Hacking

Mastering Cloud Security Posture Management (CSPM). Secure multi-cloud infrastructure across AWS, Azure, and Google Cloud using proven techniques

Qamar Nomani, Julie Davila, Rehman Khan

This book will help you secure your cloud infrastructure confidently with cloud security posture management (CSPM) through expert guidance that’ll enable you to implement CSPM effectively, ensuring an optimal security posture across multi-cloud infrastructures.The book begins by unraveling the fundamentals of cloud security, debunking myths about the shared responsibility model, and introducing key concepts such as defense-in-depth, the Zero Trust model, and compliance. Next, you’ll explore CSPM's core components, tools, selection criteria, deployment strategies, and environment settings, which will be followed by chapters on onboarding cloud accounts, dashboard customization, cloud assets inventory, configuration risks, and cyber threat hunting.As you progress, you’ll get to grips with operational practices, vulnerability and patch management, compliance benchmarks, and security alerts. You’ll also gain insights into cloud workload protection platforms (CWPPs). The concluding chapters focus on Infrastructure as Code (IaC) scanning, DevSecOps, and workflow automation, providing a thorough understanding of securing multi-cloud environments.By the end of this book, you’ll have honed the skills to make informed decisions and contribute effectively at every level, from strategic planning to day-to-day operations.

Mastering Cyber Intelligence. Gain comprehensive knowledge and skills to conduct threat intelligence for effective system defense

Jean Nestor M. Dahj

The sophistication of cyber threats, such as ransomware, advanced phishing campaigns, zero-day vulnerability attacks, and advanced persistent threats (APTs), is pushing organizations and individuals to change strategies for reliable system protection. Cyber Threat Intelligence converts threat information into evidence-based intelligence that uncovers adversaries' intents, motives, and capabilities for effective defense against all kinds of threats.This book thoroughly covers the concepts and practices required to develop and drive threat intelligence programs, detailing the tasks involved in each step of the CTI lifecycle. You'll be able to plan a threat intelligence program by understanding and collecting the requirements, setting up the team, and exploring the intelligence frameworks. You'll also learn how and from where to collect intelligence data for your program, considering your organization level. With the help of practical examples, this book will help you get to grips with threat data processing and analysis. And finally, you'll be well-versed with writing tactical, technical, and strategic intelligence reports and sharing them with the community.By the end of this book, you'll have acquired the knowledge and skills required to drive threat intelligence operations from planning to dissemination phases, protect your organization, and help in critical defense decisions.

Mastering Defensive Security. Effective techniques to secure your Windows, Linux, IoT, and cloud infrastructure

Cesar Bravo, Darren Kitchen

Every organization has its own data and digital assets that need to be protected against an ever-growing threat landscape that compromises the availability, integrity, and confidentiality of crucial data. Therefore, it is important to train professionals in the latest defensive security skills and tools to secure them. Mastering Defensive Security provides you with in-depth knowledge of the latest cybersecurity threats along with the best tools and techniques needed to keep your infrastructure secure.The book begins by establishing a strong foundation of cybersecurity concepts and advances to explore the latest security technologies such as Wireshark, Damn Vulnerable Web App (DVWA), Burp Suite, OpenVAS, and Nmap, hardware threats such as a weaponized Raspberry Pi, and hardening techniques for Unix, Windows, web applications, and cloud infrastructures. As you make progress through the chapters, you'll get to grips with several advanced techniques such as malware analysis, security automation, computer forensics, and vulnerability assessment, which will help you to leverage pentesting for security.By the end of this book, you'll have become familiar with creating your own defensive security tools using IoT devices and developed advanced defensive security skills.

Mastering Distributed Tracing. Analyzing performance in microservices and complex systems

Yuri Shkuro

Mastering Distributed Tracing will equip you to operate and enhance your own tracing infrastructure. Through practical exercises and code examples, you will learn how end-to-end tracing can be used as a powerful application performance management and comprehension tool. The rise of Internet-scale companies, like Google and Amazon, ushered in a new era of distributed systems operating on thousands of nodes across multiple data centers. Microservices increased that complexity, often exponentially. It is harder to debug these systems, track down failures, detect bottlenecks, or even simply understand what is going on. Distributed tracing focuses on solving these problems for complex distributed systems. Today, tracing standards have developed and we have much faster systems, making instrumentation less intrusive and data more valuable.Yuri Shkuro, the creator of Jaeger, a popular open-source distributed tracing system, delivers end-to-end coverage of the field in Mastering Distributed Tracing. Review the history and theoretical foundations of tracing; solve the data gathering problem through code instrumentation, with open standards like OpenTracing, W3C Trace Context, and OpenCensus; and discuss the benefits and applications of a distributed tracing infrastructure for understanding, and profiling, complex systems.

