Your Ad Here
3:57 PM

Perl Books

CHM format | 880 pages | 7,8mb | English language | ISBN 0132390779

This book provides end-to-end, detailed coverage of the state of the art in all aspects of computer security. Starting with a clear, in-depth review of cryptography, it also covers specific options for securing software and data against malicious code and intruders; the special challenges of securing networks and distributed systems; firewalls; ways to administer security on personal computers and UNIX systems; analyzing security risks and benefits; and the legal and ethical issues surrounding computer security

Posted by Cyber Trunks

This book is a practical guide to discovering and exploiting security flaws in web applications. The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications.

The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results.

The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger", Dafydd developed the popular Burp Suite of web application hack tools.

Posted by Cyber Trunks

"Offensive Security 101 v.2.0" is a course designed for network administrators and security professionals who need to get acquainted with the world of offensive security. The course introduces the latest hacking tools and techniques, and includes remote live labs for exercising the material presented to the students.

This course gives a solid understanding of the penetration testing process, and is equally important for those wanting to either defend or attack their network.

ISC2 has accredited Offensive Security 101 v.2.0 with 40 ISC2 CPE Credits. This applies to students who submit their exercise documentation at the end of the course.

Posted by Cyber Trunks

Hardly a week goes by without news of some malicious program or other playing hob with large numbers of computers somewhere on the Internet. Viruses Revealed shows where computer viruses come from, how they spread, and how you can protect the computers you're responsible for. It recognizes that viruses are inherent in the modern computing environment (which makes it easy to share data among machines) and that there's no absolutely certain way to maintain any degree of usefulness in a computer while eliminating all risk of viral infection. From there, the three authors proceed to make their readers informed participants in a dangerous computing world. They do this by defining terms (like dropper, a program that isn't a virus itself but which serves to install one), explaining concepts (like the difficulties antivirus programs face in detecting Trojan programs), and documenting historical events (infamous viruses of the past--Love Bug, Kournikova, and so on--and why they worked).
To their great credit, the authors go to great lengths to be authoritative. They document pretty much everything they say with references and rarely assume that the reader knows what any but the most basic terms mean. Furthermore, they're modest and don't claim that what they say will save your machines from viral attack. Rather, they say that appropriate defenses will reduce your risk of infection, and solid documentation, backup, and recovery mechanisms will help you halt successful attacks early and recover from them promptly. The prose here is well written and often funny--Viruses Revealed is a big winner. --David Wall

Topics covered: Computer viruses--what they are, where they come from, how they work, and how to deal with them. A combination of case studies and explanatory prose shows how to minimize your virus risk, regardless of what kinds of computers you run.

Posted by Cyber Trunks

"This book clearly ranks as one of the most authoritative in the field of honeypots. It is comprehensive and well written. The authors provide us with an insider’s look at virtual honeypots and even help us in setting up and understanding an otherwise very complex technology."

—Stefan Kelm, Secorvo Security Consulting

"Virtual Honeypots is the best reference for honeypots today. Security experts Niels Provos and Thorsten Holz cover a large breadth of cutting-edge topics, from low-interaction honeypots to botnets and malware. If you want to learn about the latest types of honeypots, how they work, and what they can do for you, this is the resource you need."

—Lance Spitzner, Founder, Honeynet Project

"Whether gathering intelligence for research and defense, quarantining malware outbreaks within the enterprise, or tending hacker ant farms at home for fun, you’ll find many practical techniques in the black art of deception detailed in this book. Honeypot magic revealed!"

—Doug Song, Arbor Networks

"Seeking the safest paths through the unknown sunny islands called honeypots? Trying to avoid greedy pirates catching treasures deeper and deeper beyond your ports? With this book, any reader will definitely get the right map to handle current cyber-threats.

Designed by two famous white hats, Niels Provos and Thorsten Holz, it carefully teaches everything from the concepts to practical real-life examples with virtual honeypots. The main strength of this book relies in how it covers so many uses of honeypots: improving intrusion detection systems, slowing down and following incoming attackers, catching and analyzing 0-days or malwares or botnets, and so on.

