Penetration Testing Bootcamp. Quickly get up and running with pentesting techniques

Jason Beltrame

Penetration Testing Bootcamp delivers practical, learning modules in manageable chunks. Each chapter is delivered in a day, and each day builds your competency in Penetration Testing.This book will begin by taking you through the basics and show you how to set up and maintain the C&C Server. You will also understand how to scan for vulnerabilities and Metasploit, learn how to setup connectivity to a C&C server and maintain that connectivity for your intelligence gathering as well as offsite processing. Using TCPDump filters, you will gain understanding of the sniffing and spoofing traffic. This book will also teach you the importance of clearing up the tracks you leave behind after the penetration test and will show you how to build a report from all the data obtained from the penetration test.In totality, this book will equip you with instructions through rigorous tasks, practical callouts, and assignments to reinforce your understanding of penetration testing.

Pentesting APIs. A practical guide to discovering, fingerprinting, and exploiting APIs

Maurício Harley

Understanding API security is crucial as APIs form the backbone of modern interconnected applications, making them prime targets for cyberattacks. Drawing on nearly 30 years of cybersecurity experience and an extensive background in network security and forensic analysis, this book provides the knowledge and tools to strengthen your API security practices and protect against cyber threats comprehensively.This book begins by establishing a foundational understanding of APIs, particularly focusing on REST and GraphQL, emphasizing their critical role and potential security vulnerabilities. It guides you through setting up a penetration testing environment to ensure the practical application of concepts. You’ll learn reconnaissance techniques, information-gathering strategies, and the discovery of API vulnerabilities. Authentication and authorization testing are thoroughly explored, covering mechanisms, weaknesses, and methods to bypass security controls. By comprehensively addressing these aspects, the book equips you to understand, identify, and mitigate risks, strengthening API security and effectively minimizing potential attack surfaces.By the end of this book, you’ll have developed practical skills to identify, exploit, and secure APIs against various vulnerabilities and attacks.

Pentesting Industrial Control Systems. An ethical hacker's guide to analyzing, compromising, mitigating, and securing industrial processes

Paul Smith

The industrial cybersecurity domain has grown significantly in recent years. To completely secure critical infrastructure, red teams must be employed to continuously test and exploit the security integrity of a company's people, processes, and products.This is a unique pentesting book, which takes a different approach by helping you gain hands-on experience with equipment that you’ll come across in the field. This will enable you to understand how industrial equipment interacts and operates within an operational environment.You'll start by getting to grips with the basics of industrial processes, and then see how to create and break the process, along with gathering open-source intel to create a threat landscape for your potential customer. As you advance, you'll find out how to install and utilize offensive techniques used by professional hackers. Throughout the book, you'll explore industrial equipment, port and service discovery, pivoting, and much more, before finally launching attacks against systems in an industrial network.By the end of this penetration testing book, you'll not only understand how to analyze and navigate the intricacies of an industrial control system (ICS), but you'll also have developed essential offensive and defensive skills to proactively protect industrial networks from modern cyberattacks.

Performance Testing with JMeter 3. Enhance the performance of your web application - Third Edition

Bayo Erinle

JMeter is a Java application designed to load and test performance for web application. JMeter extends to improve the functioning of various other static and dynamic resources. This book is a great starting point to learn about JMeter. It covers the new features introduced with JMeter 3 and enables you to dive deep into the new techniques needed for measuring your website performance.The book starts with the basics of performance testing and guides you through recording your first test scenario, before diving deeper into JMeter. You will also learn how to configure JMeter and browsers to help record test plans.Moving on, you will learn how to capture form submission in JMeter, dive into managing sessions with JMeter and see how to leverage some of the components provided by JMeter to handle web application HTTP sessions. You will also learn how JMeter can help monitor tests in real-time.Further, you will go in depth into distributed testing and see how to leverage the capabilities of JMeter to accomplish this. You will get acquainted with some tips and best practices with regard to performance testing. By the end of the book, you will have learned how to take full advantage of the real power behind Apache JMeter.

