List books in category Computers & Technology / Security

  • Learning Python Network Programming

    Learning Python Network Programming
    Dr. M. O. Faruque Sarker

    Network programming has always been a demanding task. With full-featured and well documented libraries all the way up the stack, Python makes network programming the enjoyable experience it should be.Starting with a walkthrough of today's major networking protocols, with this book you'll learn how to employ Python for network programming, how to request and retrieve web resources, and how to extract data in major formats over the Web. You'll utilize Python for e-mailing using different protocols and you'll interact with remote systems and IP and DNS networking.As the book progresses, socket programming will be covered, followed by how to design servers and the pros and cons of multithreaded and event-driven architectures. You'll develop practical client-side applications, including web API clients, e-mail clients, SSH, and FTP. These applications will also be implemented through existing web application frameworks.

  • Mastering Ethereum: Building Smart Contracts and DApps

    Mastering Ethereum: Building Smart Contracts and DApps
    Andreas M. Antonopoulos

    Ethereum represents the gateway to a worldwide, decentralized computing paradigm. This platform enables you to run decentralized applications (DApps) and smart contracts that have no central points of failure or control, integrate with a payment network, and operate on an open blockchain. With this practical guide, Andreas M. Antonopoulos and Gavin Wood provide everything you need to know about building smart contracts and DApps on Ethereum and other virtual-machine blockchains.Discover why IBM, Microsoft, NASDAQ, and hundreds of other organizations are experimenting with Ethereum. This essential guide shows you how to develop the skills necessary to be an innovator in this growing and exciting new industry.Run an Ethereum client, create and transmit basic transactions, and program smart contractsLearn the essentials of public key cryptography, hashes, and digital signaturesUnderstand how "wallets" hold digital keys that control funds and smart contractsInteract with Ethereum clients programmatically using JavaScript libraries and Remote Procedure Call interfacesLearn security best practices, design patterns, and anti-patterns with real-world examplesCreate tokens that represent assets, shares, votes, or access control rightsBuild decentralized applications using multiple peer-to-peer (P2P) components

  • Defending IoT Infrastructures with the Raspberry Pi: Monitoring and Detecting Nefarious Behavior in Real Time

    Defending IoT Infrastructures with the Raspberry Pi: Monitoring and Detecting Nefarious Behavior in Real Time
    Chet Hosmer

    Apply a methodology and practical solutions for monitoring the behavior of the Internet of Things (IoT), industrial control systems (ICS), and other critical network devices with the inexpensive Raspberry Pi. With this book, you will master passive monitoring and detection of aberrant behavior, and learn how to generate early indications and warning of attacks targeting IoT, ICS, and other critical network resources. Defending IoT Infrastructures with the Raspberry Pi provides techniques and scripts for the discovery of dangerous data leakage events emanating from IoT devices. Using Raspbian Linux and specialized Python scripts, the book walks through the steps necessary to monitor, detect, and respond to attacks targeting IoT devices. There are several books that cover IoT, IoT security, Raspberry Pi, and Python separately, but this book is the first of its kind to put them all together. It takes a practical approach, providing an entry point and level playing field for a wide range of individuals, small companies, researchers, academics, students, and hobbyists to participate. What You’ll Learn Create a secure, operational Raspberry Pi IoT sensorConfigure and train the sensor using “normal” IoT behaviorEstablish analytics for detecting aberrant activitiesGenerate real-time alerts to preempt attacksIdentify and report data-leakage events originating from IoT devicesDevelop custom Python applications for cybersecurity Who This Book Is For Cybersecurity specialists, professors teaching in undergraduate and graduate programs in cybersecurity, students in cybersecurity and computer science programs, software developers and engineers developing new cybersecurity defenses, incident response teams, software developers and engineers in general, and hobbyists wanting to expand the application of Raspberry Pi into both IoT and cybersecurity

  • Kali Linux 2: Windows Penetration Testing

    Kali Linux 2: Windows Penetration Testing
    Wolf Halton

    Kali Linux: a complete pentesting toolkit facilitating smooth backtracking for working hackersAbout This BookConduct network testing, surveillance, pen testing and forensics on MS Windows using Kali LinuxFootprint, monitor, and audit your network and investigate any ongoing infestationsCustomize Kali Linux with this professional guide so it becomes your pen testing toolkitWho This Book Is ForIf you are a working ethical hacker who is looking to expand the offensive skillset with a thorough understanding of Kali Linux, then this is the book for you. Prior knowledge about Linux operating systems and the BASH terminal emulator along with Windows desktop and command line would be highly beneficial.What You Will LearnSet up Kali Linux for pen testingMap and enumerate your Windows networkExploit several common Windows network vulnerabilitiesAttack and defeat password schemes on WindowsDebug and reverse-engineer Windows programsRecover lost files, investigate successful hacks and discover hidden data in innocent-looking filesCatch and hold admin rights on the network, and maintain backdoors on the network after your initial testing is doneIn DetailMicrosoft Windows is one of the two most common OS and managing its security has spawned the discipline of IT security. Kali Linux is the premier platform for testing and maintaining Windows security. Kali is built on the Debian distribution of Linux and shares the legendary stability of that OS. This lets you focus on using the network penetration, password cracking, forensics tools and not the OS.This book has the most advanced tools and techniques to reproduce the methods used by sophisticated hackers to make you an expert in Kali Linux penetration testing. First, you are introduced to Kali's top ten tools and other useful reporting tools. Then, you will find your way around your target network and determine known vulnerabilities to be able to exploit a system remotely. Next, you will prove that the vulnerabilities you have found are real and exploitable. You will learn to use tools in seven categories of exploitation tools. Further, you perform web access exploits using tools like websploit and more. Security is only as strong as the weakest link in the chain. Passwords are often that weak link. Thus, you learn about password attacks that can be used in concert with other approaches to break into and own a network. Moreover, you come to terms with network sniffing, which helps you understand which users are using services you can exploit, and IP spoofing, which can be used to poison a system's DNS cache. Once you gain access to a machine or network, maintaining access is important.Thus, you not only learn penetrating in the machine you also learn Windows privilege's escalations. With easy to follow step-by-step instructions and support images, you will be able to quickly pen test your system and network.Style and approachThis book is a hands-on guide for Kali Linux pen testing. This book will provide all the practical knowledge needed to test your network's security using a proven hacker's methodology. The book uses easy-to-understand yet professional language for explaining concepts.

  • CUCKOO S EGG

    CUCKOO’S EGG
    Clifford Stoll

    Before the Internet became widely known as a global tool for terrorists, one perceptive U.S. citizen recognized its ominous potential. Armed with clear evidence of computer espionage, he began a highly personal quest to expose a hidden network of spies that threatened national security. But would the authorities back him up? Cliff Stoll's dramatic firsthand account is "a computer-age detective story, instantly fascinating [and] astonishingly gripping" (Smithsonian). Cliff Stoll was an astronomer turned systems manager at Lawrence Berkeley Lab when a 75-cent accounting error alerted him to the presence of an unauthorized user on his system. The hacker's code name was "Hunter"—a mysterious invader who managed to break into U.S. computer systems and steal sensitive military and security information. Stoll began a one-man hunt of his own: spying on the spy. It was a dangerous game of deception, broken codes, satellites, and missile bases—a one-man sting operation that finally gained the attention of the CIA . . . and ultimately trapped an international spy ring fueled by cash, cocaine, and the KGB.

  • Threat Modeling: Designing for Security

    Threat Modeling: Designing for Security
    Adam Shostack

    The only security book to be chosen as a Dr. Dobbs Jolt Award Finalist since Bruce Schneier's Secrets and Lies and Applied Cryptography!Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies. Systems security managers, you'll find tools and a framework for structured thinking about what can go wrong. Software developers, you'll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you'll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling. Provides a unique how-to for security and software developers who need to design secure products and systems and test their designs Explains how to threat model and explores various threat modeling approaches, such as asset-centric, attacker-centric and software-centric Provides effective approaches and techniques that have been proven at Microsoft and elsewhere Offers actionable how-to advice not tied to any specific software, operating system, or programming language Authored by a Microsoft professional who is one of the most prominent threat modeling experts in the world As more software is delivered on the Internet or operates on Internet-connected devices, the design of secure software is absolutely critical. Make sure you're ready with Threat Modeling: Designing for Security.

  • Principles of Information Security: Edition 5

    Principles of Information Security: Edition 5
    Michael E. Whitman

    Specifically oriented to the needs of information systems students, PRINCIPLES OF INFORMATION SECURITY, 5e delivers the latest technology and developments from the field. Taking a managerial approach, this bestseller teaches all the aspects of information security-not just the technical control perspective. It provides a broad review of the entire field of information security, background on many related elements, and enough detail to facilitate understanding of the topic. It covers the terminology of the field, the history of the discipline, and an overview of how to manage an information security program. Current and relevant, the fifth edition includes the latest practices, fresh examples, updated material on technical security controls, emerging legislative issues, new coverage of digital forensics, and hands-on application of ethical issues in IS security. It is the ultimate resource for future business decision-makers.Important Notice: Media content referenced within the product description or the product text may not be available in the ebook version.

  • Penetration Testing Essentials

    Penetration Testing Essentials
    Shimonski

    Your pen testing career begins here, with a solid foundation in essential skills and concepts Penetration Testing Essentials provides a starting place for professionals and beginners looking to learn more about penetration testing for cybersecurity. Certification eligibility requires work experience—but before you get that experience, you need a basic understanding of the technical and behavioral ways attackers compromise security, and the tools and techniques you'll use to discover the weak spots before others do. You'll learn information gathering techniques, scanning and enumeration, how to target wireless networks, and much more as you build your pen tester skill set. You'll learn how to break in, look around, get out, and cover your tracks, all without ever being noticed. Pen testers are tremendously important to data security, so they need to be sharp and well-versed in technique, but they also need to work smarter than the average hacker. This book set you on the right path, with expert instruction from a veteran IT security expert with multiple security certifications. IT Security certifications have stringent requirements and demand a complex body of knowledge. This book lays the groundwork for any IT professional hoping to move into a cybersecurity career by developing a robust pen tester skill set. Learn the fundamentals of security and cryptography Master breaking, entering, and maintaining access to a system Escape and evade detection while covering your tracks Build your pen testing lab and the essential toolbox Start developing the tools and mindset you need to become experienced in pen testing today.

