Inne
Andrew Taylor, Lior Bela, Lavanya Lakshman
Microsoft Intune Cookbook, Second Edition, is a hands-on guide for IT administrators managing and supporting modern endpoints, built around the latest Intune capabilities and endpoint security enhancements.Written by Andrew Taylor, an experienced Intune practitioner and active community contributor, it focuses on everyday admin tasks and turns them into clear, repeatable recipes. You’ll start by preparing an Intune tenant and setting up key Entra ID foundations, then work through managing Windows, macOS, iOS, Android, and Linux using practical, proven workflows. Along the way, you’ll configure policies, enroll devices, deploy apps, and strengthen security with compliance, Microsoft Defender integration, encryption, and Conditional Access. You’ll also go beyond the portal by using PowerShell and Microsoft Graph to automate routine work, reduce manual effort, and make changes at scale. Monitoring and reporting are covered so you can track device health, security posture, and deployment outcomes with confidence.Advanced scenarios include secure remote support, privilege elevation, cloud-based certificate management, real-time queries, and AI-assisted guidance to speed up troubleshooting and decision-making. By the end, you’ll have practical techniques you can apply immediately to run a modern, cloud-first Intune environment.
Nicolai Henriksen
System Center Configuration Manager is now used by over 70% of all the business in the world today and many have taken advantage engaging the System Center Endpoint Protection within that great product. Through this book, you will gain knowledge about System Center Endpoint Protection, and see how to work with it from System Center Configuration Manager from an objective perspective.We’ll show you several tips, tricks, and recipes to not only help you understand and resolve your daily challenges, but hopefully enhance the security level of your business.Different scenarios will be covered, such as planning and setting up Endpoint Protection, daily operations and maintenance tips, configuring Endpoint Protection for different servers and applications, as well as workstation computers. You’ll also see how to deal with malware and infected systems that are discovered. You’ll find out how perform OS deployment, Bitlocker, and Applocker, and discover what to do if there is an attack or outbreak.You’ll find out how to ensure good control and reporting, and great defense against threats and malware software. You’ll see the huge benefits when dealing with application deployments, and get to grips with OS deployments, software updates, and disk encryption such as Bitlocker. By the end, you will be fully aware of the benefits of the System Center 2016 Endpoint Protection anti-malware product, ready to ensure your business is watertight against any threat you could face.
Prashant Verma, Akshay Dixit
Mobile attacks are on the rise. We are adapting ourselves to new and improved smartphones, gadgets, and their accessories, and with this network of smart things, come bigger risks. Threat exposure increases and the possibility of data losses increase. Exploitations of mobile devices are significant sources of such attacks.Mobile devices come with different platforms, such as Android and iOS. Each platform has its own feature-set, programming language, and a different set of tools. This means that each platform has different exploitation tricks, different malware, and requires a unique approach in regards to forensics or penetration testing. Device exploitation is a broad subject which is widely discussed, equally explored by both Whitehats and Blackhats.This cookbook recipes take you through a wide variety of exploitation techniques across popular mobile platforms. The journey starts with an introduction to basic exploits on mobile platforms and reverse engineering for Android and iOS platforms. Setup and use Android and iOS SDKs and the Pentesting environment. Understand more about basic malware attacks and learn how the malware are coded. Further, perform security testing of Android and iOS applications and audit mobile applications via static and dynamic analysis.Moving further, you'll get introduced to mobile device forensics. Attack mobile application traffic and overcome SSL, before moving on to penetration testing and exploitation.The book concludes with the basics of platforms and exploit tricks on BlackBerry and Windows Phone. By the end of the book, you will be able to use variety of exploitation techniques across popular mobile platforms with stress on Android and iOS.
Oleg Afonin, Vladimir Katalov
Investigating digital media is impossible without forensic tools. Dealing with complex forensic problems requires the use of dedicated tools, and even more importantly, the right strategies. In this book, you’ll learn strategies and methods to deal with information stored on smartphones and tablets and see how to put the right tools to work.We begin by helping you understand the concept of mobile devices as a source of valuable evidence. Throughout this book, you will explore strategies and plays and decide when to use each technique. We cover important techniques such as seizing techniques to shield the device, and acquisition techniques including physical acquisition (via a USB connection), logical acquisition via data backups, over-the-air acquisition. We also explore cloud analysis, evidence discovery and data analysis, tools for mobile forensics, and tools to help you discover and analyze evidence.By the end of the book, you will have a better understanding of the tools and methods used to deal with the challenges of acquiring, preserving, and extracting evidence stored on smartphones, tablets, and the cloud.
Timothy Speed, Darla Nykamp, Mari Heiser, Joseph...
