Hacking

337
Завантаження...
EЛЕКТРОННА КНИГА

Infosec Strategies and Best Practices. Gain proficiency in information security using expert-level strategies and best practices

Joseph MacMillan

Information security and risk management best practices enable professionals to plan, implement, measure, and test their organization's systems and ensure that they're adequately protected against threats.The book starts by helping you to understand the core principles of information security, why risk management is important, and how you can drive information security governance. You'll then explore methods for implementing security controls to achieve the organization's information security goals. As you make progress, you'll get to grips with design principles that can be utilized along with methods to assess and mitigate architectural vulnerabilities. The book will also help you to discover best practices for designing secure network architectures and controlling and managing third-party identity services. Finally, you will learn about designing and managing security testing processes, along with ways in which you can improve software security.By the end of this infosec book, you'll have learned how to make your organization less vulnerable to threats and reduce the likelihood and impact of exploitation. As a result, you will be able to make an impactful change in your organization toward a higher level of information security.

338
Завантаження...
EЛЕКТРОННА КНИГА

Instant Apple Configurator How-to. Gain full control and complete security when managing mobile iOS devices in mass deployments

Charles S Edge, Timothy D Houston

The Apple configurator is an incredible piece of software which grants full control in mobile device management, but on a larger scale. The popularity of people taking their own devices to work has grown tremendously. However, valued professional and personal information is at risk, through loss, theft, or hacking.Instant Apple Configurator How-to is a hands-on guide that eliminates any worries that are associated with the deployment and security of iOS devices. This book provides practical, quick win solutions to combat these issues, with clear, concise, and informative examples providing solutions to secure, remote wipe, and encrypt devices. The book will further explore how to personalize iOS devices for configuration and deployment.With the Instant Apple Configurator How-to, learn to build profiles with customised control settings, with examples on how to capture device information and use console logs for added protection. You will become skilled at tracking and installing provisional profiles for greater security. We will also explore developing workflows for successful deployment, installing software and applications whilst managing files on iOS devices, and how to deploy enrolment profiles for mobile device management solutions en masse. If you are looking for a complete guide that provides simple solutions to complex problems, look no further.

339
Завантаження...
EЛЕКТРОННА КНИГА

Instant CloudFlare Starter. A practical guide for using CloudFlare to effectively secure and speed up your website

Jeffrey Dickey

Ensuring your website is up, fast, and secure is a difficult yet crucial task. Learning how to protect and safeguard your web presence from malicious attackers whilst also making sure that it is optimized is important for any website administrator. CloudFlare helps you augment your website with additional security, as well as provide the extra bit of speed that will set you apart from the competition.Instant CloudFlare Starter will show you how to leverage the power of the cloud to ensure that your website is running at its very best. It will also tell you exactly what CloudFlare is doing when you enable various features, and guide you through the entire setup and configuration process.After learning about what CloudFlare actually is, you'll be shown how to fully optimize and secure your own website - using the latest that CloudFlare has to offer.As well as ensuring that your own site is protected with CloudFlare, you'll learn exactly how it actually secures your website from malicious attackers. This is in addition to making sure that you can send and receive emails effectively from your own domain, as well as learning how CloudFlare can enable your site’s static assets to load quickly, with little effort on your part.You'll be guided through the whole optimization process - with additional tips and guidance that help you avoid common mistakes and pitfalls, alongside coverage of optional modules that can additionally improve the speed of your website, add analytics, or even entirely new functionality.With detailed explanations of things to look out for and how CloudFlare can solve your problems on your website, CloudFlare Starter will ultimately show you how to optimize and secure your website effectively with minimum hassle.

340
Завантаження...
EЛЕКТРОННА КНИГА

Instant Java Password and Authentication Security. A practical, hands-on guide to securing Java application passwords with hashing techniques

Fernando Mayoral

Password security is a critical matter when it comes to protecting the interests of application users and their data for a satisfactory user experience. With the advancement in technology, now more than ever, application developers need to be able to implement reliable mechanisms to prevent passwords from being stolen. Java Password and Authentication Security provides a practical approach to implement these reliable mechanisms with the possibility to make password authentication stronger as technology makes it easier to break them.Java Password and Authentication Security is a practical, hands-on guide covering a number of clear, step-by-step exercises and code examples that will help you to implement strong password authentication solutions for your project in no time.This book starts off with the most basic and well known hashing technique to quickly get an application developer started with implementing a standard password protection mechanism. Furthermore, it covers the stronger SHA (standard hashing algorithm) family in detail and brings up a technique to improve the hash security with a technique called “salting”.You will also learn how to use these hashes, and more importantly, when to use each technique. You will learn that not every hash algorithm is good in every situation, and how to deal with password recovery, password authentication, and timing attacks.

