Adversarial Tradecraft in Cybersecurity. Offense versus defense in real-time computer conflict

Dan Borges

Little has been written about what to do when live hackers are on your system and running amok. Even experienced hackers tend to choke up when they realize the network defender has caught them and is zoning in on their implants in real time. This book will provide tips and tricks all along the kill chain of an attack, showing where hackers can have the upper hand in a live conflict and how defenders can outsmart them in this adversarial game of computer cat and mouse.This audiobook contains two subsections in each chapter, specifically focusing on the offensive and defensive teams. It begins by introducing you to adversarial operations and principles of computer conflict where you will explore the core principles of deception, humanity, economy, and more about human-on-human conflicts. Additionally, you will understand everything from planning to setting up infrastructure and tooling that both sides should have in place.Throughout this audiobook, you will learn how to gain an advantage over opponents by disappearing from what they can detect. You will further understand how to blend in, uncover other actors’ motivations and means, and learn to tamper with them to hinder their ability to detect your presence. Finally, you will learn how to gain an advantage through advanced research and thoughtfully concluding an operation.By the end of this audiobook, you will have achieved a solid understanding of cyberattacks from both an attacker’s and a defender’s perspective.

AWS Certified Cloud Practitioner Exam Guide. Build your cloud computing knowledge and build your skills as an AWS Certified Cloud Practitioner (CLF-C01)

Rajesh Daswani

Amazon Web Services is the largest cloud computing service provider in the world. Its foundational certification, AWS Certified Cloud Practitioner (CLF-C01), is the first step to fast-tracking your career in cloud computing. This certification will add value even to those in non-IT roles, including professionals from sales, legal, and finance who may be working with cloud computing or AWS projects. If you are a seasoned IT professional, this certification will make it easier for you to prepare for more technical certifications to progress up the AWS ladder and improve your career prospects.The book is divided into four parts. The first part focuses on the fundamentals of cloud computing and the AWS global infrastructure. The second part examines key AWS technology services, including compute, network, storage, and database services. The third part covers AWS security, the shared responsibility model, and several security tools. In the final part, you'll study the fundamentals of cloud economics and AWS pricing models and billing practices.Complete with exercises that highlight best practices for designing solutions, detailed use cases for each of the AWS services, quizzes, and two complete practice tests, this CLF-C01 exam study guide will help you gain the knowledge and hands-on experience necessary to ace the AWS Certified Cloud Practitioner exam.

