OAuth 2.0 Cookbook. Protect your web applications using Spring Security

Adolfo Eloy Nascimento

OAuth 2.0 is a standard protocol for authorization and focuses on client development simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and so on. This book also provides useful recipes for solving real-life problems using Spring Security and creating Android applications.The book starts by presenting you how to interact with some public OAuth 2.0 protected APIs such as Facebook, LinkedIn and Google. You will also be able to implement your own OAuth 2.0 provider with Spring Security OAuth2. Next, the book will cover practical scenarios regarding some important OAuth 2.0 profiles such as Dynamic Client Registration, Token Introspection and how to revoke issued access tokens. You will then be introduced to the usage of JWT, OpenID Connect, and how to safely implement native mobile OAuth 2.0 Clients.By the end of this book, you will be able to ensure that both the server and client are protected against common vulnerabilities.

Odoo 10 Implementation Cookbook. Explore the capabilities of Odoo and discover all you need to implement it

Mantavya Gajjar

Odoo is a Python-based ERP system and is completely open source. Odoo is a comprehensive suite of business applications offering a wealth of functionalities that can be deployed to meet your business needs.This book will help you manage the different functionalities of your business and optimize it. You will learn in detail about the various facets of the business process such as sales, accounting, purchases, manufacturing, and inventory. We will cover each of these topics in detail and learn how Odoo handles all these tasks with much ease. With its modular approach, you will be able to build customized solutions, take advantage of the Odoo 10 system in your organization, and master basic administration. We will cover modules and applications in Odoo that will help optimize quality checks. You will also be able to customize major reporting functions for your teams and set up forms and documents for sales, purchase, inventory, and so on. By the end of the book, you will be able to use the major functionalities of Odoo 10 and fully implement them into your business.

Offensive Security Using Python. A hands-on guide to offensive tactics and threat mitigation using practical strategies

Rejah Rehim, Manindar Mohan, Grant Ongers

Offensive Security Using Python is your go-to manual for mastering the quick-paced field of offensive security. This book is packed with valuable insights, real-world examples, and hands-on activities to help you leverage Python to navigate the complicated world of web security, exploit vulnerabilities, and automate challenging security tasks.From detecting vulnerabilities to exploiting them with cutting-edge Python techniques, you’ll gain practical insights into web security, along with guidance on how to use automation to improve the accuracy and effectiveness of your security activities. You’ll also learn how to design personalized security automation tools. While offensive security is a great way to stay ahead of emerging threats, defensive security plays an equal role in protecting organizations from cyberattacks. In this book, you’ll get to grips with Python secure coding techniques to improve your ability to recognize dangers quickly and take appropriate action. As you progress, you’ll be well on your way to handling the contemporary challenges in the field of cybersecurity using Python, as well as protecting your digital environment from growing attacks.By the end of this book, you’ll have a solid understanding of sophisticated offensive security methods and be able to stay ahead in the constantly evolving cybersecurity space.

Offensive Shellcode from Scratch. Get to grips with shellcode countermeasures and discover how to bypass them

Rishalin Pillay

Shellcoding is a technique that is executed by many red teams and used in penetration testing and real-world attacks. Books on shellcode can be complex, and writing shellcode is perceived as a kind of dark art. Offensive Shellcode from Scratch will help you to build a strong foundation of shellcode knowledge and enable you to use it with Linux and Windows.This book helps you to explore simple to more complex examples of shellcode that are used by real advanced persistent threat (APT) groups. You'll get to grips with the components of shellcode and understand which tools are used when building shellcode, along with the automated tools that exist to create shellcode payloads. As you advance through the chapters, you'll become well versed in assembly language and its various components, such as registers, flags, and data types. This shellcode book also teaches you about the compilers and decoders that are used when creating shellcode. Finally, the book takes you through various attacks that entail the use of shellcode in both Windows and Linux environments.By the end of this shellcode book, you'll have gained the knowledge needed to understand the workings of shellcode and build your own exploits by using the concepts explored.

OpenVPN Cookbook. Get the most out of OpenVPN by exploring it's advanced features. - Second Edition

Jan Just Keijser

OpenVPN provides an extensible VPN framework that has been designed to ease site-specific customization, such as providing the capability to distribute a customized installation package to clients, and supporting alternative authentication methods via OpenVPN’s plugin module interface. This book provides you with many different recipes to help you set up, monitor, and troubleshoot an OpenVPN network. You will learn to configure a scalable, load-balanced VPN server farm that can handle thousands of dynamic connections from incoming VPN clients. You will also get to grips with the encryption, authentication, security, extensibility, and certifications features of OpenSSL. You will also get an understanding of IPv6 support and will get a demonstration of how to establish a connection via IPv64. This book will explore all the advanced features of OpenVPN and even some undocumented options, covering all the common network setups such as point-to-point networks and multi-client TUN-style and TAP-style networks. Finally, you will learn to manage, secure, and troubleshoot your virtual private networks using OpenVPN 2.4.

