Bezpieczeństwo systemów

Penetration Testing Bootcamp. Quickly get up and running with pentesting techniques

Jason Beltrame

Penetration Testing Bootcamp delivers practical, learning modules in manageable chunks. Each chapter is delivered in a day, and each day builds your competency in Penetration Testing.This book will begin by taking you through the basics and show you how to set up and maintain the C&C Server. You will also understand how to scan for vulnerabilities and Metasploit, learn how to setup connectivity to a C&C server and maintain that connectivity for your intelligence gathering as well as offsite processing. Using TCPDump filters, you will gain understanding of the sniffing and spoofing traffic. This book will also teach you the importance of clearing up the tracks you leave behind after the penetration test and will show you how to build a report from all the data obtained from the penetration test.In totality, this book will equip you with instructions through rigorous tasks, practical callouts, and assignments to reinforce your understanding of penetration testing.

Pentesting APIs. A practical guide to discovering, fingerprinting, and exploiting APIs

Maurício Harley

Understanding API security is crucial as APIs form the backbone of modern interconnected applications, making them prime targets for cyberattacks. Drawing on nearly 30 years of cybersecurity experience and an extensive background in network security and forensic analysis, this book provides the knowledge and tools to strengthen your API security practices and protect against cyber threats comprehensively.This book begins by establishing a foundational understanding of APIs, particularly focusing on REST and GraphQL, emphasizing their critical role and potential security vulnerabilities. It guides you through setting up a penetration testing environment to ensure the practical application of concepts. You’ll learn reconnaissance techniques, information-gathering strategies, and the discovery of API vulnerabilities. Authentication and authorization testing are thoroughly explored, covering mechanisms, weaknesses, and methods to bypass security controls. By comprehensively addressing these aspects, the book equips you to understand, identify, and mitigate risks, strengthening API security and effectively minimizing potential attack surfaces.By the end of this book, you’ll have developed practical skills to identify, exploit, and secure APIs against various vulnerabilities and attacks.

Pentesting Industrial Control Systems. An ethical hacker's guide to analyzing, compromising, mitigating, and securing industrial processes

Paul Smith

The industrial cybersecurity domain has grown significantly in recent years. To completely secure critical infrastructure, red teams must be employed to continuously test and exploit the security integrity of a company's people, processes, and products.This is a unique pentesting book, which takes a different approach by helping you gain hands-on experience with equipment that you’ll come across in the field. This will enable you to understand how industrial equipment interacts and operates within an operational environment.You'll start by getting to grips with the basics of industrial processes, and then see how to create and break the process, along with gathering open-source intel to create a threat landscape for your potential customer. As you advance, you'll find out how to install and utilize offensive techniques used by professional hackers. Throughout the book, you'll explore industrial equipment, port and service discovery, pivoting, and much more, before finally launching attacks against systems in an industrial network.By the end of this penetration testing book, you'll not only understand how to analyze and navigate the intricacies of an industrial control system (ICS), but you'll also have developed essential offensive and defensive skills to proactively protect industrial networks from modern cyberattacks.

Performance Testing with JMeter 3. Enhance the performance of your web application - Third Edition

Bayo Erinle

JMeter is a Java application designed to load and test performance for web application. JMeter extends to improve the functioning of various other static and dynamic resources. This book is a great starting point to learn about JMeter. It covers the new features introduced with JMeter 3 and enables you to dive deep into the new techniques needed for measuring your website performance.The book starts with the basics of performance testing and guides you through recording your first test scenario, before diving deeper into JMeter. You will also learn how to configure JMeter and browsers to help record test plans.Moving on, you will learn how to capture form submission in JMeter, dive into managing sessions with JMeter and see how to leverage some of the components provided by JMeter to handle web application HTTP sessions. You will also learn how JMeter can help monitor tests in real-time.Further, you will go in depth into distributed testing and see how to leverage the capabilities of JMeter to accomplish this. You will get acquainted with some tips and best practices with regard to performance testing. By the end of the book, you will have learned how to take full advantage of the real power behind Apache JMeter.