341
Завантаження...
EЛЕКТРОННА КНИГА

Instant Microsoft Forefront UAG Mobile Configuration Starter. Everything you need to get started with UAG and its features for mobile devices

Fabrizio Volpe

UAG provides your employees, clients, or partners secure remote access to your vital corporate resources, while delivering a seamless integration with your existing network environment. UAG is able to optimize content for different mobile devices, and is also able to publish complex applications in a simple manner. You are also able to integrate UAG with multiple domains and federated authentications, to give the highest quality service in a mobility scenario. Instant Microsoft Forefront UAG Mobile Configuration Starter is a concise and informative book that allows you to set up and start using UAG without any existing knowledge of the area.This book will start by expertly guiding you through the installation and setup of UAG, and then show you how to publish a simple application for mobile devices, in order to familiarize you with concepts and operations that you will use throughout with UAG.The main body of the book focuses on a series of essential, and incredibly practical, recipes and examples designed to help you in utilizing UAG features for their maximum effect. By the end of Instant Microsoft Forefront UAG Mobile Configuration Starter, you will know all the vital information you need to deploy UAG in a successful and efficient manner, in order to tailor the configuration to your company’s specific requirements.

342
Завантаження...
EЛЕКТРОННА КНИГА

Instant OSSEC Host-based Intrusion Detection System. A hands-on guide exploring OSSEC HIDS for operational and security awareness

Brad Lhotsky

Security software is often expensive, restricting, burdensome, and noisy. OSSEC-HIDS was designed to avoid getting in your way and to allow you to take control of and extract real value from industry security requirements. OSSEC-HIDS is a comprehensive, robust solution to many common security problems faced in organizations of all sizes.Instant OSSEC-HIDS is a practical guide to take you from beginner to power user through recipes designed based on real- world experiences. Recipes are designed to provide instant impact while containing enough detail to allow the reader to further explore the possibilities. Using real world examples, this book will take you from installing a simple, local OSSEC-HIDS service to commanding a network of servers running OSSEC-HIDS with customized checks, alerts, and automatic responses.You will learn how to maximise the accuracy, effectiveness, and performance of OSSEC-HIDS' analyser, file integrity monitor, and malware detection module. You will flip the table on security software and put OSSEC-HIDS to work validating its own alerts before escalating them. You will also learn how to write your own rules, decoders, and active responses. You will rest easy knowing your servers can protect themselves from most attacks while being intelligent enough to notify you when they need help!You will learn how to use OSSEC-HIDS to save time, meet security requirements, provide insight into your network, and protect your assets.

343
Завантаження...
EЛЕКТРОННА КНИГА

Instant Traffic Analysis with Tshark How-to. Master the terminal-based version of Wireshark for dealing with network security incidents

Borja Merino

Malware, DoS attacks, SQLi, and data exfiltration are some of the problems that many security officers have to face every day. Having advanced knowledge in communications and protocol analysis is therefore essential to investigate and detect any of these attacks. Tshark is the ideal tool for professionals who wish to meet these needs, or students who want to delve into the world of networking.Instant Traffic Analysis with Tshark How-to is a practical, hands-on guide for network administrators and security officers who want to take advantage of the filtering features provided by Tshark, the command-line version of Wireshark. With this guide you will learn how to get the most out of Tshark from environments lacking GUI, ideal for example in Unix/Linux servers, offering you much flexibility to identify and display network traffic.The book begins by explaining the basic theoretical concepts of Tshark and the process of data collection. Subsequently, you will see several alternatives to capture traffic based on network infrastructure and the goals of the network administrator. The rest of the book will focus on explaining the most interesting parameters of the tool from a totally practical standpoint.You will also learn how to decode protocols and how to get evidence of suspicious network traffic. You will become familiar with the many practical filters of Tshark that identify malware-infected computers and lots of network attacks such as DoS attacks, DHCP/ARP spoof, and DNS flooding. Finally, you will see some tricks to automate certain tasks with Tshark and python scripts.You will learn everything you need to get the most out of Tshark and overcome a wide range of network problems. In addition you will learn a variety of concepts related to networking and network attacks currently exploited.