Podstawy ochrony komputerów

G T Gangemi, Rick Lehtinen, Deborah Russell

Zadbaj o bezpieczeństwo swojego komputera Poznaj zagrożenia, na jakie narażony jest komputer Naucz się kontrolować dostęp do komputera Stosuj techniki zapewniające bezpieczeństwo w sieci Czy mój komputer na pewno jest bezpieczny? Wiele osób zadaje sobie to pytanie dopiero w momencie, kiedy system zaczyna zachowywać się w podejrzany sposób. Okazuje się wówczas, że skaner wykrywa dziesiątki, a nawet setki wirusów, programy zaczynają działać nieprawidłowo, a z dysku giną ważne dane. Pół biedy, jeśli jest to tylko domowy komputer z prywatnymi plikami. Dużo gorsze skutki może mieć włamanie do firmowej bazy danych lub przechwycenie poufnej komunikacji. Książka "Podstawy ochrony komputerów" to wszechstronne wprowadzenie do najważniejszych zagadnień dotyczących bezpieczeństwa danych i sprzętu. Czytając ją, poznasz zagrożenia, jakie czyhają na użytkowników komputerów, ale także skuteczne techniki ochrony. Nauczysz się kontrolować dostęp do danych, prowadzić efektywną politykę zabezpieczeń, wykrywać i usuwać wirusy oraz zapobiegać przenikaniu ich do systemu. Dowiesz się, jak zapewnić bezpieczeństwo komputera w sieci oraz jak używać szyfrowania do przesyłania poufnych informacji. Przeczytasz też o najnowszych technikach zabezpieczenia bazującego na danych biometrycznych (wzorze siatkówki czy odciskach palców) oraz ochronie sieci bezprzewodowych. Niebezpieczeństwa grożące użytkownikom komputerów Kontrolowanie dostępu do komputera Walka z wirusami Prowadzenie skutecznej polityki zabezpieczeń Bezpieczne korzystanie z sieci Szyfrowanie poufnych danych Komunikacja bez ryzyka Zabezpieczenia biometryczne Tworzenie bezpiecznych sieci bezprzewodowych Stosuj skuteczne zabezpieczenia i zapewnij maksymalne bezpieczeństwo swojemu komputerowi!

PowerShell Automation and Scripting for Cybersecurity. Hacking and defense for red and blue teamers

Miriam C. Wiesner, Tanya Janca

Take your cybersecurity skills to the next level with this comprehensive guide to PowerShell security! Whether you’re a red or blue teamer, you’ll gain a deep understanding of PowerShell’s security capabilities and how to use them. After revisiting PowerShell basics and scripting fundamentals, you’ll dive into PowerShell Remoting and remote management technologies. You’ll learn how to configure and analyze Windows event logs and understand the most important event logs and IDs to monitor your environment. You’ll dig deeper into PowerShell’s capabilities to interact with the underlying system, Active Directory and Azure AD. Additionally, you’ll explore Windows internals including APIs and WMI, and how to run PowerShell without powershell.exe. You’ll uncover authentication protocols, enumeration, credential theft, and exploitation, to help mitigate risks in your environment, along with a red and blue team cookbook for day-to-day security tasks. Finally, you’ll delve into mitigations, including Just Enough Administration, AMSI, application control, and code signing, with a focus on configuration, risks, exploitation, bypasses, and best practices. By the end of this book, you’ll have a deep understanding of how to employ PowerShell from both a red and blue team perspective.

Practical Cybersecurity Architecture. A guide to creating and implementing robust designs for cybersecurity architects - Second Edition

Diana Kelley, Ed Moyle

Cybersecurity architecture is the discipline of systematically ensuring that an organization is resilient against cybersecurity threats. Cybersecurity architects work in tandem with stakeholders to create a vision for security in the organization and create designs that are implementable, goal-based, and aligned with the organization’s governance strategy.Within this book, you'll learn the fundamentals of cybersecurity architecture as a practical discipline. These fundamentals are evergreen approaches that, once mastered, can be applied and adapted to new and emerging technologies like artificial intelligence and machine learning. You’ll learn how to address and mitigate risks, design secure solutions in a purposeful and repeatable way, communicate with others about security designs, and bring designs to fruition. This new edition outlines strategies to help you work with execution teams to make your vision a reality, along with ways of keeping designs relevant over time. As you progress, you'll also learn about well-known frameworks for building robust designs and strategies that you can adopt to create your own designs.By the end of this book, you’ll have the foundational skills required to build infrastructure, cloud, AI, and application solutions for today and well into the future with robust security components for your organization.

