Bezpieczeństwo sieci
Laboratorium cyberbezpieczeństwa w Dockerze. Zrób to sam
Krzysztof Godzisz
Izolacja procesów i środowisk to dziś jeden z najważniejszych mechanizmów zapewniania bezpieczeństwa systemów IT. Dzięki temu możemy nie tylko bezpiecznie uruchamiać niezaufane zasoby, ale przede wszystkim przeprowadzać testy penetracyjne i badać złośliwe oprogramowanie bez ryzyka, że zainfekuje ono natywne środowisko. Jedną z najwyższych form izolacji jest konteneryzacja - użytkownik ma wówczas praktycznie całkowitą kontrolę na relacją pomiędzy kontenerem a systemem operacyjnym hosta. W ostatnich latach na lidera konteneryzacji wyrosło środowisko uruchomieniowe Docker. Dzięki funkcjonalności, wygodnej obsłudze i szerokiej kompatybilności z różnymi systemami operacyjnymi stanowi on dziś techniczny standard. Docker otwiera przed badaczami cyberbezpieczeństwa nowe możliwości testowania oprogramowania pod kątem bezpieczeństwa i analizy wszelkiej maści malware bez konieczności budowania kosztownej infrastruktury - dzięki Dockerowi i konteneryzacji swoje laboratorium można zbudować w obrębie pojedynczej stacji roboczej. Laboratorium cyberbezpieczeństwa w Dockerze. Zrób to sam to przewodnik instruujący krok po kroku, jak zbudować własne laboratorium w kontenerze Dockera. Szczegółowo omawia proces instalacji środowiska na różnych dystrybucjach Linuksa i jego konfiguracji, a także kwestie związane z zarządzaniem kontenerami i budowaniem zależności. Najważniejsze zagadnienia: instalacja i konfiguracja Dockera zarządzanie kontenerami budowanie sieci Dockera obsługa narzędzi pentesterskich budowanie i uruchamianie multikontenerów zarządzanie podatnościami Zbuduj własny cybersec lab - najlepiej w Dockerze!
Richard Diver, Gary Bushey
Azure Sentinel is a Security Information and Event Management (SIEM) tool developed by Microsoft to integrate cloud security and artificial intelligence (AI). Azure Sentinel not only helps clients identify security issues in their environment, but also uses automation to help resolve these issues. With this book, you’ll implement Azure Sentinel and understand how it can help find security incidents in your environment with integrated artificial intelligence, threat analysis, and built-in and community-driven logic.This book starts with an introduction to Azure Sentinel and Log Analytics. You’ll get to grips with data collection and management, before learning how to create effective Azure Sentinel queries to detect anomalous behaviors and patterns of activity. As you make progress, you’ll understand how to develop solutions that automate the responses required to handle security incidents. Finally, you’ll grasp the latest developments in security, discover techniques to enhance your cloud security architecture, and explore how you can contribute to the security community.By the end of this book, you’ll have learned how to implement Azure Sentinel to fit your needs and be able to protect your environment from cyber threats and other security issues.
Learn Computer Forensics. A beginner's guide to searching, analyzing, and securing digital evidence
William Oettinger
A computer forensics investigator must possess a variety of skills, including the ability to answer legal questions, gather and document evidence, and prepare for an investigation. This book will help you get up and running with using digital forensic tools and techniques to investigate cybercrimes successfully. Starting with an overview of forensics and all the open source and commercial tools needed to get the job done, you'll learn core forensic practices for searching databases and analyzing data over networks, personal devices, and web applications. You'll then learn how to acquire valuable information from different places, such as filesystems, e-mails, browser histories, and search queries, and capture data remotely. As you advance, this book will guide you through implementing forensic techniques on multiple platforms, such as Windows, Linux, and macOS, to demonstrate how to recover valuable information as evidence. Finally, you'll get to grips with presenting your findings efficiently in judicial or administrative proceedings.By the end of this book, you'll have developed a clear understanding of how to acquire, analyze, and present digital evidence like a proficient computer forensics investigator.
Kaizhe Huang, Pranjal Jumde, Loris Degioanni
Kubernetes is an open source orchestration platform for managing containerized applications. Despite widespread adoption of the technology, DevOps engineers might be unaware of the pitfalls of containerized environments. With this comprehensive book, you'll learn how to use the different security integrations available on the Kubernetes platform to safeguard your deployments in a variety of scenarios.Learn Kubernetes Security starts by taking you through the Kubernetes architecture and the networking model. You'll then learn about the Kubernetes threat model and get to grips with securing clusters. Throughout the book, you'll cover various security aspects such as authentication, authorization, image scanning, and resource monitoring. As you advance, you'll learn about securing cluster components (the kube-apiserver, CoreDNS, and kubelet) and pods (hardening image, security context, and PodSecurityPolicy). With the help of hands-on examples, you'll also learn how to use open source tools such as Anchore, Prometheus, OPA, and Falco to protect your deployments.By the end of this Kubernetes book, you'll have gained a solid understanding of container security and be able to protect your clusters from cyberattacks and mitigate cybersecurity threats.
