Bezpieczeństwo sieci

The Vulnerability Researcher's Handbook. A comprehensive guide to discovering, reporting, and publishing security vulnerabilities

Benjamin Strout

Vulnerability researchers are in increasingly high demand as the number of security incidents related to crime continues to rise with the adoption and use of technology. To begin your journey of becoming a security researcher, you need more than just the technical skills to find vulnerabilities; you’ll need to learn how to adopt research strategies and navigate the complex and frustrating process of sharing your findings. This book provides an easy-to-follow approach that will help you understand the process of discovering, disclosing, and publishing your first zero-day vulnerability through a collection of examples and an in-depth review of the process.You’ll begin by learning the fundamentals of vulnerabilities, exploits, and what makes something a zero-day vulnerability. Then, you'll take a deep dive into the details of planning winning research strategies, navigating the complexities of vulnerability disclosure, and publishing your research with sometimes-less-than-receptive vendors.By the end of the book, you'll be well versed in how researchers discover, disclose, and publish vulnerabilities, navigate complex vendor relationships, receive credit for their work, and ultimately protect users from exploitation. With this knowledge, you’ll be prepared to conduct your own research and publish vulnerabilities.

Threat Modeling Best Practices. Proven frameworks and practical techniques to secure modern systems

Derek Fisher

Threat modeling has become a cornerstone of modern cybersecurity, yet it is often overlooked, leaving security gaps that attackers can exploit. With the rise in system complexity, cloud adoption, AI-driven threats, and stricter compliance requirements, security teams need a structured approach to proactively spot and stop risks before attackers do. This book delivers exactly that, offering actionable insights for applying industry best practices and emerging technologies to secure systems. It breaks down the fundamentals of threat modeling and walks you through key frameworks and tools such as STRIDE, MITRE ATT&CK, PyTM, and Attack Paths, helping you choose the right model and create a roadmap tailored to your business. You'll learn how to use leading threat modeling tools, identify and prioritize potential threats, and integrate these practices into the software development life cycle to detect risks early. The book also examines how AI can enhance analysis and streamline security decision-making for faster, stronger defenses.By the end, you'll have everything you need to build systems that anticipate and withstand evolving threats, keeping your organization secure in an ever-changing digital landscape.*Email sign-up and proof of purchase required

Threat Modeling Gameplay with EoP. A reference manual for spotting threats in software architecture

Brett Crawley, Adam Shostack

Are you looking to navigate security risks, but want to make your learning experience fun? Here's a comprehensive guide that introduces the concept of play to protect, helping you discover the threats that could affect your software design via gameplay.Each chapter in this book covers a suit in the Elevation of Privilege (EoP) card deck (a threat category), providing example threats, references, and suggested mitigations for each card. You’ll explore the methodology for threat modeling—Spoofing, Tampering, Repudiation, Information Disclosure, and Elevation of Privilege (S.T.R.I.D.E.) with Privacy deck and the T.R.I.M. extension pack. T.R.I.M. is a framework for privacy that stands for Transfer, Retention/Removal, Inference, and Minimization. Throughout the book, you’ll learn the meanings of these terms and how they should be applied. From spotting vulnerabilities to implementing practical solutions, the chapters provide actionable strategies for fortifying the security of software systems.By the end of this book, you will be able to recognize threats, understand privacy regulations, access references for further exploration, and get familiarized with techniques to protect against these threats and minimize risks.

TLS Cryptography In-Depth. Explore the intricacies of modern cryptography and the inner workings of TLS

Dr. Paul Duplys, Dr. Roland Schmitz

TLS is the most widely used cryptographic protocol today, enabling e-commerce, online banking, and secure online communication. Written by Dr. Paul Duplys, Security, Privacy & Safety Research Lead at Bosch, and Dr. Roland Schmitz, Internet Security Professor at Stuttgart Media University, this book will help you gain a deep understanding of how and why TLS works, how past attacks on TLS were possible, and how vulnerabilities that enabled them were addressed in the latest TLS version 1.3. By exploring the inner workings of TLS, you’ll be able to configure it and use it more securely.Starting with the basic concepts, you’ll be led step by step through the world of modern cryptography, guided by the TLS protocol. As you advance, you’ll be learning about the necessary mathematical concepts from scratch. Topics such as public-key cryptography based on elliptic curves will be explained with a view on real-world applications in TLS. With easy-to-understand concepts, you’ll find out how secret keys are generated and exchanged in TLS, and how they are used to creating a secure channel between a client and a server.By the end of this book, you’ll have the knowledge to configure TLS servers securely. Moreover, you’ll have gained a deep knowledge of the cryptographic primitives that make up TLS.