Bezpiecznie już było. Jak żyć w świecie sieci, terrorystów i ciągłej niepewności

Paulina Polko, Roman Polko

  XXI wiek wszystkich strachów   W roku 1989 pożegnaliśmy komunizm i - nie wiedząc wtedy jeszcze o tym - powitaliśmy niepewność jutra. Zniknęły gwarancje zatrudnienia, jako społeczeństwo odbyliśmy przyspieszony kurs ekonomicznej samodzielności. Do NATO wkraczaliśmy z kilkunastoprocentowym bezrobociem i wielką rzeszą ludzi żyjących poniżej progu ubóstwa, ale gdzieś na niezbyt odległym horyzoncie pojawiła się już perspektywa wstąpienia do Unii Europejskiej i nadzieja na otwarcie się zagranicznych rynków na polskich pracowników. Później w dalekim Nowym Jorku w zamachu terrorystycznym runęły dwie wieże World Trade Center. To nas przeraziło, ale terroryści z turbanami na głowach byli dla nas tak odlegli jak - nie przymierzając - kosmici. Na naszym kontynencie był spokój, a w naszym kraju czuliśmy się szczególnie bezpiecznie, uznając, że to peryferia Zachodu. O, czyżby? Drugie dziesięciolecie obecnego wieku wytrąciło nas ze strefy komfortu. Za wschodnią granicą wybuchła regularna, choć oficjalnie niewypowiedziana wojna. Terroryści wyprowadzili się z odległego Iraku i Afganistanu, wybierając zamiast nich obiecaną ziemię Europy. Dziś już raz po raz natykamy się w internecie na cybernetyczne potyczki sterowanych sieciowych trolli. Z tsunami fake newsów coraz trudniej wyłowić rzetelne informacje... Czego naprawdę należy się bać? Czy będziemy obiektem ataku terrorystycznego? Czy polską ziemię mogą rozjechać rosyjskie czołgi? A może lepiej zamknąć oczy na politykę i zwyczajnie pilnować kursu franka, bo tym, co najbardziej zagraża naszemu bezpieczeństwu, są wahania wartości szwajcarskiej waluty? Jak żyć w świecie, który nieprędko (jeśli kiedykolwiek) znów będzie względnie bezpieczny, i nie dać się zwariować?   Co nam zagraża? Jak żyć bezpiecznie w sieciowej rzeczywistości? Jaka jest hierarchia potrzeb człowieka w świecie ciągłej niepewności? Odpowiedź na te fundamentalne pytania stanowi treść bogatej w fakty i przemyślenia książki Pauliny i Romana Polko. Napisana barwnym językiem, w sposób niezwykle przystępny tłumaczy czytelnikowi zawiłości i fenomeny współczesnego świata: konsekwencje migracji, terroryzmu, globalnego ocieplenia; zagadnienia wojen informacyjnych i cyberbezpieczeństwa, rywalizacji o zasoby i surowce naturalne. Nie zapomina przy tym o wyzwaniach bardziej tradycyjnych, związanych z konfliktami zbrojnymi i ekspansją terytorialną, współzawodnictwem ekonomicznym czy też przesuwaniem się ciężkości świata w kierunku Dalekiego Wschodu. Ciekawa, barwna i pełna szczegółów opowieść o bezpieczeństwie Polski i świata w XXI wieku. Nieszablonowa, obalająca stereotypy i polityczne mistyfikacje; pozwalająca zrozumieć wyzwania przyszłości, a nie rozpamiętywać przeszłe konflikty. Lektura obowiązkowa nie tylko dla zainteresowanych sprawami międzynarodowymi w naszym kraju. Aleksander Kwaśniewski, Prezydent RP w latach 1995-2005  

Building a Cyber Resilient Business. A cyber handbook for executives and boards

Dr. Magda Lilia Chelly, Shamane Tan, Hai Tran

With cyberattacks on the rise, it has become essential for C-suite executives and board members to step up and collectively recognize cyber risk as a top priority business risk. However, non-cyber executives find it challenging to understand their role in increasing the business’s cyber resilience due to its complex nature and the lack of a clear return on investment.This audiobook demystifies the perception that cybersecurity is a technical problem, drawing parallels between the key responsibilities of the C-suite roles to line up with the mission of the Chief Information Security Officer (CISO).The audiobook equips you with all you need to know about cyber risks to run the business effectively. Each chapter provides a holistic overview of the dynamic priorities of the C-suite (from the CFO to the CIO, COO, CRO, and so on), and unpacks how cybersecurity must be embedded in every business function. The audiobook also contains self-assessment questions, which are a helpful tool in evaluating any major cybersecurity initiatives and/or investment required.With this audiobook, you’ll have a deeper appreciation of the various ways all executives can contribute to the organization’s cyber program, in close collaboration with the CISO and the security team, and achieve a cyber-resilient, profitable, and sustainable business.

Cloud Auditing Best Practices. Perform Security and IT Audits across AWS, Azure, and GCP by building effective cloud auditing plans

As more and more companies are moving to cloud and multi-cloud environments, being able to assess the compliance of these environments properly is becoming more important. But in this fast-moving domain, getting the most up-to-date information is a challenge—so where do you turn?Cloud Auditing Best Practices has all the information you’ll need. With an explanation of the fundamental concepts and hands-on walk-throughs of the three big cloud players, this audiobook will get you up to speed with cloud auditing before you know it.After a quick introduction to cloud architecture and an understanding of the importance of performing cloud control assessments, you’ll quickly get to grips with navigating AWS, Azure, and GCP cloud environments. As you explore the vital role an IT auditor plays in any company’s network, you'll learn how to successfully build cloud IT auditing programs, including using standard tools such as Terraform, Azure Automation, AWS Policy Sentry, and many more.You’ll also get plenty of tips and tricks for preparing an effective and advanced audit and understanding how to monitor and assess cloud environments using standard tools.By the end of this audiobook, you will be able to confidently apply and assess security controls for AWS, Azure, and GCP, allowing you to independently and effectively confirm compliance in the cloud.

