Computer viruses, Trojans and worms Books

Book Synopsis

Read more less

Book SynopsisThe Cult of the Dead Cow is the story of the oldest, most respected and most famous hacking group of all time. Its members invented the the concept of hacktivism, released both the top tool for cracking passwords and the reigning technique for controlling computers from afar, and spurred development of Snowden's anonymity tool of choice. With its origins in the earliest days of the Internet, the cDc is full of oddball characters--spies, activists, musicians, and politicians--who are now woven into the top ranks of the American establishment. Today, this small group and their followers represent the best hope for making technology a force for good instead of for surveillance and oppression. Like a modern (and real) illuminati, cDc members have had the ears of presidents, secretaries of defense, and the CEO of Google. The Cult of the Dead Cow shows how we got into the mess we find ourselves in today, where governments and corporations hold immense power over individuals, and and how we are finally fighting back.

Read more less

Book SynopsisReal-World Bug Hunting is a field guide to finding software bugs. Ethical hacker Peter Yaworski breaks down common types of bugs, then contextualises them with real bug bounty reports released by hackers on companies like Twitter, Facebook, Google, Uber, and Starbucks. As you read each report, you'll gain deeper insight into how the vulnerabilities work and how you might find similar ones.Trade Review"I am quite sure that [this book is] going to be one of the most recommended books for web app pen-testing. If it is not already."—Sudo Realm"A brilliant resource for anyone who aspires to be a professional bug hunter." —Dana Epp, Security Boulevard

Read more less

Book SynopsisTable of ContentsAbout the Author v Acknowledgments vii Introduction xv Part I: the Attacker Mindset 1 Chapter 1: What Is the Attacker Mindset? 3 Using the Mindset 6 The Attacker and the Mindset 9 AMs Is a Needed Set of Skills 11 A Quick Note on Scope 13 Summary 16 Key Message 16 Chapter 2: Offensive vs. Defensive Attacker Mindset 17 The Offensive Attacker Mindset 20 Comfort and Risk 22 Planning Pressure and Mental Agility 23 Emergency Conditioning 26 Defensive Attacker Mindset 31 Consistency and Regulation 31 Anxiety Control 32 Recovery, Distraction, and Maintenance 34 OAMs and DAMs Come Together 35 Summary 35 Key Message 36 Chapter 3: The Attacker Mindset Framework 37 Development 39 Phase 1 43 Phase 2 47 Application 48 Preloading 51 “Right Time, Right Place” Preload 51 Ethics 52 Intellectual Ethics 53 Reactionary Ethics 53 Social Engineering and Security 57 Social Engineering vs. AMs 59 Summary 60 Key Message 60 Part II: the Laws and Skills 63 Chapter 4: The Laws 65 Law 1: Start with the End in Mind 65 End to Start Questions 66 Robbing a Bank 68 Bringing It All together 70 The Start of the End 71 Clarity 71 Efficiency 72 The Objective 72 How to Begin with the End in Mind 73 Law 2: Gather, Weaponize, and Leverage Information 75 Law 3: Never Break Pretext 77 Law 4: Every Move Made Benefits the Objective 80 Summary 81 Key Message 82 Chapter 5: Curiosity, Persistence, and Agility 83 Curiosity 86 The Exercise: Part 1 87 The Exercise: Part 2 89 Persistence 92 Skills and Common Sense 95 Professional Common Sense 95 Summary 98 Key Message 98 Chapter 6: Information Processing: Observation and Thinking Techniques 99 Your Brain vs. Your Observation 102 Observation vs. Heuristics 107 Heuristics 107 Behold Linda 108 Observation vs. Intuition 109 Using Reasoning and Logic 112 Observing People 114 Observation Exercise 116 AMs and Observation 122 Tying It All Together 123 Critical and Nonlinear Thinking 124 Vector vs. Arc 127 Education and Critical Thinking 128 Workplace Critical Thinking 128 Critical Thinking and Other Psychological Constructs 129 Critical Thinking Skills 130 Nonlinear Thinking 131 Tying Them Together 132 Summary 133 Key Message 134 Chapter 7: Information Processing in Practice 135 Reconnaissance 136 Recon: Passive 145 Recon: Active 149 Osint 150 OSINT Over the Years 150 Intel Types 153 Alternative Data in OSINT 154 Signal vs. Noise 155 Weaponizing of Information 158 Tying Back to the Objective 160 Summary 170 Key Message 170 Part III: Tools and Anatomy 171 Chapter 8: Attack Strategy 173 Attacks in Action 175 Strategic Environment 177 The Necessity of Engagement and Winning 179 The Attack Surface 183 Vulnerabilities 183 AMs Applied to the Attack Vectors 184 Phishing 184 Mass Phish 185 Spearphish 186 Whaling 187 Vishing 190 Smishing/Smshing 195 Impersonation 196 Physical 199 Back to the Manhattan Bank 200 Summary 203 Key Message 203 Chapter 9: Psychology in Attacks 205 Setting The Scene: Why Psychology Matters 205 Ego Suspension, Humility & Asking for Help 210 Humility 215 Asking for Help 216 Introducing the Target- Attacker Window Model 217 Four TAWM Regions 218 Target Psychology 221 Optimism Bias 225 Confirmation Bias and Motivated Reasoning 228 Framing Effect 231 Thin- Slice Assessments 233 Default to Truth 236 Summary 239 Key Message 239 Part IV: AFTER AMs 241 Chapter 10: Staying Protected— The Individual 243 Attacker Mindset for Ordinary People 243 Behavioral Security 246 Amygdala Hijacking 250 Analyze Your Attack Surface 252 Summary 256 Key Message 256 Chapter 11: Staying Protected— The Business 257 Indicators of Attack 258 Nontechnical Measures 258 Testing and Red Teams 261 Survivorship Bias 261 The Complex Policy 263 Protection 264 Antifragile 264 The Full Spectrum of Crises 266 AMs on the Spectrum 268 Final Thoughts 269 Summary 270 Key Message 271 Index 273