TPRM-Driven Supply Chain Cybersecurity. Connecting TPRM and supply chain security for operational resilience

Eric Richardson, Filipi Pires

Modern organizations rely on complex vendor ecosystems, but third-party risk management (TPRM) and cybersecurity often operate in silos. This book shows how to connect vendor risk management with supply chain cybersecurity using a practical, lifecycle-driven approach.You’ll design a program covering onboarding, vendor risk assessment, continuous monitoring, and offboarding. You’ll begin by examining why TPRM and cybersecurity often operate in separate lanes, and what that gap costs in downtime, breach impact, and compliance exposure. Next, you’ll develop a modern taxonomy of supply chain risk, including fourth-party dependencies and software supply chain concerns, so risk discussions use consistent categories and measurable assumptions.From there, you’ll adopt a lifecycle-based model to structure vendor onboarding, assessment, monitoring, and offboarding—supported by vendor tiering, segmentation, and control mapping. The final chapter focuses on the regulatory blueprint: how to interpret NIST C-SCRM, ISO/IEC 27036, DORA, GDPR, and Executive Order 14028, then convert them into evidence-driven controls and audit-ready documentation.

Troubleshooting OpenVPN. Get the solutions you need to troubleshoot any issue you may face to keep your OpenVPN up and running

Eric F Crist

OpenVPN, the most widely used open source VPN package, allows you to create a secure network across systems, keeping your private data secure. Connectivity and other issues are a pain to deal with, especially if they are impacting your business. This book will help you resolve the issues faced by OpenVPN users and teach the techniques on how to troubleshoot it like a true expert. This book is a one stop solution for troubleshooting any issue related to OpenVPN. We will start by introducing you to troubleshooting techniques such as Packet Sniffing, Log Parsing, and OpenSSL. You will see how to overcome operating system specific errors. Later on, you will get to know about network and routing errors by exploring the concepts of IPv4 and IPv6 networking issues. You will discover how to overcome these issues to improve the performance of your OpenVPN deployment. By the end of the book, you will know the best practices, tips, and tricks to ensure the smooth running of your OpenVPN.

Twoje dziecko w sieci. Przewodnik po cyfrowym świecie dla czasami zdezorientowanych rodziców

Agnieszka E. Taper

Internet jest wszędzie zajrzyj, poznaj wirtualny świat młodych i pytaj o wszystko! Obowiązkowa lektura dla rodziców dzieci w każdym wieku! Bo wszyscy jesteśmy online. Codziennie każdy z nas, niezależnie od wieku, spędza wiele czasu w Internecie. Młodzi ludzie dużo szybciej i sprawniej w nim buszują, a my rodzice, nauczyciele i opiekunowie potrzebujemy narzędzi, by mądrze im towarzyszyć, dostrzegać ewentualne zagrożenia i szybko działać. Jak reagować na cyberprzemoc niezależnie od tego, czy jesteśmy jej świadkami, ofiarami czy rodzicami jej twórców? Gdzie szukać dobrych i rzetelnych informacji na temat otaczającego nas świata i w jaki sposób unikać fake newsów? Jak zadbać o to, by maksymalnie ograniczać dostęp do pornografii, pedofilii, ruchów pro-ana i wszelkich oszustw? Dzieci i nastolatki bardziej ufają internetowi niż dorosłym i to w sieci szukają informacji na temat otaczającego ich świata. Ten poradnik pomoże choć trochę zmienić tę tendencję. Znajdziesz w nim dużą dawkę wiedzy, wiele ciekawych profili, linków i rad, dzięki którym pokierujesz aktywnością dziecka online.

