Hacking

Offensive Security Using Python. A hands-on guide to offensive tactics and threat mitigation using practical strategies

Rejah Rehim, Manindar Mohan, Grant Ongers

Offensive Security Using Python is your go-to manual for mastering the quick-paced field of offensive security. This book is packed with valuable insights, real-world examples, and hands-on activities to help you leverage Python to navigate the complicated world of web security, exploit vulnerabilities, and automate challenging security tasks.From detecting vulnerabilities to exploiting them with cutting-edge Python techniques, you’ll gain practical insights into web security, along with guidance on how to use automation to improve the accuracy and effectiveness of your security activities. You’ll also learn how to design personalized security automation tools. While offensive security is a great way to stay ahead of emerging threats, defensive security plays an equal role in protecting organizations from cyberattacks. In this book, you’ll get to grips with Python secure coding techniques to improve your ability to recognize dangers quickly and take appropriate action. As you progress, you’ll be well on your way to handling the contemporary challenges in the field of cybersecurity using Python, as well as protecting your digital environment from growing attacks.By the end of this book, you’ll have a solid understanding of sophisticated offensive security methods and be able to stay ahead in the constantly evolving cybersecurity space.

Offensive Shellcode from Scratch. Get to grips with shellcode countermeasures and discover how to bypass them

Rishalin Pillay

Shellcoding is a technique that is executed by many red teams and used in penetration testing and real-world attacks. Books on shellcode can be complex, and writing shellcode is perceived as a kind of dark art. Offensive Shellcode from Scratch will help you to build a strong foundation of shellcode knowledge and enable you to use it with Linux and Windows.This book helps you to explore simple to more complex examples of shellcode that are used by real advanced persistent threat (APT) groups. You'll get to grips with the components of shellcode and understand which tools are used when building shellcode, along with the automated tools that exist to create shellcode payloads. As you advance through the chapters, you'll become well versed in assembly language and its various components, such as registers, flags, and data types. This shellcode book also teaches you about the compilers and decoders that are used when creating shellcode. Finally, the book takes you through various attacks that entail the use of shellcode in both Windows and Linux environments.By the end of this shellcode book, you'll have gained the knowledge needed to understand the workings of shellcode and build your own exploits by using the concepts explored.

Offensive Shellcode from Scratch. Get to grips with shellcode countermeasures and discover how to bypass them

Rishalin Pillay

Shellcoding is a technique that is executed by many red teams and used in penetration testing and real-world attacks. Books on shellcode can be complex, and writing shellcode is perceived as a kind of dark art. Offensive Shellcode from Scratch will help you to build a strong foundation of shellcode knowledge and enable you to use it with Linux and Windows.This book helps you to explore simple to more complex examples of shellcode that are used by real advanced persistent threat (APT) groups. You'll get to grips with the components of shellcode and understand which tools are used when building shellcode, along with the automated tools that exist to create shellcode payloads. As you advance through the chapters, you'll become well versed in assembly language and its various components, such as registers, flags, and data types. This shellcode book also teaches you about the compilers and decoders that are used when creating shellcode. Finally, the book takes you through various attacks that entail the use of shellcode in both Windows and Linux environments.By the end of this shellcode book, you'll have gained the knowledge needed to understand the workings of shellcode and build your own exploits by using the concepts explored.

Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide. Become an expert and get Google Cloud certified with this practitioner's guide

Ankush Chowdhary, Prashant Kulkarni, Phil Venables

Google Cloud security offers powerful controls to assist organizations in establishing secure and compliant cloud environments. With this book, you’ll gain in-depth knowledge of the Professional Cloud Security Engineer certification exam objectives, including Google Cloud security best practices, identity and access management (IAM), network security, data security, and security operations.The chapters go beyond the exam essentials, helping you explore advanced topics such as Google Cloud Security Command Center, the BeyondCorp Zero Trust architecture, and container security. With step-by-step explanations, practical examples, and practice exams to help you improve your skills for the exam, you'll be able to efficiently review and apply key concepts of the shared security responsibility model. Finally, you’ll get to grips with securing access, organizing cloud resources, network and data security, and logging and monitoring.By the end of this book, you'll be proficient in designing, developing, and operating security controls on Google Cloud and gain insights into emerging concepts for future exams.