Read more less

Book SynopsisSecurity experts Alex Matrosov, Eugene Rodionov, and Sergey Bratus share the knowledge they've gained over years of professional research to help you counter threats. We're talking hard stuff - attacks buried deep in a machine's boot process or UEFI firmware that keep malware analysts up late at night. With these field notes, you'll trace malware evolution from rootkits like TDL3 to present day UEFI implants and examine how these malware infect the system, persist through reboot, and evade security software. The game is not lost.Trade Review“This deep reference, jam-packed with code and technical information, will support an engineer or system administrator tasked with putting these vulnerabilities in their place.” —Ben Rothke, Security Management“Alex Matrosov, Eugene Rodionov, and Sergey Bratus are experts in their field that have delivered a solid hands-on technical book. While enthralled with the stories from the trenches, I got flashbacks of my days of analyzing rootkits on SunOS and Solaris workstations about 20 years ago. It was a fun book to read.” —Sven Dietrich, Cipher: the newsletter of the IEEE Computer Society's Technical Committee on Security and Privacy"I enjoyed reading the book and learning about the malware, even if it was not particularly relevant to me, as 'I don’t do Windows.' Still, there’s more than enough here that’s relevant to Linux users, as malware writers are now turning their attention to Linux servers." —Rik Farrow, USENIX ;login: magazine"[A] seminal book that explains how to understand and counter sophisticated, advanced threats buried deep in a machine’s boot process or UEFI firmware." —Business Wire

Read more less

Book SynopsisPractical Binary Analysis is the first book of its kind to present advanced binary analysis topics in an accessible way. After an introduction on the basics of binary formats, disassembly, and code injection, you'll dive into more complex topics such as binary instrumentation, dynamic taint analysis, and symbolic execution. By the end of the book, you'll be able to build your own binary analysis tools on Linux by following hands-on and practical examples.Trade Review"Dennis Andriesse has put together a book that combines the necessary knowledge and tools enabling the reader to grasp not only the fundamentals of binary analysis, but also to put the newfound knowledge to the test in practical and illustrative examples of binary analysis."—Sven Dietrich, Cipher: the newsletter of the IEEE Computer Society's Technical Committee on Security and Privacy"This book is...one that deserves the title of deep dive. There is no waste anywhere—just lean, mean, information."—Full Circle Magazine"If you want to reverse engineer some code, learn to be a white hat hacker or a black hat hacker then it's well worth reading."—I Programmer"Explains the subject in a straightforward and concise way! The author is a very knowledgeable security researcher and his work is state of the art!"—Nucu Labs“This book reads like a workshop that teaches readers what tools exist for both Linux and Windows and how to string them together to write tools for reverse engineering binaries . . . if you are well versed in programming, this book will still teach you a good approach at tackling many problems with binary analysis.”—John Skandalakis, Software Engineer, Tripwire