Tworzenie złośliwego oprogramowania w etycznym hackingu. Zrozum, jak działa malware i jak ta wiedza pomaga we wzmacnianiu cyberbezpieczeństwa

Zhassulan Zhussupov

Skuteczne wzmacnianie cyberbezpieczeństwa wymaga wiedzy o sposobach działania hakerów. Żaden analityk złośliwego oprogramowania, pentester czy łowca zagrożeń nie obejdzie się bez wiedzy o budowie malware ani bez umiejętności programowania ofensywnego. Innymi słowy, jeśli chcesz poprawić bezpieczeństwo IT w swojej organizacji, musisz dobrze znać narzędzia, taktyki i techniki używane przez cyberprzestępców. Ta książka jest kompleksowym przewodnikiem po ciemnej stronie cyberbezpieczeństwa ― zapewni Ci wiedzę i umiejętności niezbędne do skutecznego zwalczania złośliwego oprogramowania. Nauczysz się poruszać wśród zawiłości związanych z tworzeniem złośliwego oprogramowania, a także dobrze poznasz techniki i strategie stosowane przez cyberprzestępców. Zdobędziesz też praktyczne doświadczenie w projektowaniu i implementowaniu popularnych rozwiązań stosowanych w prawdziwych złośliwych aplikacjach, na przykład Carbanak, Carberp, Stuxnet, Conti, Babuk i BlackCat. Nie zabrakło tu zasad etycznego hakingu i tajników budowy złośliwego oprogramowania, jak techniki unikania wykrycia, mechanizmy persystencji i wiele innych, które poznasz dzięki lekturze. W książce: sposób myślenia twórców złośliwego oprogramowania techniki stosowane w różnych rodzajach malware rekonstrukcja ataków APT metody obchodzenia mechanizmów bezpieczeństwa ponad 80 działających przykładów malware matematyczne podstawy współczesnego złośliwego oprogramowania O książce w mediach: Eksperyment myślowy ― recenzja książki

Unified SecOps Playbook. End-to-end enterprise security with Microsoft Sentinel, Defender XDR, and Security Copilot

Jose Lazaro, Marcus Burnap, Rod Trent

In the evolving cybersecurity landscape, the integration of Microsoft Defender XDR and Security Copilot presents a game-changing approach to modern threat detection and response. With this book, you’ll understand how these tools, in conjunction with Microsoft’s extensive ecosystem, enable organizations to outpace emerging threats.Starting with core XDR concepts, security frameworks, and Microsoft’s competitive advantages in cybersecurity, you’ll master the foundational aspects of deploying Microsoft Sentinel, configuring security infrastructure, and optimizing security operations using AI-driven tools. Advanced topics, including Zero-Trust strategies, DevSecOps integration, and partner programs, prepare you for increasingly sophisticated scenarios in Microsoft cloud security. You’ll also explore practical deployment workflows, covering cost analysis, role-based access configurations, and fast-tracked Sentinel deployment using CI/CD pipelines.By the end of this book, you’ll have gained insights into security automation, threat detection, and AI integration with Security Copilot for optimized operations and have the confidence to implement and manage Microsoft Defender XDR and Sentinel in complex environments, driving scalable and secure solutions.*Email sign-up and proof of purchase required

Untangle Network Security. Secure your network against threats and vulnerabilities using the unparalleled Untangle NGFW

Abd El Monem A Mohamed El Bawab

If you are a security engineer or a system administrator and want to secure your server infrastructure with the feature-rich Untangle, this book is for you. For individuals who want to start their career in the network security field, this book would serve as a perfect companion to learn the basics of network security and how to implement it using Untangle NGFW.

VMware vCloud Security. If you're familiar with Vmware vCloud, this is the book you need to take your security capabilities to the ultimate level. With a comprehensive, problem-solving approach it will help you create a fully protected private cloud