  • Hacking: 10 Easy Beginners Tutorials on How to Hack Plus Basic Security Tips

    Hacking: 10 Easy Beginners Tutorials on How to Hack Plus Basic Security Tips
    Martin Donovan

    In this e-book, I'll teach you how easy it is to hack into personal and commercial computer systems … so easy that you may be able to do it yourself. Ethical hacking involves testing your security yourself, or hiring people to see if your site or computer(s) can be hacked.My tutorials will put you in the shoes of a hacker who is determined to get inside the computers and systems of businesses and individuals, to gain information or to steal or destroy files. From stealing credit card information to deleting folders in a system, hackers can destroy many aspects of your home or business and your record-keeping.There are tools available for hacking online, and some of them work without assistance from a user. They are arguably not as effective as hacking "hands-on ", where you can react to what you find when you try to access acomputer, network or system.From penetration testing, where you check to see how effective a security system may be, to a full-scale hack of a company server, there are many levels of hacking, both legal and illegal. Learn about hacking to see how it can affect you.I will include tutorials in:-Basic hacking-Smartphone hacking-Becoming an accomplished hacker-Hacking servers and systems-Hacking websites-Hacking Facebook accounts-Protecting yourself and your company from attack by hackers

  • Ghost in the Wires: My Adventures as the World s Most Wanted Hacker

    Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker
    Kevin Mitnick

    The thrilling memoir of the world's most wanted computer hacker "Mitnick manages to make breaking computer code sound as action-packed as robbing a bank." — NPR Kevin Mitnick was the most elusive computer break-in artist in history. He accessed computers and networks at the world's biggest companies–and no matter how fast the authorities were, Mitnick was faster, sprinting through phone switches, computer systems, and cellular networks. As the FBI's net finally began to tighten, Mitnick went on the run, engaging in an increasingly sophisticated game of hide-and-seek that escalated through false identities, a host of cities, and plenty of close shaves, to an ultimate showdown with the Feds, who would stop at nothing to bring him down. Ghost in the Wires is a thrilling true story of intrigue, suspense, and unbelievable escapes–and a portrait of a visionary who forced the authorities to rethink the way they pursued him, and forced companies to rethink the way they protect their most sensitive information.

  • Countdown to Zero Day: Stuxnet and the Launch of the World s First Digital Weapon

    Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon
    Kim Zetter

    Top cybersecurity journalist Kim Zetter tells the story behind the virus that sabotaged Iran’s nuclear efforts and shows how its existence has ushered in a new age of warfare—one in which a digital attack can have the same destructive capability as a megaton bomb. In January 2010, inspectors with the International Atomic Energy Agency noticed that centrifuges at an Iranian uranium enrichment plant were failing at an unprecedented rate. The cause was a complete mystery—apparently as much to the technicians replacing the centrifuges as to the inspectors observing them. Then, five months later, a seemingly unrelated event occurred: A computer security firm in Belarus was called in to troubleshoot some computers in Iran that were crashing and rebooting repeatedly. At first, the firm’s programmers believed the malicious code on the machines was a simple, routine piece of malware. But as they and other experts around the world investigated, they discovered a mysterious virus of unparalleled complexity. They had, they soon learned, stumbled upon the world’s first digital weapon. For Stuxnet, as it came to be known, was unlike any other virus or worm built before: Rather than simply hijacking targeted computers or stealing information from them, it escaped the digital realm to wreak actual, physical destruction on a nuclear facility. In these pages, Wired journalist Kim Zetter draws on her extensive sources and expertise to tell the story behind Stuxnet’s planning, execution, and discovery, covering its genesis in the corridors of Bush’s White House and its unleashing on systems in Iran—and telling the spectacular, unlikely tale of the security geeks who managed to unravel a sabotage campaign years in the making. But Countdown to Zero Day ranges far beyond Stuxnet itself. Here, Zetter shows us how digital warfare developed in the US. She takes us inside today’s flourishing zero-day “grey markets,” in which intelligence agencies and militaries pay huge sums for the malicious code they need to carry out infiltrations and attacks. She reveals just how vulnerable many of our own critical systems are to Stuxnet-like strikes, from nation-state adversaries and anonymous hackers alike—and shows us just what might happen should our infrastructure be targeted by such an attack. Propelled by Zetter’s unique knowledge and access, and filled with eye-opening explanations of the technologies involved, Countdown to Zero Day is a comprehensive and prescient portrait of a world at the edge of a new kind of war.

  • Kerberos: The Definitive Guide: The Definitive Guide

    Kerberos: The Definitive Guide: The Definitive Guide
    Jason Garman

    Kerberos, the single sign-on authentication system originally developed at MIT, deserves its name. It's a faithful watchdog that keeps intruders out of your networks. But it has been equally fierce to system administrators, for whom the complexity of Kerberos is legendary.Single sign-on is the holy grail of network administration, and Kerberos is the only game in town. Microsoft, by integrating Kerberos into Active Directory in Windows 2000 and 2003, has extended the reach of Kerberos to all networks large or small. Kerberos makes your network more secure and more convenient for users by providing a single authentication system that works across the entire network. One username; one password; one login is all you need.Fortunately, help for administrators is on the way. Kerberos: The Definitive Guide shows you how to implement Kerberos for secure authentication. In addition to covering the basic principles behind cryptographic authentication, it covers everything from basic installation to advanced topics like cross-realm authentication, defending against attacks on Kerberos, and troubleshooting.In addition to covering Microsoft's Active Directory implementation, Kerberos: The Definitive Guide covers both major implementations of Kerberos for Unix and Linux: MIT and Heimdal. It shows you how to set up Mac OS X as a Kerberos client. The book also covers both versions of the Kerberos protocol that are still in use: Kerberos 4 (now obsolete) and Kerberos 5, paying special attention to the integration between the different protocols, and between Unix and Windows implementations.If you've been avoiding Kerberos because it's confusing and poorly documented, it's time to get on board! This book shows you how to put Kerberos authentication to work on your Windows and Unix systems.

  • Network Security with OpenSSL: Cryptography for Secure Communications

    Network Security with OpenSSL: Cryptography for Secure Communications
    John Viega

    Most applications these days are at least somewhat network aware, but how do you protect those applications against common network security threats? Many developers are turning to OpenSSL, an open source version of SSL/TLS, which is the most widely used protocol for secure network communications.The OpenSSL library is seeing widespread adoption for web sites that require cryptographic functions to protect a broad range of sensitive information, such as credit card numbers and other financial transactions. The library is the only free, full-featured SSL implementation for C and C++, and it can be used programmatically or from the command line to secure most TCP-based network protocols.Network Security with OpenSSL enables developers to use this protocol much more effectively. Traditionally, getting something simple done in OpenSSL could easily take weeks. This concise book gives you the guidance you need to avoid pitfalls, while allowing you to take advantage of the library?s advanced features. And, instead of bogging you down in the technical details of how SSL works under the hood, this book provides only the information that is necessary to use OpenSSL safely and effectively. In step-by-step fashion, the book details the challenges in securing network communications, and shows you how to use OpenSSL tools to best meet those challenges.As a system or network administrator, you will benefit from the thorough treatment of the OpenSSL command-line interface, as well as from step-by-step directions for obtaining certificates and setting up your own certification authority. As a developer, you will further benefit from the in-depth discussions and examples of how to use OpenSSL in your own programs. Although OpenSSL is written in C, information on how to use OpenSSL with Perl, Python and PHP is also included.OpenSSL may well answer your need to protect sensitive data. If that?s the case, Network Security with OpenSSL is the only guide available on the subject.

  • Schneier on Security

    Schneier on Security
    Bruce Schneier

    Presenting invaluable advice from the world?s most famous computer security expert, this intensely readable collection features some of the most insightful and informative coverage of the strengths and weaknesses of computer security and the price people pay — figuratively and literally — when security fails. Discussing the issues surrounding things such as airplanes, passports, voting machines, ID cards, cameras, passwords, Internet banking, sporting events, computers, and castles, this book is a must-read for anyone who values security at any level — business, technical, or personal.

  • Cryptography Engineering: Design Principles and Practical Applications

    Cryptography Engineering: Design Principles and Practical Applications
    Niels Ferguson

    The ultimate guide to cryptography, updated from an author team of the world's top cryptography experts. Cryptography is vital to keeping information safe, in an era when the formula to do so becomes more and more challenging. Written by a team of world-renowned cryptography experts, this essential guide is the definitive introduction to all major areas of cryptography: message security, key negotiation, and key management. You'll learn how to think like a cryptographer. You'll discover techniques for building cryptography into products from the start and you'll examine the many technical changes in the field. After a basic overview of cryptography and what it means today, this indispensable resource covers such topics as block ciphers, block modes, hash functions, encryption modes, message authentication codes, implementation issues, negotiation protocols, and more. Helpful examples and hands-on exercises enhance your understanding of the multi-faceted field of cryptography. An author team of internationally recognized cryptography experts updates you on vital topics in the field of cryptography Shows you how to build cryptography into products from the start Examines updates and changes to cryptography Includes coverage on key servers, message security, authentication codes, new standards, block ciphers, message authentication codes, and more Cryptography Engineering gets you up to speed in the ever-evolving field of cryptography.