Cloud Identity Patterns and Strategies. Design enterprise cloud identity models with OAuth 2.0 and Azure Active Directory

Giuseppe Di Federico, Fabrizio Barcaroli

Identity is paramount for every architecture design, making it crucial for enterprise and solutions architects to understand the benefits and pitfalls of implementing identity patterns. However, information on cloud identity patterns is generally scattered across different sources and rarely approached from an architect’s perspective, and this is what Cloud Identity Patterns and Strategies aims to solve, empowering solutions architects to take an active part in implementing identity solutions.Throughout this audiobook, you’ll cover various theoretical topics along with practical examples that follow the implementation of a standard de facto identity provider (IdP) in an enterprise, such as Azure Active Directory. As you progress through the chapters, you’ll explore the different factors that contribute to an enterprise's current status quo around identities and harness modern authentication approaches to meet specific requirements of an enterprise. You’ll also be able to make sense of how modern application designs are impacted by the company’s choices and move on to recognize how a healthy organization tackles identity and critical tasks that the development teams pivot on.By the end of this audiobook, you’ll be able to breeze through creating portable, robust, and reliable applications that can interact with each other.

CompTIA CASP+ CAS-004 Certification Guide. Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam

CompTIA Advanced Security Practitioner (CASP+) ensures that security practitioners stay on top of the ever-changing security landscape. The CompTIA CASP+ CAS-004 Certification Guide offers complete, up-to-date coverage of the CompTIA CAS-004 exam so you can take it with confidence, fully equipped to pass on the first attempt.Written in a clear, succinct way with self-assessment questions, exam tips, and mock exams with detailed explanations, this audiobook covers security architecture, security operations, security engineering, cryptography, governance, risk, and compliance. You'll begin by developing the skills to architect, engineer, integrate, and implement secure solutions across complex environments to support a resilient enterprise. Moving on, you'll discover how to monitor and detect security incidents, implement incident response, and use automation to proactively support ongoing security operations. The audiobook also shows you how to apply security practices in the cloud, on-premises, to endpoints, and to mobile infrastructure. Finally, you'll understand the impact of governance, risk, and compliance requirements throughout the enterprise.By the end of this CASP study guide, you'll have covered everything you need to pass the CompTIA CASP+ CAS-004 certification exam and have a handy reference guide.

Cyber Warfare - Truth, Tactics, and Strategies. Strategic concepts and truths to help you and your organization survive on the battleground of cyber warfare

Dr. Chase Cunningham

The era of cyber warfare is now upon us. What we do now and how we determine what we will do in the future is the difference between whether our businesses live or die and whether our digital self survives the digital battlefield. Cyber Warfare – Truth, Tactics, and Strategies takes you on a journey through the myriad of cyber attacks and threats that are present in a world powered by AI, big data, autonomous vehicles, drones video, and social media.Dr. Chase Cunningham uses his military background to provide you with a unique perspective on cyber security and warfare. Moving away from a reactive stance to one that is forward-looking, he aims to prepare people and organizations to better defend themselves in a world where there are no borders or perimeters. He demonstrates how the cyber landscape is growing infinitely more complex and is continuously evolving at the speed of light.The audiobook not only covers cyber warfare, but it also looks at the political, cultural, and geographical influences that pertain to these attack methods and helps you understand the motivation and impacts that are likely in each scenario.Cyber Warfare – Truth, Tactics, and Strategies is as real-life and up-to-date as cyber can possibly be, with examples of actual attacks and defense techniques, tools. and strategies presented for you to learn how to think about defending your own systems and data.

Cybersecurity and Privacy Law Handbook. A beginner's guide to dealing with privacy and security while keeping hackers at bay

Walter Rocchi

Cybercriminals are incessantly coming up with new ways to compromise online systems and wreak havoc, creating an ever-growing need for cybersecurity practitioners in every organization across the globe who understand international security standards, such as the ISO27k family of standards.If you’re looking to ensure that your company's data conforms to these standards, Cybersecurity and Privacy Law Handbook has got you covered. It'll not only equip you with the rudiments of cybersecurity but also guide you through privacy laws and explain how you can ensure compliance to protect yourself from cybercrime and avoid the hefty fines imposed for non-compliance with standards.Assuming that you're new to the field, this book starts by introducing cybersecurity frameworks and concepts used throughout the chapters. You'll understand why privacy is paramount and how to find the security gaps in your company's systems. There's a practical element to the book as well—you'll prepare policies and procedures to prevent your company from being breached. You’ll complete your learning journey by exploring cloud security and the complex nature of privacy laws in the US.By the end of this cybersecurity book, you'll be well-placed to protect your company's data and comply with the relevant standards.