OpenStack Cloud Security. Your OpenStack cloud storage contains all your vital computing resources and potentially sensitive data – secure it with this essential OpenStack tutorial

Fabio Alessandro Locati

If you are an OpenStack administrator or developer, or wish to build solutions to protect your OpenStack environment, then this book is for you. Experience of Linux administration and familiarity with different OpenStack components is assumed.

OpenVPN Cookbook. Get the most out of OpenVPN by exploring it's advanced features. - Second Edition

Jan Just Keijser

OpenVPN provides an extensible VPN framework that has been designed to ease site-specific customization, such as providing the capability to distribute a customized installation package to clients, and supporting alternative authentication methods via OpenVPN’s plugin module interface. This book provides you with many different recipes to help you set up, monitor, and troubleshoot an OpenVPN network. You will learn to configure a scalable, load-balanced VPN server farm that can handle thousands of dynamic connections from incoming VPN clients. You will also get to grips with the encryption, authentication, security, extensibility, and certifications features of OpenSSL. You will also get an understanding of IPv6 support and will get a demonstration of how to establish a connection via IPv64. This book will explore all the advanced features of OpenVPN and even some undocumented options, covering all the common network setups such as point-to-point networks and multi-client TUN-style and TAP-style networks. Finally, you will learn to manage, secure, and troubleshoot your virtual private networks using OpenVPN 2.4.

Operationalizing Threat Intelligence. A guide to developing and operationalizing cyber threat intelligence programs

Kyle Wilhoit, Joseph Opacki

We’re living in an era where cyber threat intelligence is becoming more important. Cyber threat intelligence routinely informs tactical and strategic decision-making throughout organizational operations. However, finding the right resources on the fundamentals of operationalizing a threat intelligence function can be challenging, and that’s where this book helps.In Operationalizing Threat Intelligence, you’ll explore cyber threat intelligence in five fundamental areas: defining threat intelligence, developing threat intelligence, collecting threat intelligence, enrichment and analysis, and finally production of threat intelligence. You’ll start by finding out what threat intelligence is and where it can be applied. Next, you’ll discover techniques for performing cyber threat intelligence collection and analysis using open source tools. The book also examines commonly used frameworks and policies as well as fundamental operational security concepts. Later, you’ll focus on enriching and analyzing threat intelligence through pivoting and threat hunting. Finally, you’ll examine detailed mechanisms for the production of intelligence.By the end of this book, you’ll be equipped with the right tools and understand what it takes to operationalize your own threat intelligence function, from collection to production.

Operationalizing Threat Intelligence. A guide to developing and operationalizing cyber threat intelligence programs

Kyle Wilhoit, Joseph Opacki

We’re living in an era where cyber threat intelligence is becoming more important. Cyber threat intelligence routinely informs tactical and strategic decision-making throughout organizational operations. However, finding the right resources on the fundamentals of operationalizing a threat intelligence function can be challenging, and that’s where this book helps.In Operationalizing Threat Intelligence, you’ll explore cyber threat intelligence in five fundamental areas: defining threat intelligence, developing threat intelligence, collecting threat intelligence, enrichment and analysis, and finally production of threat intelligence. You’ll start by finding out what threat intelligence is and where it can be applied. Next, you’ll discover techniques for performing cyber threat intelligence collection and analysis using open source tools. The book also examines commonly used frameworks and policies as well as fundamental operational security concepts. Later, you’ll focus on enriching and analyzing threat intelligence through pivoting and threat hunting. Finally, you’ll examine detailed mechanisms for the production of intelligence.By the end of this book, you’ll be equipped with the right tools and understand what it takes to operationalize your own threat intelligence function, from collection to production.

OPNsense Beginner to Professional. Protect networks and build next-generation firewalls easily with OPNsense

Julio Cesar Bueno de Camargo

OPNsense is one of the most powerful open source firewalls and routing platforms available. With OPNsense, you can now protect networks using features that were only previously available to closed source commercial firewalls.This book is a practical guide to building a comprehensive network defense strategy using OPNsense. You’ll start with the basics, understanding how to install, configure, and protect network resources using native features and additional OPNsense plugins. Next, you’ll explore real-world examples to gain in-depth knowledge of firewalls and network defense. You’ll then focus on boosting your network defense, preventing cyber threats, and improving your knowledge of firewalling using this open source security platform.By the end of this OPNsense book, you’ll be able to install, configure, and manage the OPNsense firewall by making the most of its features.