Read more less

Book SynopsisCyber security has never been more essential than it is today, it’s not a case of if an attack will happen, but when. This brand new edition covers the various types of cyber threats and explains what you can do to mitigate these risks and keep your data secure. Cyber Security explains the fundamentals of information security, how to shape good organisational security practice, and how to recover effectively should the worst happen. Written in an accessible manner, Cyber Security provides practical guidance and actionable steps to better prepare your workplace and your home alike. This second edition has been updated to reflect the latest threats and vulnerabilities in the IT security landscape, and updates to standards, good practice guides and legislation. • A valuable guide to both current professionals at all levels and those wishing to embark on a cyber security profession • Offers practical guidance and actionable steps for individuals and businesses to protect themselves • Highly accessible and terminology is clearly explained and supported with current, real-world examplesTrade ReviewDavid Sutton's books provides well researched, comprehensive guide to the multifaceted, rapidly growing cyber domain. It serves as a valuable guide to both current professionals and those wishing to embark on a Cyber Security profession. An excellent read. -- Colonel John S Doody FBCS FCMI CITP ACISP MIOD, Director, Interlocutor Services LimitedA very comprehensive primer on cyber security covering issues, solutions and suggestions for further action. After reading this book anyone that worries about cyber security without necessarily wanting to become an expert will find themself much better informed and quite probably much more interested. -- Susan Perriam MBA MSc CMgr MBCS CISSP, Cyber Security ConsultantThis book manages to strike a perfect balance between technical breadth and depth. It includes enough detail to understand the broad range of concepts and techniques found in a complex industry, along with practical and real-life examples. This latest revision is packed with recent examples, scenarios, tools, and techniques that make it a fascinating read for both industry veterans and recent joiners alike. Highly recommended. -- Martin King FBCS CITP CISSP, Chief Technology Officer, IT TransformedThis book describes the eco system of cyber security and provides excellent go-to guides and considerations for people/teams dealing with both technical and non-technical security. Awareness and training are at the very heart of the book, successfully paralleled by descriptions of how our day-to-day information sharing and protection should take place safely. A useful and insightful read and highly recommended. -- Lesley-Anne Turner, Cyber Compliance, CDDO, Cabinet OfficeThe style and structure makes it an ideal book for students as it covers all the important topics, from the fundamentals of information security such as the CIA model, through to organisational issues (policies and disaster recovery), legal requirements and security standards. Terminology is clearly explained and supported with current, real-world examples. It is a most valuable resource. -- Richard Hind MSc MBCS FHEA, Tutor of Digital Technologies, York CollegeThis book gives a good insight into cyber security, with modern day examples and practical guidance on how to proactively mitigate against risks. This will definitely be a book I refer to frequently. -- Bianca Christian, Business Analyst, Young Business Analysts (YBA)On first reading this book, the biggest impression that greets the reader is that it’s NOT a technical reference book and is widely focused on the wider impact of cyber security on society as a whole. It is not just for technologists and treats a complex subject with just the right level of both technical and socioeconomic balance. Highly recommended. -- Adrian Winckles MBCS CITP CEng, Chair of BCS Cybercrime Forensics SG and OWASP Education CommitteeCyber Security 2e is a rich technical guide on cyber threats. Leaving no stone unturned, the first half touches on key examples and paints a clear picture of the current threat landscape that both individuals and organisations face, and the second half contains solutions. Sutton aptly spotlights a number of actions that anyone could be encouraged to practice for good personal and corporate security. -- Ester Masoapatali MBCS, Information Security Specialist, Partnerships Manager, CybSafeThis book is a fantastic resource for those breaking into the industry, or for non-security leaders who want to know more about the risks faced by their business. Written in an accessible manner, this second edition gives readers updated information and current examples showing the changing trends and tactics of attackers. -- Jim Wright, Managing Director, Principle DefenceThis book is for anyone who wants to understand and learn more about cybersecurity. It provides a foundation of cybersecurity knowledge as well as essential practical skills and techniques for entry and junior-level cybersecurity roles. It is also designed to help learners in building a promising and rewarding career pathway in the cybersecurity field. -- Dr Sherif El-Gendy FBCS, Information Security ExpertThis highly accessible second edition provides a thorough update to the world of cyber security in a non-technical manner; firstly clarifying cyber security issues and then focusing on cyber security solutions. If you are looking for a go-to reference that explains cyber security in plain language, this book is for you. -- Tim Clements FBCS CITP FIP CIPP/E CIPM CIPT, Purpose and MeansThis book demystifies what can, to many, be a rather bewildering topic, and it sets clear context and eloquently describes the landscape of threats and issues, and provides clear, actionable advice across key topics. A handy and well-written reference guide, and highly recommended reading! -- Paul Watts MBCS CITP FCIIS CISSP CISM, former CISO and Distinguished Analyst, Information Security ForumA thought-provoking and excellent read. Essential for cybersecurity practitioners working across numerous specialisations and at all levels of management. This blended use of theory and practical applications sets this book apart, complements industry-leading certifications and make it a must-read for anyone working within cyber. -- Gary Cocklin CITP CISSP, Senior Cyber Security Practitioner, UK Royal Air Force (RAF)This book is not just for cyber professionals, it’s for everyone. This book is easy to follow and clearly articulates what cyber is and why it matters. It provides insights into why cyber-attacks occur and offers practical and technical guidance for individuals and businesses to protect themselves. This will be my go-to resource for cyber security. -- Thando Jacobs, Business Analyst, Senior Leadership Team, Young Business Analysts (YBA)This book delivers a comprehensive overview of cyber security and is packed with numerous interesting, relevant examples to illustrate key points. Readers will gain insights on why they might be attacked and measures to protect against ever increasing cyber threats. Therefore I highly recommend this publication for individuals and organisations alike. -- Olu Odeniyi, Cyber Security, Information Security and Digital Transformation Advisor, Thought Leader and SpeakerEasy to follow, digestible and highly relevant for the world we live in today. Not just for cybersecurity professionals, business continuity practitioners will gain valuable insight as well as hints and tips on what cybersecurity aspects to consider when developing business continuity plans and response arrangements. -- Hilary Estall MBCI, IRCA BCMS Principal Auditor, Business Continuity Practitioner, Director Perpetual SolutionsTable of ContentsPreface 1. Introduction 2. The big issues 3. Cyber targets 4. Cyber vulnerabilities and impacts 5. Cyber threats 6. Risk management overview 7. Business continuity & disaster recovery 8. Basic cyber security steps 9. Organisational security steps 10. Awareness and training 11. Information sharing Bibliography Appendix A - Standards Appendix B - Good practice guidelines Appendix C - Cyber security law Appendix D - Cyber security training Appendix E - Links to other useful organisations

Read more less

Book SynopsisFrom Exposed To Secure reveals the everyday threats that are putting your company in danger and where to focus your resources to eliminate exposure and minimize risk. Top cybersecurity and compliance professionals from around the world share their decades of experience in utilizing data protection regulations and complete security measures to protect your company from fines, lawsuits, loss of revenue, operation disruption or destruction, intellectual property theft, and reputational damage.   From Exposed To Secure delivers the crucial, smart steps every business must take to protect itself against the increasingly prevalent and sophisticated cyberthreats that can destroy your company - including phishing, the Internet of Things, insider threats, ransomware, supply chain, and zero-day. 