Practical Hardware Pentesting. Learn attack and defense techniques for embedded systems in IoT and other devices - Second Edition

Jean-Georges Valle

Practical Hardware Pentesting, Second Edition, is an example-driven guide that will help you plan attacks, hack your embedded devices, and secure the hardware infrastructure.Throughout the book, you’ll explore the functional and security aspects of a device and learn how a system senses and communicates with the outside world. You’ll set up a lab from scratch and gradually work towards an advanced hardware lab.The first part of this book will get you attacking the software of an embedded device. This will get you thinking from an attacker point of view; you’ll understand how devices are attacked, compromised, and how you can harden a device against the most common hardware attack vectors. As you progress, you’ll get to grips with the global architecture of an embedded system and sniff on-board traffic, learn how to identify and formalize threats to the embedded system, and understand its relationship with its ecosystem. This 2nd Edition covers real-world examples featuring various devices like smart TVs, baby monitors, or pacemakers, you’ll discover how to analyze hardware and locate its possible vulnerabilities before going on to explore firmware dumping, analysis, and exploitation.By the end of this book, you’ll and understand how to implement best practices to secure your hardware.

Practical Memory Forensics. Jumpstart effective forensic analysis of volatile memory

Svetlana Ostrovskaya, Oleg Skulkin

Memory Forensics is a powerful analysis technique that can be used in different areas, from incident response to malware analysis. With memory forensics, you can not only gain key insights into the user's context but also look for unique traces of malware, in some cases, to piece together the puzzle of a sophisticated targeted attack.Starting with an introduction to memory forensics, this book will gradually take you through more modern concepts of hunting and investigating advanced malware using free tools and memory analysis frameworks. This book takes a practical approach and uses memory images from real incidents to help you gain a better understanding of the subject and develop the skills required to investigate and respond to malware-related incidents and complex targeted attacks. You'll cover Windows, Linux, and macOS internals and explore techniques and tools to detect, investigate, and hunt threats using memory forensics. Equipped with this knowledge, you'll be able to create and analyze memory dumps on your own, examine user activity, detect traces of fileless and memory-based malware, and reconstruct the actions taken by threat actors.By the end of this book, you'll be well-versed in memory forensics and have gained hands-on experience of using various tools associated with it.

Practical Mobile Forensics. A hands-on guide to mastering mobile forensics for the iOS, Android, and the Windows Phone platforms - Third Edition

Rohit Tamma, Oleg Skulkin, Heather Mahalik, Satish Bommisetty

Covering up-to-date mobile platforms, this book will focuses on teaching you the most recent techniques for investigating mobile devices. We delve mobile forensics techniques in iOS 9-11, Android 7-8 devices, and Windows 10. We will demonstrate the latest open source and commercial mobile forensics tools, enabling you to analyze and retrieve data effectively. You will learn how to introspect and retrieve data from the cloud, and document and prepare reports of your investigations. By the end of this book, you will have mastered the current operating systems and the relevant techniques to recover data from mobile devices by leveraging open source solutions.

Practical Network Scanning. Capture network vulnerabilities using standard tools such as Nmap and Nessus

Ajay Singh Chauhan

Network scanning is the process of assessing a network to identify an active host network; same methods can be used by an attacker or network administrator for security assessment. This procedure plays a vital role in risk assessment programs or while preparing a security plan for your organization.Practical Network Scanning starts with the concept of network scanning and how organizations can benefit from it. Then, going forward, we delve into the different scanning steps, such as service detection, firewall detection, TCP/IP port detection, and OS detection. We also implement these concepts using a few of the most prominent tools on the market, such as Nessus and Nmap. In the concluding chapters, we prepare a complete vulnerability assessment plan for your organization. By the end of this book, you will have hands-on experience in performing network scanning using different tools and in choosing the best tools for your system.