David Zientara
As computer networks become ubiquitous, it has become increasingly important to both secure and optimize our networks. pfSense, an open-source router/firewall, provides an easy, cost-effective way of achieving this – and this book explains how to install and configure pfSense in such a way that even a networking beginner can successfully deploy and use pfSense.This book begins by covering networking fundamentals, deployment scenarios, and hardware sizing guidelines, as well as how to install pfSense. The book then covers configuration of basic services such as DHCP, DNS, and captive portal and VLAN configuration. Careful consideration is given to the core firewall functionality of pfSense, and how to set up firewall rules and traffic shaping. Finally, the book covers the basics of VPNs, multi-WAN setups, routing and bridging, and how to perform diagnostics and troubleshooting on a network.
Learn Social Engineering. Learn the art of human hacking with an internationally renowned expert
Dr. Erdal Ozkaya
This book will provide you with a holistic understanding of social engineering. It will help you to avoid and combat social engineering attacks by giving you a detailed insight into how a social engineer operates.Learn Social Engineering starts by giving you a grounding in the different types of social engineering attacks,and the damages they cause. It then sets up the lab environment to use different toolS and then perform social engineering steps such as information gathering. The book covers topics from baiting, phishing, and spear phishing, to pretexting and scareware.By the end of the book, you will be in a position to protect yourself andyour systems from social engineering threats and attacks.All in all, the book covers social engineering from A to Z , along with excerpts from many world wide known security experts.
Lisa Bock
Wireshark is a popular and powerful packet analysis tool that helps network administrators investigate latency issues and potential attacks. Over the years, there have been many enhancements to Wireshark’s functionality. This book will guide you through essential features so you can capture, display, and filter data with ease. In addition to this, you’ll gain valuable tips on lesser-known configuration options, which will allow you to complete your analysis in an environment customized to suit your needs.This updated second edition of Learn Wireshark starts by outlining the benefits of traffic analysis. You’ll discover the process of installing Wireshark and become more familiar with the interface. Next, you’ll focus on the Internet Suite and then explore deep packet analysis of common protocols such as DNS, DHCP, HTTP, and ARP. The book also guides you through working with the expert system to detect network latency issues, create I/O and stream graphs, subset traffic, and save and export captures. Finally, you’ll understand how to share captures using CloudShark, a browser-based solution for analyzing packet captures.By the end of this Wireshark book, you’ll have the skills and hands-on experience you need to conduct deep packet analysis of common protocols and network troubleshooting as well as identify security issues.
Swaroop Yermalkar
iOS has become one of the most popular mobile operating systems with more than 1.4 million apps available in the iOS App Store. Some security weaknesses in any of these applications or on the system could mean that an attacker can get access to the device and retrieve sensitive information. This book will show you how to conduct a wide range of penetration tests on iOS devices to uncover vulnerabilities and strengthen the system from attacks.Learning iOS Penetration Testing discusses the common vulnerabilities and security-related shortcomings in an iOS application and operating system, and will teach you to conduct static and dynamic analysis of iOS applications.This practical guide will help you uncover vulnerabilities in iOS phones and applications. We begin with basics of iOS security and dig deep to learn about traffic analysis, code analysis, and various other techniques. Later, we discuss the various utilities, and the process of reversing and auditing.
Raul Lapaz
With readily available services, support, and tools, Kubernetes has become a foundation for digital transformation and cloud-native development, but it brings significant security challenges such as breaches and supply chain attacks.This updated edition equips you with defense strategies to protect your applications and infrastructure while understanding the attacker mindset, including tactics like container escapes and exploiting vulnerabilities to compromise clusters. The author distills his 25+ years of experience to guide you through Kubernetes components, architecture, and networking, addressing authentication, authorization, image scanning, resource monitoring, and traffic sniffing. You’ll implement security controls using third-party plugins (krew) and tools like Falco, Tetragon, and Cilium. You’ll also secure core components, such as the kube-apiserver, CoreDNS, and kubelet, while hardening images, managing security contexts, and applying PodSecurityPolicy. Through practical examples, the book teaches advanced techniques like redirecting traffic from misconfigured clusters to rogue pods and enhances your support incident response with effective cluster monitoring and log analysis.By the end of the book, you'll have a solid grasp of container security as well as the skills to defend your clusters against evolving threats.