Read more less

Book SynopsisAvoid becoming the next ransomware victim by taking practical steps today Colonial Pipeline. CWT Global. Brenntag. Travelex. The list of ransomware victims is long, distinguished, and sophisticated. And it's growing longer every day. In Ransomware Protection Playbook, computer security veteran and expert penetration tester Roger A. Grimes delivers an actionable blueprint for organizations seeking a robust defense against one of the most insidious and destructive IT threats currently in the wild. You'll learn about concrete steps you can take now to protect yourself or your organization from ransomware attacks. In addition to walking you through the necessary technical preventative measures, this critical book will show you how to: Quickly detect an attack, limit the damage, and decide whether to pay the ransomImplement a pre-set game plan in the event of a game-changing security breach to help limit the reputational and financial damageLay down a secure foundation of cybersecuritTable of ContentsAcknowledgments xi Introduction xxi Part I: Introduction 1 Chapter 1: Introduction to Ransomware 3 How Bad is the Problem? 4 Variability of Ransomware Data 5 True Costs of Ransomware 7 Types of Ransomware 9 Fake Ransomware 10 Immediate Action vs. Delayed 14 Automatic or Human-Directed 17 Single Device Impacts or More 18 Ransomware Root Exploit 19 File Encrypting vs. Boot Infecting 21 Good vs. Bad Encryption 22 Encryption vs. More Payloads 23 Ransomware as a Service 30 Typical Ransomware Process and Components 32 Infiltrate 32 After Initial Execution 34 Dial-Home 34 Auto-Update 37 Check for Location 38 Initial Automatic Payloads 39 Waiting 40 Hacker Checks C&C 40 More Tools Used 40 Reconnaissance 41 Readying Encryption 42 Data Exfiltration 43 Encryption 44 Extortion Demand 45 Negotiations 46 Provide Decryption Keys 47 Ransomware Goes Conglomerate 48 Ransomware Industry Components 52 Summary 55 Chapter 2: Preventing Ransomware 57 Nineteen Minutes to Takeover 57 Good General Computer Defense Strategy 59 Understanding How Ransomware Attacks 61 The Nine Exploit Methods All Hackers and Malware Use 62 Top Root-Cause Exploit Methods of All Hackers and Malware 63 Top Root-Cause Exploit Methods of Ransomware 64 Preventing Ransomware 67 Primary Defenses 67 Everything Else 70 Use Application Control 70 Antivirus Prevention 73 Secure Configurations 74 Privileged Account Management 74 Security Boundary Segmentation 75 Data Protection 76 Block USB Keys 76 Implement a Foreign Russian Language 77 Beyond Self-Defense 78 Geopolitical Solutions 79 International Cooperation and Law Enforcement 79 Coordinated Technical Defense 80 Disrupt Money Supply 81 Fix the Internet 81 Summary 84 Chapter 3: Cybersecurity Insurance 85 Cybersecurity Insurance Shakeout 85 Did Cybersecurity Insurance Make Ransomware Worse? 90 Cybersecurity Insurance Policies 92 What’s Covered by Most Cybersecurity Policies 93 Recovery Costs 93 Ransom 94 Root-Cause Analysis 95 Business Interruption Costs 95 Customer/Stakeholder Notifications and Protection 96 Fines and Legal Investigations 96 Example Cyber Insurance Policy Structure 97 Costs Covered and Not Covered by Insurance 98 The Insurance Process 101 Getting Insurance 101 Cybersecurity Risk Determination 102 Underwriting and Approval 103 Incident Claim Process 104 Initial Technical Help 105 What to Watch Out For 106 Social Engineering Outs 107 Make Sure Your Policy Covers Ransomware 107 Employee’s Mistake Involved 107 Work-from-Home Scenarios 108 War Exclusion Clauses 108 Future of Cybersecurity Insurance 109 Summary 111 Chapter 4: Legal Considerations 113 Bitcoin and Cryptocurrencies 114 Can You Be in Legal Jeopardy for Paying a Ransom? 123 Consult with a Lawyer 127 Try to Follow the Money 127 Get Law Enforcement Involved 128 Get an OFAC License to Pay the Ransom 129 Do Your Due Diligence 129 Is It an Official Data Breach? 129 Preserve Evidence 130 Legal Defense Summary 130 Summary 131 Part II: Detection and Recovery 133 Chapter 5: Ransomware Response Plan 135 Why Do Response Planning? 135 When Should a Response Plan Be Made? 136 What Should a Response Plan Include? 136 Small Response vs. Large Response Threshold 137 Key People 137 Communications Plan 138 Public Relations Plan 141 Reliable Backup 142 Ransom Payment Planning 144 Cybersecurity Insurance Plan 146 What It Takes to Declare an Official Data Breach 147 Internal vs. External Consultants 148 Cryptocurrency Wallet 149 Response 151 Checklist 151 Definitions 153 Practice Makes Perfect 153 Summary 154 Chapter 6: Detecting Ransomware 155 Why is Ransomware So Hard to Detect? 155 Detection Methods 158 Security Awareness Training 158 AV/EDR Adjunct Detections 159 Detect New Processes 160 Anomalous Network Connections 164 New, Unexplained Things 166 Unexplained Stoppages 167 Aggressive Monitoring 169 Example Detection Solution 169 Summary 175 Chapter 7: Minimizing Damage 177 Basic Outline for Initial Ransomware Response 177 Stop the Spread 179 Power Down or Isolate Exploited Devices 180 Disconnecting the Network 181 Disconnect at the Network Access Points 182 Suppose You Can’t Disconnect the Network 183 Initial Damage Assessment 184 What is Impacted? 185 Ensure Your Backups Are Still Good 186 Check for Signs of Data and Credential Exfiltration 186 Check for Rogue Email Rules 187 What Do You Know About the Ransomware? 187 First Team Meeting 188 Determine Next Steps 189 Pay the Ransom or Not? 190 Recover or Rebuild? 190 Summary 193 Chapter 8: Early Responses 195 What Do You Know? 195 A Few Things to Remember 197 Encryption is Likely Not Your Only Problem 198 Reputational Harm May Occur 199 Firings May Happen 200 It Could Get Worse 201 Major Decisions 202 Business Impact Analysis 202 Determine Business Interruption Workarounds 203 Did Data Exfiltration Happen? 204 Can You Decrypt the Data Without Paying? 204 Ransomware is Buggy 205 Ransomware Decryption Websites 205 Ransomware Gang Publishes Decryption Keys 206 Sniff a Ransomware Key Off the Network? 206 Recovery Companies Who Lie About Decryption Key Use 207 If You Get the Decryption Keys 207 Save Encrypted Data Just in Case 208 Determine Whether the Ransom Should Be Paid 209 Not Paying the Ransom 209 Paying the Ransom 210 Recover or Rebuild Involved Systems? 212 Determine Dwell Time 212 Determine Root Cause 213 Point Fix or Time to Get Serious? 214 Early Actions 215 Preserve the Evidence 215 Remove the Malware 215 Change All Passwords 217 Summary 217 Chapter 9: Environment Recovery 219 Big Decisions 219 Recover vs. Rebuild 220 In What Order 221 Restoring Network 221 Restore IT Security Services 223 Restore Virtual Machines and/or Cloud Services 223 Restore Backup Systems 224 Restore Clients, Servers, Applications, Services 224 Conduct Unit Testing 225 Rebuild Process Summary 225 Recovery Process Summary 228 Recovering a Windows Computer 229 Recovering/Restoring Microsoft Active Directory 231 Summary 233 Chapter 10: Next Steps 235 Paradigm Shifts 235 Implement a Data-Driven Defense 236 Focus on Root Causes 238 Rank Everything! 239 Get and Use Good Data 240 Heed Growing Threats More 241 Row the Same Direction 241 Focus on Social Engineering Mitigation 242 Track Processes and Network Traffic 243 Improve Overall Cybersecurity Hygiene 243 Use Multifactor Authentication 243 Use a Strong Password Policy 244 Secure Elevated Group Memberships 246 Improve Security Monitoring 247 Secure PowerShell 247 Secure Data 248 Secure Backups 249 Summary 250 Chapter 11: What Not to Do 251 Assume You Can’t Be a Victim 251 Think That One Super-Tool Can Prevent an Attack 252 Assume Too Quickly Your Backup is Good 252 Use Inexperienced Responders 253 Give Inadequate Considerations to Paying Ransom 254 Lie to Attackers 255 Insult the Gang by Suggesting Tiny Ransom 255 Pay the Whole Amount Right Away 256 Argue with the Ransomware Gang 257 Apply Decryption Keys to Your Only Copy 257 Not Care About Root Cause 257 Keep Your Ransomware Response Plan Online Only 258 Allow a Team Member to Go Rogue 258 Accept a Social Engineering Exclusion in Your Cyber-Insurance Policy 259 Summary 259 Chapter 12: Future of Ransomware 261 Future of Ransomware 261 Attacks Beyond Traditional Computers 262 IoT Ransoms 264 Mixed-Purpose Hacking Gangs 265 Future of Ransomware Defense 267 Future Technical Defenses 267 Ransomware Countermeasure Apps and Features 267 AI Defense and Bots 268 Strategic Defenses 269 Focus on Mitigating Root Causes 269 Geopolitical Improvements 269 Systematic Improvements 270 Use Cyber Insurance as a Tool 270 Improve Internet Security Overall 271 Summary 271 Parting Words 272 Index 273