Prasenjit Sarkar

Security is a major concern, in particular now that everything is moving to the cloud. A private cloud is a cloud computing platform built on your own hardware and software. The alternative is to deploy the services you need on a public cloud infrastructure provided by an external supplier such as Amazon Web Services, Rackspace Cloud, or HP Public Cloud. While a public cloud can afford greater flexibility, a private cloud gives you the advantage of greater control over the entire stack.VMware vCloud Security focuses on some critical security risks, such as the application level firewall and firewall zone, virus and malware attacks on cloud virtual machines, and data security compliance on any VMware vCloud-based private cloud. Security administrators sometimes deploy its components incorrectly, or sometimes cannot see the broader picture and where the vCloud security products fit in. This book is focused on solving those problems using VMware vCloud and the vCloud Networking and Security product suite, which includes vCloud Networking and Security App, vShield Endpoint, and vCloud Networking and Security Data Security.Ensuring the security and compliance of any applications, especially those that are business critical, is a crucial step in your journey to the cloud. You will be introduced to security roles in VMware vCloud Director, integration of LDAP Servers with vCloud, and security hardening of vCloud Director. We'll then walk through a hypervisor-based firewall that protects applications in the virtual datacenter from network-based attacks. We'll create access control policies based on logical constructs such as VMware vCenter Server containers and VMware vCloud Networking and Security security groups but not just physical constructs, such as IP addresses. You'll learn about the architecture of EPSEC and how to implement it. Finally, we will understand how to define data security policies, run scans, and analyze results.

VMware View Security Essentials. The vital elements of securing your View environment are the subject of this user-friendly guide. From a theoretical overview to practical instructions, it's the ideal tutorial for beginners and an essential reference source for the more experienced

Daniel Langenhan

Most people associate security with network security and focus on firewalls and network monitoring. However, there is more to security than that. Security starts with the establishment of a stable environment, protecting this environment not only from intrusion, but also from malicious intent. It is about tracking the issue and recovering from it. These elements of security are what this book aims to address.VMware View Security Essentials addresses the topic of security in the corporate environment in a new way. It starts with the underlying virtual infrastructure and then delves into securing your base, your connection, and your client. This is not only a “how-to” book, but is also a book that explains the background and the insights of View security for the experienced professional's desktop virtualization.This book takes you through the four major View security areas. Each area deals with all the aspects of security and explains the background as well as laying out simple-to-follow recipes to implement a higher security standard.We start at the Virtualization base and work our way through the various View server types. We will then dive into the problems and issues of securing a connection before we address the security of the desktop itself. We conclude with a look into the backing up of our View installation and preparing for disaster recovery.

VMware vSphere ESXi 8. Instalacja, konfiguracja i wprowadzenie do vCenter

Adam Nogły

Wykorzystaj infrastrukturę na maksa! Wirtualizacja serwerów pozwala lepiej wykorzystać posiadany sprzęt. Dzięki niej możliwe jest zwiększenie elastyczności systemu i usprawnienie zarządzania infrastrukturą IT. Spośród wielu platform wirtualizacyjnych dostępnych na rynku wyróżnia się VMware ESXi 8 - jeden z najbardziej zaawansowanych i wszechstronnych produktów, oferujący administratorom systemów kompleksowe rozwiązania. Wśród jego zaawansowanych funkcji znajdują się między innymi obsługa kontenerów, automatyzacja zarządzania, wsparcie dla najnowszych technologii sprzętowych, a także zintegrowane narzędzia do monitorowania i optymalizacji wydajności. Ta książka stanowi swojego rodzaju przewodnik po VMware ESXi 8, przeznaczony zarówno dla początkujących użytkowników, którzy dopiero rozpoczynają przygodę z wirtualizacją systemów operacyjnych, jak i dla doświadczonych administratorów systemów, pragnących pogłębić wiedzę i umiejętności w zakresie konfiguracji, zarządzania i utrzymania infrastruktury wirtualizacyjnej opartej na VMware ESXi 8. Dzięki książce: Dowiesz się, jak zainstalować platformę VMware ESXi i jak przeprowadzić konfigurację sieciową Nauczysz się przeprowadzać aktualizację systemu Poznasz sposoby zarządzania maszynami wirtualnymi Zgłębisz zasady implementacji zaawansowanych funkcji (na przykład przekazywania GPU, integracji z Active Directory) Przyswoisz zaawansowane zagadnienia związane z vCenter