Oracle 11g Anti-hacker's Cookbook. Make your Oracle database virtually impregnable to hackers using the knowledge in this book. With over 50 recipes, you'll quickly learn protection methodologies that use industry certified techniques to secure the Oracle database server

Adrian Neagu

For almost all organizations, data security is a matter of prestige and credibility. The Oracle Database is one of the most rich in features and probably the most used Database in a variety of industries where security is essential. To ensure security of data both in transit and on the disk, Oracle has implemented the security technologies to achieve a reliable and solid system. In Oracle 11g Anti-Hacker's Cookbook, you will learn about the most important solutions that can be used for better database security.Oracle 11g Anti-hacker's Cookbook covers all the important security measures and includes various tips and tricks to protect your Oracle Database.Oracle 11g Anti-hacker's Cookbook uses real-world scenarios to show you how to secure the Oracle Database server from different perspectives and against different attack scenarios. Almost every chapter has a possible threads section, which describes the major dangers that can be confronted. The initial chapters cover how to defend the operating system, the network, the data and the users. The defense scenarios are linked and designed to prevent these attacks. The later chapters cover Oracle Vault, Oracle VPD, Oracle Labels, and Oracle Audit. Finally, in the Appendices, the book demonstrates how to perform a security assessment against the operating system and the database, and how to use a DAM tool for monitoring.

Oracle Blockchain Quick Start Guide. A practical approach to implementing blockchain in your enterprise

Vivek Acharya, Anand Eswararao Yerrapati, Nimesh Prakash

Hyperledger Fabric empowers enterprises to scale out in an unprecedented way, allowing organizations to build and manage blockchain business networks. This quick start guide systematically takes you through distributed ledger technology, blockchain, and Hyperledger Fabric while also helping you understand the significance of Blockchain-as-a-Service (BaaS).The book starts by explaining the blockchain and Hyperledger Fabric architectures. You'll then get to grips with the comprehensive five-step design strategy - explore, engage, experiment, experience, and in?uence. Next, you'll cover permissioned distributed autonomous organizations (pDAOs), along with the equation to quantify a blockchain solution for a given use case. As you progress, you'll learn how to model your blockchain business network by defining its assets, participants, transactions, and permissions with the help of examples. In the concluding chapters, you'll build on your knowledge as you explore Oracle Blockchain Platform (OBP) in depth and learn how to translate network topology on OBP.By the end of this book, you will be well-versed with OBP and have developed the skills required for infrastructure setup, access control, adding chaincode to a business network, and exposing chaincode to a DApp using REST configuration.

Oracle Database 12c Security Cookbook. Secure your Oracle Database 12c with this valuable Oracle support resource, featuring more than 100 solutions to the challenges of protecting your data

Maja Veselica & Zoran Pavlovic, Zoran Pavlovic,...

Businesses around the world are paying much greater attention toward database security than they ever have before. Not only does the current regulatory environment require tight security, particularly when dealing with sensitive and personal data, data is also arguably a company’s most valuable asset - why wouldn’t you want to protect it in a secure and reliable database? Oracle Database lets you do exactly that. It’s why it is one of the world’s leading databases – with a rich portfolio of features to protect data from contemporary vulnerabilities, it’s the go-to database for many organizations. Oracle Database 12c Security Cookbook helps DBAs, developers, and architects to better understand database security challenges. Let it guide you through the process of implementing appropriate security mechanisms, helping you to ensure you are taking proactive steps to keep your data safe. Featuring solutions for common security problems in the new Oracle Database 12c, with this book you can be confident about securing your database from a range of different threats and problems.