Read more less

Book SynopsisCovering all aspects of the framework from installation, configuration, and vulnerability hunting to advanced client side attacks and anti-forensics, this book carries out penetration testing in highly-secured environments with Metasploit. It helps you learn to bypass different defenses to gain access into different systems.

Read more less

Book SynopsisWritten by leading macOS threat analyst Patrick Wardle, The Art of Mac Malware Analysis covers the knowledge and hands-on skills required to analyze Mac malware. Using real-world examples and references to original research, Part 1 surveys the malware's various infection methods, persistence mechanisms, and capabilities. In Part 2, you'll learn about the static and dynamic analysis tools and techniques needed to examine malware you may find in the wild. Finally, you'll put these lessons into practice by walking through a comprehensive analysis of a complex Mac malware specimen (Part 3).Trade Review"[The Art of Mac Malware] serves as a valuable resource for anyone looking to level up their skills to stay on top of the latest macOS threats. Patrick's approachable, educating writing style and extensive knowledge in this field made him the ideal author to write this book."—Maria Markstedter, @Fox0x01, Forbes Person Of The Year In Cybersecurity"Mac doesn’t face the same level of malware threat that Windows users experience. However, it is possible to create malware for macOS and the excellent book, The Art of Mac Malware, goes into a lot of detail."—Security Boulevard"Awesome job keeping readers hooked."—Tony Lambert, @ForensicITGuy"An awesome researcher writing for my favorite publisher . . . If you’re interested in Mac malware, I highly recommend!"—Francisco Donoso, @Francisckrs

Read more less

Book SynopsisStop dangerous threats and secure your vulnerabilities without slowing down delivery. This practical book is a one-stop guide to implementing a robust application security program.Application Security Program Handbook teaches you to implement a robust program of security throughout your development process. It goes well beyond the basics, detailing a flexible approach that can adapt and evolve to new and emerging threats. Follow the expert advice in this guide and you'll reliably deliver software that is free from security defects and critical vulnerabilities. As a developer, you must build security into your software throughout its development lifecycle. This book addresses all the practices, tools, technology, people, and processes you need to reduce the risk of attacks and vulnerabilities in your software. Application Security Program Handbook is full of strategies for setting up and maturing a security program for your development process. Its realistic recommendations take a service-oriented approach to application security that's perfectly suited to the fast-pace of modern development. Focused on the realities of software development, it shows you how to avoid making security a gated exercise.Inside, you'll learn to assess the current state of your app's security, identify key risks to your organization, and measure the success of any defensive programs you deploy. You'll master common methodologies and practices that help safeguard your software, along with defensive tools you can use to keep your apps safe. With this handy reference guide by your side, you'll be able to implement reliable security in a way that doesn't impact your delivery speed. RETAIL SELLING POINTS Application security tools you can use throughout the development lifecycle Creating threat models Mitigating web app vulnerabilities Creating a DevSecOps pipeline Application security as a service model Reporting structures that highlight the value of application security Creating a software security ecosystem that benefits development AUDIENCE For software developers, architects, team leaders, and project managers looking to implement security in their pipelines.Trade Review'It's impossible not to learn something from this.'George Onofrei 'Do you want to get your hold back on the concepts of Application Security, then this is a fantastic book for you. Get it now!'Krishna Anipindi 'A book like this should be a must to start your career or to understand you are doing things right.'Nikolaos AlexiouTable of Contentstable of contents detailed TOC PART 1: DEFINING APPLICATION SECURITY READ IN LIVEBOOK 1WHY DO WE NEED APPLICATION SECURITY READ IN LIVEBOOK 2DEFINING THE PROBLEM READ IN LIVEBOOK 3COMPONENTS OF APPLICATION SECURITY PART 2 DEVELOPING THE APPLICATION SECURITY PROGRAM READ IN LIVEBOOK 4RELEASING SECURE CODE READ IN LIVEBOOK 5SECURITY BELONGS TO EVERYONE READ IN LIVEBOOK 6SERVICE-ORIENTED APPLICATION SECURITY PART 3: DELIVER AND MEASURE READ IN LIVEBOOK 7BUILDING A ROADMAP READ IN LIVEBOOK 8MEASURING SUCCESS 9 CONTINUOUS IMPROVEMENT