  • The Mobile Application Hacker s Handbook

    The Mobile Application Hacker’s Handbook
    Dominic Chell

    See your app through a hacker's eyes to find the real sources of vulnerability The Mobile Application Hacker's Handbook is a comprehensive guide to securing all mobile applications by approaching the issue from a hacker's point of view. Heavily practical, this book provides expert guidance toward discovering and exploiting flaws in mobile applications on the iOS, Android, Blackberry, and Windows Phone platforms. You will learn a proven methodology for approaching mobile application assessments, and the techniques used to prevent, disrupt, and remediate the various types of attacks. Coverage includes data storage, cryptography, transport layers, data leakage, injection attacks, runtime manipulation, security controls, and cross-platform apps, with vulnerabilities highlighted and detailed information on the methods hackers use to get around standard security. Mobile applications are widely used in the consumer and enterprise markets to process and/or store sensitive data. There is currently little published on the topic of mobile security, but with over a million apps in the Apple App Store alone, the attack surface is significant. This book helps you secure mobile apps by demonstrating the ways in which hackers exploit weak points and flaws to gain access to data. Understand the ways data can be stored, and how cryptography is defeated Set up an environment for identifying insecurities and the data leakages that arise Develop extensions to bypass security controls and perform injection attacks Learn the different attacks that apply specifically to cross-platform apps IT security breaches have made big headlines, with millions of consumers vulnerable as major corporations come under attack. Learning the tricks of the hacker's trade allows security professionals to lock the app up tight. For better mobile security and less vulnerable data, The Mobile Application Hacker's Handbook is a practical, comprehensive guide.

  • Mastering Identity and Access Management with Microsoft Azure: Empower users by managing and protecting identities and data, 2nd Edition, Edition 2

    Mastering Identity and Access Management with Microsoft Azure: Empower users by managing and protecting identities and data, 2nd Edition, Edition 2
    Jochen Nickel

    Start empowering users and protecting corporate data, while managing identities and access with Microsoft Azure in different environmentsKey FeaturesUnderstand how to identify and manage business drivers during transitionsExplore Microsoft Identity and Access Management as a Service (IDaaS) solutionOver 40 playbooks to support your learning process with practical guidelinesBook DescriptionMicrosoft Azure and its Identity and access management are at the heart of Microsoft's software as service products, including Office 365, Dynamics CRM, and Enterprise Mobility Management. It is crucial to master Microsoft Azure in order to be able to work with the Microsoft Cloud effectively.You’ll begin by identifying the benefits of Microsoft Azure in the field of identity and access management. Working through the functionality of identity and access management as a service, you will get a full overview of the Microsoft strategy. Understanding identity synchronization will help you to provide a well-managed identity. Project scenarios and examples will enable you to understand, troubleshoot, and develop on essential authentication protocols and publishing scenarios. Finally, you will acquire a thorough understanding of Microsoft Information protection technologies.What you will learnApply technical descriptions to your business needs and deploymentsManage cloud-only, simple, and complex hybrid environmentsApply correct and efficient monitoring and identity protection strategiesDesign and deploy custom Identity and access management solutionsBuild a complete identity and access management life cycleUnderstand authentication and application publishing mechanismsUse and understand the most crucial identity synchronization scenariosImplement a suitable information protection strategyWho this book is forThis book is a perfect companion for developers, cyber security specialists, system and security engineers, IT consultants/architects, and system administrators who are looking for perfectly up–to-date hybrid and cloud-only scenarios. You should have some understanding of security solutions, Active Directory, access privileges/rights, and authentication methods. Programming knowledge is not required but can be helpful for using PowerShell or working with APIs to customize your solutions.

  • Hacking For Dummies: Edition 5

    Hacking For Dummies: Edition 5
    Kevin Beaver

    Learn to hack your own system to protect against malicious attacks from outside Is hacking something left up to the bad guys? Certainly not! Hacking For Dummies, 5th Edition is a fully updated resource that guides you in hacking your system to better protect your network against malicious attacks. This revised text helps you recognize any vulnerabilities that are lurking in your system, allowing you to fix them before someone else finds them. Penetration testing, vulnerability assessments, security best practices, and other aspects of ethical hacking are covered in this book, including Windows 10 hacks, Linux hacks, web application hacks, database hacks, VoIP hacks, and mobile computing hacks. Additionally, you have access to free testing tools and an appendix detailing valuable tools and resources. Ethical hacking entails thinking like the bad guys to identify any vulnerabilities that they might find in your system—and fixing them before they do. Also called penetration testing, ethical hacking is essential to keeping your system, and all of its data, secure. Understanding how to perform effective ethical hacking can improve the safety of your network. Defend your system—and all of the data it holds—against the latest Windows 10 and Linux hacks Develop an effective ethical hacking plan that keeps your system safe Protect your web applications, databases, laptops, and smartphones by going beyond simple hacking strategies Leverage the latest testing tools and techniques when using ethical hacking to keep your system secure Hacking For Dummies, 5th Edition is a fully updated resource that guides you in hacking your own system to protect it—and it will become your go-to reference when ethical hacking is on your to-do list.

  • Blockchain By Example: A developer s guide to creating decentralized applications using Bitcoin, Ethereum, and Hyperledger

    Blockchain By Example: A developer’s guide to creating decentralized applications using Bitcoin, Ethereum, and Hyperledger
    Bellaj Badr

    Implement decentralized blockchain applications to build scalable DappsKey FeaturesUnderstand the blockchain ecosystem and its terminologiesImplement smart contracts, wallets, and consensus protocolsDesign and develop decentralized applications using Bitcoin, Ethereum, and HyperledgerBook DescriptionThe Blockchain is a revolution promising a new world without middlemen. Technically, it is an immutable and tamper-proof distributed ledger of all transactions across a peer-to-peer network. With this book, you will get to grips with the blockchain ecosystem to build real-world projects.This book will walk you through the process of building multiple blockchain projects with different complexity levels and hurdles. Each project will teach you just enough about the field's leading technologies, Bitcoin, Ethereum, Quorum, and Hyperledger in order to be productive from the outset. As you make your way through the chapters, you will cover the major challenges that are associated with blockchain ecosystems such as scalability, integration, and distributed file management. In the concluding chapters, you’ll learn to build blockchain projects for business, run your ICO, and even create your own cryptocurrency. Blockchain by Example also covers a range of projects such as Bitcoin payment systems, supply chains on Hyperledger, and developing a Tontine Bank Every is using Ethereum.By the end of this book, you will not only be able to tackle common issues in the blockchain ecosystem, but also design and build reliable and scalable distributed systems.What you will learnGrasp decentralized technology fundamentals to master blockchain principlesBuild blockchain projects on Bitcoin, Ethereum, and HyperledgerCreate your currency and a payment application using BitcoinImplement decentralized apps and supply chain systems using HyperledgerWrite smart contracts, run your ICO, and build a Tontine decentralized app using EthereumImplement distributed file management with blockchainIntegrate blockchain into existing systems in your organizationWho this book is forIf you are keen on learning how to build your own blockchain decentralized applications from scratch, then this book is for you. It explains all the basic concepts required to develop intermediate projects and will teach you to implement the building blocks of a blockchain ecosystem.

  • Mastering Bitcoin: Programming the Open Blockchain, Edition 2

    Mastering Bitcoin: Programming the Open Blockchain, Edition 2
    Andreas M. Antonopoulos

    Join the technological revolution that’s taking the financial world by storm. Mastering Bitcoin is your guide through the seemingly complex world of bitcoin, providing the knowledge you need to participate in the internet of money. Whether you’re building the next killer app, investing in a startup, or simply curious about the technology, this revised and expanded second edition provides essential detail to get you started.Bitcoin, the first successful decentralized digital currency, is still in its early stages and yet it’s already spawned a multi-billion-dollar global economy open to anyone with the knowledge and passion to participate. Mastering Bitcoin provides the knowledge. You simply supply the passion.The second edition includes:A broad introduction of bitcoin and its underlying blockchain—ideal for non-technical users, investors, and business executivesAn explanation of the technical foundations of bitcoin and cryptographic currencies for developers, engineers, and software and systems architectsDetails of the bitcoin decentralized network, peer-to-peer architecture, transaction lifecycle, and security principlesNew developments such as Segregated Witness, Payment Channels, and Lightning NetworkA deep dive into blockchain applications, including how to combine the building blocks offered by this platform into higher-level applicationsUser stories, analogies, examples, and code snippets illustrating key technical concepts

  • Security Awareness: Applying Practical Security in Your World: Edition 5

    Security Awareness: Applying Practical Security in Your World: Edition 5
    Mark Ciampa

    Designed to provide students with the knowledge needed to protect computers and networks from increasingly sophisticated attacks, SECURITY AWARENESS: APPLYING PRACTICE SECURITY IN YOUR WORLD, Fifth Edition continues to present the same straightforward, practical information that has made previous editions so popular. For most students, practical computer security poses some daunting challenges: What type of attacks will antivirus software prevent? How do I set up a firewall? How can I test my computer to be sure that attackers cannot reach it through the Internet? When and how should I install Windows patches? This text is designed to help students understand the answers to these questions through a series of real-life user experiences. In addition, hands-on projects and case projects give students the opportunity to test their knowledge and apply what they have learned. SECURITY AWARENESS: APPLYING PRACTICE SECURITY IN YOUR WORLD, Fifth Edition contains up-to-date information on relevant topics such as protecting mobile devices and wireless local area networks.Important Notice: Media content referenced within the product description or the product text may not be available in the ebook version.

