Bezpieczeństwo sieci
Alessandro Parisi
Today's organizations spend billions of dollars globally on cybersecurity. Artificial intelligence has emerged as a great solution for building smarter and safer security systems that allow you to predict and detect suspicious network activity, such as phishing or unauthorized intrusions.This cybersecurity book presents and demonstrates popular and successful AI approaches and models that you can adapt to detect potential attacks and protect your corporate systems. You'll learn about the role of machine learning and neural networks, as well as deep learning in cybersecurity, and you'll also learn how you can infuse AI capabilities into building smart defensive mechanisms. As you advance, you'll be able to apply these strategies across a variety of applications, including spam filters, network intrusion detection, botnet detection, and secure authentication.By the end of this book, you'll be ready to develop intelligent systems that can detect unusual and suspicious patterns and attacks, thereby developing strong network security defenses using AI.
Himanshu Sharma, Joe Marshall
Bug bounties have quickly become a critical part of the security economy. This book shows you how technical professionals with an interest in security can begin productively—and profitably—participating in bug bounty programs.You will learn about SQli, NoSQLi, XSS, XXE, and other forms of code injection. You’ll see how to create CSRF PoC HTML snippets, how to discover hidden content (and what to do with it once it’s found), and how to create the tools for automated pentesting work?ows.Then, you’ll format all of this information within the context of a bug report that will have the greatest chance of earning you cash. With detailed walkthroughs that cover discovering, testing, and reporting vulnerabilities, this book is ideal for aspiring security professionals. You should come away from this work with the skills you need to not only find the bugs you're looking for, but also the best bug bounty programs to participate in, and how to grow your skills moving forward in freelance security research.
Hands-On Cryptography with Python. Leverage the power of Python to encrypt and decrypt data
Samuel Bowne
Cryptography is essential for protecting sensitive information, but it is often performed inadequately or incorrectly. Hands-On Cryptography with Python starts by showing you how to encrypt and evaluate your data. The book will then walk you through various data encryption methods,such as obfuscation, hashing, and strong encryption, and will show how you can attack cryptographic systems. You will learn how to create hashes, crack them, and will understand why they are so different from each other. In the concluding chapters, you will use three NIST-recommended systems: the Advanced Encryption Standard (AES), the Secure Hash Algorithm (SHA), and the Rivest-Shamir-Adleman (RSA). By the end of this book, you will be able to deal with common errors in encryption.
Rajneesh Gupta
Blockchain technology is being welcomed as one of the most revolutionary and impactful innovations of today. Blockchain technology was first identified in the world’s most popular digital currency, Bitcoin, but has now changed the outlook of several organizations and empowered them to use it even for storage and transfer of value.This book will start by introducing you to the common cyberthreat landscape and common attacks such as malware, phishing, insider threats, and DDoS. The next set of chapters will help you to understand the workings of Blockchain technology, Ethereum and Hyperledger architecture and how they fit into the cybersecurity ecosystem. These chapters will also help you to write your first distributed application on Ethereum Blockchain and the Hyperledger Fabric framework. Later, you will learn about the security triad and its adaptation with Blockchain. The last set of chapters will take you through the core concepts of cybersecurity, such as DDoS protection, PKI-based identity, 2FA, and DNS security. You will learn how Blockchain plays a crucial role in transforming cybersecurity solutions.Toward the end of the book, you will also encounter some real-world deployment examples of Blockchain in security cases, and also understand the short-term challenges and future of cybersecurity with Blockchain.
Hands-On Ethical Hacking Tactics. Strategies, tools, and techniques for effective cyber defense
Shane Hartman, Ken Dunham
If you’re an ethical hacker looking to boost your digital defenses and stay up to date with the evolving cybersecurity landscape, then this book is for you. Hands-On Ethical Hacking Tactics is a comprehensive guide that will take you from fundamental to advanced levels of ethical hacking, offering insights into both offensive and defensive techniques. Written by a seasoned professional with 20+ years of experience, this book covers attack tools, methodologies, and procedures, helping you enhance your skills in securing and defending networks.The book starts with foundational concepts such as footprinting, reconnaissance, scanning, enumeration, vulnerability assessment, and threat modeling. Next, you’ll progress to using specific tools and procedures for hacking Windows, Unix, web servers, applications, and databases. The book also gets you up to speed with malware analysis. Throughout the book, you’ll experience a smooth transition from theoretical concepts to hands-on techniques using various platforms. Finally, you’ll explore incident response, threat hunting, social engineering, IoT hacking, and cloud exploitation, which will help you address the complex aspects of ethical hacking.By the end of this book, you’ll have gained the skills you need to navigate the ever-changing world of cybersecurity.