Practical OneOps. Implement DevOps with ease

Nilesh Nimkar

Walmart’s OneOps is an open source DevOps platform that is used for cloud and application lifecycle management. It can manage critical and complex application workload on any multi cloud-based infrastructure and revolutionizes the way administrators, developers, and engineers develop and launch new products.This practical book focuses on real-life cases and hands-on scenarios to develop, launch, and test your applications faster, so you can implement the DevOps process using OneOps.You will be exposed to the fundamental aspects of OneOps starting with installing, deploying, and configuring OneOps in a test environment, which will also come in handy later for development and debugging. You will also learn about design and architecture, and work through steps to perform enterprise level deployment. You will understand the initial setup of OneOps such as creating organization, teams, and access management. Finally, you will be taught how to configure, repair, scale, and extend applications across various cloud platforms.

Practical Security Automation and Testing. Tools and techniques for automated security scanning and testing in DevSecOps

Tony Hsiang-Chih Hsu

Security automation is the automatic handling of software security assessments tasks. This book helps you to build your security automation framework to scan for vulnerabilities without human intervention.This book will teach you to adopt security automation techniques to continuously improve your entire software development and security testing. You will learn to use open source tools and techniques to integrate security testing tools directly into your CI/CD framework. With this book, you will see how to implement security inspection at every layer, such as secure code inspection, fuzz testing, Rest API, privacy, infrastructure security, and web UI testing. With the help of practical examples, this book will teach you to implement the combination of automation and Security in DevOps. You will learn about the integration of security testing results for an overall security status for projects.By the end of this book, you will be confident implementing automation security in all layers of your software development stages and will be able to build your own in-house security automation platform throughout your mobile and cloud releases.

Practical Threat Detection Engineering. A hands-on guide to planning, developing, and validating detection capabilities

Megan Roddie, Jason Deyalsingh, Gary J. Katz

Threat validation is an indispensable component of every security detection program, ensuring a healthy detection pipeline. This comprehensive detection engineering guide will serve as an introduction for those who are new to detection validation, providing valuable guidelines to swiftly bring you up to speed.The book will show you how to apply the supplied frameworks to assess, test, and validate your detection program. It covers the entire life cycle of a detection, from creation to validation, with the help of real-world examples. Featuring hands-on tutorials and projects, this guide will enable you to confidently validate the detections in your security program. This book serves as your guide to building a career in detection engineering, highlighting the essential skills and knowledge vital for detection engineers in today's landscape.By the end of this book, you’ll have developed the skills necessary to test your security detection program and strengthen your organization’s security measures.

Practical Threat Intelligence and Data-Driven Threat Hunting. A hands-on guide to threat hunting with the ATT&CK™ Framework and open source tools

Valentina Costa-Gazcón

Threat hunting (TH) provides cybersecurity analysts and enterprises with the opportunity to proactively defend themselves by getting ahead of threats before they can cause major damage to their business.This book is not only an introduction for those who don’t know much about the cyber threat intelligence (CTI) and TH world, but also a guide for those with more advanced knowledge of other cybersecurity fields who are looking to implement a TH program from scratch.You will start by exploring what threat intelligence is and how it can be used to detect and prevent cyber threats. As you progress, you’ll learn how to collect data, along with understanding it by developing data models. The book will also show you how to set up an environment for TH using open source tools. Later, you will focus on how to plan a hunt with practical examples, before going on to explore the MITRE ATT&CK framework.By the end of this book, you’ll have the skills you need to be able to carry out effective hunts in your own environment.

Practical Web Penetration Testing. Secure web applications using Burp Suite, Nmap, Metasploit, and more

Gus Khawaja

Companies all over the world want to hire professionals dedicated to application security. Practical Web Penetration Testing focuses on this very trend, teaching you how to conduct application security testing using real-life scenarios.To start with, you’ll set up an environment to perform web application penetration testing. You will then explore different penetration testing concepts such as threat modeling, intrusion test, infrastructure security threat, and more, in combination with advanced concepts such as Python scripting for automation. Once you are done learning the basics, you will discover end-to-end implementation of tools such as Metasploit, Burp Suite, and Kali Linux. Many companies deliver projects into production by using either Agile or Waterfall methodology. This book shows you how to assist any company with their SDLC approach and helps you on your journey to becoming an application security specialist.By the end of this book, you will have hands-on knowledge of using different tools for penetration testing.