The threat of hacking may be the most damaging on the internet. Mobile technology is changing the way we live, work, and play, but it can leave your personal information dangerously exposed. Your online safety is at risk and the threat of information being stolen from your device is at an all- time high. Your identity is yours, yet it can be compromised if you don't manage your phone or mobile device correctly.Gain the power to manage all your mobile devices safely. With the help of this guide you can ensure that your data and that of your family is safe. The threat to your mobile security is growing on a daily basis and this guide may just be the help you need.Mobile Security: How to Secure, Privatize, and Recover Your Devices will teach you how to recognize, protect against, and recover from hacking attempts and outline the clear and present threats to your online identity posed by the use of a mobile device.In this guide you will discover just how vulnerable unsecured devices can be, and explore effective methods of mobile device management and identity protection to ensure your data's security. There will be special sections detailing extra precautions to ensure the safety of family members and how to secure your device for use at work.
Mroczne odmęty phishingu. Nie daj się złowić!
Christopher Hadnagy, Michele Fincher, Robin Dreeke (Foreword)
Ofensywne i defensywne strony ataków e-mailowych Ataki za pomocą specjalnie spreparowanych wiadomości e-mail stały się jednym z najczęstszych i najbardziej uciążliwych zagrożeń. Mimo kampanii edukacyjnych i szeroko zakrojonych programów bezpieczeństwa phishing wciąż jest niezwykle skuteczną bronią przestępców. Jest tak, gdyż wykorzystuje odruchy, którymi kieruje się znakomita większość ludzi. Aby więc ochronić się przed atakiem, trzeba poznać zarówno podstawy ataków e-mailowych, jak i pewnych zasad psychologii i metod manipulacji ludzkim postępowaniem. Trzymasz w ręku świetny przewodnik po mrocznym świecie phishingu. Opisano tu formy tego rodzaju ataków, przedstawiono sposoby rozpoznawania fałszywych wiadomości e-mail czy sklonowanych stron internetowych. Omówiono również socjotechniczne aspekty phishingu, dzięki czemu lepiej zrozumiesz psychologiczne mechanizmy rządzące postępowaniem ofiary. Po lekturze tej książki będziesz również wiedział, jak udoskonalić firmowy system bezpieczeństwa, aby skutecznie odpierać ataki e-mailowe — nawet te bardzo wyrafinowane! W tej książce: opis słynnych włamań dokonanych za pomocą spreparowanych e-maili analiza celów ataku i korzyści, jakie osiągają atakujący psychologiczne i socjologiczne podstawy phishingu analiza przyczyn nieskuteczności firmowych programów budowania świadomości bezpieczeństwa informacji metody rozpoznawania ataków metody ochrony systemu informatycznego przed phishingiem Nie daj się złapać na haczyk! Strzeż swego bezpieczeństwa! Christopher Hadnagy jest założycielem spółki Social-Engineer. Od ponad 15 lat zajmuje się kwestiami bezpieczeństwa informacji. Specjalizuje się w badaniu socjotechnicznych metod zdobywania nieuprawnionego dostępu do informacji. Wzięty autor i aktywny uczestnik wielu konferencji. Michele Fincher jest behawiorystką, badaczką i ekspertką w dziedzinie bezpieczeństwa informacji. Pracowała dla Sił Powietrznych USA, gdzie zajmowała się bezpieczeństwem informacji, włączając w to wykłady w Air Force Academy. Obecnie przyczynia się do sukcesu firmy Social-Engineer.
Niebieski lis. Polecenia procesorów Arm i inżynieria wsteczna
Maria Markstedter
Procesory ARM są coraz popularniejsze w urządzeniach mobilnych, laptopach i serwerach. Rosnąca popularność czyni je interesującymi dla badaczy bezpieczeństwa. Specjaliści z tej branży często używają technik inżynierii wstecznej podczas badania plików binarnych. W tym celu konieczne jest zapoznanie się z poleceniami asemblera ARM. Książkę szczególnie docenią analitycy bezpieczeństwa, którzy chcą się zapoznać z zestawem poleceń ARM i zdobyć wiedzę umożliwiającą im efektywne korzystanie z technik inżynierii wstecznej. Poza zestawem potrzebnych poleceń znalazło się w niej mnóstwo przydatnych informacji. Znajdziesz tu przegląd podstawowych zagadnień związanych z systemem operacyjnym, wyjaśnienie, czym są polecenia asemblera i na czym polega proces kompilacji pliku, a także opis mechanizmów działania poleceń służących do przetwarzania danych, dostępu do pamięci i kontroli przepływu sterowania. W kolejnych rozdziałach zapoznasz się z przeglądem technik inżynierii wstecznej, takich jak analiza statyczna i dynamiczna, jak również z kompleksowym omówieniem złośliwego oprogramowania, które może ją utrudniać. W książce: wprowadzenie do architektury ARM zestawy poleceń: A64, A32 i T32, a także format plików ELF przegląd wzorców przepływu sterowania w procesorach ARM narzędzia inżynierii wstecznej proces dezasemblowania i debugowania plików binarnych ARM w systemie Linux typowe narzędzia do dezasemblowania i debugowania plików binarnych ARM Poznaj moc inżynierii wstecznej!
