nmap, Nessus, Metasploit, Fast Track Autopwn, Netcat, Hacker Defender rootkit, and more. A simple and clean explanation of how to effectively utilize these tools as well as the introduction to a four-step methodology for conducting a penetration test or hack, will provide you with know-how required to jump start your career or gain a better understanding of offensive security. The book serves as an introduction to penetration testing and hacking and will provide you with a solid foundation of knowledge. After completing the book readers will be prepared to take on in-depth and advanced topics in hacking and penetration testing. The book walks through each of the steps and tools in a structured, orderly manner allowing readers to understand how the output from each tool can be fully utilized in the subsequent phases of the penetration test. This process allows readers to clearly see how the tools and phases relate.Each chapter contains hands-on examples and exercises that are designed to teach you how to interpret the results and utilize those results in later phasesWritten by an author who works in the field as a Penetration Tester and who teaches Offensive Security, Penetration Testing, and Ethical Hacking, and Exploitation classes at Dakota State UniversityUtilizes the Backtrack Linux distribution and focuses on the seminal tools required to complete a penetration test
Social Engineering: The Art of Human Hacking
Christopher Hadnagy - 2010
Mitnick claims that this socialengineering tactic was the single-most effective method in hisarsenal. This indispensable book examines a variety of maneuversthat are aimed at deceiving unsuspecting victims, while it alsoaddresses ways to prevent social engineering threats.Examines social engineering, the science of influencing atarget to perform a desired task or divulge informationArms you with invaluable information about the many methods oftrickery that hackers use in order to gather information with theintent of executing identity theft, fraud, or gaining computersystem accessReveals vital steps for preventing social engineeringthreatsSocial Engineering: The Art of Human Hacking does itspart to prepare you against nefarious hackers--now you can doyour part by putting to good use the critical information withinits pages.
CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide
James Michael Stewart - 2015
This bestselling Sybex study guide covers 100% of all exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world examples, advice on passing each section of the exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions. Along with the book, you also get access to Sybex's superior online interactive learning environment that includes: Four unique 250 question practice exams to help you identify where you need to study more. Get more than 90 percent of the answers correct, and you're ready to take the certification exam. More than 650 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam Coverage of all of the exam topics in the book means you'll be ready for: Security and Risk Management Asset Security Security Engineering Communication and Network Security Identity and Access Management Security Assessment and Testing Security Operations Software Development Security
CEH Certified Ethical Hacker All-in-One Exam Guide
Matt Walker - 2011
Pub the Date: September. 2011 of Pages: 416 in Publisher: McGraw-Hill the Get complete coverages of all the objectives included on the EC-Council's Certified the Ethical Hacker exam inside the this comprehensive resource. Written by an the IT security expert. The this the authoritative guide covers the vendor-neutral CEH exam in full detail. You'll find learning objectives at the beginning of each chapter. exam tips. practice exam questions. and in-depth explanations. Designed to help you pass the exam with ease. this definitive volume also serves as an essential on-the-job reference.COVERS ALL EXAM TOPICS. INCLUDING: Introduction to ethical hackingCryptographyReconnaissance and footprintingNetwork scanningEnumerationSystem hackingEvasion techniquesSocial engineering and physical securityHacking web servers and applicationsSQL injectionViruses. trojans. and other ...
Penetration Testing: A Hands-On Introduction to Hacking
Georgia Weidman - 2014
This beginner-friendly book opens with some basics of programming and helps you navigate Kali Linux, an operating system that comes preloaded with useful computer security tools like Wireshark and Metasploit. You'll learn about gathering information on a target, social engineering, capturing network traffic, analyzing vulnerabilities, developing exploits, and more. Hands-on examples discuss even advanced topics like mobile device security and bypassing anti-virus software.
Web Hacking 101
Peter Yaworski
With few exceptions, existing books are overly technical, only dedicate a single chapter to website vulnerabilities or don't include any real world examples. This book is different.Using publicly disclosed vulnerabilities, Web Hacking 101 explains common web vulnerabilities and will show you how to start finding vulnerabilities and collecting bounties. With over 30 examples, the book covers topics like:HTML InjectionCross site scripting (XSS)Cross site request forgery (CSRF)Open RedirectsRemote Code Execution (RCE)Application Logicand more...Each example includes a classification of the attack, a report link, the bounty paid, easy to understand description and key takeaways. After reading this book, your eyes will be opened to the wide array of vulnerabilities that exist and you'll likely never look at a website or API the same way.
Hacking Exposed Wireless: Wireless Security Secrets & Solutions
Johnny Cache - 2007
Providing tactical wireless security implementation coverage by showing how to execute the attacks and implement the defenses, this title demonstrates how attackers identify and exploit wireless network weaknesses and covers various wireless technologies - WiFi/802.11, Bluetooth, IRDA, 3G Wireless, and more.
Cryptography Engineering: Design Principles and Practical Applications
Niels Ferguson - 2010
Cryptography is vital to keeping information safe, in an era when the formula to do so becomes more and more challenging. Written by a team of world-renowned cryptography experts, this essential guide is the definitive introduction to all major areas of cryptography: message security, key negotiation, and key management. You'll learn how to think like a cryptographer. You'll discover techniques for building cryptography into products from the start and you'll examine the many technical changes in the field.After a basic overview of cryptography and what it means today, this indispensable resource covers such topics as block ciphers, block modes, hash functions, encryption modes, message authentication codes, implementation issues, negotiation protocols, and more. Helpful examples and hands-on exercises enhance your understanding of the multi-faceted field of cryptography.An author team of internationally recognized cryptography experts updates you on vital topics in the field of cryptography Shows you how to build cryptography into products from the start Examines updates and changes to cryptography Includes coverage on key servers, message security, authentication codes, new standards, block ciphers, message authentication codes, and more Cryptography Engineering gets you up to speed in the ever-evolving field of cryptography.
Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems
Chris Sanders - 2007
But how do you interpret those packets once you've captured them? And how can those packets help you to better understand what's going on under the hood of your network? Practical Packet Analysis shows how to use Wireshark to capture and then analyze packets as you take an indepth look at real-world packet analysis and network troubleshooting. The way the pros do it.Wireshark (derived from the Ethereal project), has become the world's most popular network sniffing application. But while Wireshark comes with documentation, there's not a whole lot of information to show you how to use it in real-world scenarios. Practical Packet Analysis shows you how to:Use packet analysis to tackle common network problems, such as loss of connectivity, slow networks, malware infections, and more Build customized capture and display filters Tap into live network communication Graph traffic patterns to visualize the data flowing across your network Use advanced Wireshark features to understand confusing packets Build statistics and reports to help you better explain technical network information to non-technical usersBecause net-centric computing requires a deep understanding of network communication at the packet level, Practical Packet Analysis is a must have for any network technician, administrator, or engineer troubleshooting network problems of any kind.
Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation
Bruce Dang - 2014
Reverse engineering is not about reading assembly code, but actually understanding how different pieces/components in a system work. To reverse engineer a system is to understand how it is constructed and how it works. The book provides: Coverage of x86, x64, and ARM. In the past x86 was the most common architecture on the PC; however, times have changed and x64 is becoming the dominant architecture. It brings new complexity and constructs previously not present in x86. ARM ("Advanced RISC Machine) "is very common in embedded / consumer electronic devices; for example, most if not all cell phones run on ARM. All of apple's i-devices run on ARM. This book will be the first book to cover all three.Discussion of Windows kernel-mode code (rootkits/drivers). This topic has a steep learning curve so most practitioners stay away from this area because it is highly complex. However, this book will provide a concise treatment of this topic and explain how to analyze drivers step-by-step.The book uses real world examples from the public domain. The best way to learn is through a combination of concept discussions, examples, and exercises. This book uses real-world trojans / rootkits as examples congruent with real-life scenariosHands-on exercises. End-of-chapter exercises in the form of conceptual questions and hands-on analysis so so readers can solidify their understanding of the concepts and build confidence. The exercises are also meant to teach readers about topics not covered in the book.
Advanced Rails Recipes
Mike Clark - 2007
Fueled by significant benefits and an impressive portfolio of real-world applications already in production, Rails is destined to continue making significant inroads in coming years.Each new Rails application showing up on the web adds yet more to the collective wisdom of the Rails development community. Yesterday's best practices yield to today's latest and greatest techniques, as the state of the art is continually refined in kitchens all across the Internet. Indeed, these are times of great progress.At the same time, it's easy to get left behind in the wake of progress. Advanced Rails Recipes keeps you on the cutting edge of Rails development and, more importantly, continues to turn this fast-paced framework to your advantage.Advanced Rails Recipes is filled with pragmatic recipes you'll use on every Rails project. And by taking the code in these recipes and slipping it into your application you'll not only deliver your application quicker, you'll do so with the confidence that it's done right.The book includes contributions from Aaron Batalion, Adam Keys, Adam Wiggins, Andre Lewis, Andrew Kappen, Benjamin Curtis, Ben Smith, Chris Bernard, Chris Haupt, Chris Wanstrath, Cody Fauser, Dan Benjamin, Dan Manges, Daniel Fischer, David Bock, David Chelimsky, David Heinemeier Hansson, Erik Hatcher, Ezra Zygmuntowicz, Geoffrey Grosenbach, Giles Bowkett, Greg Hansen, Gregg Pollack, Hemant Kumar, Hugh Bien, Jamie Orchard-Hays, Jamis Buck, Jared Haworth, Jarkko Laine, Jason LaPier, Jay Fields, John Dewey, Jonathan Dahl, Josep Blanquer, Josh Stephenson, Josh Susser, Kevin Clark, Luke Francl, Mark Bates, Marty Haught, Matthew Bass, Michael Slater, Mike Clark, Mike Hagedorn, Mike Mangino, Mike Naberezny, Mike Subelsky, Nathaniel Talbott, PJ Hyett, Patrick Reagan, Peter Marklund, Pierre-Alexandre Meyer, Rick Olson, Ryan Bates, Scott Barron, Tony Primerano, Val Aleksenko, and Warren Konkel.
CISSP Study Guide
Eric Conrad - 2010
The exam is designed to ensure that someone who is handling computer security in a company has a standardized body of knowledge. The book is composed of 10 domains of the Common Body of Knowledge. In each section, it defines each domain. It also provides tips on how to prepare for the exam and take the exam. It also contains CISSP practice quizzes to test ones knowledge. The first domain provides information about risk analysis and mitigation. It also discusses security governance. The second domain discusses different techniques for access control, which is the basis for all the security disciplines. The third domain explains the concepts behind cryptography, which is a secure way of communicating that is understood only by certain recipients. Domain 5 discusses security system design, which is fundamental for operating the system and software security components. Domain 6 is a critical domain in the Common Body of Knowledge, the Business Continuity Planning, and Disaster Recovery Planning. It is the final control against extreme events such as injury, loss of life, or failure of an organization. Domains 7, 8, and 9 discuss telecommunications and network security, application development security, and the operations domain, respectively. Domain 10 focuses on the major legal systems that provide a framework in determining the laws about information system.