Mastering Endpoint Management using Microsoft Intune Suite. Learn Everything About Intune Suite

Saurabh Sarkar, Rahul Singh, Rudy Ooms, Anoop...

Mastering Endpoint Management using Microsoft Intune Suite is one of the first books focused solely on Microsoft’s premium Intune features, offering hands-on, in-depth coverage for IT admins, security professionals, and endpoint engineers. Co-authored by a Microsoft Intune Product Manager and a Principal Consultant who is also a Microsoft Certified Trainer (MCT), this book walks you through real-world implementation using backend architecture diagrams, registry insights, and troubleshooting techniques.You’ll start with cloud public key infrastructure (PKI), learning how to simplify certificate-based authentication. Then you’ll move on to endpoint privilege management (EPM) to enforce least-privilege access at scale. You will learn about Enterprise App Management, which helps you how to modernize app delivery, as well as Advanced Analytics, which reveals how to use Kusto Query Language (KQL) and Security Copilot for actionable insights. The book also covers Remote Help for secure support and Microsoft Tunnel for enabling BYOD access, and concludes with a curated list of essential Intune learning resources.By the end of this Intune book, you will have the practical expertise to implement, manage, and troubleshoot Intune Suite confidently in real-world enterprise environments.

Mastering Endpoint Management using Microsoft Intune Suite. Learn Everything About Intune Suite

Saurabh Sarkar, Rahul Singh, Rudy Ooms, Anoop...

Mastering Endpoint Management using Microsoft Intune Suite is one of the first books focused solely on Microsoft’s premium Intune features, offering hands-on, in-depth coverage for IT admins, security professionals, and endpoint engineers. Co-authored by a Microsoft Intune Product Manager and a Principal Consultant who is also a Microsoft Certified Trainer (MCT), this book walks you through real-world implementation using backend architecture diagrams, registry insights, and troubleshooting techniques.You’ll start with cloud public key infrastructure (PKI), learning how to simplify certificate-based authentication. Then you’ll move on to endpoint privilege management (EPM) to enforce least-privilege access at scale. You will learn about Enterprise App Management, which helps you how to modernize app delivery, as well as Advanced Analytics, which reveals how to use Kusto Query Language (KQL) and Security Copilot for actionable insights. The book also covers Remote Help for secure support and Microsoft Tunnel for enabling BYOD access, and concludes with a curated list of essential Intune learning resources.By the end of this Intune book, you will have the practical expertise to implement, manage, and troubleshoot Intune Suite confidently in real-world enterprise environments.

Mastering High Performance with Kotlin. Overcome performance difficulties in Kotlin with a range of exciting techniques and solutions

Igor Kucherenko

The ease with which we write applications has been increasing, but with it comes the need to address their performance. A balancing act between easily implementing complex applications and keeping their performance optimal is a present-day requirement In this book, we explore how to achieve this crucial balance, while developing and deploying applications with Kotlin.The book starts by analyzing various Kotlin specifcations to identify those that have a potentially adverse effect on performance. Then, we move on to monitor techniques that enable us to identify performance bottlenecks and optimize performance metrics. Next, we look at techniques that help to us achieve high performance: memory optimization, concurrency, multi threading, scaling, and caching. We also look at fault tolerance solutions and the importance of logging. We'll also cover best practices of Kotlin programming that will help you to improve the quality of your code base.By the end of the book, you will have gained some insight into various techniques and solutions that will help to create high-performance applications in the Kotlin environment

Mastering Information Security Compliance Management. A comprehensive handbook on ISO/IEC 27001:2022 compliance

Adarsh Nair, Greeshma M. R.

ISO 27001 and ISO 27002 are globally recognized standards for information security management systems (ISMSs), providing a robust framework for information protection that can be adapted to all organization types and sizes. Organizations with significant exposure to information-security–related risks are increasingly choosing to implement an ISMS that complies with ISO 27001. This book will help you understand the process of getting your organization's information security management system certified by an accredited certification body.The book begins by introducing you to the standards, and then takes you through different principles and terminologies. Once you completely understand these standards, you’ll explore their execution, wherein you find out how to implement these standards in different sizes of organizations. The chapters also include case studies to enable you to understand how you can implement the standards in your organization. Finally, you’ll get to grips with the auditing process, planning, techniques, and reporting and learn to audit for ISO 27001.By the end of this book, you’ll have gained a clear understanding of ISO 27001/27002 and be ready to successfully implement and audit for these standards.