NIST CSF 2.0. Your essential introduction to managing cybersecurity risks
IT Governance Publishing, Andrew Pattison
This comprehensive guide introduces the origins, aims, and components of the NIST Cybersecurity Framework (CSF) 2.0. It explores the core structure including functions, categories, subcategories, and profiles, and provides detailed implementation tiers and examples.Readers are then guided through a deep dive into all six framework categories—from Govern to Recover—and learn how to develop and apply risk management strategies within an organization. The content covers NIST SP 800-53, informative references, and practical quick-start guides to help translate theory into action.The final sections offer a seven-step implementation roadmap, including gap analysis, target profiles, and continuous improvement. The book concludes by mapping the CSF to international standards like ISO 27001 and ISO 22301, offering a well-rounded and interoperable cybersecurity strategy.
Ochrona danych osobowych w służbach mundurowych
Janusz Becker
W książce omówiono zagadnienia dotyczące ochrony danych osobowych w różnych służbach mundurowych. Pozycja skierowana jest do wykładowców i studentów szkół wyższych o kierunku bezpieczeństwo wewnętrzne. Będzie również przydatna dla wszystkich osób zainteresowanych tematyką ochrony danych osobowych.
Ochrona informacji i systemów teleinformatycznych w cyberprzestrzeni
Jakub Kowalewski, Marian Kowalewski
W skrypcie omówiono zagrożenia informacji i systemów teleinformatycznych, takich jak oprogramowanie złośliwe, cyberprzestępstwa i cyberterroryzm. Zaprezentowano różnorodne metody ochrony informacji przed zagrożeniami w cyberprzestrzeni, dzieląc je na metody administracyjno-organizacyjne, prawne i normalizacyjne, techniczne oraz fizyczne. Omówiono systemy monitorowania i reagowania na zagrożenia w cyberprzestrzeni, działania edukacyjne w zakresie bezpieczeństwa informacji i systemów teleinformatycznych oraz podstawy prawne ich ochrony. Przytoczono także informacje dotyczące zarządzania bezpieczeństwem organizacji.
Dr. Ahmad MK Nasser, Dr. Dennis Kengo...
Offensive Automotive Cybersecurity is your practical guide to understanding how modern automotive vulnerabilities are exploited—so you can build resilient defenses against proven attack methods.As vehicles evolve into software-defined systems, their expanding attack surface increases exposure to sophisticated threats. This book examines the entire connected vehicle ecosystem—from cloud backends and wireless protocols to in-vehicle networks, HPCs, ECUs, and physical sensors—through an offensive security lens.Through a blend of theory and reviewing practical examples, you will learn to execute the full penetration testing lifecycle, encompassing active and passive reconnaissance, firmware reverse engineering, and the construction of complex attack chains. The book provides hands-on insights into exploiting memory corruption bugs in HPCs, abusing diagnostic protocols, and leveraging hardware-level vulnerabilities such as fault injection and side-channel leakage. These techniques are brought to life through detailed real-world case studies, including remote takeovers and exploits of well-known vehicle platforms.By the end of this book, you’ll be able to think like an adversary, uncover hidden risks before attackers do, apply secure-by-design principles, and implement layered defenses to reduce exploitable weaknesses.
Kyle Wilhoit, Joseph Opacki
We’re living in an era where cyber threat intelligence is becoming more important. Cyber threat intelligence routinely informs tactical and strategic decision-making throughout organizational operations. However, finding the right resources on the fundamentals of operationalizing a threat intelligence function can be challenging, and that’s where this book helps.In Operationalizing Threat Intelligence, you’ll explore cyber threat intelligence in five fundamental areas: defining threat intelligence, developing threat intelligence, collecting threat intelligence, enrichment and analysis, and finally production of threat intelligence. You’ll start by finding out what threat intelligence is and where it can be applied. Next, you’ll discover techniques for performing cyber threat intelligence collection and analysis using open source tools. The book also examines commonly used frameworks and policies as well as fundamental operational security concepts. Later, you’ll focus on enriching and analyzing threat intelligence through pivoting and threat hunting. Finally, you’ll examine detailed mechanisms for the production of intelligence.By the end of this book, you’ll be equipped with the right tools and understand what it takes to operationalize your own threat intelligence function, from collection to production.
