Hands-On Penetration Testing with Kali NetHunter. Spy on and protect vulnerable ecosystems using the power of Kali Linux for pentesting on the go

Glen D. Singh, Sean-Philip Oriyano

Kali NetHunter is a version of the popular and powerful Kali Linux pentesting platform, designed to be installed on mobile devices. Hands-On Penetration Testing with Kali NetHunter will teach you the components of NetHunter and how to install the software. You’ll also learn about the different tools included and how to optimize and use a package, obtain desired results, perform tests, and make your environment more secure. Starting with an introduction to Kali NetHunter, you will delve into different phases of the pentesting process. This book will show you how to build your penetration testing environment and set up your lab. You will gain insight into gathering intellectual data, exploiting vulnerable areas, and gaining control over target systems. As you progress through the book, you will explore the NetHunter tools available for exploiting wired and wireless devices. You will work through new ways to deploy existing tools designed to reduce the chances of detection. In the concluding chapters, you will discover tips and best practices for integrating security hardening into your Android ecosystem. By the end of this book, you will have learned to successfully use a mobile penetration testing device based on Kali NetHunter and Android to accomplish the same tasks you would traditionally, but in a smaller and more mobile form factor.

Hands-On Penetration Testing with Python. Enhance your ethical hacking skills to build automated and intelligent systems

Furqan Khan

With the current technological and infrastructural shift, penetration testing is no longer a process-oriented activity. Modern-day penetration testing demands lots of automation and innovation; the only language that dominates all its peers is Python. Given the huge number of tools written in Python, and its popularity in the penetration testing space, this language has always been the first choice for penetration testers.Hands-On Penetration Testing with Python walks you through advanced Python programming constructs. Once you are familiar with the core concepts, you’ll explore the advanced uses of Python in the domain of penetration testing and optimization. You’ll then move on to understanding how Python, data science, and the cybersecurity ecosystem communicate with one another. In the concluding chapters, you’ll study exploit development, reverse engineering, and cybersecurity use cases that can be automated with Python.By the end of this book, you’ll have acquired adequate skills to leverage Python as a helpful tool to pentest and secure infrastructure, while also creating your own custom exploits.

Hands-On Red Team Tactics. A practical guide to mastering Red Team operations

Himanshu Sharma, Harpreet Singh

Red Teaming is used to enhance security by performing simulated attacks on an organization in order to detect network and system vulnerabilities. Hands-On Red Team Tactics starts with an overview of pentesting and Red Teaming, before giving you an introduction to few of the latest pentesting tools. We will then move on to exploring Metasploit and getting to grips with Armitage. Once you have studied the fundamentals, you will learn how to use Cobalt Strike and how to set up its team server.The book introduces some common lesser known techniques for pivoting and how to pivot over SSH, before using Cobalt Strike to pivot. This comprehensive guide demonstrates advanced methods of post-exploitation using Cobalt Strike and introduces you to Command and Control (C2) servers and redirectors. All this will help you achieve persistence using beacons and data exfiltration, and will also give you the chance to run through the methodology to use Red Team activity tools such as Empire during a Red Team activity on Active Directory and Domain Controller.In addition to this, you will explore maintaining persistent access, staying untraceable, and getting reverse connections over different C2 covert channels.By the end of this book, you will have learned about advanced penetration testing tools, techniques to get reverse shells over encrypted channels, and processes for post-exploitation.

Hands-On RESTful Web Services with Go. Develop elegant RESTful APIs with Golang for microservices and the cloud - Second Edition

Naren Yellavula

Building RESTful web services can be tough as there are countless standards and ways to develop API. In modern architectures such as microservices, RESTful APIs are common in communication, making idiomatic and scalable API development crucial. This book covers basic through to advanced API development concepts and supporting tools.You’ll start with an introduction to REST API development before moving on to building the essential blocks for working with Go. You’ll explore routers, middleware, and available open source web development solutions in Go to create robust APIs, and understand the application and database layers to build RESTful web services. You’ll learn various data formats like protocol buffers and JSON, and understand how to serve them over HTTP and gRPC. After covering advanced topics such as asynchronous API design and GraphQL for building scalable web services, you’ll discover how microservices can benefit from REST. You’ll also explore packaging artifacts in the form of containers and understand how to set up an ideal deployment ecosystem for web services. Finally, you’ll cover the provisioning of infrastructure using infrastructure as code (IaC) and secure your REST API.By the end of the book, you’ll have intermediate knowledge of web service development and be able to apply the skills you’ve learned in a practical way.