Sailing the high seas of our cyber-society or surfing the Net, from students to experts, it’s a must-read for people really aware of computer security, who would like to fight against black-hats flags with advanced modern tools like honeypots."

Posted by Cyber Trunks

Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks. Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. CHFI investigators can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information.Securing and analyzing electronic evidence is a central theme in an ever-increasing number of conflict situations and criminal cases. Electronic evidence is critical in the following situations:

• Disloyal employees
• Computer break-ins
• Possession of pornography
• Breach of contract
• Industrial espionage
• E-mail Fraud
• Bankruptcy
• Disputed dismissals
• Web page defacements
• Theft of company documents

Computer forensics enables the systematic and careful identification of evidence in computer related crime and abuse cases. This may range from tracing the tracks of a hacker through a client’s systems, to tracing the originator of defamatory emails, to recovering signs of fraud.

The CHFI course will provide participants the necessary skills to identify an intruder’s footprints and to properly gather the necessary evidence to prosecute in the court of law.

The CHFI course will benefit:

• Police and other law enforcement personnel
• Defense and Military personnel
• e-Business Security professionals
• Systems administrators
• Legal professionals
• Banking, Insurance and other professionals
• Government agencies
• IT managers

The CHFI certification is awarded after successfully passing the exam EC0 312-49.


Posted by Cyber Trunks

Penetration testing a network requires a balance of art and science. A penetration tester must be creative enough to think outside of the box to determine the best attack vector into his own network, and also be expert in using the literally hundreds of tools required to execute the plan. This second volume adds over 300 new pentesting applications included with BackTrack 2 to the pen tester's toolkit. It includes the latest information on Snort, Nessus, Wireshark, Metasploit, Kismet and all of the other major Open Source platforms.

Perform Network Reconnaissance
Master the objectives, methodology, and tools of the least understood aspect of a penetration test.
Demystify Enumeration and Scanning
Identify the purpose and type of the target systems, obtain specific information about the versions of the services that are running on the systems, and list the targets and services.
Hack Database Services
Understand and identify common database service vulnerabilities, discover database services, attack database authentication mechanisms, analyze the contents of the database, and use the database to obtain access to the host operating system.
Test Web Servers and Applications
Compromise the Web server due to vulnerabilities on the server daemon itself, its unhardened state, or vulnerabilities within the Web applications.
Test Wireless Networks and Devices
Understand WLAN vulnerabilities, attack WLAN encryption, master information gathering tools, and deploy exploitation tools.
Use Traceroute, Nmap, ike-scan, Cisco Torch, Finger, Nessus, onesixtyone, Hydra, Ettercap, and more to attack your network devices.
Customize BackTrack 2
Torque BackTrack 2 for your specialized needs through module management, unique hard drive installations, and USB installations.
Perform Forensic Discovery and Analysis with BackTrack 2
Use BackTrack in the field for forensic analysis, image acquisition, and file carving.

Posted by Cyber Trunks

The latest Windows security attack and defense strategies

"Securing Windows begins with reading this book." --James Costello (CISSP) IT Security Specialist, Honeywell

Meet the challenges of Windows security with the exclusive Hacking Exposed "attack-countermeasure" approach. Learn how real-world malicious hackers conduct reconnaissance of targets and then exploit common misconfigurations and software flaws on both clients and servers. See leading-edge exploitation techniques demonstrated, and learn how the latest countermeasures in Windows XP, Vista, and Server 2003/2008 can mitigate these attacks. Get practical advice based on the authors' and contributors' many years as security professionals hired to break into the world's largest IT infrastructures. Dramatically improve the security of Microsoft technology deployments of all sizes when you learn to:

Establish business relevance and context for security by highlighting real-world risks
* Take a tour of the Windows security architecture from the hacker's perspective, exposing old and new vulnerabilities that can easily be avoided
* Understand how hackers use reconnaissance techniques such as footprinting, scanning, banner grabbing, DNS queries, and Google searches to locate vulnerable Windows systems
* Learn how information is extracted anonymously from Windows using simple NetBIOS, SMB, MSRPC, SNMP, and Active Directory enumeration techniques
* Prevent the latest remote network exploits such as password grinding via WMI and Terminal Server, passive Kerberos logon sniffing, rogue server/man-in-the-middle attacks, and cracking vulnerable services
* See up close how professional hackers reverse engineer and develop new Windows exploits
* Identify and eliminate rootkits, malware, and stealth software
* Fortify SQL Server against external and insider attacks

Posted by Cyber Trunks

Symantec's chief antivirus researcher has written the definitive guide to contemporary virus threats, defense techniques, and analysis tools. Unlike most books on computer viruses, The Art of Computer Virus Research and Defense is a reference written strictly for white hats: IT and security professionals responsible for protecting their organizations against malware. Peter Szor systematically covers everything you need to know, including virus behavior and classification, protection strategies, antivirus and worm-blocking techniques, and much more.
Szor presents the state-of-the-art in both malware and protection, providing the full technical detail that professionals need to handle increasingly complex attacks. Along the way, he provides extensive information on code metamorphism and other emerging techniques, so you can anticipate and prepare for future threats.
Szor also offers the most thorough and practical primer on virus analysis ever published—addressing everything from creating your own personal laboratory to automating the analysis process.

Posted by Cyber Trunks

Great Content from a Bestselling Author: The Linux Bible 2008 Edition is the best first Linux book for new or migrating users. By focusing on the building-block nature of Linux, and offering true up-to-date descriptions of Linux technology, the Bible helps the reader learn how to jump headlong into Linux, regardless of the Linux distribution they choose. Descriptions of different Linux distributions helps users choose the Linux distribution that's right for them. Detailed installation instructions, step-by-step descriptions of key desktop and server components, and the actual distributions on CD and DVD, let readers get started using Linux immediately. The Bible will serve a broad range of readers, from those starting with Linux to anyone looking to evaluate different Linux distributions. It also covers broad usage including Linux desktops, servers, and firewall/routers.

New features: Instead of just telling you about how the technology works, new "Bringing Linux In" sections describe how people have implemented Linux in the real world. New sections describe real-life examples, such as how:

A Small office created an inexpensive Web, print, and file server

A do-it-yourselfer combined Linux audio and video features to create a home multimedia center

A school build a computer lab with free educational software

A large corporation deployed thousands of Linux systems

Posted by Cyber Trunks

"A fantastic book for anyone looking to learn the tools and techniques needed to break in and stay in." --Bruce Potter, Founder, The Shmoo Group

"Very highly recommended whether you are a seasoned professional or just starting out in the security business." --Simple Nomad, Hacker
Table of contents

Part I: Introduction to Ethical Disclosure
Chapter 1. Ethics of Ethical Hacking
Chapter 2. Ethical Hacking and the Legal System
Chapter 3. Proper and Ethical Disclosure
Part II: Penetration Testing and Tools
Chapter 4. Using Metasploit
Chapter 5. Using the BackTrack LiveCD Linux Distribution
Part III: Exploits 101
Chapter 6. Programming Survival Skills
Chapter 7. Basic Linux Exploits
Chapter 8. Advanced Linux Exploits
Chapter 9. Shellcode Strategies
Chapter 10. Writing Linux Shellcode
Chapter 11. Basic Windows Exploits
Part IV: Vulnerability Analysis
Chapter 12. Passive Analysis
Chapter 13. Advanced Static Analysis with IDA Pro
Chapter 14. Advanced Reverse Engineering
Chapter 15. Client-Side Browser Exploits
Chapter 16. Exploiting Windows Access Control Model for Local Elevation of Privilege
Chapter 17. Intelligent Fuzzing with Sulley
Chapter 18. From Vulnerability to Exploit
Chapter 19. Closing the Holes: Mitigation
Part V: Malware Analysis
Chapter 20. Collecting Malware and Initial Analysis
Chapter 21. Hacking Malware

Posted by Cyber Trunks

This is the first book available for the Metasploit Framework (MSF), which is the attack platform of choice for one of the fastest growing careers in IT security: Penetration Testing. The book and companion Web site will provide professional penetration testers and security researchers with a fully integrated suite of tools for discovering, running, and testing exploit code.