Wojciech Kocjan
This is a beginner-level book, which will introduce Nagios to System Administrators who are interested in monitoring their systems. The focus is on teaching system administrators to secure their systems in a much improved manner incorporating the newer features of Nagios.It will teach Nagios beginners the basics of installation and configuration of version 3; it will show professionals who have already worked on earlier versions of Nagios the new features of Nagios like inheritance and also the new internal functions like better check scheduling. The target readers for this book are System Administrators interested in using Nagios. This book will introduce Nagios with the new features of Version 3 for System Administrators.
Samir Datt
We live in a highly networked world. Every digital device—phone, tablet, or computer is connected to each other, in one way or another. In this new age of connected networks, there is network crime. Network forensics is the brave new frontier of digital investigation and information security professionals to extend their abilities to catch miscreants on the network.The book starts with an introduction to the world of network forensics and investigations. You will begin by getting an understanding of how to gather both physical and virtual evidence, intercepting and analyzing network data, wireless data packets, investigating intrusions, and so on. You will further explore the technology, tools, and investigating methods using malware forensics, network tunneling, and behaviors. By the end of the book, you will gain a complete understanding of how to successfully close a case.
Preston Miller, Chapin Bryce
This book will illustrate how and why you should learn Python to strengthen your analysis skills and efficiency as you creatively solve real-world problems through instruction-based tutorials. The tutorials use an interactive design, giving you experience of the development process so you gain a better understanding of what it means to be a forensic developer.Each chapter walks you through a forensic artifact and one or more methods to analyze the evidence. It also provides reasons why one method may be advantageous over another. We cover common digital forensics and incident response scenarios, with scripts that can be used to tackle case work in the field. Using built-in and community-sourced libraries, you will improve your problem solving skills with the addition of the Python scripting language. In addition, we provide resources for further exploration of each script so you can understand what further purposes Python can serve. With this knowledge, you can rapidly develop and deploy solutions to identify critical information and fine-tune your skill set as an examiner.
Preston Miller, Chapin Bryce
Digital forensics plays an integral role in solving complex cybercrimes and helping organizations make sense of cybersecurity incidents. This second edition of Learning Python for Forensics illustrates how Python can be used to support these digital investigations and permits the examiner to automate the parsing of forensic artifacts to spend more time examining actionable data.The second edition of Learning Python for Forensics will illustrate how to develop Python scripts using an iterative design. Further, it demonstrates how to leverage the various built-in and community-sourced forensics scripts and libraries available for Python today. This book will help strengthen your analysis skills and efficiency as you creatively solve real-world problems through instruction-based tutorials.By the end of this book, you will build a collection of Python scripts capable of investigating an array of forensic artifacts and master the skills of extracting metadata and parsing complex data structures into actionable reports. Most importantly, you will have developed a foundation upon which to build as you continue to learn Python and enhance your efficacy as an investigator.
Learning Python Web Penetration Testing. Automate web penetration testing activities using Python
Christian Martorella
Web penetration testing is the use of tools and code to attack a website or web app in order to assess its vulnerability to external threats. While there are an increasing number of sophisticated, ready-made tools to scan systems for vulnerabilities, the use of Python allows you to write system-specific scripts, or alter and extend existing testing tools to find, exploit, and record as many security weaknesses as possible. Learning Python Web Penetration Testing will walk you through the web application penetration testing methodology, showing you how to write your own tools with Python for each activity throughout the process. The book begins by emphasizing the importance of knowing how to write your own tools with Python for web application penetration testing. You will then learn to interact with a web application using Python, understand the anatomy of an HTTP request, URL, headers and message body, and later create a script to perform a request, and interpret the response and its headers. As you make your way through the book, you will write a web crawler using Python and the Scrappy library. The book will also help you to develop a tool to perform brute force attacks in different parts of the web application. You will then discover more on detecting and exploiting SQL injection vulnerabilities. By the end of this book, you will have successfully created an HTTP proxy based on the mitmproxy tool.