Mastering Information Security Compliance Management. A comprehensive handbook on ISO/IEC 27001:2022 compliance

Adarsh Nair, Greeshma M. R.

ISO 27001 and ISO 27002 are globally recognized standards for information security management systems (ISMSs), providing a robust framework for information protection that can be adapted to all organization types and sizes. Organizations with significant exposure to information-security–related risks are increasingly choosing to implement an ISMS that complies with ISO 27001. This book will help you understand the process of getting your organization's information security management system certified by an accredited certification body.The book begins by introducing you to the standards, and then takes you through different principles and terminologies. Once you completely understand these standards, you’ll explore their execution, wherein you find out how to implement these standards in different sizes of organizations. The chapters also include case studies to enable you to understand how you can implement the standards in your organization. Finally, you’ll get to grips with the auditing process, planning, techniques, and reporting and learn to audit for ISO 27001.By the end of this book, you’ll have gained a clear understanding of ISO 27001/27002 and be ready to successfully implement and audit for these standards.

Mastering Kali Linux for Advanced Penetration Testing. Become a cybersecurity ethical hacking expert using Metasploit, Nmap, Wireshark, and Burp Suite - Fourth Edition

Vijay Kumar Velu

Remote working has given hackers plenty of opportunities as more confidential information is shared over the internet than ever before. In this new edition of Mastering Kali Linux for Advanced Penetration Testing, you’ll learn an offensive approach to enhance your penetration testing skills by testing the sophisticated tactics employed by real hackers. You’ll go through laboratory integration to cloud services so that you learn another dimension of exploitation that is typically forgotten during a penetration test. You'll explore different ways of installing and running Kali Linux in a VM and containerized environment and deploying vulnerable cloud services on AWS using containers, exploiting misconfigured S3 buckets to gain access to EC2 instances. This book delves into passive and active reconnaissance, from obtaining user information to large-scale port scanning. Building on this, different vulnerability assessments are explored, including threat modeling. See how hackers use lateral movement, privilege escalation, and command and control (C2) on compromised systems. By the end of this book, you’ll have explored many advanced pentesting approaches and hacking techniques employed on networks, IoT, embedded peripheral devices, and radio frequencies.

Mastering Kali Linux for Advanced Penetration Testing. Become a cybersecurity ethical hacking expert using Metasploit, Nmap, Wireshark, and Burp Suite - Fourth Edition

Vijay Kumar Velu

Remote working has given hackers plenty of opportunities as more confidential information is shared over the internet than ever before. In this new edition of Mastering Kali Linux for Advanced Penetration Testing, you’ll learn an offensive approach to enhance your penetration testing skills by testing the sophisticated tactics employed by real hackers. You’ll go through laboratory integration to cloud services so that you learn another dimension of exploitation that is typically forgotten during a penetration test. You'll explore different ways of installing and running Kali Linux in a VM and containerized environment and deploying vulnerable cloud services on AWS using containers, exploiting misconfigured S3 buckets to gain access to EC2 instances. This book delves into passive and active reconnaissance, from obtaining user information to large-scale port scanning. Building on this, different vulnerability assessments are explored, including threat modeling. See how hackers use lateral movement, privilege escalation, and command and control (C2) on compromised systems. By the end of this book, you’ll have explored many advanced pentesting approaches and hacking techniques employed on networks, IoT, embedded peripheral devices, and radio frequencies.

Mastering Kali Linux for Advanced Penetration Testing. Secure your network with Kali Linux 2019.1 – the ultimate white hat hackers' toolkit - Third Edition

Vijay Kumar Velu, Robert Beggs

This book takes you, as a tester or security practitioner, through the reconnaissance, vulnerability assessment, exploitation, privilege escalation, and post-exploitation activities used by pentesters.To start with, you'll use a laboratory environment to validate tools and techniques, along with an application that supports a collaborative approach for pentesting. You'll then progress to passive reconnaissance with open source intelligence and active reconnaissance of the external and internal infrastructure. You'll also focus on how to select, use, customize, and interpret the results from different vulnerability scanners, followed by examining specific routes to the target, which include bypassing physical security and the exfiltration of data using a variety of techniques. You'll discover concepts such as social engineering, attacking wireless networks, web services, and embedded devices.Once you are confident with these topics, you'll learn the practical aspects of attacking user client systems by backdooring with fileless techniques, followed by focusing on the most vulnerable part of the network – directly attacking the end user. By the end of this book, you'll have explored approaches for carrying out advanced pentesting in tightly secured environments, understood pentesting and hacking techniques employed on embedded peripheral devices.