344
Завантаження...
EЛЕКТРОННА КНИГА

Internet Rzeczy (IoT). Problemy cyberbezpieczeństwa

Jerzy Krawiec

Monografię można podzielić na dwie zasadnicze części. Pierwsza cześć obejmuje problematykę dotyczącą wyzwań Przemysłu 4.0, a właściwie jego kluczowego elementu, czyli Internetu Rzeczy (IoT). W tej części scharakteryzowano systemy i opisano modele IoT, przedstawiono wizje architektury IoT, zidentyfikowano problem wiarygodności IoT oraz przedstawiono zasady eksploracji danych i standardy komunikacji między urządzeniami systemu IoT. W drugiej części książki podjęto rozważania dotyczące problematyki zapewnienia cyberbezpieczeństwa systemów IoT. Ta część publikacji obejmuje modele odniesienia cyklu bezpieczeństwa urządzeń IoT oraz implementację systemu zarządzania bezpieczeństwem informacji w przedsiębiorstwie realizującym koncepcję IoT. Publikacja jest poparta licznymi przykładami praktycznymi oraz wynikami badań dotyczących poziomów bezpieczeństwa systemów informatycznych pracujących zarówno w sieci globalnej, jak i lokalnej. Jest także praktycznym przewodnikiem wprowadzającym w świat technologii IoT, ze szczególnym uwzględnieniem cyberbezpieczeństwa, przedstawieniem najnowszych zagrożeń internetowych oraz podaniem sposobów ochrony zasobów informacyjnych w przedsiębiorstwach.

345
Завантаження...
EЛЕКТРОННА КНИГА

Inżynieria detekcji cyberzagrożeń w praktyce. Planowanie, tworzenie i walidacja mechanizmów wykrywania zagrożeń

Megan Roddie, Jason Deyalsingh, Gary J. Katz

Efektywny potok detekcji zagrożeń jest niezbędnym elementem programu cyberbezpieczeństwa. W procesach inżynierii detekcji szczególną uwagę należy poświęcić technikom tworzenia i walidacji mechanizmów detekcji. To oczywiste - od ich jakości zależy skuteczność zabezpieczeń w organizacji. Trzeba więc zrozumieć, czym jest inżynieria detekcji i jakie ma znaczenie dla cyberbezpieczeństwa. Oto przewodnik po inżynierii detekcji, przeznaczony dla inżynierów zabezpieczeń i analityków bezpieczeństwa. Zaprezentowano w nim praktyczną metodologię planowania, budowy i walidacji mechanizmów wykrywania zagrożeń. Opisano zasady pracy z frameworkami służącymi do testowania i uwierzytelniania programu inżynierii detekcji. Książka zawiera przykłady dotyczące zagadnień z całego cyklu, od utworzenia reguły detekcji po jej walidację, a omawianej tematyce towarzyszy bogaty zestaw samouczków, projektów i pytań sprawdzających. To doskonałe źródło wiedzy o zasadach pracy inżyniera detekcji i o ciągłym rozwoju tej dziedziny. W książce: przebieg procesu inżynierii detekcji budowa laboratorium testowego utrzymywanie mechanizmów detekcji w formie ustandaryzowanego kodu tworzenie mechanizmów detekcji wczesne wykrywanie cyberataków i złośliwej aktywności ścieżki kariery w inżynierii detekcji Nie oczekuj, że wróg się nie zjawi. Przygotuj się, aby go odpowiednio przyjąć!

346
Завантаження...
EЛЕКТРОННА КНИГА

Inżynieria odwrotna w praktyce. Narzędzia i techniki

Bruce Dang, Alexandre Gazet, Elias Bachaalany, Sébastien...