Podstawy ochrony komputerów

Rick Lehtinen, Deborah Russell, G T Gangemi

Zadbaj o bezpieczeństwo swojego komputera Poznaj zagrożenia, na jakie narażony jest komputer Naucz się kontrolować dostęp do komputera Stosuj techniki zapewniające bezpieczeństwo w sieci Czy mój komputer na pewno jest bezpieczny? Wiele osób zadaje sobie to pytanie dopiero w momencie, kiedy system zaczyna zachowywać się w podejrzany sposób. Okazuje się wówczas, że skaner wykrywa dziesiątki, a nawet setki wirusów, programy zaczynają działać nieprawidłowo, a z dysku giną ważne dane. Pół biedy, jeśli jest to tylko domowy komputer z prywatnymi plikami. Dużo gorsze skutki może mieć włamanie do firmowej bazy danych lub przechwycenie poufnej komunikacji. Książka "Podstawy ochrony komputerów" to wszechstronne wprowadzenie do najważniejszych zagadnień dotyczących bezpieczeństwa danych i sprzętu. Czytając ją, poznasz zagrożenia, jakie czyhają na użytkowników komputerów, ale także skuteczne techniki ochrony. Nauczysz się kontrolować dostęp do danych, prowadzić efektywną politykę zabezpieczeń, wykrywać i usuwać wirusy oraz zapobiegać przenikaniu ich do systemu. Dowiesz się, jak zapewnić bezpieczeństwo komputera w sieci oraz jak używać szyfrowania do przesyłania poufnych informacji. Przeczytasz też o najnowszych technikach zabezpieczenia bazującego na danych biometrycznych (wzorze siatkówki czy odciskach palców) oraz ochronie sieci bezprzewodowych. Niebezpieczeństwa grożące użytkownikom komputerów Kontrolowanie dostępu do komputera Walka z wirusami Prowadzenie skutecznej polityki zabezpieczeń Bezpieczne korzystanie z sieci Szyfrowanie poufnych danych Komunikacja bez ryzyka Zabezpieczenia biometryczne Tworzenie bezpiecznych sieci bezprzewodowych Stosuj skuteczne zabezpieczenia i zapewnij maksymalne bezpieczeństwo swojemu komputerowi!

PowerShell Automation and Scripting for Cybersecurity. Hacking and defense for red and blue teamers

Miriam C. Wiesner, Tanya Janca

Take your cybersecurity skills to the next level with this comprehensive PowerShell security guide! Whether you're on the red or blue team, you'll gain a deep understanding of PowerShell's security capabilities and how to apply them.With years of hands-on experience, the author brings real-world use cases to demonstrate PowerShell’s critical role in offensive and defensive security.After covering PowerShell basics and scripting fundamentals, you'll explore PowerShell Remoting and remote management technologies. You'll learn to configure and analyze Windows event logs, identifying crucial logs and IDs for effective monitoring. The book delves into PowerShell's interaction with system components, Active Directory, and Azure AD, including stealth execution methods. You’ll uncover authentication protocols, enumeration, credential theft, and exploitation, providing strategies to mitigate these risks. A dedicated red and blue team cookbook offers practical security tasks. Finally, you'll delve into mitigations such as Just Enough Administration, AMSI, application control, and code signing, emphasizing configuration, risks, exploitation, bypasses, and best practices.By the end of this book, you’ll confidently apply PowerShell for cybersecurity, from detection to defense, staying ahead of cyber threats.

Practical Cybersecurity Architecture. A guide to creating and implementing robust designs for cybersecurity architects - Second Edition

Diana Kelley, Ed Moyle

Cybersecurity architecture is the discipline of systematically ensuring that an organization is resilient against cybersecurity threats. Cybersecurity architects work in tandem with stakeholders to create a vision for security in the organization and create designs that are implementable, goal-based, and aligned with the organization’s governance strategy.Within this book, you'll learn the fundamentals of cybersecurity architecture as a practical discipline. These fundamentals are evergreen approaches that, once mastered, can be applied and adapted to new and emerging technologies like artificial intelligence and machine learning. You’ll learn how to address and mitigate risks, design secure solutions in a purposeful and repeatable way, communicate with others about security designs, and bring designs to fruition. This new edition outlines strategies to help you work with execution teams to make your vision a reality, along with ways of keeping designs relevant over time. As you progress, you'll also learn about well-known frameworks for building robust designs and strategies that you can adopt to create your own designs.By the end of this book, you’ll have the foundational skills required to build infrastructure, cloud, AI, and application solutions for today and well into the future with robust security components for your organization.

Practical Memory Forensics. Jumpstart effective forensic analysis of volatile memory

Svetlana Ostrovskaya, Oleg Skulkin

Memory Forensics is a powerful analysis technique that can be used in different areas, from incident response to malware analysis. With memory forensics, you can not only gain key insights into the user's context but also look for unique traces of malware, in some cases, to piece together the puzzle of a sophisticated targeted attack.Starting with an introduction to memory forensics, this book will gradually take you through more modern concepts of hunting and investigating advanced malware using free tools and memory analysis frameworks. This book takes a practical approach and uses memory images from real incidents to help you gain a better understanding of the subject and develop the skills required to investigate and respond to malware-related incidents and complex targeted attacks. You'll cover Windows, Linux, and macOS internals and explore techniques and tools to detect, investigate, and hunt threats using memory forensics. Equipped with this knowledge, you'll be able to create and analyze memory dumps on your own, examine user activity, detect traces of fileless and memory-based malware, and reconstruct the actions taken by threat actors.By the end of this book, you'll be well-versed in memory forensics and have gained hands-on experience of using various tools associated with it.