Mastering Kali Linux for Advanced Penetration Testing. Secure your network with Kali Linux – the ultimate white hat hackers' toolkit - Second Edition

Vijay Kumar Velu

This book will take you, as a tester or security practitioner through the journey of reconnaissance, vulnerability assessment, exploitation, and post-exploitation activities used by penetration testers and hackers. We will start off by using a laboratory environment to validate tools and techniques, and using an application that supports a collaborative approach to penetration testing. Further we will get acquainted with passive reconnaissance with open source intelligence and active reconnaissance of the external and internal networks. We will also focus on how to select, use, customize, and interpret the results from a variety of different vulnerability scanners. Specific routes to the target will also be examined, including bypassing physical security and exfiltration of data using different techniques. You will also get to grips with concepts such as social engineering, attacking wireless networks, exploitation of web applications and remote access connections. Later you will learn the practical aspects of attacking user client systems by backdooring executable files. You will focus on the most vulnerable part of the network—directly and bypassing the controls, attacking the end user and maintaining persistence access through social media.You will also explore approaches to carrying out advanced penetration testing in tightly secured environments, and the book's hands-on approach will help you understand everything you need to know during a Red teaming exercise or penetration testing

Mastering Kali Linux for Advanced Penetration Testing. This book will make you an expert in Kali Linux penetration testing. It covers all the most advanced tools and techniques to reproduce the methods used by sophisticated hackers. Full of real-world examples – an indispensable manual

Robert Beggs

Mastering Kali Linux for Web Penetration Testing. The ultimate defense against complex organized threats and attacks

Michael McPhee

You will start by delving into some common web application architectures in use, both in private and public cloud instances. You will also learn about the most common frameworks for testing, such as OWASP OGT version 4, and how to use them to guide your efforts. In the next section, you will be introduced to web pentesting with core tools and you will also see how to make web applications more secure through rigorous penetration tests using advanced features in open source tools. The book will then show you how to better hone your web pentesting skills in safe environments that can ensure low-risk experimentation with the powerful tools and features in Kali Linux that go beyond a typical script-kiddie approach. After establishing how to test these powerful tools safely, you will understand how to better identify vulnerabilities, position and deploy exploits, compromise authentication and authorization, and test the resilience and exposure applications possess.By the end of this book, you will be well-versed with the web service architecture to identify and evade various protection mechanisms that are used on the Web today. You will leave this book with a greater mastery of essential test techniques needed to verify the secure design, development, and operation of your customers' web applications.

Mastering Kali Linux Wireless Pentesting. Test your wireless network’s security and master advanced wireless penetration techniques using Kali Linux

Brian Sak, Jilumudi Raghu Ram

Kali Linux is a Debian-based Linux distribution designed for digital forensics and penetration testing. It gives access to a large collection of security-related tools for professional security testing - some of the major ones being Nmap, Aircrack-ng, Wireshark, and Metasploit.This book will take you on a journey where you will learn to master advanced tools and techniques to conduct wireless penetration testing with Kali Linux. You will begin by gaining an understanding of setting up and optimizing your penetration testing environment for wireless assessments. Then, the book will take you through a typical assessment from reconnaissance, information gathering, and scanning the network through exploitation and data extraction from your target. You will get to know various ways to compromise the wireless network using browser exploits, vulnerabilities in firmware, web-based attacks, client-side exploits, and many other hacking methods. You will also discover how to crack wireless networks with speed, perform man-in-the-middle and DOS attacks, and use Raspberry Pi and Android to expand your assessment methodology.By the end of this book, you will have mastered using Kali Linux for wireless security assessments and become a more effective penetration tester and consultant.