Read more less

Book SynopsisLeverage cyber threat intelligence and the MITRE framework to enhance your prevention mechanisms, detection capabilities, and learn top adversarial simulation and emulation techniquesKey Features Apply real-world strategies to strengthen the capabilities of your organization's security system Learn to not only defend your system but also think from an attacker's perspective Ensure the ultimate effectiveness of an organization's red and blue teams with practical tips Book DescriptionWith small to large companies focusing on hardening their security systems, the term "purple team" has gained a lot of traction over the last couple of years. Purple teams represent a group of individuals responsible for securing an organization's environment using both red team and blue team testing and integration – if you're ready to join or advance their ranks, then this book is for you.Purple Team Strategies will get you up and running with the exact strategies and techniques used by purple teamers to implement and then maintain a robust environment. You'll start with planning and prioritizing adversary emulation, and explore concepts around building a purple team infrastructure as well as simulating and defending against the most trendy ATT&CK tactics. You'll also dive into performing assessments and continuous testing with breach and attack simulations.Once you've covered the fundamentals, you'll also learn tips and tricks to improve the overall maturity of your purple teaming capabilities along with measuring success with KPIs and reporting.With the help of real-world use cases and examples, by the end of this book, you'll be able to integrate the best of both sides: red team tactics and blue team security measures.What you will learn Learn and implement the generic purple teaming process Use cloud environments for assessment and automation Integrate cyber threat intelligence as a process Configure traps inside the network to detect attackers Improve red and blue team collaboration with existing and new tools Perform assessments of your existing security controls Who this book is forIf you're a cybersecurity analyst, SOC engineer, security leader or strategist, or simply interested in learning about cyber attack and defense strategies, then this book is for you. Purple team members and chief information security officers (CISOs) looking at securing their organizations from adversaries will also benefit from this book. You'll need some basic knowledge of Windows and Linux operating systems along with a fair understanding of networking concepts before you can jump in, while ethical hacking and penetration testing know-how will help you get the most out of this book.Table of ContentsTable of Contents Contextualizing Threats and Today's Challenges Purple Teaming – a Generic Approach and a New Model Carrying Out Adversary Emulation with CTI Threat Management – Detecting, Hunting, and Preventing Red Team Infrastructure Blue Team – Collect Blue Team – Detect Blue Team – Correlate Purple Team Infrastructure Purple Teaming the ATT&CK Tactics Purple Teaming with BAS and Adversary Emulation PTX – Purple Teaming eXtended PTX – Automation and DevOps Approach Exercise Wrap-Up and KPIs

Read more less

Book SynopsisGet to grips with cloud exploits, learn the fundamentals of cloud security, and secure your organization’s network by pentesting AWS, Azure, and GCP effectively Key Features Discover how enterprises use AWS, Azure, and GCP as well as the applications and services unique to each platform Understand the key principles of successful pentesting and its application to cloud networks, DevOps, and containerized networks (Docker and Kubernetes) Get acquainted with the penetration testing tools and security measures specific to each platform Purchase of the print or Kindle book includes a free PDF eBook Book DescriptionWith AWS, Azure, and GCP gaining prominence, mastering their unique features, ecosystems, and penetration testing protocols has become an indispensable skill, which is precisely what this pentesting guide for cloud platforms will help you achieve. As you navigate through the chapters, you’ll explore the intricacies of cloud security testing and gain valuable insights into how pentesters and red teamers evaluate cloud environments effectively. In addition to its coverage of these cloud platforms, the book also guides you through modern methodologies for testing containerization technologies such as Docker and Kubernetes, which are fast becoming staples in the cloud ecosystem. Additionally, it places extended focus on penetration testing AWS, Azure, and GCP through serverless applications and specialized tools. These sections will equip you with the tactics and tools necessary to exploit vulnerabilities specific to serverless architecture, thus providing a more rounded skill set. By the end of this cloud security book, you’ll not only have a comprehensive understanding of the standard approaches to cloud penetration testing but will also be proficient in identifying and mitigating vulnerabilities that are unique to cloud environments.What you will learn Familiarize yourself with the evolution of cloud networks Navigate and secure complex environments that use more than one cloud service Conduct vulnerability assessments to identify weak points in cloud configurations Secure your cloud infrastructure by learning about common cyber attack techniques Explore various strategies to successfully counter complex cloud attacks Delve into the most common AWS, Azure, and GCP services and their applications for businesses Understand the collaboration between red teamers, cloud administrators, and other stakeholders for cloud pentesting Who this book is forThis book is for pentesters, aspiring pentesters, and red team members seeking specialized skills for leading cloud platforms—AWS, Azure, and GCP. Those working in defensive security roles will also find this book useful to extend their cloud security skills.Table of ContentsTable of Contents How Do Enterprises Utilize and Implement Cloud Networks? How Are Cloud Networks Cyber Attacked? Key Concepts for Pentesting Today’s Cloud Networks Security Features in AWS Pentesting AWS Features through Serverless Applications and Tools Pentesting Containerized Applications in AWS Security Features in Azure Pentesting Azure Features through Serverless Applications and Tools Pentesting Containerized Applications in Azure Security Features in GCP Pentesting GCP Features through Serverless Applications and Tools Pentesting Containerized Applications in GCP Best Practices and Summary