OSINT w praktyce. Jak gromadzić i analizować dane dostępne w sieci

Dale Meredith

Pojęcie OSINT pochodzi od angielskiego wyrażenia open source intelligence i oznacza biały wywiad. Polega na pozyskiwaniu danych z publicznie dostępnych źródeł. Okazuje się, że niezwykle cenne informacje są dostępne na wyciągnięcie ręki, ale trzeba wiedzieć, w jaki sposób do nich dotrzeć. A potrafi to być niezwykle wciągające zajęcie, przy okazji którego można poznać podstawy cyberbezpieczeństwa, zrozumieć czyhające w internecie zagrożenia i nauczyć się zabezpieczać swoją cyfrową obecność. Z tą książką krok po kroku zagłębisz się w metody OSINT, a także powiązane z nim zagadnienia natury prawnej i etycznej. Poznasz sposoby gromadzenia i analizowania informacji z wykorzystaniem wyszukiwarek, portali społecznościowych i innych zasobów internetowych. Zrozumiesz wagę anonimowości i technik gwarantujących bezpieczne poruszanie się po sieci, ułatwiających zarządzanie cyfrowym śladem czy tworzenie fikcyjnych tożsamości internetowych. Zdobędziesz również doświadczenie w korzystaniu z popularnych narzędzi OSINT, takich jak Recon-ng, Maltego, Shodan czy Aircrack-ng. Dowiesz się też, jak ograniczać ryzyko, przewidywać cyberataki, zapobiegać im i na nie reagować - wszystko dzięki technikom opartym na OSINT. W książce: działanie OSINT i najlepsze praktyki automatyzacja zbierania i analizy danych dane z mediów społecznościowych a OSINT zarządzanie swoim cyfrowym śladem, ograniczanie ryzyka i ochrona prywatności skuteczny program analizy ryzyka na bazie OSINT zwiększanie bezpieczeństwa firmy technikami OSINT Dołącz potężne narzędzia OSINT do swojego arsenału!

OSINT w praktyce. Jak gromadzić i analizować dane dostępne w sieci

Dale Meredith

Pojęcie OSINT pochodzi od angielskiego wyrażenia open source intelligence i oznacza biały wywiad. Polega na pozyskiwaniu danych z publicznie dostępnych źródeł. Okazuje się, że niezwykle cenne informacje są dostępne na wyciągnięcie ręki, ale trzeba wiedzieć, w jaki sposób do nich dotrzeć. A potrafi to być niezwykle wciągające zajęcie, przy okazji którego można poznać podstawy cyberbezpieczeństwa, zrozumieć czyhające w internecie zagrożenia i nauczyć się zabezpieczać swoją cyfrową obecność. Z tą książką krok po kroku zagłębisz się w metody OSINT, a także powiązane z nim zagadnienia natury prawnej i etycznej. Poznasz sposoby gromadzenia i analizowania informacji z wykorzystaniem wyszukiwarek, portali społecznościowych i innych zasobów internetowych. Zrozumiesz wagę anonimowości i technik gwarantujących bezpieczne poruszanie się po sieci, ułatwiających zarządzanie cyfrowym śladem czy tworzenie fikcyjnych tożsamości internetowych. Zdobędziesz również doświadczenie w korzystaniu z popularnych narzędzi OSINT, takich jak Recon-ng, Maltego, Shodan czy Aircrack-ng. Dowiesz się też, jak ograniczać ryzyko, przewidywać cyberataki, zapobiegać im i na nie reagować - wszystko dzięki technikom opartym na OSINT. W książce: działanie OSINT i najlepsze praktyki automatyzacja zbierania i analizy danych dane z mediów społecznościowych a OSINT zarządzanie swoim cyfrowym śladem, ograniczanie ryzyka i ochrona prywatności skuteczny program analizy ryzyka na bazie OSINT zwiększanie bezpieczeństwa firmy technikami OSINT Dołącz potężne narzędzia OSINT do swojego arsenału!