Inżynieria odwrotna pozwoli Ci na walkę z hakerami i rootkitami. Na użytkowników globalnej sieci czekają coraz wymyślniejsze pułapki. Każdego dnia grozi im zarażenie oprogramowaniem szpiegującym, rozsyłającym niechciane wiadomości lub wykorzystującym moc obliczeniową procesora do nieznanych celów. Wykrywanie tego typu zagrożeń i przeciwdziałanie im wymaga dogłębnej analizy niechcianego oprogramowania. Jak to zrobić? Na te i wiele innych pytań odpowiedzi dostarczy ta wspaniała książka! Dzięki niej zrozumiesz, jak działają procesory x86, x64 oraz ARM, zgłębisz tajniki jądra systemu Windows oraz poznasz najlepsze narzędzia, które wspomogą Cię w Twoich działaniach. W trakcie lektury kolejnych stron dowiesz się, jak korzystać z debuggera, jaką strukturę mają sterowniki oraz czym są pakiety żądań wejścia-wyjścia. Następnie dowiesz się, po co zaciemnia się kod oraz jakie narzędzia są do tego potrzebne. Techniką odwrotną do zaciemniania jest rozjaśnianie kodu. Zastanawiasz się, które narzędzia są skuteczniejsze? Przekonaj się sam! Ta pasjonująca lektura dostarczy Ci mnóstwo wiedzy na temat działania oprogramowania. Odkryj nowatorskie, usystematyzowane podejście do inżynierii zwrotnej oparte na analizie prawdziwego złośliwego oprogramowania. Poznaj szczegóły trzech najpopularniejszych architektur: x86, x64 i ARM. Zapoznaj się ze szczegółowo omówionymi zagadnieniami związanymi z jądrem systemu Windows oraz sterownikami działającymi w trybie jądra, które zostały opatrzone przykładowymi analizami prawdziwych rootkitów oraz ćwiczeniami. Opanuj skomplikowane techniki zaciemniania kodu takie jak te, które są stosowane w zabezpieczeniach mających postać maszyny wirtualnej. Dowiedz się jak analizować zabezpieczone programy. Odkryj zaawansowane techniki debugowania i automatyzacji, które przyśpieszą wykonywanie zadań związanych z inżynierią odwrotną. Przyjrzyj się jak profesjonaliści analizują programy. Zastosuj zdobytą wiedzę podczas samodzielnej analizy próbek prawdziwego złośliwego oprogramowania. Dowiedz się, jak działają exploity, wirusy, rootkity! Ich działanie można w pełni zrozumieć tylko poprzez inżynierię odwrotną...

347
Завантаження...
EЛЕКТРОННА КНИГА

iOS Forensics Cookbook. Over 20 recipes that will enable you to handle and extract data from iOS devices for forensics

Bhanu Birani, Mayank Birani

Mobile device forensics is a branch of digital forensics that involves the recovery of evidence or data in a digital format from a device without affecting its integrity. With the growing popularity of iOS-based Apple devices, iOS forensics has developed immense importance. To cater to the need, this book deals with tasks such as the encryption and decryption of files, various ways to integrate techniques withsocial media, and ways to grab the user events and actions on the iOS app. Using practical examples, we’ll start with the analysis keychain and raw disk decryption, social media integration, and getting accustomed to analytics tools. You’ll also learn how to distribute the iOS apps without releasing them to Apple’s App Store. Moving on, the book covers test flights and hockey app integration, the crash reporting system, recovery tools, and their features. By the end of the book, using the aforementioned techniques, you will be able to successfully analyze iOS-based devices forensically.

348
Завантаження...
EЛЕКТРОННА КНИГА

iOS Forensics for Investigators. Take mobile forensics to the next level by analyzing, extracting, and reporting sensitive evidence

Gianluca Tiepolo

Professionals working in the mobile forensics industry will be able to put their knowledge to work with this practical guide to learning how to extract and analyze all available data from an iOS device.This book is a comprehensive, how-to guide that leads investigators through the process of collecting mobile devices and preserving, extracting, and analyzing data, as well as building a report. Complete with step-by-step explanations of essential concepts, practical examples, and self-assessment questions, this book starts by covering the fundamentals of mobile forensics and how to overcome challenges in extracting data from iOS devices. Once you've walked through the basics of iOS, you’ll learn how to use commercial tools to extract and process data and manually search for artifacts stored in database files. Next, you'll find out the correct workflows for handling iOS devices and understand how to extract valuable information to track device usage. You’ll also get to grips with analyzing key artifacts, such as browser history, the pattern of life data, location data, and social network forensics.By the end of this book, you'll be able to establish a proper workflow for handling iOS devices, extracting all available data, and analyzing it to gather precious insights that can be reported as prosecutable evidence.