Read more less

Book SynopsisUnlock the secrets of malware data science with cutting-edge techniques, AI-driven analysis, and international compliance standards to stay ahead of the ever-evolving cyber threat landscape Key Features Get introduced to three primary AI tactics used in malware and detection Leverage data science tools to combat critical cyber threats Understand regulatory requirements for using AI in cyber threat management Purchase of the print or Kindle book includes a free PDF eBook Book DescriptionIn today's world full of online threats, the complexity of harmful software presents a significant challenge for detection and analysis. This insightful guide will teach you how to apply the principles of data science to online security, acting as both an educational resource and a practical manual for everyday use. Malware Science starts by explaining the nuances of malware, from its lifecycle to its technological aspects before introducing you to the capabilities of data science in malware detection by leveraging machine learning, statistical analytics, and social network analysis. As you progress through the chapters, you’ll explore the analytical methods of reverse engineering, machine language, dynamic scrutiny, and behavioral assessments of malicious software. You’ll also develop an understanding of the evolving cybersecurity compliance landscape with regulations such as GDPR and CCPA, and gain insights into the global efforts in curbing cyber threats. By the end of this book, you’ll have a firm grasp on the modern malware lifecycle and how you can employ data science within cybersecurity to ward off new and evolving threats.What you will learn Understand the science behind malware data and its management lifecycle Explore anomaly detection with signature and heuristics-based methods Analyze data to uncover relationships between data points and create a network graph Discover methods for reverse engineering and analyzing malware Use ML, advanced analytics, and data mining in malware data analysis and detection Explore practical insights and the future state of AI’s use for malware data science Understand how NLP AI employs algorithms to analyze text for malware detection Who this book is forThis book is for cybersecurity experts keen on adopting data-driven defense methods. Data scientists will learn how to apply their skill set to address critical security issues, and compliance officers navigating global regulations like GDPR and CCPA will gain indispensable insights. Academic researchers exploring the intersection of data science and cybersecurity, IT decision-makers overseeing organizational strategy, and tech enthusiasts eager to understand modern cybersecurity will also find plenty of useful information in this guide. A basic understanding of cybersecurity and information technology is a prerequisite.Table of ContentsTable of Contents Malware Data Science Life Cycle Overview An Overview of the International History of Cyber Malware Impacts Topological Data Analysis for Malware Detection and Analysis Artificial Intelligence for Malware Data Analysis and Detection Behavior-Based Malware Data Analysis and Detection The Future State of Malware Data Analysis and Detection The Future State of Key International Compliance Requirements Epilogue – A Harmonious Overture to the Future of Malware Data Science and Cybersecurity

Read more less

Book SynopsisGain a firm, practical understanding of securing your network and utilize Python’s packages to detect vulnerabilities in your application Key Features Discover security techniques to protect your network and systems using Python Create scripts in Python to automate security and pentesting tasks Analyze traffic in a network and extract information using Python Book DescriptionPython’s latest updates add numerous libraries that can be used to perform critical security-related missions, including detecting vulnerabilities in web applications, taking care of attacks, and helping to build secure and robust networks that are resilient to them. This fully updated third edition will show you how to make the most of them and improve your security posture. The first part of this book will walk you through Python scripts and libraries that you’ll use throughout the book. Next, you’ll dive deep into the core networking tasks where you will learn how to check a network’s vulnerability using Python security scripting and understand how to check for vulnerabilities in your network – including tasks related to packet sniffing. You’ll also learn how to achieve endpoint protection by leveraging Python packages along with writing forensics scripts. The next part of the book will show you a variety of modern techniques, libraries, and frameworks from the Python ecosystem that will help you extract data from servers and analyze the security in web applications. You’ll take your first steps in extracting data from a domain using OSINT tools and using Python tools to perform forensics tasks. By the end of this book, you will be able to make the most of Python to test the security of your network and applications.What you will learn Program your own tools in Python that can be used in a Network Security process Automate tasks of analysis and extraction of information from servers Detect server vulnerabilities and analyze security in web applications Automate security and pentesting tasks by creating scripts with Python Utilize the ssh-audit tool to check the security in SSH servers Explore WriteHat as a pentesting reports tool written in Python Automate the process of detecting vulnerabilities in applications with tools like Fuxploider Who this book is forThis Python book is for network engineers, system administrators, and other security professionals looking to overcome common networking and security issues using Python. You will also find this book useful if you're an experienced programmer looking to explore Python’s full range of capabilities. A basic understanding of general programming structures as well as familiarity with the Python programming language is a prerequisite.Table of ContentsTable of Contents Working with Python Scripting System Programming Packages Socket Programming HTTP Programming and Web Authentication Analyzing Network Traffic and Packets Sniffing Gathering Information from Servers with OSINT Tools Interacting with FTP, SFTP, and SSH Servers Working with Nmap Scanner Interacting with Vulnerability Scanners Interacting with Server Vulnerabilities in Web Applications Obtain Information from Vulnerabilities Databases Extracting Geolocation and Metadata from Documents, Images, and Browsers Python Tools for Brute-Force Attacks Cryptography and Code Obfuscation Assessments – Answers to the End-of-Chapter Questions