Warsztat hakera. Testy penetracyjne i inne techniki wykrywania podatności

Matthew Hickey, Jennifer Arcuri

Bezpieczeństwo systemów informatycznych niejednemu spędza sen z powiek, konsekwencje udanego włamania bowiem mogą oznaczać milionowe straty i zrujnowaną reputację. Przy czym odpowiednie zabezpieczenie systemu jest dla wielu podmiotów niezwykle trudne, gdyż w zespołach brakuje osób z odpowiednimi umiejętnościami. Nawet zatrudnienie zewnętrznego konsultanta nie daje gwarancji, że firmowy system informatyczny będzie bezpieczny i odpowiednio chroniony przed atakami. Okazuje się, że najpewniejszą metodą jest gruntowne przyswojenie wiedzy i umiejętności hakerskich. Ta książka stanowi kurs praktycznych technik hakowania, dzięki którym dokładnie poznasz zasady i narzędzia używane do przełamywania zabezpieczeń i uzyskiwania dostępu do chronionych danych. Dowiesz się, w jaki sposób należy się przygotować do przeprowadzenia ataku, a także jakie aspekty infrastruktury sieciowej stanowią o jej niedoskonałości i podatności. Poznasz metody zbierania informacji z otwartych źródeł, systemu DNS, usług pocztowych, serwerów WWW, sieci VPN, serwerów plików lub baz danych i aplikacji sieciowych. Nauczysz się korzystać z narzędzi i exploitów do hakowania systemów: Linux, Unix i Microsoft Windows. Do praktycznych ćwiczeń posłużą Ci laboratoria - specjalne środowiska przygotowane do bezpiecznego hakowania, dzięki czemu łatwiej zdobędziesz potrzebne umiejętności. W książce: teoretyczne, praktyczne, prawne i etyczne aspekty hakowania koncepcja purpurowych zespołów protokoły współczesnego internetu i ich problemy włamywanie się do maszyn pracujących pod kontrolą różnych systemów operacyjnych krytyczne podatności aplikacji sieciowych metody zawodowego hakera Przekonaj się, jak łatwo jest się włamać do Twojego systemu

Web Penetration Testing with Kali Linux. Explore the methods and tools of ethical hacking with Kali Linux - Third Edition

Daniel W. Dieterle, Gilberto Najera-Gutierrez, Juned Ahmed...

Web Penetration Testing with Kali Linux - Third Edition shows you how to set up a lab, helps you understand the nature and mechanics of attacking websites, and explains classical attacks in great depth. This edition is heavily updated for the latest Kali Linux changes and the most recent attacks. Kali Linux shines when it comes to client-side attacks and fuzzing in particular.From the start of the book, you'll be given a thorough grounding in the concepts of hacking and penetration testing, and you'll see the tools used in Kali Linux that relate to web application hacking. You'll gain a deep understanding of classicalSQL, command-injection flaws, and the many ways to exploit these flaws. Web penetration testing also needs a general overview of client-side attacks, which is rounded out by a long discussion of scripting and input validation flaws.There is also an important chapter on cryptographic implementation flaws, where we discuss the most recent problems with cryptographic layers in the networking stack.The importance of these attacks cannot be overstated, and defending against them is relevant to most internet users and, of course, penetration testers.At the end of the book, you'll use an automated technique called fuzzing to identify flaws in a web application. Finally, you'll gain an understanding of web application vulnerabilities and the ways they can be exploited using the tools in Kali Linux.

Windows and Linux Penetration Testing from Scratch. Harness the power of pen testing with Kali Linux for unbeatable hard-hitting results - Second Edition

Phil Bramwell

Let’s be honest—security testing can get repetitive. If you’re ready to break out of the routine and embrace the art of penetration testing, this book will help you to distinguish yourself to your clients.This pen testing book is your guide to learning advanced techniques to attack Windows and Linux environments from the indispensable platform, Kali Linux. You'll work through core network hacking concepts and advanced exploitation techniques that leverage both technical and human factors to maximize success. You’ll also explore how to leverage public resources to learn more about your target, discover potential targets, analyze them, and gain a foothold using a variety of exploitation techniques while dodging defenses like antivirus and firewalls. The book focuses on leveraging target resources, such as PowerShell, to execute powerful and difficult-to-detect attacks. Along the way, you’ll enjoy reading about how these methods work so that you walk away with the necessary knowledge to explain your findings to clients from all backgrounds. Wrapping up with post-exploitation strategies, you’ll be able to go deeper and keep your access.By the end of this book, you'll be well-versed in identifying vulnerabilities within your clients’ environments and providing the necessary insight for proper remediation.