Cybersecurity Career Master Plan. Proven techniques and effective tips to help you advance in your cybersecurity career

Dr. Gerald Auger, Jaclyn "Jax" Scott, Jonathan Helmus, Kim Nguyen, ...

Cybersecurity is an emerging career trend and will continue to become increasingly important. Despite the lucrative pay and significant career growth opportunities, many people are unsure of how to get started.This audiobook is designed by leading industry experts to help you enter the world of cybersecurity with confidence, covering everything from gaining the right certification to tips and tools for finding your first job. The audiobook starts by helping you gain a foundational understanding of cybersecurity, covering cyber law, cyber policy, and frameworks. Next, you'll focus on how to choose the career field best suited to you from options such as security operations, penetration testing, and risk analysis. The audiobook also guides you through the different certification options as well as the pros and cons of a formal college education versus formal certificate courses. Later, you'll discover the importance of defining and understanding your brand. Finally, you'll get up to speed with different career paths and learning opportunities.By the end of this cyber audiobook, you will have gained the knowledge you need to clearly define your career path and develop goals relating to career progression.

Cybersecurity Leadership Demystified. A comprehensive guide to becoming a world-class modern cybersecurity leader and global CISO

Dr. Erdal Ozkaya

The chief information security officer (CISO) is responsible for an organization's information and data security. The CISO's role is challenging as it demands a solid technical foundation as well as effective communication skills. This audiobook is for busy cybersecurity leaders and executives looking to gain deep insights into the domains important for becoming a competent cybersecurity leader.The audiobook begins by introducing you to the CISO's role, where you'll learn key definitions, explore the responsibilities involved, and understand how you can become an efficient CISO. You'll then be taken through end-to-end security operations and compliance standards to help you get to grips with the security landscape. In order to be a good leader, you'll need a good team. This book guides you in building your dream team by familiarizing you with HR management, documentation, and stakeholder onboarding. Despite taking all that care, you might still fall prey to cyber attacks; this audiobook will show you how to quickly respond to an incident to help your organization minimize losses, decrease vulnerabilities, and rebuild services and processes. Finally, you'll explore other key CISO skills that'll help you communicate at both senior and operational levels.By the end of this audiobook, you'll have gained a complete understanding of the CISO's role and be ready to advance your career.

Hack the Cybersecurity Interview. A complete interview preparation guide for jumpstarting your cybersecurity career

Kenneth Underhill, Christophe Foulon, Tia Hopkins, Mari Galloway

This audiobook is a comprehensive guide that helps both entry-level and experienced cybersecurity professionals prepare for interviews in a wide variety of career areas.Complete with the authors’ answers to different cybersecurity interview questions, this easy-to-follow and actionable audiobook will help you get ready and be confident. You’ll learn how to prepare and form a winning strategy for job interviews. In addition to this, you’ll also understand the most common technical and behavioral interview questions, learning from real cybersecurity professionals and executives with years of industry experience.By the end of this audiobook, you’ll be able to apply the knowledge you've gained to confidently pass your next job interview and achieve success on your cybersecurity career path.

iOS Forensics for Investigators. Take mobile forensics to the next level by analyzing, extracting, and reporting sensitive evidence

Gianluca Tiepolo

Professionals working in the mobile forensics industry will be able to put their knowledge to work with this practical guide to learning how to extract and analyze all available data from an iOS device.This audiobook is a comprehensive, how-to guide that leads investigators through the process of collecting mobile devices and preserving, extracting, and analyzing data, as well as building a report. Complete with step-by-step explanations of essential concepts, practical examples, and self-assessment questions, this book starts by covering the fundamentals of mobile forensics and how to overcome challenges in extracting data from iOS devices. Once you've walked through the basics of iOS, you’ll learn how to use commercial tools to extract and process data and manually search for artifacts stored in database files. Next, you'll find out the correct workflows for handling iOS devices and understand how to extract valuable information to track device usage. You’ll also get to grips with analyzing key artifacts, such as browser history, the pattern of life data, location data, and social network forensics.By the end of this audiobook, you'll be able to establish a proper workflow for handling iOS devices, extracting all available data, and analyzing it to gather precious insights that can be reported as prosecutable evidence.