Nipun Jaswal
Network forensics is a subset of digital forensics that deals with network attacks and their investigation. In the era of network attacks and malware threat, it’s now more important than ever to have skills to investigate network attacks and vulnerabilities.Hands-On Network Forensics starts with the core concepts within network forensics, including coding, networking, forensics tools, and methodologies for forensic investigations. You’ll then explore the tools used for network forensics, followed by understanding how to apply those tools to a PCAP file and write the accompanying report. In addition to this, you will understand how statistical flow analysis, network enumeration, tunneling and encryption, and malware detection can be used to investigate your network. Towards the end of this book, you will discover how network correlation works and how to bring all the information from different types of network devices together.By the end of this book, you will have gained hands-on experience of performing forensics analysis tasks.
Hands-On Networking with Azure. Build large-scale, real-world apps using Azure networking solutions
Mohamed Waly
Microsoft Azure networking is one of the most valuable and important offerings in Azure. No matter what solution you are building for the cloud, you'll fi nd a compelling use for it. This book will get you up to speed quickly on Microsoft Azure Networking by teaching you how to use different networking services.By reading this book, you will develop a strong networking foundation for Azure virtual machines and for expanding your on-premise environment to Azure. Hands-On Networking with Azure starts with an introduction to Microsoft Azure networking and creating Azure Virtual Networks with subnets of different types within them. The book helps you understand the architecture of Azure networks. You will then learn the best practices for designing both Windows- and Linux-based Azure VM networks. You will also learn to expand your networks into Azure and how to use Azure DNS. Moreover, you will master best practices for dealing with Azure Load Balancer and the solutions they offer in different scenarios. Finally, we will demonstrate how the Azure Application Gateway works, offering various layer-7 load balancing capabilities for applications. By the end of this book, you will be able to architect your networking solutions for Azure.
Phil Bramwell
Windows has always been the go-to platform for users around the globe to perform administration and ad hoc tasks, in settings that range from small offices to global enterprises, and this massive footprint makes securing Windows a unique challenge. This book will enable you to distinguish yourself to your clients.In this book, you'll learn advanced techniques to attack Windows environments from the indispensable toolkit that is Kali Linux. We'll work through core network hacking concepts and advanced Windows exploitation techniques, such as stack and heap overflows, precision heap spraying, and kernel exploitation, using coding principles that allow you to leverage powerful Python scripts and shellcode.We'll wrap up with post-exploitation strategies that enable you to go deeper and keep your access. Finally, we'll introduce kernel hacking fundamentals and fuzzing testing, so you can discover vulnerabilities and write custom exploits. By the end of this book, you'll be well-versed in identifying vulnerabilities within the Windows OS and developing the desired solutions for them.
Furqan Khan
With the current technological and infrastructural shift, penetration testing is no longer a process-oriented activity. Modern-day penetration testing demands lots of automation and innovation; the only language that dominates all its peers is Python. Given the huge number of tools written in Python, and its popularity in the penetration testing space, this language has always been the first choice for penetration testers.Hands-On Penetration Testing with Python walks you through advanced Python programming constructs. Once you are familiar with the core concepts, you’ll explore the advanced uses of Python in the domain of penetration testing and optimization. You’ll then move on to understanding how Python, data science, and the cybersecurity ecosystem communicate with one another. In the concluding chapters, you’ll study exploit development, reverse engineering, and cybersecurity use cases that can be automated with Python.By the end of this book, you’ll have acquired adequate skills to leverage Python as a helpful tool to pentest and secure infrastructure, while also creating your own custom exploits.
Hands-On Red Team Tactics. A practical guide to mastering Red Team operations
Himanshu Sharma, Harpreet Singh
Red Teaming is used to enhance security by performing simulated attacks on an organization in order to detect network and system vulnerabilities. Hands-On Red Team Tactics starts with an overview of pentesting and Red Teaming, before giving you an introduction to few of the latest pentesting tools. We will then move on to exploring Metasploit and getting to grips with Armitage. Once you have studied the fundamentals, you will learn how to use Cobalt Strike and how to set up its team server.The book introduces some common lesser known techniques for pivoting and how to pivot over SSH, before using Cobalt Strike to pivot. This comprehensive guide demonstrates advanced methods of post-exploitation using Cobalt Strike and introduces you to Command and Control (C2) servers and redirectors. All this will help you achieve persistence using beacons and data exfiltration, and will also give you the chance to run through the methodology to use Red Team activity tools such as Empire during a Red Team activity on Active Directory and Domain Controller.In addition to this, you will explore maintaining persistent access, staying untraceable, and getting reverse connections over different C2 covert channels.By the end of this book, you will have learned about advanced penetration testing tools, techniques to get reverse shells over encrypted channels, and processes for post-exploitation.