This book discusses how to use the Metasploit Framework (MSF) as an exploitation platform. The book begins with a detailed discussion of the three MSF interfaces: msfweb, msfconsole, and msfcli .This chapter demonstrates all of the features offered by the MSF as an exploitation platform. With a solid understanding of MSFs capabilities, the book then details techniques for dramatically reducing the amount of time required for developing functional exploits.
By working through a real-world vulnerabilities against popular closed source applications, the reader will learn how to use the tools and MSF to quickly build reliable attacks as standalone exploits. The section will also explain how to integrate an exploit directly into the Metasploit Framework by providing a line-by-line analysis of an integrated exploit module. Details as to how the Metasploit engine drives the behind-the-scenes exploitation process will be covered, and along the way the reader will come to understand the advantages of exploitation frameworks. The final section of the book examines the Meterpreter payload system and teaches readers to develop completely new extensions that will integrate fluidly with the Metasploit Framework.

Posted by Cyber Trunks

Posted by Cyber Trunks

The Hacker Highschool project is the development of license-free, security and privacy awareness teaching materials and back-end support for teachers of elementary, junior high, and high school students.

Today's kids and teens are in a world with major communication and productivity channels open to them and they don't have the knowledge to defend themselves against the fraud, identity theft, privacy leaks and other attacks made against them just for using the Internet. This is the reason for Hacker Highschool.

In HHS, you will find lessons on utilizing Internet resources safely such as web privacy, chat protection, viruses and trojans (malware), and the over-all focus on how to recognize security problems on your computer. All lessons work with a free "live linux" CD which will boot off any PC with a CD-rom drive to perform the lessons. HHS is a great supplement to student course work or as part of after-school and club activities.

The HHS program is developed by ISECOM, a non-profit, open-source research group focused on security awareness and professional security development and accreditation.

A Table of contents & Glossary
Lesson 01 - Being a Hacker
Lesson 02 - Windows and Linux
Lesson 03 - Ports and Protocols
Lesson 04 - Services and Connections
Lesson 05 - System Identification
Lesson 06 - Malware (Viruses, Trojans, etc.)
Lesson 07 - Attack Analysis
Lesson 08 - Digital Forensics
Lesson 09 - E-mail Security and Privacy
Lesson 10 - Web Security and Privacy
Lesson 11 - Passwords
Lesson 12 - Internet Legalities and Ethics

Posted by Cyber Trunks

A description and analysis of the vulnerabilities caused by programming errors in Web applications, this book is written from both from the attacker's and security specialist's perspective. Covered is detecting, investigating, exploiting, and eliminating vulnerabilities in Web applications as well as errors such as PHP source code injection, SQL injection, and XSS. The most common vulnerabilities in PHP and Perl scripts and methods of exploiting these weaknesses are described, information on writing intersite scripts and secure systems for the hosted sites, creating secure authorization systems, and bypassing authorization. Uncovered is how attackers can benefit from the hosted target and why an apparently normal-working application might be vulnerable.

Posted by Cyber Trunks

Going beyond the issues of analyzing and optimizing programs as well as creating the means of protecting information, this guide takes on the programming problem of, once having found holes in a program, how to go about disassembling it without its source code. Covered are the hacking methods used to analyze programs using a debugger and disassembler. These methods include virtual functions, local and global variables, branching, loops, objects and their hierarchy, and mathematical operators. Also covered are methods of fighting disassemblers, self-modifying code in operating systems, and executing code in the stack. Advanced disassembler topics such as optimizing compilers and movable code are discussed as well.

Book Info
Text shows how to analyze programs without its source code, using a debugger and a disassembler. Covers hacking methods including virtual functions, local and global variables, branching, loops, objects and their hierarchy, and mathematical operators. For intermediate to advanced level programmers.

Posted by Cyber Trunks
Your Ad Here