  • The Cloud Security Ecosystem: Technical, Legal, Business and Management Issues

    The Cloud Security Ecosystem: Technical, Legal, Business and Management Issues
    Ryan Ko

    Drawing upon the expertise of world-renowned researchers and experts, The Cloud Security Ecosystem comprehensively discusses a range of cloud security topics from multi-disciplinary and international perspectives, aligning technical security implementations with the most recent developments in business, legal, and international environments. The book holistically discusses key research and policy advances in cloud security – putting technical and management issues together with an in-depth treaties on a multi-disciplinary and international subject. The book features contributions from key thought leaders and top researchers in the technical, legal, and business and management aspects of cloud security. The authors present the leading edge of cloud security research, covering the relationships between differing disciplines and discussing implementation and legal challenges in planning, executing, and using cloud security.Presents the most current and leading-edge research on cloud security from a multi-disciplinary standpoint, featuring a panel of top experts in the fieldFocuses on the technical, legal, and business management issues involved in implementing effective cloud security, including case examplesCovers key technical topics, including cloud trust protocols, cryptographic deployment and key management, mobile devices and BYOD security management, auditability and accountability, emergency and incident response, as well as cloud forensicsIncludes coverage of management and legal issues such as cloud data governance, mitigation and liability of international cloud deployment, legal boundaries, risk management, cloud information security management plans, economics of cloud security, and standardization efforts

  • 105 Windows 10 Tips and Tricks

    105 Windows 10 Tips and Tricks
    James Parker

    Windows 10 is a series of personal computer operating systems produced by Microsoft as part of its Windows NT family of operating systems. It is the successor to Windows 8.1, and was released to manufacturing on July 15, 2015, and broadly released for retail sale on July 29, 2015.Windows 10 also introduced the Microsoft Edge web browser, a virtual desktop system, a window and desktop management feature called Task View, support for fingerprint and face recognition login, new security features for enterprise environments, and DirectX 12.Here in this book you will Find 105 Windows 10 Tips and tricks which I’m sure will help not only fresh users but older users will also find some gems.

  • Mastering pfSense,: Manage, secure, and monitor your on-premise and cloud network with pfSense 2.4, 2nd Edition, Edition 2

    Mastering pfSense,: Manage, secure, and monitor your on-premise and cloud network with pfSense 2.4, 2nd Edition, Edition 2
    David Zientara

    Install and configure a pfSense router/firewall, and become a pfSense expert in the process.Key FeaturesYou can always do more to secure your software – so extend and customize your pfSense firewallBuild a high availability security system that’s fault-tolerant – and capable of blocking potential threatsPut the principles of better security into practice by implementing examples provided in the textBook DescriptionpfSense has the same reliability and stability as even the most popular commercial firewall offerings on the market – but, like the very best open-source software, it doesn’t limit you. You’re in control – you can exploit and customize pfSense around your security needs.Mastering pfSense – Second Edition, covers features that have long been part of pfSense such as captive portal, VLANs, traffic shaping, VPNs, load balancing, Common Address Redundancy Protocol (CARP), multi-WAN, and routing. It also covers features that have been added with the release of 2.4, such as support for ZFS partitions and OpenVPN 2.4. This book takes into account the fact that, in order to support increased cryptographic loads, pfSense version 2.5 will require a CPU that supports AES-NI. The second edition of this book places more of an emphasis on the practical side of utilizing pfSense than the previous edition, and, as a result, more examples are provided which show in step-by-step fashion how to implement many features.What you will learnConfigure pfSense services such as DHCP, Dynamic DNS, captive portal, DNS, NTP and SNMPSet up a managed switch to work with VLANsUse pfSense to allow, block and deny traffic, and to implement Network Address Translation (NAT)Make use of the traffic shaper to lower and raise the priority of certain types of trafficSet up and connect to a VPN tunnel with pfSenseIncorporate redundancy and high availability by utilizing load balancing and the Common Address Redundancy Protocol (CARP)Explore diagnostic tools in pfSense to solve network problemsWho this book is forThis book is for those with at least an intermediate understanding of networking. Prior knowledge of pfSense would be helpful but is not required.Those who have the resources to set up a pfSense firewall, either in a real or virtual environment, will especially benefit, as they will be able to follow along with the examples in the book.

  • X-Ways Forensics Practitioner’s Guide

    X-Ways Forensics Practitioner’s Guide
    Brett Shavers

    The X-Ways Forensics Practitioner's Guide is more than a manual-it's a complete reference guide to the full use of one of the most powerful forensic applications available, software that is used by a wide array of law enforcement agencies and private forensic examiners on a daily basis. In the X-Ways Forensics Practitioner's Guide, the authors provide you with complete coverage of this powerful tool, walking you through configuration and X-Ways fundamentals, and then moving through case flow, creating and importing hash databases, digging into OS artifacts, and conducting searches. With X-Ways Forensics Practitioner's Guide, you will be able to use X-Ways Forensics to its fullest potential without any additional training. The book takes you from installation to the most advanced features of the software. Once you are familiar with the basic components of X-Ways, the authors demonstrate never-before-documented features using real life examples and information on how to present investigation results. The book culminates with chapters on reporting, triage and preview methods, as well as electronic discovery and cool X-Ways apps.Provides detailed explanations of the complete forensic investigation processe using X-Ways Forensics.Goes beyond the basics: hands-on case demonstrations of never-before-documented features of X-Ways.Provides the best resource of hands-on information to use X-Ways Forensics.

  • Seeking SRE: Conversations About Running Production Systems at Scale

    Seeking SRE: Conversations About Running Production Systems at Scale
    David N. Blank-Edelman

    Organizations big and small have started to realize just how crucial system and application reliability is to their business. They’ve also learned just how difficult it is to maintain that reliability while iterating at the speed demanded by the marketplace. Site Reliability Engineering (SRE) is a proven approach to this challenge.SRE is a large and rich topic to discuss. Google led the way with Site Reliability Engineering, the wildly successful O’Reilly book that described Google’s creation of the discipline and the implementation that’s allowed them to operate at a planetary scale. Inspired by that earlier work, this book explores a very different part of the SRE space. The more than two dozen chapters in Seeking SRE bring you into some of the important conversations going on in the SRE world right now.Listen as engineers and other leaders in the field discuss:Different ways of implementing SRE and SRE principles in a wide variety of settingsHow SRE relates to other approaches such as DevOpsSpecialties on the cutting edge that will soon be commonplace in SREBest practices and technologies that make practicing SRE easierThe important but rarely explored human side of SREDavid N. Blank-Edelman is the book’s curator and editor.

  • Kali Linux: Hacking Tools Introduction

    Kali Linux: Hacking Tools Introduction
    Rassoul Ghaznavi-Zadeh

    In this book, you will be learning the basic techniques about how to hack and penetrate computer networks, systems and applications. This book covers a lot of top penetration tools which are available on Kali Linux and their operations. It is expected the readers have minimum knowledge of computer networking, command utilities and basic Linux administration to be able to understand and follow the guidance’s available on this book.

  • Enterprise IoT: Strategies and Best Practices for Connected Products and Services

    Enterprise IoT: Strategies and Best Practices for Connected Products and Services
    Dirk Slama

    Current hype aside, the Internet of Things will ultimately become as fundamental as the Internet itself, with lots of opportunities and trials along the way. To help you navigate these choppy waters, this practical guide introduces a dedicated methodology for businesses preparing to transition towards IoT-based business models.With a set of best practices based on case study analysis, expert interviews, and the authors’ own experience, the Ignite | IoT Methodology outlined in this book delivers actionable guidelines to assist you with IoT strategy management and project execution. You’ll also find a detailed case study of a project fully developed with this methodology.This book consists of three parts:Illustrative case studies of selected IoT domains, including smart energy, connected vehicles, manufacturing and supply chain management, and smart citiesThe Ignite | IoT Methodology for defining IoT strategy, preparing your organization for IoT adoption, and planning and executing IoT projectsA detailed case study of the IIC Track & Trace testbed, one of the first projects to be fully developed according to the Ignite | IoT Methodology

  • Penetration Testing Essentials

    Penetration Testing Essentials
    Shimonski

    Your pen testing career begins here, with a solid foundation in essential skills and concepts Penetration Testing Essentials provides a starting place for professionals and beginners looking to learn more about penetration testing for cybersecurity. Certification eligibility requires work experience—but before you get that experience, you need a basic understanding of the technical and behavioral ways attackers compromise security, and the tools and techniques you'll use to discover the weak spots before others do. You'll learn information gathering techniques, scanning and enumeration, how to target wireless networks, and much more as you build your pen tester skill set. You'll learn how to break in, look around, get out, and cover your tracks, all without ever being noticed. Pen testers are tremendously important to data security, so they need to be sharp and well-versed in technique, but they also need to work smarter than the average hacker. This book set you on the right path, with expert instruction from a veteran IT security expert with multiple security certifications. IT Security certifications have stringent requirements and demand a complex body of knowledge. This book lays the groundwork for any IT professional hoping to move into a cybersecurity career by developing a robust pen tester skill set. Learn the fundamentals of security and cryptography Master breaking, entering, and maintaining access to a system Escape and evade detection while covering your tracks Build your pen testing lab and the essential toolbox Start developing the tools and mindset you need to become experienced in pen testing today.

  • CASP CompTIA Advanced Security Practitioner Study Guide: Exam CAS-002, Edition 2

    CASP CompTIA Advanced Security Practitioner Study Guide: Exam CAS-002, Edition 2
    Michael Gregg

    NOTE: The exam this book covered, CASP: CompTIA Advanced Security Practitioner (Exam CAS-002), was retired by CompTIA in 2019 and is no longer offered. For coverage of the current exam CASP+ CompTIA Advanced Security Practitioner: Exam CAS-003, Third Edition, please look for the latest edition of this guide: CASP+ CompTIA Advanced Security Practitioner Study Guide: Exam CAS-003, Third Edition (9781119477648). CASP: CompTIA Advanced Security Practitioner Study Guide: CAS-002 is the updated edition of the bestselling book covering the CASP certification exam. CompTIA approved, this guide covers all of the CASP exam objectives with clear, concise, thorough information on crucial security topics. With practical examples and insights drawn from real-world experience, the book is a comprehensive study resource with authoritative coverage of key concepts. Exam highlights, end-of-chapter reviews, and a searchable glossary help with information retention, and cutting-edge exam prep software offers electronic flashcards and hundreds of bonus practice questions. Additional hands-on lab exercises mimic the exam's focus on practical application, providing extra opportunities for readers to test their skills. CASP is a DoD 8570.1-recognized security certification that validates the skillset of advanced-level IT security professionals. The exam measures the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments, as well as the ability to think critically and apply good judgment across a broad spectrum of security disciplines. This study guide helps CASP candidates thoroughly prepare for the exam, providing the opportunity to: Master risk management and incident response Sharpen research and analysis skills Integrate computing with communications and business Review enterprise management and technical component integration Experts predict a 45-fold increase in digital data by 2020, with one-third of all information passing through the cloud. Data has never been so vulnerable, and the demand for certified security professionals is increasing quickly. The CASP proves an IT professional's skills, but getting that certification requires thorough preparation. This CASP study guide provides the information and practice that eliminate surprises on exam day. Also available as a set, Security Practitoner & Crypotography Set, 9781119071549 with Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd Edition.