OSINT w praktyce. Jak gromadzić i analizować dane dostępne w sieci

Dale Meredith

Pojęcie OSINT pochodzi od angielskiego wyrażenia open source intelligence i oznacza biały wywiad. Polega na pozyskiwaniu danych z publicznie dostępnych źródeł. Okazuje się, że niezwykle cenne informacje są dostępne na wyciągnięcie ręki, ale trzeba wiedzieć, w jaki sposób do nich dotrzeć. A potrafi to być niezwykle wciągające zajęcie, przy okazji którego można poznać podstawy cyberbezpieczeństwa, zrozumieć czyhające w internecie zagrożenia i nauczyć się zabezpieczać swoją cyfrową obecność. Z tą książką krok po kroku zagłębisz się w metody OSINT, a także powiązane z nim zagadnienia natury prawnej i etycznej. Poznasz sposoby gromadzenia i analizowania informacji z wykorzystaniem wyszukiwarek, portali społecznościowych i innych zasobów internetowych. Zrozumiesz wagę anonimowości i technik gwarantujących bezpieczne poruszanie się po sieci, ułatwiających zarządzanie cyfrowym śladem czy tworzenie fikcyjnych tożsamości internetowych. Zdobędziesz również doświadczenie w korzystaniu z popularnych narzędzi OSINT, takich jak Recon-ng, Maltego, Shodan czy Aircrack-ng. Dowiesz się też, jak ograniczać ryzyko, przewidywać cyberataki, zapobiegać im i na nie reagować - wszystko dzięki technikom opartym na OSINT. W książce: działanie OSINT i najlepsze praktyki automatyzacja zbierania i analizy danych dane z mediów społecznościowych a OSINT zarządzanie swoim cyfrowym śladem, ograniczanie ryzyka i ochrona prywatności skuteczny program analizy ryzyka na bazie OSINT zwiększanie bezpieczeństwa firmy technikami OSINT Dołącz potężne narzędzia OSINT do swojego arsenału!

Packet Analysis with Wireshark. Leverage the power of Wireshark to troubleshoot your networking issues by using effective packet analysis techniques and performing improved protocol analysis

ANISH NATH

Wireshark provides a very useful way to decode an RFC and examine it. The packet captures displayed in Wireshark give you an insight into the security and flaws of different protocols, which will help you perform the security research and protocol debugging.The book starts by introducing you to various packet analyzers and helping you find out which one best suits your needs. You will learn how to use the command line and the Wireshark GUI to capture packets by employing filters. Moving on, you will acquire knowledge about TCP/IP communication and its use cases. You will then get an understanding of the SSL/TLS flow with Wireshark and tackle the associated problems with it. Next, you will perform analysis on application-related protocols. We follow this with some best practices to analyze wireless traffic. By the end of the book, you will have developed the skills needed for you to identify packets for malicious attacks, intrusions, and other malware attacks.

Packet Tracer for young advanced admins

Jerzy Kluczewski

The book: “PACKET TRACER FOR YOUNG ADVANCED ADMINS” is a collection of scenarios and network simulations for users who already have at least basic knowledge of computer networks and experience in the work associated with the administration of basic devices, as well as management of network architecture. The simulations were prepared in such a way as to develop the knowledge already presented in the previous books of Our Publishing House by Jerzy Kluczewski. The second goal, is to popularize the world-famous Packet Tracer program. This book is an excellent resource for students, undergraduates, and participants and graduates of CISCO CCNA networking courses. The themes of the book are very extensive and varied. Multiuser mode visualization, Bluetooth connections, cellular networks, WLAN controllers, industrial routers, IPV6 protocol, are just a few selected issues for which the author has prepared scenarios and ready-made simulation files that can be downloaded from the publisher's website. We encourage you to open the book and browse the table of contents for a broad overview of this book. The author of the publication is Jerzy Kluczewski, a long-time CISCO CCNA Academy instructor. He already has an extensive body of work in the form of published books on information technology. He gained his experience working in industry, and is currently a lecturer at the Gdansk School of Banking. Translation: Agata Skutela an experienced English teacher in Complex of Technical and General Schools in Tarnowskie Góry. Apart from English language she has also been teaching technical English. She is really into teaching and eager to expand her knowledge and workshop to be able to teach the best as she can.  

Packet Tracer for young beginning admins

Damian Strojek, Jerzy Kluczewski, Robert Wszelaki, Marek...