Learn Computer Forensics. Your one-stop guide to searching, analyzing, acquiring, and securing digital evidence

William Oettinger

Computer Forensics, being a broad topic, involves a variety of skills which will involve seizing electronic evidence, acquiring data from electronic evidence, data analysis, and finally developing a forensic report.This book will help you to build up the skills you need to work in a highly technical environment. This book's ideal goal is to get you up and running with forensics tools and techniques to successfully investigate crime and corporate misconduct. You will discover ways to collect personal information about an individual from online sources. You will also learn how criminal investigations are performed online while preserving data such as e-mails, images, and videos that may be important to a case. You will further explore networking and understand Network Topologies, IP Addressing, and Network Devices. Finally, you will how to write a proper forensic report, the most exciting portion of the forensic exam process.By the end of this book, you will have developed a clear understanding of how to acquire, analyze, and present digital evidence, like a proficient computer forensics investigator.

Machine Learning Security Principles. Keep data, networks, users, and applications safe from prying eyes

John Paul Mueller, Rod Stephens

Businesses are leveraging the power of AI to make undertakings that used to be complicated and pricy much easier, faster, and cheaper. The first part of this audiobook will explore these processes in more depth, which will help you in understanding the role security plays in machine learning.As you progress to the second part, you’ll learn more about the environments where ML is commonly used and dive into the security threats that plague them using code, graphics, and real-world references.The next part of the audiobook will guide you through the process of detecting hacker behaviors in the modern computing environment, where fraud takes many forms in ML, from gaining sales through fake reviews to destroying an adversary’s reputation. Once you’ve understood hacker goals and detection techniques, you’ll learn about the ramifications of deep fakes, followed by mitigation strategies.This audiobook also takes you through best practices for embracing ethical data sourcing, which reduces the security risk associated with data. You’ll see how the simple act of removing personally identifiable information (PII) from a dataset lowers the risk of social engineering attacks.By the end of this machine learning audiobook, you'll have an increased awareness of the various attacks and the techniques to secure your ML systems effectively.

Mastering Palo Alto Networks. Build, configure, and deploy network solutions for your infrastructure using features of PAN-OS - Second Edition

Tom Piens aka 'reaper', Kim Wens aka 'kiwi'

Palo Alto Networks integrated platform makes it easy to manage network and cloud security along with endpoint protection and a wide range of security services.This audiobook is a guide to configure firewalls and deploy them in your network infrastructure. You will see how to quickly set up, configure and understand the technology, and troubleshoot any issues that may occur. This audiobook will serve as your go-to reference for everything from setting up to troubleshooting complex issues. You will learn your way around the web interface and command-line structure, understand how the technology works so you can confidently predict the expected behavior, and successfully troubleshoot any anomalies you may encounter. Finally, you will see how to deploy firewalls in a cloud environment, and special or unique considerations when setting them to protect resources.By the end of this audiobook, for your configuration setup you will instinctively know how to approach challenges, find the resources you need, and solve most issues efficiently.This is an abridged version. This condensed version aims to get you all the essential knowledge offered by our book - Mastering Palo Alto Networks in an easy-to-digest format

Microsoft Cybersecurity Architect Exam Ref SC-100. Get certified with ease while learning how to develop highly effective cybersecurity strategies

Microsoft Cybersecurity Architect Exam Ref SC-100 is a comprehensive guide that will help cybersecurity professionals design and evaluate the cybersecurity architecture of Microsoft cloud services. Complete with hands-on tutorials, projects, and self-assessment questions, you’ll have everything you need to pass the SC-100 exam.This audiobook will take you through designing a strategy for a cybersecurity architecture and evaluating the governance, risk, and compliance (GRC) of the architecture. This will include cloud-only and hybrid infrastructures, where you’ll learn how to protect using the principles of zero trust, along with evaluating security operations and the overall security posture. To make sure that you are able to take the SC-100 exam with confidence, the last chapter of this audiobook will let you test your knowledge with a mock exam and practice questions.By the end of this audiobook, you’ll have the knowledge you need to plan, design, and evaluate cybersecurity for Microsoft cloud and hybrid infrastructures, and pass the SC-100 exam with flying colors.