  • Thinking Security: Stopping Next Year s Hackers

    Thinking Security: Stopping Next Year’s Hackers
    Steven M. Bellovin

    If you’re a security or network professional, you already know the “do’s and don’ts”: run AV software and firewalls, lock down your systems, use encryption, watch network traffic, follow best practices, hire expensive consultants . . . but it isn’t working. You’re at greater risk than ever, and even the world’s most security-focused organizations are being victimized by massive attacks. In Thinking Security, author Steven M. Bellovin provides a new way to think about security. As one of the world’s most respected security experts, Bellovin helps you gain new clarity about what you’re doing and why you’re doing it. He helps you understand security as a systems problem, including the role of the all-important human element, and shows you how to match your countermeasures to actual threats. You’ll learn how to move beyond last year’s checklists at a time when technology is changing so rapidly. You’ll also understand how to design security architectures that don’t just prevent attacks wherever possible, but also deal with the consequences of failures. And, within the context of your coherent architecture, you’ll learn how to decide when to invest in a new security product and when not to. Bellovin, co-author of the best-selling Firewalls and Internet Security, caught his first hackers in 1971. Drawing on his deep experience, he shares actionable, up-to-date guidance on issues ranging from SSO and federated authentication to BYOD, virtualization, and cloud security. Perfect security is impossible. Nevertheless, it’s possible to build and operate security systems far more effectively. Thinking Security will help you do just that.

  • Network Security Tools: Writing, Hacking, and Modifying Security Tools

    Network Security Tools: Writing, Hacking, and Modifying Security Tools
    Nitesh Dhanjani

    If you're an advanced security professional, then you know that the battle to protect online privacy continues to rage on. Security chat rooms, especially, are resounding with calls for vendors to take more responsibility to release products that are more secure. In fact, with all the information and code that is passed on a daily basis, it's a fight that may never end. Fortunately, there are a number of open source security tools that give you a leg up in the battle.Often a security tool does exactly what you want, right out of the box. More frequently, you need to customize the tool to fit the needs of your network structure. Network Security Tools shows experienced administrators how to modify, customize, and extend popular open source security tools such as Nikto, Ettercap, and Nessus.This concise, high-end guide discusses the common customizations and extensions for these tools, then shows you how to write even more specialized attack and penetration reviews that are suited to your unique network environment. It also explains how tools like port scanners, packet injectors, network sniffers, and web assessment tools function.Some of the topics covered include:Writing your own network sniffers and packet injection toolsWriting plugins for Nessus, Ettercap, and NiktoDeveloping exploits for MetasploitCode analysis for web applicationsWriting kernel modules for security applications, and understanding rootkitsWhile many books on security are either tediously academic or overly sensational, Network Security Tools takes an even-handed and accessible approach that will let you quickly review the problem and implement new, practical solutions–without reinventing the wheel. In an age when security is critical, Network Security Tools is the resource you want at your side when locking down your network.

  • Pro Azure Governance and Security: A Comprehensive Guide to Azure Policy, Blueprints, Security Center, and Sentinel

    Pro Azure Governance and Security: A Comprehensive Guide to Azure Policy, Blueprints, Security Center, and Sentinel
    Peter De Tender

    Any IT professional can tell you that managing security is a top priority and even more so when working in the cloud. Access to accurate and timely security information is critical, but governance and control must first be enabled. This guide shows you how to take advantage of Azure's vast and powerful built-in security tools and capabilities for your application workloads.Pro Azure Governance and Security offers a comprehensive look at the governance features available with Microsoft Azure and demonstrates how to integrate them with your hybrid and Azure environments, drawing on the author's experiences from years in the field. Learn about the array of controls implemented within Microsoft Azure from two valuable perspectives: the customer and Microsoft operations. Beginning with the top-level subscription hierarchy, learn about the most important built-in Azure security services and features, as well as how to use Azure Policies and Blueprints as a means for security and governance. A series of hands-on exercises teaches you the concepts of Azure Governance: how to enable and deploy Azure Security Center, integrate RBAC (role-based access control), and set up Azure Operations and Monitoring. Get introduced to the new Azure Sentinel solution that offers SIEM as a service for security incident management and proactive hunting.What You'll Learn Understand different architectural designs for implementing Azure SecurityOperate and monitor an Azure environmentDeploy Azure Governance, Policies, and BlueprintsDiscover key Azure features that enhance securityImplement and confidently access Azure Security CenterGet to know Azure Sentinel Who This Book Is ForTechnical engineers, consultants, solution and cloud architects, IT managers, and SecOps teams who need to understand how to integrate governance, security, and compliance in hybrid and Azure environments. A basic understanding of Azure or other public cloud platforms is beneficial, but not required.

  • How to Measure Anything in Cybersecurity Risk

    How to Measure Anything in Cybersecurity Risk
    Douglas W. Hubbard

    A ground shaking exposé on the failure of popular cyber risk management methods How to Measure Anything in Cybersecurity Risk exposes the shortcomings of current "risk management" practices, and offers a series of improvement techniques that help you fill the holes and ramp up security. In his bestselling book How to Measure Anything, author Douglas W. Hubbard opened the business world's eyes to the critical need for better measurement. This book expands upon that premise and draws from The Failure of Risk Management to sound the alarm in the cybersecurity realm. Some of the field's premier risk management approaches actually create more risk than they mitigate, and questionable methods have been duplicated across industries and embedded in the products accepted as gospel. This book sheds light on these blatant risks, and provides alternate techniques that can help improve your current situation. You'll also learn which approaches are too risky to save, and are actually more damaging than a total lack of any security. Dangerous risk management methods abound; there is no industry more critically in need of solutions than cybersecurity. This book provides solutions where they exist, and advises when to change tracks entirely. Discover the shortcomings of cybersecurity's "best practices" Learn which risk management approaches actually create risk Improve your current practices with practical alterations Learn which methods are beyond saving, and worse than doing nothing Insightful and enlightening, this book will inspire a closer examination of your company's own risk management practices in the context of cybersecurity. The end goal is airtight data protection, so finding cracks in the vault is a positive thing—as long as you get there before the bad guys do. How to Measure Anything in Cybersecurity Risk is your guide to more robust protection through better quantitative processes, approaches, and techniques.

  • CompTIA PenTest+ Study Guide: Exam, Parts 0-1

    CompTIA PenTest+ Study Guide: Exam, Parts 0-1
    Mike Chapple

    World-class preparation for the new PenTest+ exam The CompTIA PenTest+ Study Guide: Exam PT0-001 offers comprehensive preparation for the newest intermediate cybersecurity certification exam. With expert coverage of Exam PT0-001 objectives, this book is your ideal companion throughout all stages of study; whether you’re just embarking on your certification journey or finalizing preparations for the big day, this invaluable resource helps you solidify your understanding of essential skills and concepts. Access to the Sybex online learning environment allows you to study anytime, anywhere with electronic flashcards, a searchable glossary, and more, while hundreds of practice exam questions help you step up your preparations and avoid surprises on exam day. The CompTIA PenTest+ certification validates your skills and knowledge surrounding second-generation penetration testing, vulnerability assessment, and vulnerability management on a variety of systems and devices, making it the latest go-to qualification in an increasingly mobile world. This book contains everything you need to prepare; identify what you already know, learn what you don’t know, and face the exam with full confidence! Perform security assessments on desktops and mobile devices, as well as cloud, IoT, industrial and embedded systems Identify security weaknesses and manage system vulnerabilities Ensure that existing cybersecurity practices, configurations, and policies conform with current best practices Simulate cyberattacks to pinpoint security weaknesses in operating systems, networks, and applications As our information technology advances, so do the threats against it. It’s an arms race for complexity and sophistication, and the expansion of networked devices and the Internet of Things has integrated cybersecurity into nearly every aspect of our lives. The PenTest+ certification equips you with the skills you need to identify potential problems—and fix them—and the CompTIA PenTest+ Study Guide: Exam PT0-001 is the central component of a complete preparation plan.