Naren Yellavula
Building RESTful web services can be tough as there are countless standards and ways to develop API. In modern architectures such as microservices, RESTful APIs are common in communication, making idiomatic and scalable API development crucial. This book covers basic through to advanced API development concepts and supporting tools.You’ll start with an introduction to REST API development before moving on to building the essential blocks for working with Go. You’ll explore routers, middleware, and available open source web development solutions in Go to create robust APIs, and understand the application and database layers to build RESTful web services. You’ll learn various data formats like protocol buffers and JSON, and understand how to serve them over HTTP and gRPC. After covering advanced topics such as asynchronous API design and GraphQL for building scalable web services, you’ll discover how microservices can benefit from REST. You’ll also explore packaging artifacts in the form of containers and understand how to set up an ideal deployment ecosystem for web services. Finally, you’ll cover the provisioning of infrastructure using infrastructure as code (IaC) and secure your REST API.By the end of the book, you’ll have intermediate knowledge of web service development and be able to apply the skills you’ve learned in a practical way.
Hands-On Security in DevOps. Ensure continuous security, deployment, and delivery with DevSecOps
Tony Hsiang-Chih Hsu
DevOps has provided speed and quality benefits with continuous development and deployment methods, but it does not guarantee the security of an entire organization. Hands-On Security in DevOps shows you how to adopt DevOps techniques to continuously improve your organization’s security at every level, rather than just focusing on protecting your infrastructure.This guide combines DevOps and security to help you to protect cloud services, and teaches you how to use techniques to integrate security directly in your product. You will learn how to implement security at every layer, such as for the web application, cloud infrastructure, communication, and the delivery pipeline layers. With the help of practical examples, you’ll explore the core security aspects, such as blocking attacks, fraud detection, cloud forensics, and incident response. In the concluding chapters, you will cover topics on extending DevOps security, such as risk assessment, threat modeling, and continuous security.By the end of this book, you will be well-versed in implementing security in all layers of your organization and be confident in monitoring and blocking attacks throughout your cloud services.
Hardware i testy penetracyjne. Przewodnik po metodach ataku i obrony
Jean-Georges Valle
Hardware i testy penetracyjne. Przewodnik po metodach ataku i obrony Wraz z rozwojem internetu rzeczy, a także upowszechnianiem się elektronicznego sterowania i kontrolowania różnych procesów przestępcy doskonalą techniki łamania zabezpieczeń systemów wbudowanych. Konsekwencje skutecznego ataku na jakiś kluczowy element infrastruktury mogą się okazać dotkliwe i niezwykle kosztowne. Oznacza to, że testowanie pod kątem bezpieczeństwa powinno dotyczyć sprzętu i systemów wbudowanych. Również elektronicy powinni umieć chronić przed atakami swoje urządzenia. Szczególną rolę w tym procesie odgrywają testy penetracyjne, których celem jest wyszukiwanie luk w zabezpieczeniach. Oto praktyczny przewodnik po bezpieczeństwie sprzętu. Opisuje podstawy sprzętowej architektury systemów wbudowanych i protokoły komunikacyjne stosowane w urządzeniach elektronicznych. Pokazuje, w jaki sposób można przechwytywać przesyłane dane i jak wykorzystać tę wiedzę do przeprowadzania ataków. W książce zaprezentowano techniki identyfikacji i klasyfikacji zagrożeń systemu. Przeanalizowano także zależności łączące system wbudowany z jego otoczeniem, przy czym zwrócono uwagę na możliwe podatności na ataki i konsekwencje ewentualnego odczytania oprogramowania układowego. W końcowej części natomiast omówiono zasady inżynierii wstecznej oprogramowania, umożliwiającej ataki na urządzenia. Znajdziemy tu również wskazówki dotyczące ochrony urządzeń przed najbardziej typowymi atakami. Dzięki książce dowiesz się, jak: testować systemy wbudowane i rozpoznawać ich najważniejsze funkcjonalności identyfikować i atakować krytyczne zabezpieczenia odczytywać i modyfikować dane zapisane w systemach wbudowanych badać zależności pomiędzy oprogramowaniem układowym a sprzętem atakować zabezpieczenia stosowane w różnych blokach funkcjonalnych urządzeń rozwijać laboratorium umożliwiające zaawansowane analizy i przygotowanie ataków Internet rzeczy również można skutecznie zaatakować!