Linux Networking Cookbook. Over 40 recipes to help you set up and configure Linux networks
Gregory Boyce
Linux can be configured as a networked workstation, a DNS server, a mail server, a firewall, a gateway router, and many other things. These are all part of administration tasks, hence network administration is one of the main tasks of Linux system administration. By knowing how to configure system network interfaces in a reliable and optimal manner, Linux administrators can deploy and configure several network services including file, web, mail, and servers while working in large enterprise environments.Starting with a simple Linux router that passes traffic between two private networks, you will see how to enable NAT on the router in order to allow Internet access from the network, and will also enable DHCP on the network to ease configuration of client systems. You will then move on to configuring your own DNS server on your local network using bind9 and tying it into your DHCP server to allow automatic configuration of local hostnames. You will then future enable your network by setting up IPv6 via tunnel providers.Moving on, we’ll configure Samba to centralize authentication for your network services; we will also configure Linux client to leverage it for authentication, and set up a RADIUS server that uses the directory server for authentication.Toward the end, you will have a network with a number of services running on it, and will implement monitoring in order to detect problems as they occur.
Linux Shell Scripting for Hackers. Automate and scale your hacking process with bash scripting
Valentine (Traw) Nachi, Donald A. Tevault
Mastering bash scripting is a powerful skill that separates professional hackers from the rest. This comprehensive guide explores bash scripting in depth, equipping you with the knowledge and tools you need to automate complex tasks, streamline workflows, and craft custom utilities.The book takes you on a journey through advanced scripting techniques, while helping you master the command line and use practical examples that showcase real-world applications. From automating reconnaissance processes to creating custom exploitation tools, this book provides you with the skills to tackle even the most daunting challenges. You’ll discover how to utilize bash, awk, sed, and regular expressions to manipulate data, parse logs, and extract valuable information. A dedicated section also focuses on network scripting, helping you craft scripts that interact with remote systems, scan, and gather information.By the end of this bash scripting book, you’ll be able to apply your newfound knowledge to tackle realistic scenarios, honing your skills and preparing for the front lines of cybersecurity.
Malware Analysis Techniques. Tricks for the triage of adversarial software
Dylan Barker
Malicious software poses a threat to every enterprise globally. Its growth is costing businesses millions of dollars due to currency theft as a result of ransomware and lost productivity. With this book, you'll learn how to quickly triage, identify, attribute, and remediate threats using proven analysis techniques. Malware Analysis Techniques begins with an overview of the nature of malware, the current threat landscape, and its impact on businesses. Once you've covered the basics of malware, you'll move on to discover more about the technical nature of malicious software, including static characteristics and dynamic attack methods within the MITRE ATT&CK framework. You'll also find out how to perform practical malware analysis by applying all that you've learned to attribute the malware to a specific threat and weaponize the adversary's indicators of compromise (IOCs) and methodology against them to prevent them from attacking. Finally, you'll get to grips with common tooling utilized by professional malware analysts and understand the basics of reverse engineering with the NSA's Ghidra platform. By the end of this malware analysis book, you’ll be able to perform in-depth static and dynamic analysis and automate key tasks for improved defense against attacks.
Ashish Kumar, Shashank Kumar, Abbas Kudrati, Sarah...
With the rapid pace of digital change today, especially since the pandemic sped up digital transformation and technologies, it has become more important than ever to be aware of the unknown risks and the landscape of digital threats. This book highlights various risks and shows how business-as-usual operations carried out by unaware or targeted workers can lead your organization to a regulatory or business risk, which can impact your organization’s reputation and balance sheet.This book is your guide to identifying the topmost risks relevant to your business with a clear roadmap of when to start the risk mitigation process and what your next steps should be. With a focus on the new and emerging risks that remote-working companies are experiencing across diverse industries, you’ll learn how to manage risks by taking advantage of zero trust network architecture and the steps to be taken when smart devices are compromised. Toward the end, you’ll explore various types of AI-powered machines and be ready to make your business future-proof.In a nutshell, this book will direct you on how to identify and mitigate risks that the ever- advancing digital technology has unleashed.
Mastering AWS Security. Create and maintain a secure cloud ecosystem
Albert Anthony
Mastering AWS Security starts with a deep dive into the fundamentals of the shared security responsibility model. This book tells you how you can enable continuous security, continuous auditing, and continuous compliance by automating your security in AWS with the tools, services, and features it provides.Moving on, you will learn about access control in AWS for all resources. You will also learn about the security of your network, servers, data and applications in the AWS cloud using native AWS security services. By the end of this book, you will understand the complete AWS Security landscape, covering all aspects of end - to -end software and hardware security along with logging, auditing, and compliance of your entire IT environment in the AWS cloud. Lastly, the book will wrap up with AWS best practices for security.