  • Open Source Intelligence Methods and Tools: A Practical Guide to Online Intelligence

    Open Source Intelligence Methods and Tools: A Practical Guide to Online Intelligence
    Nihad A. Hassan

    Apply Open Source Intelligence (OSINT) techniques, methods, and tools to acquire information from publicly available online sources to support your intelligence analysis. Use the harvested data in different scenarios such as financial, crime, and terrorism investigations as well as performing business competition analysis and acquiring intelligence about individuals and other entities. This book will also improve your skills to acquire information online from both the regular Internet as well as the hidden web through its two sub-layers: the deep web and the dark web.The author includes many OSINT resources that can be used by intelligence agencies as well as by enterprises to monitor trends on a global level, identify risks, and gather competitor intelligence so more effective decisions can be made. You will discover techniques, methods, and tools that are equally used by hackers and penetration testers to gather intelligence about a specific target online. And you will be aware of how OSINT resources can be used in conducting social engineering attacks. Open Source Intelligence Methods and Tools takes a practical approach and lists hundreds of OSINT resources that can be used to gather intelligence from online public sources. The book also covers how to anonymize your digital identity online so you can conduct your searching activities without revealing your identity. What You’ll Learn Identify intelligence needs and leverage a broad range of tools and sources to improve data collection, analysis, and decision making in your organizationUse OSINT resources to protect individuals and enterprises by discovering data that is online, exposed, and sensitive and hide the data before it is revealed by outside attackersGather corporate intelligence about business competitors and predict future market directionsConduct advanced searches to gather intelligence from social media sites such as Facebook and TwitterUnderstand the different layers that make up the Internet and how to search within the invisible web which contains both the deep and the dark webs Who This Book Is For Penetration testers, digital forensics investigators, intelligence services, military, law enforcement, UN agencies, and for-profit/non-profit enterprises

  • The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age

    The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age
    David E. Sanger

    “An important—and deeply sobering—new book about cyberwarfare” (Nicholas Kristof, New York Times), now updated with a new chapter.The Perfect Weapon is the startling inside story of how the rise of cyberweapons transformed geopolitics like nothing since the invention of the atomic bomb. Cheap to acquire, easy to deny, and usable for a variety of malicious purposes, cyber is now the weapon of choice for democracies, dictators, and terrorists. Two presidents—Bush and Obama—drew first blood with Operation Olympic Games, which used malicious code to blow up Iran’s nuclear centrifuges, and yet America proved remarkably unprepared when its own weapons were stolen from its arsenal and, during President Trump’s first year, turned back on the United States and its allies. And if Obama would begin his presidency by helping to launch the new era of cyberwar, he would end it struggling unsuccessfully to defend against Russia’s broad attack on the 2016 US election. Moving from the White House Situation Room to the dens of Chinese government hackers to the boardrooms of Silicon Valley, New York Times national security correspondent David Sanger reveals a world coming face-to-face with the perils of technological revolution, where everyone is a target.“Timely and bracing . . . With the deep knowledge and bright clarity that have long characterized his work, Sanger recounts the cunning and dangerous development of cyberspace into the global battlefield of the 21st century.” —Washington Post

  • Gray Hat Hacking: The Ethical Hacker s Handbook, Fifth Edition: Edition 5

    Gray Hat Hacking: The Ethical Hacker’s Handbook, Fifth Edition: Edition 5
    Daniel Regalado

    Cutting-edge techniques for finding and fixing critical security flaws Fortify your network and avert digital catastrophe with proven strategies from a team of security experts. Completely updated and featuring 13 new chapters, Gray Hat Hacking, The Ethical Hacker’s Handbook, Fifth Edition explains the enemy’s current weapons, skills, and tactics and offers field-tested remedies, case studies, and ready-to-try testing labs. Find out how hackers gain access, overtake network devices, script and inject malicious code, and plunder Web applications and browsers. Android-based exploits, reverse engineering techniques, and cyber law are thoroughly covered in this state-of-the-art resource. And the new topic of exploiting the Internet of things is introduced in this edition. •Build and launch spoofing exploits with Ettercap •Induce error conditions and crash software using fuzzers •Use advanced reverse engineering to exploit Windows and Linux software •Bypass Windows Access Control and memory protection schemes •Exploit web applications with Padding Oracle Attacks •Learn the use-after-free technique used in recent zero days •Hijack web browsers with advanced XSS attacks •Understand ransomware and how it takes control of your desktop •Dissect Android malware with JEB and DAD decompilers •Find one-day vulnerabilities with binary diffing •Exploit wireless systems with Software Defined Radios (SDR) •Exploit Internet of things devices •Dissect and exploit embedded devices •Understand bug bounty programs •Deploy next-generation honeypots •Dissect ATM malware and analyze common ATM attacks •Learn the business side of ethical hacking

  • Dark Territory: The Secret History of Cyber War

    Dark Territory: The Secret History of Cyber War
    Fred Kaplan

    “An important, disturbing, and gripping history” (Kirkus Reviews, starred review), the never-before-told story of the computer scientists and the NSA, Pentagon, and White House policymakers who invent and employ cyber wars—where every country can be a major power player and every hacker a mass destroyer.In June 1983, President Reagan watched the movie War Games, in which a teenager unwittingly hacks the Pentagon, and asked his top general if the scenario was plausible. The general said it was. This set in motion the first presidential directive on computer security. From the 1991 Gulf War to conflicts in Haiti, Serbia, Syria, the former Soviet republics, Iraq, and Iran, where cyber warfare played a significant role, Dark Territory chronicles a little-known past that shines an unsettling light on our future. Fred Kaplan probes the inner corridors of the National Security Agency, the beyond-top-secret cyber units in the Pentagon, the “information warfare” squads of the military services, and the national security debates in the White House to reveal the details of the officers, policymakers, scientists, and spies who devised this new form of warfare and who have been planning—and (more often than people know) fighting—these wars for decades. “An eye-opening history of our government’s efforts to effectively manage our national security in the face of the largely open global communications network established by the World Wide Web….Dark Territory is a page-turner [and] consistently surprising” (The New York Times).

  • Implementing SSL / TLS Using Cryptography and PKI

    Implementing SSL / TLS Using Cryptography and PKI
    Joshua Davies

    Hands-on, practical guide to implementing SSL and TLS protocols for Internet security If you are a network professional who knows C programming, this practical book is for you. Focused on how to implement Secure Socket Layer (SSL) and Transport Layer Security (TLS), this book guides you through all necessary steps, whether or not you have a working knowledge of cryptography. The book covers SSLv2, TLS 1.0, and TLS 1.2, including implementations of the relevant cryptographic protocols, secure hashing, certificate parsing, certificate generation, and more. Coverage includes: Understanding Internet Security Protecting against Eavesdroppers with Symmetric Cryptography Secure Key Exchange over an Insecure Medium with Public Key Cryptography Authenticating Communications Using Digital Signatures Creating a Network of Trust Using X.509 Certificates A Usable, Secure Communications Protocol: Client-Side TLS Adding Server-Side TLS 1.0 Support Advanced SSL Topics Adding TLS 1.2 Support to Your TLS Library Other Applications of SSL A Binary Representation of Integers: A Primer Installing TCPDump and OpenSSL Understanding the Pitfalls of SSLv2 Set up and launch a working implementation of SSL with this practical guide.

  • Digital Citizenship in Schools: Nine Elements All Students Should Know, Edition 3

    Digital Citizenship in Schools: Nine Elements All Students Should Know, Edition 3
    Mike Ribble

    Students today have always had technology in their lives, so many teachers assume their students are competent tech users — more competent, in fact, than themselves. In reality, not all students are as tech savvy as teachers might assume, and not all teachers are as incompetent as they fear. Even when students are comfortable using technology, they may not be using it appropriately. Likewise, educators of all skill levels may not understand how to use technology effectively. Both students and teachers need to become members of a digital citizenry. In this essential exploration of digital citizenship, Mike Ribble provides a framework for asking what we should be doing with respect to technology so we can become productive and responsible users of digital technologies.

  • The Web Application Hacker s Handbook: Finding and Exploiting Security Flaws, Edition 2

    The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws, Edition 2
    Dafydd Stuttard

    The highly successful security book returns with a new edition, completely updated Web applications are the front door to most organizations, exposing them to attacks that may disclose personal information, execute fraudulent transactions, or compromise ordinary users. This practical book has been completely updated and revised to discuss the latest step-by-step techniques for attacking and defending the range of ever-evolving web applications. You'll explore the various new technologies employed in web applications that have appeared since the first edition and review the new attack techniques that have been developed, particularly in relation to the client side. Reveals how to overcome the new technologies and techniques aimed at defending web applications against attacks that have appeared since the previous edition Discusses new remoting frameworks, HTML5, cross-domain integration techniques, UI redress, framebusting, HTTP parameter pollution, hybrid file attacks, and more Features a companion web site hosted by the authors that allows readers to try out the attacks described, gives answers to the questions that are posed at the end of each chapter, and provides a summarized methodology and checklist of tasks Focusing on the areas of web application security where things have changed in recent years, this book is the most current resource on the critical topic of discovering, exploiting, and preventing web application security flaws.Also available as a set with, CEHv8: Certified Hacker Version 8 Study Guide, Ethical Hacking and Web Hacking Set, 9781119072171.

  • Tribe of Hackers Red Team: Tribal Knowledge from the Best in Offensive Cybersecurity

    Tribe of Hackers Red Team: Tribal Knowledge from the Best in Offensive Cybersecurity
    Marcus J. Carey

    Want Red Team offensive advice from the biggest cybersecurity names in the industry? Join our tribe.The Tribe of Hackers team is back with a new guide packed with insights from dozens of the world’s leading Red Team security specialists. With their deep knowledge of system vulnerabilities and innovative solutions for correcting security flaws, Red Team hackers are in high demand. Tribe of Hackers Red Team: Tribal Knowledge from the Best in Offensive Cybersecurity takes the valuable lessons and popular interview format from the original Tribe of Hackers and dives deeper into the world of Red Team security with expert perspectives on issues like penetration testing and ethical hacking. This unique guide includes inspiring interviews from influential security specialists, including David Kennedy, Rob Fuller, Jayson E. Street, and Georgia Weidman, who share their real-world learnings on everything from Red Team tools and tactics to careers and communication, presentation strategies, legal concerns, and more Learn what it takes to secure a Red Team job and to stand out from other candidates Discover how to hone your hacking skills while staying on the right side of the law Get tips for collaborating on documentation and reporting Explore ways to garner support from leadership on your security proposals Identify the most important control to prevent compromising your network Uncover the latest tools for Red Team offensive security Whether you’re new to Red Team security, an experienced practitioner, or ready to lead your own team, Tribe of Hackers Red Team has the real-world advice and practical guidance you need to advance your information security career and ready yourself for the Red Team offensive.

  • Ethical Hacking and Penetration, Step by Step with Kali Linux

    Ethical Hacking and Penetration, Step by Step with Kali Linux
    Rassoul Ghaznavi-zadeh

    This book is a complete guide for those who would like to become an Ethical hacker. In this book you will learn what the Ethical hacking and its procedure is. The first couple of chapters are the definitions, concepts and process of becoming an Ethical hacker while the next half of the book will show in detail how to use certain tools and techniques to initiate attacks and penetrate a system. After reading this book, you should be able to use these tools to do some testing and even working on penetration projects. You just need to remember not to use these techniques in a production environment without having a formal approval.