Hartowanie Linuksa we wrogich środowiskach sieciowych. Ochrona serwera od TLS po Tor
Kyle Rankin
Bezpieczeństwo serwerów - od TLS do TOR W dzisiejszym świecie, w którym wiele codziennych aktywności odbywa się przez internet, bardzo dużo zależy od bezpieczeństwa serwerów. Kiedy zwykli ludzie tworzą społeczności, komunikują się i robią zakupy online, hakerzy niestrudzenie przeglądają sieć, poszukując słabych punktów. Atakują różne obiekty: mogą to być agencje rządowe, elektrownie i banki, ale równie dobrze ich celem może się stać jakakolwiek sieć komputerów. Chodzi o uzyskanie wrażliwych informacji, zbiorów danych osobowych czy wreszcie przejęcie kontroli nad systemem. Co gorsza, agresorzy odnoszą sukcesy nawet w przypadku sieci, w których wdrożono złożone i kosztowne zabezpieczenia. Dzięki tej książce poznasz sprawdzone i niezbyt skomplikowane procedury, które pozwolą Ci na zahartowanie swoich danych. Zawarte tu treści przedstawiono w sposób bardzo praktyczny, z uwzględnieniem najnowszych osiągnięć w dziedzinie zabezpieczania systemów. Najpierw zapoznasz się z ogólnym ujęciem tematyki bezpieczeństwa systemów, w tym stacji roboczych, serwerów i sieci. Następnie dowiesz się, w jaki sposób zahartować specyficzne usługi, takie jak serwery WWW, pocztę elektroniczną, systemy DNS i bazy danych. Na końcu książki znalazł się rozdział poświęcony reagowaniu na incydenty - to również jest wiedza potrzebna każdemu administratorowi. Najciekawsze zagadnienia: Hartowanie stacji roboczych, w tym stacji roboczych administratorów Zabezpieczanie infrastruktury i ustawienie zapory sieciowej Zaawansowane hartowanie serwerów poczty elektronicznej Korzystanie z podstawowych i zaawansowanych właściwości usługi DNS Poruszanie się w sieci TOR Po pierwsze: zabezpiecz swoją sieć i zahartuj swój system! Kyle Rankin od wielu lat zajmuje się administrowaniem systemów informatycznych. Jest uznanym ekspertem w dziedzinie zabezpieczania infrastruktury, architektury, automatyzacji i rozwiązywania problemów z tym związanych. Rankin jest nagradzanym felietonistą magazynu "Linux Journal" i przewodniczącym rady doradczej Purism. Często wygłasza referaty na konferencjach poświęconych oprogramowaniu open source i bezpieczeństwu, takich jak O'Reilly Security Conference, CactusCon, SCALE, OSCON, LinuxWorld Expo, Penguicon.
Nikki Robinson, Calvin Nobles, Chris Cochran
Cybersecurity isn’t just a technical problem; it’s a human one. Human Factors in Cybersecurity equips you to tackle today’s digital threats by designing systems that respect how cybersecurity professionals actually think, behave, and make decisions.Despite billions spent on advanced technologies, human behavior remains cybersecurity’s greatest vulnerability. This book shows how to design defenses that work with people, not against them. Blending cybersecurity operations expertise with human factors science, it reveals that security failures are not inevitable. They’re design failures. Inside, you’ll learn how to shift from user-blaming policies to human-centered security engineering. Discover how to predict and influence user behavior, design controls that support cognitive realities, and embed human factors strategies at scale. Through actionable frameworks, real-world examples, and clear guidance, you will learn to reduce errors, build trust, and design systems resilient to human limitations.Authored by experts in cybersecurity, machine learning, and human factors engineering, this book delivers the interdisciplinary insight needed to lead the shift toward systems that are not only secure but genuinely usable. It transforms human factors from cybersecurity’s biggest blind spot into its most powerful driver of resilience.
Sreekanth Iyer
Security is a primary concern for enterprises going through digital transformation and accelerating their journey to multi-cloud environments. This book recommends a simple pattern-based approach to architecting, designing and implementing security for workloads deployed on AWS, Microsoft Azure, Google Cloud, and IBM Cloud.The book discusses enterprise modernization trends and related security opportunities and challenges. You’ll understand how to implement identity and access management for your cloud resources and applications. Later chapters discuss patterns to protect cloud infrastructure (compute, storage and network) and provide protection for data at rest, in transit and in use. You’ll also learn how to shift left and include security in the early stages of application development to adopt DevSecOps. The book also deep dives into threat monitoring, configuration and vulnerability management, and automated incident response. Finally, you’ll discover patterns to implement security posture management backed with intelligence and automated protection to stay ahead of threats.By the end of this book, you’ll have learned all the hybrid cloud security patterns and be able to use them to create zero trust architecture that provides continuous security and compliance for your cloud workloads.