Hands-On Security in DevOps. Ensure continuous security, deployment, and delivery with DevSecOps

Tony Hsiang-Chih Hsu

DevOps has provided speed and quality benefits with continuous development and deployment methods, but it does not guarantee the security of an entire organization. Hands-On Security in DevOps shows you how to adopt DevOps techniques to continuously improve your organization’s security at every level, rather than just focusing on protecting your infrastructure.This guide combines DevOps and security to help you to protect cloud services, and teaches you how to use techniques to integrate security directly in your product. You will learn how to implement security at every layer, such as for the web application, cloud infrastructure, communication, and the delivery pipeline layers. With the help of practical examples, you’ll explore the core security aspects, such as blocking attacks, fraud detection, cloud forensics, and incident response. In the concluding chapters, you will cover topics on extending DevOps security, such as risk assessment, threat modeling, and continuous security.By the end of this book, you will be well-versed in implementing security in all layers of your organization and be confident in monitoring and blocking attacks throughout your cloud services.

Hands-On Spring Security 5 for Reactive Applications. Learn effective ways to secure your applications with Spring and Spring WebFlux

Tomcy John

Spring Security enables developers to seamlessly integrate authorization, authentication, and a range of security features for complex enterprise applications. This book provides a hands-on approach to developing reactive applications using Spring and will help you get up and running in no time.Complete with step-by-step explanations, practical examples, and self-assessment questions, the book begins by explaining the essential concepts of reactive programming, Spring Framework, and Spring Security. You’ll then learn about a variety of authentication mechanisms and how to integrate them easily with a Spring MVC application. You’ll also understand how to achieve authorization in a Spring WebFlux application using Spring Security. Furthermore, the book will take you through the configuration required to implement OAuth2 for securing REST APIs, and guide you in integrating security in microservices and serverless applications. Finally, you’ll be able to augment add-ons that will enhance any Spring Security module.By the end of the book, you’ll be equipped to integrate Spring Security into your Java enterprise applications proficiently.

Hands-On System Programming with C++. Build performant and concurrent Unix and Linux systems with C++17

Dr. Rian Quinn

C++ is a general-purpose programming language with a bias toward system programming as it provides ready access to hardware-level resources, efficient compilation, and a versatile approach to higher-level abstractions.This book will help you understand the benefits of system programming with C++17. You will gain a firm understanding of various C, C++, and POSIX standards, as well as their respective system types for both C++ and POSIX. After a brief refresher on C++, Resource Acquisition Is Initialization (RAII), and the new C++ Guideline Support Library (GSL), you will learn to program Linux and Unix systems along with process management. As you progress through the chapters, you will become acquainted with C++'s support for IO. You will then study various memory management methods, including a chapter on allocators and how they benefit system programming. You will also explore how to program file input and output and learn about POSIX sockets. This book will help you get to grips with safely setting up a UDP and TCP server/client.Finally, you will be guided through Unix time interfaces, multithreading, and error handling with C++ exceptions. By the end of this book, you will be comfortable with using C++ to program high-quality systems.

Hardware i testy penetracyjne. Przewodnik po metodach ataku i obrony

Jean-Georges Valle

Hardware i testy penetracyjne. Przewodnik po metodach ataku i obrony Wraz z rozwojem internetu rzeczy, a także upowszechnianiem się elektronicznego sterowania i kontrolowania różnych procesów przestępcy doskonalą techniki łamania zabezpieczeń systemów wbudowanych. Konsekwencje skutecznego ataku na jakiś kluczowy element infrastruktury mogą się okazać dotkliwe i niezwykle kosztowne. Oznacza to, że testowanie pod kątem bezpieczeństwa powinno dotyczyć sprzętu i systemów wbudowanych. Również elektronicy powinni umieć chronić przed atakami swoje urządzenia. Szczególną rolę w tym procesie odgrywają testy penetracyjne, których celem jest wyszukiwanie luk w zabezpieczeniach. Oto praktyczny przewodnik po bezpieczeństwie sprzętu. Opisuje podstawy sprzętowej architektury systemów wbudowanych i protokoły komunikacyjne stosowane w urządzeniach elektronicznych. Pokazuje, w jaki sposób można przechwytywać przesyłane dane i jak wykorzystać tę wiedzę do przeprowadzania ataków. W książce zaprezentowano techniki identyfikacji i klasyfikacji zagrożeń systemu. Przeanalizowano także zależności łączące system wbudowany z jego otoczeniem, przy czym zwrócono uwagę na możliwe podatności na ataki i konsekwencje ewentualnego odczytania oprogramowania układowego. W końcowej części natomiast omówiono zasady inżynierii wstecznej oprogramowania, umożliwiającej ataki na urządzenia. Znajdziemy tu również wskazówki dotyczące ochrony urządzeń przed najbardziej typowymi atakami. Dzięki książce dowiesz się, jak: testować systemy wbudowane i rozpoznawać ich najważniejsze funkcjonalności identyfikować i atakować krytyczne zabezpieczenia odczytywać i modyfikować dane zapisane w systemach wbudowanych badać zależności pomiędzy oprogramowaniem układowym a sprzętem atakować zabezpieczenia stosowane w różnych blokach funkcjonalnych urządzeń rozwijać laboratorium umożliwiające zaawansowane analizy i przygotowanie ataków Internet rzeczy również można skutecznie zaatakować!