Read more less

Book SynopsisGet to grips with cyber threat intelligence and data-driven threat hunting while exploring expert tips and techniques Key Features Set up an environment to centralize all data in an Elasticsearch, Logstash, and Kibana (ELK) server that enables threat hunting Carry out atomic hunts to start the threat hunting process and understand the environment Perform advanced hunting using MITRE ATT&CK Evals emulations and Mordor datasets Book DescriptionThreat hunting (TH) provides cybersecurity analysts and enterprises with the opportunity to proactively defend themselves by getting ahead of threats before they can cause major damage to their business. This book is not only an introduction for those who don't know much about the cyber threat intelligence (CTI) and TH world, but also a guide for those with more advanced knowledge of other cybersecurity fields who are looking to implement a TH program from scratch. You will start by exploring what threat intelligence is and how it can be used to detect and prevent cyber threats. As you progress, you'll learn how to collect data, along with understanding it by developing data models. The book will also show you how to set up an environment for TH using open source tools. Later, you will focus on how to plan a hunt with practical examples, before going on to explore the MITRE ATT&CK framework. By the end of this book, you'll have the skills you need to be able to carry out effective hunts in your own environment. What you will learn Understand what CTI is, its key concepts, and how it is useful for preventing threats and protecting your organization Explore the different stages of the TH process Model the data collected and understand how to document the findings Simulate threat actor activity in a lab environment Use the information collected to detect breaches and validate the results of your queries Use documentation and strategies to communicate processes to senior management and the wider business Who this book is forIf you are looking to start out in the cyber intelligence and threat hunting domains and want to know more about how to implement a threat hunting division with open-source tools, then this cyber threat intelligence book is for you.Table of ContentsTable of Contents What is Cyber Threat Intelligence? What is Threat Hunting? Where Does the Data Come From? Mapping the Adversary Working with Data Emulating the Adversary Creating a Research Environment How to Query the Data Hunting for the Adversary Importance of Documenting and Automating the Process Assessing Data Quality Understanding the Output Defining Good Metrics to Track Success Engaging the Response Team and Communicating the Result to Executives

Read more less

Book SynopsisBuild your organization’s cyber defense system by effectively implementing digital forensics and incident management techniquesKey Features Create a solid incident response framework and manage cyber incidents effectively Perform malware analysis for effective incident response Explore real-life scenarios that effectively use threat intelligence and modeling techniques Book DescriptionAn understanding of how digital forensics integrates with the overall response to cybersecurity incidents is key to securing your organization's infrastructure from attacks. This updated second edition will help you perform cutting-edge digital forensic activities and incident response.After focusing on the fundamentals of incident response that are critical to any information security team, you’ll move on to exploring the incident response framework. From understanding its importance to creating a swift and effective response to security incidents, the book will guide you with the help of useful examples. You’ll later get up to speed with digital forensic techniques, from acquiring evidence and examining volatile memory through to hard drive examination and network-based evidence. As you progress, you’ll discover the role that threat intelligence plays in the incident response process. You’ll also learn how to prepare an incident response report that documents the findings of your analysis. Finally, in addition to various incident response activities, the book will address malware analysis, and demonstrate how you can proactively use your digital forensic skills in threat hunting.By the end of this book, you’ll have learned how to efficiently investigate and report unwanted security breaches and incidents in your organization.What you will learn Create and deploy an incident response capability within your own organization Perform proper evidence acquisition and handling Analyze the evidence collected and determine the root cause of a security incident Become well-versed with memory and log analysis Integrate digital forensic techniques and procedures into the overall incident response process Understand the different techniques for threat hunting Write effective incident reports that document the key findings of your analysis Who this book is forThis book is for cybersecurity and information security professionals who want to implement digital forensics and incident response in their organization. You will also find the book helpful if you are new to the concept of digital forensics and are looking to get started with the fundamentals. A basic understanding of operating systems and some knowledge of networking fundamentals are required to get started with this book.Table of ContentsTable of Contents Understanding Incident Response Managing Cyber Incidents Fundamentals of Digital Forensics Collecting Network Evidence Acquiring Host-Based Evidence Forensic Imaging Analyzing Network Evidence Analyzing System Memory Analyzing System Storage Analyzing Log Files Writing the Incident Report Malware Analysis for Incident Response Leveraging Threat Intelligence Hunting for Threats Appendix

Read more less

Book SynopsisDevelop your red team skills by learning essential foundational tactics, techniques, and procedures, and boost the overall security posture of your organization by leveraging the homefield advantageKey Features Build, manage, and measure an offensive red team program Leverage the homefield advantage to stay ahead of your adversaries Understand core adversarial tactics and techniques, and protect pentesters and pentesting assets Book DescriptionIt's now more important than ever for organizations to be ready to detect and respond to security events and breaches. Preventive measures alone are not enough for dealing with adversaries. A well-rounded prevention, detection, and response program is required. This book will guide you through the stages of building a red team program, including strategies and homefield advantage opportunities to boost security.The book starts by guiding you through establishing, managing, and measuring a red team program, including effective ways for sharing results and findings to raise awareness. Gradually, you'll learn about progressive operations such as cryptocurrency mining, focused privacy testing, targeting telemetry, and even blue team tooling. Later, you'll discover knowledge graphs and how to build them, then become well-versed with basic to advanced techniques related to hunting for credentials, and learn to automate Microsoft Office and browsers to your advantage. Finally, you'll get to grips with protecting assets using decoys, auditing, and alerting with examples for major operating systems.By the end of this book, you'll have learned how to build, manage, and measure a red team program effectively and be well-versed with the fundamental operational techniques required to enhance your existing skills.What you will learn Understand the risks associated with security breaches Implement strategies for building an effective penetration testing team Map out the homefield using knowledge graphs Hunt credentials using indexing and other practical techniques Gain blue team tooling insights to enhance your red team skills Communicate results and influence decision makers with appropriate data Who this book is forThis is one of the few detailed cybersecurity books for penetration testers, cybersecurity analysts, security leaders and strategists, as well as red team members and chief information security officers (CISOs) looking to secure their organizations from adversaries. The program management part of this book will also be useful for beginners in the cybersecurity domain. To get the most out of this book, some penetration testing experience, and software engineering and debugging skills are necessary.Table of ContentsTable of Contents Establishing an Offensive Security Program Managing an Offensive Security Team Measuring an Offensive Security Program Progressive Red Team Operations Situational Awareness – Mapping Out the Homefield Using Graph Databases Building a Comprehensive Knowledge Graph Hunting for Credentials Advanced Credential Hunting Powerful Automation Protecting the Pen Tester Traps, Deceptions, and Honeypots Blue Team Tactics for the Red Team

Read more less