Laurent Mathieu
If you’re trying to navigate the complex world of AWS security and fortify your organizational cloud environment, then this book is for you. Written by an accomplished cybersecurity and AWS cloud consultant, Mastering AWS Security will help you understand and master the complexities of AWS security. This book offers an in-depth and practical exploration of AWS security concepts, features, and services, focusing on how they apply to modern cloud-based application environments. As you progress, you’ll gain a thorough introduction to the art of security automation and DevSecOps. You’ll learn how to automate security tasks, integrate security into your development process, and maintain a high level of security as your applications evolve and scale. Emphasizing continuous monitoring and improvement, this book will teach you how to set up monitoring systems, interpret security data, and make informed decisions to enhance your security over time. Through real-world case studies, you’ll learn how to tackle the challenges and find solutions for securing AWS environments. By the end of this book, you’ll confidently secure your AWS environments, and stay up to date with the latest security trends and updates in the AWS ecosystem.
Mastering Azure Security. Keeping your Microsoft Azure workloads safe - Second Edition
Mustafa Toroman, Tom Janetscheck
Security is integrated into every cloud, but this makes users put their guard down as they take cloud security for granted. Although the cloud provides higher security, keeping their resources secure is one of the biggest challenges many organizations face as threats are constantly evolving. Microsoft Azure offers a shared responsibility model that can address any challenge with the right approach.Revised to cover product updates up to early 2022, this book will help you explore a variety of services and features from Microsoft Azure that can help you overcome challenges in cloud security. You'll start by learning the most important security concepts in Azure, their implementation, and then advance to understanding how to keep resources secure. The book will guide you through the tools available for monitoring Azure security and enforcing security and governance the right way. You'll also explore tools to detect threats before they can do any real damage and those that use machine learning and AI to analyze your security logs and detect anomalies.By the end of this cloud security book, you'll have understood cybersecurity in the cloud and be able to design secure solutions in Microsoft Azure.
Qamar Nomani, Julie Davila, Rehman Khan
This book will help you secure your cloud infrastructure confidently with cloud security posture management (CSPM) through expert guidance that’ll enable you to implement CSPM effectively, ensuring an optimal security posture across multi-cloud infrastructures.The book begins by unraveling the fundamentals of cloud security, debunking myths about the shared responsibility model, and introducing key concepts such as defense-in-depth, the Zero Trust model, and compliance. Next, you’ll explore CSPM's core components, tools, selection criteria, deployment strategies, and environment settings, which will be followed by chapters on onboarding cloud accounts, dashboard customization, cloud assets inventory, configuration risks, and cyber threat hunting.As you progress, you’ll get to grips with operational practices, vulnerability and patch management, compliance benchmarks, and security alerts. You’ll also gain insights into cloud workload protection platforms (CWPPs). The concluding chapters focus on Infrastructure as Code (IaC) scanning, DevSecOps, and workflow automation, providing a thorough understanding of securing multi-cloud environments.By the end of this book, you’ll have honed the skills to make informed decisions and contribute effectively at every level, from strategic planning to day-to-day operations.
Adarsh Nair, Greeshma M. R.
ISO 27001 and ISO 27002 are globally recognized standards for information security management systems (ISMSs), providing a robust framework for information protection that can be adapted to all organization types and sizes. Organizations with significant exposure to information-security–related risks are increasingly choosing to implement an ISMS that complies with ISO 27001. This book will help you understand the process of getting your organization's information security management system certified by an accredited certification body.The book begins by introducing you to the standards, and then takes you through different principles and terminologies. Once you completely understand these standards, you’ll explore their execution, wherein you find out how to implement these standards in different sizes of organizations. The chapters also include case studies to enable you to understand how you can implement the standards in your organization. Finally, you’ll get to grips with the auditing process, planning, techniques, and reporting and learn to audit for ISO 27001.By the end of this book, you’ll have gained a clear understanding of ISO 27001/27002 and be ready to successfully implement and audit for these standards.
Brian Sak, Jilumudi Raghu Ram
Kali Linux is a Debian-based Linux distribution designed for digital forensics and penetration testing. It gives access to a large collection of security-related tools for professional security testing - some of the major ones being Nmap, Aircrack-ng, Wireshark, and Metasploit.This book will take you on a journey where you will learn to master advanced tools and techniques to conduct wireless penetration testing with Kali Linux. You will begin by gaining an understanding of setting up and optimizing your penetration testing environment for wireless assessments. Then, the book will take you through a typical assessment from reconnaissance, information gathering, and scanning the network through exploitation and data extraction from your target. You will get to know various ways to compromise the wireless network using browser exploits, vulnerabilities in firmware, web-based attacks, client-side exploits, and many other hacking methods. You will also discover how to crack wireless networks with speed, perform man-in-the-middle and DOS attacks, and use Raspberry Pi and Android to expand your assessment methodology.By the end of this book, you will have mastered using Kali Linux for wireless security assessments and become a more effective penetration tester and consultant.