  • Learning Kali Linux: Security Testing, Penetration Testing, and Ethical Hacking

    Learning Kali Linux: Security Testing, Penetration Testing, and Ethical Hacking
    Ric Messier

    With more than 600 security tools in its arsenal, the Kali Linux distribution can be overwhelming. Experienced and aspiring security professionals alike may find it challenging to select the most appropriate tool for conducting a given test. This practical book covers Kali’s expansive security capabilities and helps you identify the tools you need to conduct a wide range of security tests and penetration tests. You’ll also explore the vulnerabilities that make those tests necessary.Author Ric Messier takes you through the foundations of Kali Linux and explains methods for conducting tests on networks, web applications, wireless security, password vulnerability, and more. You’ll discover different techniques for extending Kali tools and creating your own toolset.Learn tools for stress testing network stacks and applicationsPerform network reconnaissance to determine what’s available to attackersExecute penetration tests using automated exploit tools such as MetasploitUse cracking tools to see if passwords meet complexity requirementsTest wireless capabilities by injecting frames and cracking passwordsAssess web application vulnerabilities with automated or proxy-based toolsCreate advanced attack techniques by extending Kali tools or developing your ownUse Kali Linux to generate reports once testing is complete

  • Android Hacker s Handbook

    Android Hacker’s Handbook
    Joshua J. Drake

    The first comprehensive guide to discovering and preventing attacks on the Android OS As the Android operating system continues to increase its share of the smartphone market, smartphone hacking remains a growing threat. Written by experts who rank among the world's foremost Android security researchers, this book presents vulnerability discovery, analysis, and exploitation tools for the good guys. Following a detailed explanation of how the Android OS works and its overall security architecture, the authors examine how vulnerabilities can be discovered and exploits developed for various system components, preparing you to defend against them. If you are a mobile device administrator, security researcher, Android app developer, or consultant responsible for evaluating Android security, you will find this guide is essential to your toolbox. A crack team of leading Android security researchers explain Android security risks, security design and architecture, rooting, fuzz testing, and vulnerability analysis Covers Android application building blocks and security as well as debugging and auditing Android apps Prepares mobile device administrators, security researchers, Android app developers, and security consultants to defend Android systems against attack Android Hacker's Handbook is the first comprehensive resource for IT professionals charged with smartphone security.

  • Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World

    Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World
    Marcus J. Carey

    Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World (9781119643371) was previously published as Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World (9781793464187). While this version features a new cover design and introduction, the remaining content is the same as the prior release and should not be considered a new or updated product. Looking for real-world advice from leading cybersecurity experts? You’ve found your tribe. Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World is your guide to joining the ranks of hundreds of thousands of cybersecurity professionals around the world. Whether you’re just joining the industry, climbing the corporate ladder, or considering consulting, Tribe of Hackers offers the practical know-how, industry perspectives, and technical insight you need to succeed in the rapidly growing information security market. This unique guide includes inspiring interviews from 70 security experts, including Lesley Carhart, Ming Chow, Bruce Potter, Robert M. Lee, and Jayson E. Street. Get the scoop on the biggest cybersecurity myths and misconceptions about security Learn what qualities and credentials you need to advance in the cybersecurity field Uncover which life hacks are worth your while Understand how social media and the Internet of Things has changed cybersecurity Discover what it takes to make the move from the corporate world to your own cybersecurity venture Find your favorite hackers online and continue the conversation Tribe of Hackers is a must-have resource for security professionals who are looking to advance their careers, gain a fresh perspective, and get serious about cybersecurity with thought-provoking insights from the world’s most noteworthy hackers and influential security specialists.

  • Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World

    Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World
    Joseph Menn

    The shocking untold story of the elite secret society of hackers fighting to protect our privacy, our freedom — even democracy itselfCult of the Dead Cow is the tale of the oldest, most respected, and most famous American hacking group of all time. Though until now it has remained mostly anonymous, its members invented the concept of hacktivism, released the top tool for testing password security, and created what was for years the best technique for controlling computers from afar, forcing giant companies to work harder to protect customers. They contributed to the development of Tor, the most important privacy tool on the net, and helped build cyberweapons that advanced US security without injuring anyone. With its origins in the earliest days of the Internet, the cDc is full of oddball characters — activists, artists, even future politicians. Many of these hackers have become top executives and advisors walking the corridors of power in Washington and Silicon Valley. The most famous is former Texas Congressman and current presidential candidate Beto O'Rourke, whose time in the cDc set him up to found a tech business, launch an alternative publication in El Paso, and make long-shot bets on unconventional campaigns.Today, the group and its followers are battling electoral misinformation, making personal data safer, and battling to keep technology a force for good instead of for surveillance and oppression. Cult of the Dead Cow shows how governments, corporations, and criminals came to hold immense power over individuals and how we can fight back against them.

  • Principles of Incident Response and Disaster Recovery: Edition 2

    Principles of Incident Response and Disaster Recovery: Edition 2
    Michael E. Whitman

    PRINCIPLES OF INCIDENT RESPONSE & DISASTER RECOVERY, 2nd Edition presents methods to identify vulnerabilities within computer networks and the countermeasures that mitigate risks and damage. From market-leading content on contingency planning, to effective techniques that minimize downtime in an emergency, to curbing losses after a breach, this text is the resource needed in case of a network intrusion.Important Notice: Media content referenced within the product description or the product text may not be available in the ebook version.

  • SSH, The Secure Shell: The Definitive Guide: The Definitive Guide, Edition 2

    SSH, The Secure Shell: The Definitive Guide: The Definitive Guide, Edition 2
    Daniel J. Barrett

    Are you serious about network security? Then check out SSH, the Secure Shell, which provides key-based authentication and transparent encryption for your network connections. It's reliable, robust, and reasonably easy to use, and both free and commercial implementations are widely available for most operating systems. While it doesn't solve every privacy and security problem, SSH eliminates several of them very effectively.Everything you want to know about SSH is in our second edition of SSH, The Secure Shell: The Definitive Guide. This updated book thoroughly covers the latest SSH-2 protocol for system administrators and end users interested in using this increasingly popular TCP/IP-based solution.How does it work? Whenever data is sent to the network, SSH automatically encrypts it. When data reaches its intended recipient, SSH decrypts it. The result is "transparent" encryption-users can work normally, unaware that their communications are already encrypted. SSH supports secure file transfer between computers, secure remote logins, and a unique "tunneling" capability that adds encryption to otherwise insecure network applications. With SSH, users can freely navigate the Internet, and system administrators can secure their networks or perform remote administration.Written for a wide, technical audience, SSH, The Secure Shell: The Definitive Guide covers several implementations of SSH for different operating systems and computing environments. Whether you're an individual running Linux machines at home, a corporate network administrator with thousands of users, or a PC/Mac owner who just wants a secure way to telnet or transfer files between machines, our indispensable guide has you covered. It starts with simple installation and use of SSH, and works its way to in-depth case studies on large, sensitive computer networks.No matter where or how you're shipping information, SSH, The Secure Shell: The Definitive Guide will show you how to do it securely.

  • CEH v9: Certified Ethical Hacker Version 9 Practice Tests

    CEH v9: Certified Ethical Hacker Version 9 Practice Tests
    Raymond Blockmon

    Master CEH v9 and identify your weak spots CEH: Certified Ethical Hacker Version 9 Practice Tests are the ideal preparation for this high-stakes exam. Five complete, unique practice tests are designed to help you identify weak spots in your understanding, so you can direct your preparation efforts efficiently and gain the confidence—and skills—you need to pass. These tests cover all five sections of the exam, allowing you to test your knowledge of Assessment; Security; Tools and Systems; Procedures and Methodology; and Regulation, Policy, and Ethics. Coverage aligns with CEH version 9, including material on cloud, tablet, and mobile phone security and attacks, as well as the latest vulnerabilities including Heartbleed, shellshock, and Poodle. The exams are designed to familiarize CEH candidates with the test format, allowing them to become more comfortable reading a Wireshark .pcap file or viewing visual depictions of network attacks. The ideal companion for the Sybex CEH v9 Study Guide, this book is an invaluable tool for anyone aspiring to this highly-regarded certification. Offered by the International Council of Electronic Commerce Consultants, the Certified Ethical Hacker certification is unique in the penetration testing sphere, and requires preparation specific to the CEH exam more than general IT security knowledge. This book of practice tests help you steer your study where it needs to go by giving you a glimpse of exam day while there's still time to prepare. Practice all five sections of the CEH v9 exam Test your knowledge of security, tools, procedures, and regulations Gauge your understanding of new vulnerabilities and threats Master the material well in advance of exam day By getting inside the mind of a hacker, you gain a one-of-a-kind perspective that dramatically boosts your marketability and advancement potential. If you're ready to attempt this unique certification, the CEH: Certified Ethical Hacker Version 9 Practice Tests are the major preparation tool you should not be without.