The book: “PACKET TRACER FOR YOUNG BEGINNING ADMINS" provides advice for people who want to learn about the operation of networks and the hardware that makes up today's network architecture. Beginners will learn how to download the simulator software and how to start working with it. The reader will find here the basics of configuring network devices. He will learn network services such as: TELNET, SSH, FTP, EMAIL, DHCP, DNS and routing protocols RIP, EIGRP, OSPF. Learn how to design and deploy virtual VLAN networks. The authors, describing the issues of administering computer networks, use many examples and exercises. The book is an updated compilation of our Packet Tracer publications for CISCO courses, has a described, changed interface of the currently latest Packet Tracer software and contains a set of new examples and exercises. The authors of this book are an intergenerational and interdisciplinary team. A talented student of the School of Communication in Gdańsk, Damian Strojek. His passion is computer networks, he has a set of CCNA R&S certificates and is in the middle of the CCNA Security educational path. Jerzy Kluczewski, long-time instructor of the CISCO CCNA Academy. His authorial achievements already include several books on the Packet Tracer simulator. He gained his experience while working in industry, currently he is a lecturer at the WSB University in Gdańsk. Robert Wszelaki is passionate about networking and programming. He completed a full CISCO CCNA course. He is a graduate of ZS1 in Piekary Śląskie, currently studying computer science at the Faculty of Automatic Control, Electronics and Computer Science of the Silesian University of Technology. Marek Smyczek is an experienced teacher of IT and electrical subjects, and at the same time an instructor of the CISCO CCNA program. He is the author and editor of several dozen publications in the fields of electronics and computer science. Translations: Joanna Margowniczy English teacher at Primary School No. 13 in Jaworzno and ZDZ in Sosnowiec, international IT ESSENTIALS instructor, OKE examiner.

Packet Tracer for young intermediate admins

Damian Strojek, Jerzy Kluczewski

The book: “PACKET TRACER FOR YOUNG INTERMEDIATE ADMINS” is designed for people who want to expand their skills and knowledge in the field of managing LAN and WAN networks. The reader finds here descriptions and practical exercises on configuring CISCO devices. It is a continuation of the first book with the same title. The authors have adopted the principle: minimum of theory, maximum of practical examples which will enable the reader to learn how to administer ICT networks in many complex device configurations without the need to purchase expensive CISCO equipment. The content of the book covers the basics of configuring protocols, services and network techniques such as: dynamic routing RIP, EGIRP, OSPF, eBGP, static routing, access control lists VoIP, STP, RS,VTP, FRAME RELAY, PPP, PAP and CHAP authentication RADIUS, NETFLOW, NAT, L2NAT, VPN tuneling. This part also includes configuring multilayer switches 3560-24PS and 3650-24PS. The authors of this book are an intergenerational and interdisciplinary team. Talented student of the Communications School Complex in Gdansk Damian Strojek. His passion is computer networks, and he holds certifications CCNA R&S and CCNA Security. Jerzy Kluczewski, a long-time CISCO CCNA Academy instructor. He already has several book publications to his credit about the Packet Tracer simulator. He gained his experience while working in industry and is currently a lecturer at the Gdansk School of Banking. Translation: a very talented student of applied linguistics at Silesian University in Katowice – Julia Skutela. She has been studying English and Russian to become a professional translator. Eager to expand her knowledge and building a workshop of the translator she has decided to raise up to the challenge of translating the following book into English.

Palo Alto Networks from Policy to Code. Automate PAN-OS security policies with Python precision

Nikolay Matveev, Migara Ekanayake

Palo Alto Networks firewalls are the gold standard in enterprise security, but managing them manually often leads to endless configurations, error-prone changes, and difficulty maintaining consistency across deployments.Written by cybersecurity experts with deep Palo Alto Networks experience, this book shows you how to transform firewall management with automation, using a code-driven approach that bridges the gap between powerful technology and practical implementation.You’ll start with next-gen firewall fundamentals before advancing to designing enterprise-grade security policies, applying threat prevention profiles, URL filtering, TLS decryption, and application controls to build a complete policy framework. Unlike other resources that focus on theory or vendor documentation, this hands-on guide covers best practices and real-world strategies. You’ll learn how to automate policy deployment using Python and PAN-OS APIs, structure firewall configurations as code, and integrate firewalls with IT workflows and infrastructure-as-code tools.By the end of the book, you’ll be able to design, automate, test, and migrate firewall policies with confidence, gaining practical experience in quality assurance techniques, pilot testing, debugging, and phased cutovers—all while maintaining security and minimizing business impact.