Operationalizing Threat Intelligence. A guide to developing and operationalizing cyber threat intelligence programs

Kyle Wilhoit, Joseph Opacki

We’re living in an era where cyber threat intelligence is becoming more important. Cyber threat intelligence routinely informs tactical and strategic decision-making throughout organizational operations. However, finding the right resources on the fundamentals of operationalizing a threat intelligence function can be challenging, and that’s where this book helps.In Operationalizing Threat Intelligence, you’ll explore cyber threat intelligence in five fundamental areas: defining threat intelligence, developing threat intelligence, collecting threat intelligence, enrichment and analysis, and finally production of threat intelligence. You’ll start by finding out what threat intelligence is and where it can be applied. Next, you’ll discover techniques for performing cyber threat intelligence collection and analysis using open source tools. The book also examines commonly used frameworks and policies as well as fundamental operational security concepts. Later, you’ll focus on enriching and analyzing threat intelligence through pivoting and threat hunting. Finally, you’ll examine detailed mechanisms for the production of intelligence.By the end of this book, you’ll be equipped with the right tools and understand what it takes to operationalize your own threat intelligence function, from collection to production.

Socjotechnika. Sztuka zdobywania władzy nad umysłami. Wydanie II

Christopher Hadnagy

Nowa książka Chrisa Hadnagy'ego, Socjotechnika. Sztuka zdobywania władzy nad umysłami jest doskonałą lekturą dla każdego, kto jest choć trochę zainteresowany kwestią inżynierii społecznej. Opisane w niej działania, od zdobywania informacji po wykonanie planu, umożliwiają infiltrację dowolnego celu. Kevin Mitnick, autor, prelegent i konsultant Wykorzystaj najlepsze techniki hackerskie, aby lepiej bronić się przed atakami. W sieci zabezpieczeń, które stworzyliśmy dla ochrony naszych danych, najsłabszym elementem jest zawsze czynnik ludzki. Hackerzy, zarówno etyczni, jak i nie, korzystają z wachlarza sztuczek opierających na "hackowaniu osobistym" i pozwalających przekonać innych do ujawnienia haseł, przekazania wrażliwych plików, przelania znacznych sum pieniędzy i świadomego podjęcia działań, które zdecydowanie nie są w najlepszym interesie osób, które wykonują te czynności. Książka Socjotechnika. Sztuka zdobywania władzy nad umysłami opisuje te sztuczki, aby umożliwić specjalistom zajmującym się bezpieczeństwem danych wykorzystanie tych umiejętności w celu odkrycia i wyeliminowania słabości zabezpieczeń. Niniejsza pozycja zarówno przedstawia techniki takie, jak modelowanie komunikacji, mentalność plemienna, obserwacja bądź manipulacja, jak i prezentuje wskazówki umożliwiające rozpoznanie, zwalczanie i zapobieganie atakom wykorzystującym inżynierię społeczną. Drugie, rozszerzone wydanie prezentuje różne techniki inżynierii społecznej, od klasycznych po najnowocześniejsze, przedstawiając je w kontekście zdarzeń znanych z pierwszych stron gazet, jak z własnych doświadczeń autora. Szczegółowe omówienie technik, takich jak wzbudzanie emocji, tworzenie pretekstu, biały wywiad, tailgating bądź phishing pozwala zrozumieć, jak łatwo jest skłonić ludzi do podjęcia szkodliwych decyzji. "W późnych latach 70. zacząłem korzystać z inżynierii społecznej, aby jeździć autobusem za darmo jako nastolatek, przechwytywać połączenia NSA w liceum i łamać dowolne zabezpieczenia w wieku studenckim. Wszystko to robiłem wyłącznie z ciekawości, chęci sprawdzenia się i żądzy przygód. Dziś, po kilku dekadach, wciąż twierdze, że inżynieria społeczna jest najważniejszą metodą każdego testu penetracji. Nie tylko ja zresztą. Agenci rządowi, hackerzy kryminalni i hacktywiści korzystają z takiej taktyki, aby kraść pieniędze, zdobywać dane a czasami nawet wpływać na wyniki wyborów w państwie." Kevin Mitnick, autor, prelegent i konsultant Posłuchaj audiobooka:

Sztuka podstępu. Łamałem ludzi, nie hasła. Wydanie II

Kevin Mitnick

Łącząc techniczną biegłość ze starą jak świat sztuką oszustwa, Kevin Mitnick staje się programistą nieobliczalnym. New York Times, 7 kwietnia 1994 Już jako nastolatek swoimi umiejętnościami zastraszył całą Amerykę. Z czasem stał się najsłynniejszym hakerem świata i wrogiem publicznym numer jeden - okrzyknięty przez media groźnym cyberprzestępcą, gorliwie ścigany przez FBI, w końcu podstępem namierzony, osaczony i spektakularnie ujęty... Uzbrojony w klawiaturę został uznany za groźnego dla społeczeństwa - wyrokiem sądu na wiele lat pozbawiono go dostępu do komputera, internetu i telefonów komórkowych. Życiorys Kevina Mitnicka jest jak scenariusz dobrego filmu sensacyjnego! Nic zatem dziwnego, że doczekał się swojej hollywoodzkiej wersji. Genialny informatyk czy mistrz manipulacji? Jak naprawdę działał człowiek, wokół wyczynów i metod którego narosło tak wiele legend? Jakim sposobem udało mu się włamać do systemów takich firm, jak Nokia, Fujitsu, Novell czy Sun Microsystems?! Zakup najdroższych technologii zabezpieczeń, karty biometryczne, intensywne szkolenia personelu, restrykcyjna polityka informacyjna czy wreszcie wynajęcie agencji ochrony - Kevin Mitnick udowodnił, że w świecie sieci i systemów poczucie bezpieczeństwa jest tylko iluzją. Ludzka naiwność, łatwowierność i ignorancja - oto najsłabsze ogniwa, wiodące do uzyskania poufnych informacji, tajnych kodów i haseł. Mitnick, obecnie najbardziej rozchwytywany ekspert w dziedzinie bezpieczeństwa komputerów, w swej niezwykłej książce przestrzega i pokazuje, jak łatwo można ominąć bariery systemów wartych miliony dolarów. Przedstawiając i analizując metody hakerów oparte na prawdziwych atakach, demonstruje, że tam, gdzie nie można znaleźć luk technicznych, zawsze skuteczne okazują się ludzkie słabości... A Ty? Jesteś w pełni świadomy narzędzi technologicznych i socjotechnicznych, które hakerzy mogą wykorzystać przeciwko Tobie? Opinie czytelników o książce Sztuka podstępu. Łamałem ludzi, nie hasła (źródło:www.helion.pl): Jeśli ktoś ma cokolwiek wspólnego z bezpieczeństwem jakiegokolwiek systemu komputerowego, to NIEprzeczytanie tej książki jest grzechem ciężkim! Tomasz Książka pokazuje, jak ludzki umysł można łatwo oszukać, jak skrótowo myśli, jak szybko wpada w rutynę i tendencyjne wyciąga wnioski. Damian Najsłynniejszy haker świata Kevin Mitnick uczy nas, jak bronić samych siebie i nasze firmy przed atakami socjotechników. Adam Mitnick przedstawia scenariusze ataków hakerskich w postaci wyjątkowo barwnych i wciągających opowieści. Sztukę podstępu czyta się jak doskonały kryminał, kryminał z wyjątkowo cennym morałem. Grzegorz Przekonaj się, że "ściśle tajne" to fikcja. A bezpieczeństwo systemu to tylko Twoje złudzenie... Książka wzbogacona o wstęp do polskiego wydania

The Ultimate Kali Linux Book. Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire

Glen D. Singh

Kali Linux is the most popular and advanced penetration testing Linux distribution within the cybersecurity industry. Using Kali Linux, a cybersecurity professional will be able to discover and exploit various vulnerabilities and perform advanced penetration testing on both enterprise wired and wireless networks.This audiobook is a comprehensive guide for those who are new to Kali Linux and penetration testing that will have you up to speed in no time. Using real-world scenarios, you’ll understand how to set up a lab and explore core penetration testing concepts. Throughout this book, you’ll focus on information gathering and even discover different vulnerability assessment tools bundled in Kali Linux. You’ll learn to discover target systems on a network, identify security flaws on devices, exploit security weaknesses and gain access to networks, set up Command and Control (C2) operations, and perform web application penetration testing. In this updated second edition, you’ll be able to compromise Active Directory and exploit enterprise networks. Finally, this audiobook covers best practices for performing complex web penetration testing techniques in a highly secured environment.By the end of this Kali Linux audiobook, you’ll have gained the skills to perform advanced penetration testing on enterprise networks using Kali Linux.