  • CompTIA CySA+ Study Guide: Exam CS0-001

    CompTIA CySA+ Study Guide: Exam CS0-001
    Mike Chapple

    NOTE: The name of the exam has changed from CSA+ to CySA+. However, the CS0-001 exam objectives are exactly the same. After the book was printed with CSA+ in the title, CompTIA changed the name to CySA+. We have corrected the title to CySA+ in subsequent book printings, but earlier printings that were sold may still show CSA+ in the title. Please rest assured that the book content is 100% the same.Prepare yourself for the newest CompTIA certification The CompTIA Cybersecurity Analyst+ (CySA+) Study Guide provides 100% coverage of all exam objectives for the new CySA+ certification. The CySA+ certification validates a candidate's skills to configure and use threat detection tools, perform data analysis, identify vulnerabilities with a goal of securing and protecting organizations systems. Focus your review for the CySA+ with Sybex and benefit from real-world examples drawn from experts, hands-on labs, insight on how to create your own cybersecurity toolkit, and end-of-chapter review questions help you gauge your understanding each step of the way. You also gain access to the Sybex interactive learning environment that includes electronic flashcards, a searchable glossary, and hundreds of bonus practice questions. This study guide provides the guidance and knowledge you need to demonstrate your skill set in cybersecurity. Key exam topics include: Threat management Vulnerability management Cyber incident response Security architecture and toolsets

  • Eleventh Hour CISSP®: Study Guide, Edition 3

    Eleventh Hour CISSP®: Study Guide, Edition 3
    Eric Conrad

    Eleventh Hour CISSP: Study Guide, Third Edition provides readers with a study guide on the most current version of the Certified Information Systems Security Professional exam. This book is streamlined to include only core certification information, and is presented for ease of last-minute studying. Main objectives of the exam are covered concisely with key concepts highlighted. The CISSP certification is the most prestigious, globally-recognized, vendor neutral exam for information security professionals. Over 100,000 professionals are certified worldwide, with many more joining their ranks. This new third edition is aligned to cover all of the material in the most current version of the exam’s Common Body of Knowledge. All domains are covered as completely and concisely as possible, giving users the best possible chance of acing the exam.Completely updated for the most current version of the exam’s Common Body of KnowledgeProvides the only guide you need for last-minute studyingAnswers the toughest questions and highlights core topicsStreamlined for maximum efficiency of study, making it ideal for professionals updating their certification or for those taking the test for the first time

  • How to Measure Anything in Cybersecurity Risk

    How to Measure Anything in Cybersecurity Risk
    Douglas W. Hubbard

    A ground shaking exposé on the failure of popular cyber risk management methods How to Measure Anything in Cybersecurity Risk exposes the shortcomings of current "risk management" practices, and offers a series of improvement techniques that help you fill the holes and ramp up security. In his bestselling book How to Measure Anything, author Douglas W. Hubbard opened the business world's eyes to the critical need for better measurement. This book expands upon that premise and draws from The Failure of Risk Management to sound the alarm in the cybersecurity realm. Some of the field's premier risk management approaches actually create more risk than they mitigate, and questionable methods have been duplicated across industries and embedded in the products accepted as gospel. This book sheds light on these blatant risks, and provides alternate techniques that can help improve your current situation. You'll also learn which approaches are too risky to save, and are actually more damaging than a total lack of any security. Dangerous risk management methods abound; there is no industry more critically in need of solutions than cybersecurity. This book provides solutions where they exist, and advises when to change tracks entirely. Discover the shortcomings of cybersecurity's "best practices" Learn which risk management approaches actually create risk Improve your current practices with practical alterations Learn which methods are beyond saving, and worse than doing nothing Insightful and enlightening, this book will inspire a closer examination of your company's own risk management practices in the context of cybersecurity. The end goal is airtight data protection, so finding cracks in the vault is a positive thing—as long as you get there before the bad guys do. How to Measure Anything in Cybersecurity Risk is your guide to more robust protection through better quantitative processes, approaches, and techniques.

  • Security Automation with Ansible 2: Leverage Ansible 2 to automate complex security tasks like application security, network security, and malware analysis

    Security Automation with Ansible 2: Leverage Ansible 2 to automate complex security tasks like application security, network security, and malware analysis
    Madhu Akula

    Automate security-related tasks in a structured, modular fashion using the best open source automation tool availableAbout This BookLeverage the agentless, push-based power of Ansible 2 to automate security tasksLearn to write playbooks that apply security to any part of your systemThis recipe-based guide will teach you to use Ansible 2 for various use cases such as fraud detection, network security, governance, and moreWho This Book Is ForIf you are a system administrator or a DevOps engineer with responsibility for finding loop holes in your system or application, then this book is for you. It's also useful for security consultants looking to automate their infrastructure's security model.What You Will LearnUse Ansible playbooks, roles, modules, and templating to build generic, testable playbooksManage Linux and Windows hosts remotely in a repeatable and predictable mannerSee how to perform security patch management, and security hardening with scheduling and automationSet up AWS Lambda for a serverless automated defenseRun continuous security scans against your hosts and automatically fix and harden the gapsExtend Ansible to write your custom modules and use them as part of your already existing security automation programsPerform automation security audit checks for applications using AnsibleManage secrets in Ansible using Ansible VaultIn DetailSecurity automation is one of the most interesting skills to have nowadays. Ansible allows you to write automation procedures once and use them across your entire infrastructure. This book will teach you the best way to use Ansible for seemingly complex tasks by using the various building blocks available and creating solutions that are easy to teach others, store for later, perform version control on, and repeat.We'll start by covering various popular modules and writing simple playbooks to showcase those modules. You'll see how this can be applied over a variety of platforms and operating systems, whether they are Windows/Linux bare metal servers or containers on a cloud platform. Once the bare bones automation is in place, you'll learn how to leverage tools such as Ansible Tower or even Jenkins to create scheduled repeatable processes around security patching, security hardening, compliance reports, monitoring of systems, and so on.Moving on, you'll delve into useful security automation techniques and approaches, and learn how to extend Ansible for enhanced security. While on the way, we will tackle topics like how to manage secrets, how to manage all the playbooks that we will create and how to enable collaboration using Ansible Galaxy. In the final stretch, we'll tackle how to extend the modules of Ansible for our use, and do all the previous tasks in a programmatic manner to get even more powerful automation frameworks and rigs.Style and approachThis comprehensive guide will teach you to manage Linux and Windows hosts remotely in a repeatable and predictable manner. The book takes an in-depth approach and helps you understand how to set up complicated stacks of software with codified and easy-to-share best practices.

  • The Art of Invisibility: The World s Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data

    The Art of Invisibility: The World’s Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data
    Kevin Mitnick

    Be online without leaving a trace.Your every step online is being tracked and stored, and your identity literally stolen. Big companies and big governments want to know and exploit what you do, and privacy is a luxury few can afford or understand.In this explosive yet practical book, Kevin Mitnick uses true-life stories to show exactly what is happening without your knowledge, teaching you "the art of invisibility"–online and real-world tactics to protect you and your family, using easy step-by-step instructions. Reading this book, you will learn everything from password protection and smart Wi-Fi usage to advanced techniques designed to maximize your anonymity. Kevin Mitnick knows exactly how vulnerabilities can be exploited and just what to do to prevent that from happening. The world's most famous–and formerly the US government's most wanted–computer hacker, he has hacked into some of the country's most powerful and seemingly impenetrable agencies and companies, and at one point was on a three-year run from the FBI. Now Mitnick is reformed and widely regarded as the expert on the subject of computer security. Invisibility isn't just for superheroes–privacy is a power you deserve and need in the age of Big Brother and Big Data.

  • Cybersecurity Blue Team Toolkit

    Cybersecurity Blue Team Toolkit
    Nadean H. Tanner

    A practical handbook to cybersecurity for both tech and non-tech professionals As reports of major data breaches fill the headlines, it has become impossible for any business, large or small, to ignore the importance of cybersecurity. Most books on the subject, however, are either too specialized for the non-technical professional or too general for positions in the IT trenches. Thanks to author Nadean Tanner’s wide array of experience from teaching at a University to working for the Department of Defense, the Cybersecurity Blue Team Toolkit strikes the perfect balance of substantive and accessible, making it equally useful to those in IT or management positions across a variety of industries. This handy guide takes a simple and strategic look at best practices and tools available to both cybersecurity management and hands-on professionals, whether they be new to the field or looking to expand their expertise. Tanner gives comprehensive coverage to such crucial topics as security assessment and configuration, strategies for protection and defense, offensive measures, and remediation while aligning the concept with the right tool using the CIS Controls version 7 as a guide. Readers will learn why and how to use fundamental open source and free tools such as ping, tracert, PuTTY, pathping, sysinternals, NMAP, OpenVAS, Nexpose Community, OSSEC, Hamachi, InSSIDer, Nexpose Community, Wireshark, Solarwinds Kiwi Syslog Server, Metasploit, Burp, Clonezilla and many more. Up-to-date and practical cybersecurity instruction, applicable to both management and technical positions • Straightforward explanations of the theory behind cybersecurity best practices • Designed to be an easily navigated tool for daily use • Includes training appendix on Linux, how to build a virtual lab and glossary of key terms The Cybersecurity Blue Team Toolkit is an excellent resource for anyone working in digital policy as well as IT security professionals, technical analysts, program managers, and Chief Information and Technology Officers. This is one handbook that won’t gather dust on the shelf, but remain a valuable reference at any career level, from student to executive.

  • Instant Kali Linux

    Instant Kali Linux
    Abhinav Singh

    Get to grips with a new technology, understand what it is and what it can do for you, and then get to work with the most important features and tasks. A quick and handy guide for those who are willing to get straight into the business. This book will build a strong foundation for those who are willing to cover different security assessment areas by mastering various tools and techniques.If you are a beginners or an experienced security professional who is willing to dive deeper into the world of information security, then this book is perfect for you. The book is written is simple technical language which requires only a basic knowledge of security assessments and the Linux operating system.

  • Agile Application Security: Enabling Security in a Continuous Delivery Pipeline

    Agile Application Security: Enabling Security in a Continuous Delivery Pipeline
    Laura Bell

    Agile continues to be the most adopted software development methodology among organizations worldwide, but it generally hasn't integrated well with traditional security management techniques. And most security professionals aren’t up to speed in their understanding and experience of agile development. To help bridge the divide between these two worlds, this practical guide introduces several security tools and techniques adapted specifically to integrate with agile development.Written by security experts and agile veterans, this book begins by introducing security principles to agile practitioners, and agile principles to security practitioners. The authors also reveal problems they encountered in their own experiences with agile security, and how they worked to solve them.You’ll learn how to:Add security practices to each stage of your existing development lifecycleIntegrate security with planning, requirements, design, and at the code levelInclude security testing as part of your team’s effort to deliver working software in each releaseImplement regulatory compliance in an agile or DevOps environmentBuild an effective security program through a culture of empathy, openness, transparency, and collaboration