Operationalizing Threat Intelligence. A guide to developing and operationalizing cyber threat intelligence programs

Kyle Wilhoit, Joseph Opacki

We’re living in an era where cyber threat intelligence is becoming more important. Cyber threat intelligence routinely informs tactical and strategic decision-making throughout organizational operations. However, finding the right resources on the fundamentals of operationalizing a threat intelligence function can be challenging, and that’s where this book helps.In Operationalizing Threat Intelligence, you’ll explore cyber threat intelligence in five fundamental areas: defining threat intelligence, developing threat intelligence, collecting threat intelligence, enrichment and analysis, and finally production of threat intelligence. You’ll start by finding out what threat intelligence is and where it can be applied. Next, you’ll discover techniques for performing cyber threat intelligence collection and analysis using open source tools. The book also examines commonly used frameworks and policies as well as fundamental operational security concepts. Later, you’ll focus on enriching and analyzing threat intelligence through pivoting and threat hunting. Finally, you’ll examine detailed mechanisms for the production of intelligence.By the end of this book, you’ll be equipped with the right tools and understand what it takes to operationalize your own threat intelligence function, from collection to production.

OSINT w praktyce. Jak gromadzić i analizować dane dostępne w sieci

Dale Meredith

Pojęcie OSINT pochodzi od angielskiego wyrażenia open source intelligence i oznacza biały wywiad. Polega na pozyskiwaniu danych z publicznie dostępnych źródeł. Okazuje się, że niezwykle cenne informacje są dostępne na wyciągnięcie ręki, ale trzeba wiedzieć, w jaki sposób do nich dotrzeć. A potrafi to być niezwykle wciągające zajęcie, przy okazji którego można poznać podstawy cyberbezpieczeństwa, zrozumieć czyhające w internecie zagrożenia i nauczyć się zabezpieczać swoją cyfrową obecność. Z tą książką krok po kroku zagłębisz się w metody OSINT, a także powiązane z nim zagadnienia natury prawnej i etycznej. Poznasz sposoby gromadzenia i analizowania informacji z wykorzystaniem wyszukiwarek, portali społecznościowych i innych zasobów internetowych. Zrozumiesz wagę anonimowości i technik gwarantujących bezpieczne poruszanie się po sieci, ułatwiających zarządzanie cyfrowym śladem czy tworzenie fikcyjnych tożsamości internetowych. Zdobędziesz również doświadczenie w korzystaniu z popularnych narzędzi OSINT, takich jak Recon-ng, Maltego, Shodan czy Aircrack-ng. Dowiesz się też, jak ograniczać ryzyko, przewidywać cyberataki, zapobiegać im i na nie reagować - wszystko dzięki technikom opartym na OSINT. W książce: działanie OSINT i najlepsze praktyki automatyzacja zbierania i analizy danych dane z mediów społecznościowych a OSINT zarządzanie swoim cyfrowym śladem, ograniczanie ryzyka i ochrona prywatności skuteczny program analizy ryzyka na bazie OSINT zwiększanie bezpieczeństwa firmy technikami OSINT Dołącz potężne narzędzia OSINT do swojego arsenału!

Password Cracking with Kali Linux. Unlock Windows Security with Kali Linux Expertise

Daniel W. Dieterle

Unlock the secrets of Windows password security with Password Cracking with Kali Linux, your essential guide to navigating password-cracking techniques. This book offers a comprehensive introduction to Windows security fundamentals, arming you with the knowledge and tools for effective ethical hacking.The course begins with a foundational understanding of password security, covering prerequisites, lab setup, and an overview of the journey ahead. You'll explore Kerberoasting, tools like Rubeus, Mimikatz, and various attack methods, providing a solid base for understanding password vulnerabilities.The course focuses on practical applications of password cracking, including wordlist generation using tools like Crunch and Hashcat, and exploring various attack strategies. You'll delve into John the Ripper and Hashcat functionalities, learning to identify hash types and crack complex passwords efficiently.The course wraps up with advanced techniques in Linux password cracking and defense strategies. You'll gain insights into creating leaderboards, achievements, and monetizing games, equipping you with skills to not just crack passwords but also secure systems effectively.