Adrian Neagu
For almost all organizations, data security is a matter of prestige and credibility. The Oracle Database is one of the most rich in features and probably the most used Database in a variety of industries where security is essential. To ensure security of data both in transit and on the disk, Oracle has implemented the security technologies to achieve a reliable and solid system. In Oracle 11g Anti-Hacker's Cookbook, you will learn about the most important solutions that can be used for better database security.Oracle 11g Anti-hacker's Cookbook covers all the important security measures and includes various tips and tricks to protect your Oracle Database.Oracle 11g Anti-hacker's Cookbook uses real-world scenarios to show you how to secure the Oracle Database server from different perspectives and against different attack scenarios. Almost every chapter has a possible threads section, which describes the major dangers that can be confronted. The initial chapters cover how to defend the operating system, the network, the data and the users. The defense scenarios are linked and designed to prevent these attacks. The later chapters cover Oracle Vault, Oracle VPD, Oracle Labels, and Oracle Audit. Finally, in the Appendices, the book demonstrates how to perform a security assessment against the operating system and the database, and how to use a DAM tool for monitoring.
Maja Veselica & Zoran Pavlovic, Zoran Pavlovic,...
Businesses around the world are paying much greater attention toward database security than they ever have before. Not only does the current regulatory environment require tight security, particularly when dealing with sensitive and personal data, data is also arguably a company’s most valuable asset - why wouldn’t you want to protect it in a secure and reliable database? Oracle Database lets you do exactly that. It’s why it is one of the world’s leading databases – with a rich portfolio of features to protect data from contemporary vulnerabilities, it’s the go-to database for many organizations. Oracle Database 12c Security Cookbook helps DBAs, developers, and architects to better understand database security challenges. Let it guide you through the process of implementing appropriate security mechanisms, helping you to ensure you are taking proactive steps to keep your data safe. Featuring solutions for common security problems in the new Oracle Database 12c, with this book you can be confident about securing your database from a range of different threats and problems.
PCI DSS Version 4.0.1. A guide to the payment card industry data security standard
IT Governance Publishing, Stephen Hancock
This book provides an essential resource for anyone involved in managing or ensuring PCI DSS compliance. It begins by introducing the Payment Card Industry Data Security Standard (PCI DSS), explaining its importance, and the regulatory framework that governs it. Readers will understand how to assess their organization’s compliance status and the vital steps to avoid data breaches. The book offers a comprehensive exploration of compliance programs and how organizations can design their own effective strategies.The text then dives into the specifics of PCI DSS, focusing on its core components and requirements. Key chapters describe how to comply with and maintain compliance, as well as how to use tools like the PCI self-assessment questionnaire (SAQ). Real-world case studies of cardholder data breaches highlight the consequences of non-compliance. Readers will also learn about the integration of PCI DSS with other standards like ISO/IEC 27001.Throughout, this guide emphasizes practical advice for implementing key security frameworks such as the Software Security Framework (SSF) and Point-to-Point Encryption (P2PE). By the end of the book, readers will have a clear roadmap to not only meet but sustain PCI DSS compliance and strengthen their organization's data security practices.
Penetration Testing: A Survival Guide. A Survival Guide
Wolf Halton, Bo Weaver, Srinivasa Rao Kotipalli,...
The need for penetration testers has grown well over what the IT industry ever anticipated. Running just a vulnerability scanner is no longer an effective method to determine whether a business is truly secure. This learning path will help you develop the most effective penetration testing skills to protect your Windows, web applications, and Android devices. The first module focuses on the Windows platform, which is one of the most common OSes, and managing its security spawned the discipline of IT security. Kali Linux is the premier platform for testing and maintaining Windows security. Employs the most advanced tools and techniques to reproduce the methods used by sophisticated hackers. In this module first,you’ll be introduced to Kali's top ten tools and other useful reporting tools. Then, you will find your way around your target network and determine known vulnerabilities so you can exploit a system remotely. You’ll not only learn to penetrate in the machine, but will also learn to work with Windows privilege escalations.The second module will help you get to grips with the tools used in Kali Linux 2.0 that relate to web application hacking. You will get to know about scripting and input validation flaws, AJAX, and security issues related to AJAX. You will also use an automated technique called fuzzing so you can identify flaws in a web application. Finally, you’ll understand the web application vulnerabilities and the ways they can be exploited.In the last module, you’ll get started with Android security. Android, being the platform with the largest consumer base, is the obvious primary target for attackers. You’ll begin this journey with the absolute basics and will then slowly gear up to the concepts of Android rooting, application security assessments, malware, infecting APK files, and fuzzing. You’ll gain the skills necessary to perform Android application vulnerability assessments and to create an Android pentesting lab.This Learning Path is a blend of content from the following Packt products:• Kali Linux 2: Windows Penetration Testing by Wolf Halton and Bo Weaver• Web Penetration Testing with Kali Linux, Second Edition by Juned Ahmed Ansari• Hacking Android by Srinivasa Rao Kotipalli and Mohammed A. Imran