349
Завантаження...
EЛЕКТРОННА КНИГА

iOS Security Through Defensive Techniques. A practical guide to building resilient, tamper-proof, and secure iOS applications

Deya Elkhawaldeh, Dave Poirier

If you build iOS apps, you also manage risk, from insecure data storage to reverse engineering and runtime tampering. This book treats security as part of the development workflow, not an afterthought, and focuses on practical techniques you can apply without needing deep cryptography or penetration testing expertise.You will start by defining what needs protection: sensitive data, how it is categorized, how long it should be retained, and how privacy expectations and legal requirements shape design decisions. From there, you will study common attack techniques such as network interception, injection, configuration mistakes, URL scheme abuse, code tampering, repackaging, and runtime manipulation.The book then moves into defenses: platform and language safety, code signing and entitlements, secure error and execution handling, data validation, transport security with TLS pinning, and runtime protections against debuggers and emulation. On the data side, you will use Keychain, file protection classes, and Secure Enclave features to protect secrets and keys, and you will evaluate clipboard and backup related risks. Finally, you will build a repeatable security program across the app lifecycle, from static and dynamic analysis to incident response planning and bug bounty triage, so you can ship trustworthy iOS apps at scale.

350
Завантаження...
EЛЕКТРОННА КНИГА

IoT Penetration Testing Cookbook. Identify vulnerabilities and secure your smart devices

Aaron Guzman, Aditya Gupta

IoT is an upcoming trend in the IT industry today; there are a lot of IoT devices on the market, but there is a minimal understanding of how to safeguard them. If you are a security enthusiast or pentester, this book will help you understand how to exploit and secure IoT devices.This book follows a recipe-based approach, giving you practical experience in securing upcoming smart devices. It starts with practical recipes on how to analyze IoT device architectures and identify vulnerabilities. Then, it focuses on enhancing your pentesting skill set, teaching you how to exploit a vulnerable IoT device, along with identifying vulnerabilities in IoT device firmware. Next, this book teaches you how to secure embedded devices and exploit smart devices with hardware techniques. Moving forward, this book reveals advanced hardware pentesting techniques, along with software-defined, radio-based IoT pentesting with Zigbee and Z-Wave. Finally, this book also covers how to use new and unique pentesting techniques for different IoT devices, along with smart devices connected to the cloud.By the end of this book, you will have a fair understanding of how to use different pentesting techniques to exploit and secure various IoT devices.

351
Завантаження...
EЛЕКТРОННА КНИГА

ISACA Certified in Risk and Information Systems Control (CRISC(R)) Exam Guide. A primer on GRC and an exam guide for the most recent and rigorous IT risk certification

Shobhit Mehta, Vikas Yadav

For beginners and experienced IT risk professionals alike, acing the ISACA CRISC exam is no mean feat, and the application of this advanced skillset in your daily work poses a challenge. The ISACA Certified in Risk and Information Systems Control (CRISC®) Certification Guide is a comprehensive guide to CRISC certification and beyond that’ll help you to approach these daunting challenges with its step-by-step coverage of all aspects of the exam content and develop a highly sought-after skillset in the process.This book is divided into six sections, with each section equipped with everything you need to get to grips with the domains covered in the exam. There’ll be no surprises on exam day – from GRC to ethical risk management, third-party security concerns to the ins and outs of control design, and IDS/IPS to the SDLC, no stone is left unturned in this book’s systematic design covering all the topics so that you can sit for the exam with confidence. What’s more, there are chapter-end self-assessment questions for you to test all that you’ve learned, as well as two book-end practice quizzes to really give you a leg up.By the end of this CRISC exam study guide, you’ll not just have what it takes to breeze through the certification process, but will also be equipped with an invaluable resource to accompany you on your career path.

352
Завантаження...
EЛЕКТРОННА КНИГА

(ISC)2 Certified in Cybersecurity (CC) Exam Guide. Master core security concepts and pass the ISC2 Certified in Cybersecurity exam

Hemang Doshi

Prepare for the ISC2 Certified in Cybersecurity (CC) exam without getting buried in jargon. Written by Hemang Doshi (CA, CISA, CC), an IT auditor and ISO 27001 lead auditor, this guide explains each objective in plain language.You’ll cover disaster recovery and incident response; access controls; network security; and security operations, sequenced to build confidence and reinforced with frequent checks for understanding. The book coverage reflects the 2025 exam, including the 2-hour, 100–125 item CAT format.To help you practice the way the exam asks questions, you get topic-wise review MCQs, 50–100 flashcards, 25 focused exam tips, and two full 125-question mock exams with explanations. By the end of the course, you will be able to evaluate basic cybersecurity risks, select appropriate controls, and explain key cybersecurity concepts.