Mastering Kali Linux Wireless Pentesting. Test your wireless network’s security and master advanced wireless penetration techniques using Kali Linux

Brian Sak, Jilumudi Raghu Ram

Kali Linux is a Debian-based Linux distribution designed for digital forensics and penetration testing. It gives access to a large collection of security-related tools for professional security testing - some of the major ones being Nmap, Aircrack-ng, Wireshark, and Metasploit.This book will take you on a journey where you will learn to master advanced tools and techniques to conduct wireless penetration testing with Kali Linux. You will begin by gaining an understanding of setting up and optimizing your penetration testing environment for wireless assessments. Then, the book will take you through a typical assessment from reconnaissance, information gathering, and scanning the network through exploitation and data extraction from your target. You will get to know various ways to compromise the wireless network using browser exploits, vulnerabilities in firmware, web-based attacks, client-side exploits, and many other hacking methods. You will also discover how to crack wireless networks with speed, perform man-in-the-middle and DOS attacks, and use Raspberry Pi and Android to expand your assessment methodology.By the end of this book, you will have mastered using Kali Linux for wireless security assessments and become a more effective penetration tester and consultant.

Mastering Kali Linux Wireless Pentesting. Test your wireless network’s security and master advanced wireless penetration techniques using Kali Linux

Brian Sak, Jilumudi Raghu Ram

Kali Linux is a Debian-based Linux distribution designed for digital forensics and penetration testing. It gives access to a large collection of security-related tools for professional security testing - some of the major ones being Nmap, Aircrack-ng, Wireshark, and Metasploit.This book will take you on a journey where you will learn to master advanced tools and techniques to conduct wireless penetration testing with Kali Linux. You will begin by gaining an understanding of setting up and optimizing your penetration testing environment for wireless assessments. Then, the book will take you through a typical assessment from reconnaissance, information gathering, and scanning the network through exploitation and data extraction from your target. You will get to know various ways to compromise the wireless network using browser exploits, vulnerabilities in firmware, web-based attacks, client-side exploits, and many other hacking methods. You will also discover how to crack wireless networks with speed, perform man-in-the-middle and DOS attacks, and use Raspberry Pi and Android to expand your assessment methodology.By the end of this book, you will have mastered using Kali Linux for wireless security assessments and become a more effective penetration tester and consultant.

Mastering Linux Security and Hardening. A practical guide to protecting your Linux system from cyber attacks - Third Edition

Donald A. Tevault

The third edition of Mastering Linux Security and Hardening is an updated, comprehensive introduction to implementing the latest Linux security measures, using the latest versions of Ubuntu and AlmaLinux.In this new edition, you will learn how to set up a practice lab, create user accounts with appropriate privilege levels, protect sensitive data with permissions settings and encryption, and configure a firewall with the newest firewall technologies. You’ll also explore how to use sudo to set up administrative accounts with only the privileges required to do a specific job, and you’ll get a peek at the new sudo features that have been added over the past couple of years. You’ll also see updated information on how to set up a local certificate authority for both Ubuntu and AlmaLinux, as well as how to automate system auditing. Other important skills that you’ll learn include how to automatically harden systems with OpenSCAP, audit systems with auditd, harden the Linux kernel configuration, protect your systems from malware, and perform vulnerability scans of your systems. As a bonus, you’ll see how to use Security Onion to set up an Intrusion Detection System.By the end of this new edition, you will confidently be able to set up a Linux server that will be secure and harder for malicious actors to compromise.

Mastering Linux Security and Hardening. Secure your Linux server and protect it from intruders, malware attacks, and other external threats

Donald A. Tevault

This book has extensive coverage of techniques that will help prevent attackers from breaching your system, by building a much more secure Linux environment. You will learn various security techniques such as SSH hardening, network service detection, setting up firewalls, encrypting file systems, protecting user accounts, authentication processes, and so on. Moving forward, you will also develop hands-on skills with advanced Linux permissions, access control, special modes, and more. Lastly, this book will also cover best practices and troubleshooting techniques to get your work done efficiently.By the end of this book, you will be confident in delivering a system that will be much harder to compromise.

Mastering Machine Learning for Penetration Testing. Develop an extensive skill set to break self-learning systems using Python

Chiheb Chebbi

Cyber security is crucial for both businesses and individuals. As systems are getting smarter, we now see machine learning interrupting computer security. With the adoption of machine learning in upcoming security products, it’s important for pentesters and security researchers to understand how these systems work, and to breach them for testing purposes. This book begins with the basics of machine learning and the algorithms used to build robust systems. Once you’ve gained a fair understanding of how security products leverage machine learning, you'll dive into the core concepts of breaching such systems. Through practical use cases, you’ll see how to find loopholes and surpass a self-learning security system. As you make your way through the chapters, you’ll focus on topics such as network intrusion detection and AV and IDS evasion. We’ll also cover the best practices when identifying ambiguities, and extensive techniques to breach an intelligent system.By the end of this book, you will be well-versed with identifying loopholes in a self-learning security system and will be able to efficiently breach a machine learning system.