Incorporate offense and defense for a more effective network security strategy Network Attacks and Exploitation provides a clear, comprehensive roadmap for developing a complete offensive and defensive strategy to engage in or thwart hacking and computer espionage. Written by an expert in both government and corporate vulnerability and security operations, this guide helps you understand the principles of the space and look beyond the individual technologies of the moment to develop durable comprehensive solutions. Numerous real-world examples illustrate the offensive and defensive concepts at work, including Conficker, Stuxnet, the Target compromise, and more. You will find clear guidance toward strategy, tools, and implementation, with practical advice on blocking systematic computer espionage and the theft of information from governments, companies, and individuals. Assaults and manipulation of computer networks are rampant around the world. One of the biggest challenges is fitting the ever-increasing amount of information into a whole plan or framework to develop the right strategies to thwart these attacks. This book clears the confusion by outlining the approaches that work, the tools that work, and resources needed to apply them. Understand the fundamental concepts of computer network exploitation Learn the nature and tools of systematic attacks Examine offensive strategy and how attackers will seek to maintain their advantage Understand defensive strategy, and how current approaches fail to change the strategic balance Governments, criminals, companies, and individuals are all operating in a world without boundaries, where the laws, customs, and norms previously established over centuries are only beginning to take shape. Meanwhile computer espionage continues to grow in both frequency and impact. This book will help you mount a robust offense or a strategically sound defense against attacks and exploitation. For a clear roadmap to better network security, Network Attacks and Exploitation is your complete and practical guide.

Incorporate offense and defense for a more effective network security strategy Network Attacks and Exploitation provides a clear, comprehensive roadmap for developing a complete offensive and defensive strategy to engage in or thwart hacking and computer espionage. Written by an expert in both government and corporate vulnerability and security operations, this guide helps you understand the principles of the space and look beyond the individual technologies of the moment to develop durable comprehensive solutions. Numerous real-world examples illustrate the offensive and defensive concepts at work, including Conficker, Stuxnet, the Target compromise, and more. You will find clear guidance toward strategy, tools, and implementation, with practical advice on blocking systematic computer espionage and the theft of information from governments, companies, and individuals. Assaults and manipulation of computer networks are rampant around the world. One of the biggest challenges is fitting the ever-increasing amount of information into a whole plan or framework to develop the right strategies to thwart these attacks. This book clears the confusion by outlining the approaches that work, the tools that work, and resources needed to apply them. Understand the fundamental concepts of computer network exploitation Learn the nature and tools of systematic attacks Examine offensive strategy and how attackers will seek to maintain their advantage Understand defensive strategy, and how current approaches fail to change the strategic balance Governments, criminals, companies, and individuals are all operating in a world without boundaries, where the laws, customs, and norms previously established over centuries are only beginning to take shape. Meanwhile computer espionage continues to grow in both frequency and impact. This book will help you mount a robust offense or a strategically sound defense against attacks and exploitation. For a clear roadmap to better network security, Network Attacks and Exploitation is your complete and practical guide.

Attacking Network Protocols is a deep dive into network protocol security from James ­Forshaw, one of the world’s leading bug ­hunters. This comprehensive guide looks at networking from an attacker’s perspective to help you discover, exploit, and ultimately ­protect vulnerabilities. You’ll start with a rundown of networking basics and protocol traffic capture before moving on to static and dynamic protocol analysis, common protocol structures, cryptography, and protocol security. Then you’ll turn your focus to finding and exploiting vulnerabilities, with an overview of common bug classes, fuzzing, debugging, and exhaustion attacks. Learn how to: - Capture, manipulate, and replay packets - Develop tools to dissect traffic and reverse engineer code to understand the inner workings of a network protocol - Discover and exploit vulnerabilities such as memory corruptions, authentication bypasses, and denials of service - Use capture and analysis tools like ­Wireshark and develop your own custom network proxies to manipulate ­network traffic Attacking Network Protocols is a must-have for any penetration tester, bug hunter, or developer looking to understand and discover network vulnerabilities.

The complete guide to today’s hard-to-defend chained attacks: performing them and preventing them Nowadays, it’s rare for malicious hackers to rely on just one exploit or tool; instead, they use “chained” exploits that integrate multiple forms of attack to achieve their goals. Chained exploits are far more complex and far more difficult to defend. Few security or hacking books cover them well and most don’t cover them at all. Now there’s a book that brings together start-to-finish information about today’s most widespread chained exploits—both how to perform them and how to prevent them. Chained Exploits demonstrates this advanced hacking attack technique through detailed examples that reflect real-world attack strategies, use today’s most common attack tools, and focus on actual high-value targets, including credit card and healthcare data. Relentlessly thorough and realistic, this book covers the full spectrum of attack avenues, from wireless networks to physical access and social engineering. Writing for security, network, and other IT professionals, the authors take you through each attack, one step at a time, and then introduce today’s most effective countermeasures– both technical and human. Coverage includes: Constructing convincing new phishing attacks Discovering which sites other Web users are visiting Wreaking havoc on IT security via wireless networks Disrupting competitors’ Web sites Performing—and preventing—corporate espionage Destroying secure files Gaining access to private healthcare records Attacking the viewers of social networking pages Creating entirely new exploits and more Andrew Whitaker, Director of Enterprise InfoSec and Networking for Training Camp, has been featured in The Wall Street Journal and BusinessWeek. He coauthored Penetration Testing and Network Defense. Andrew was a winner of EC Council’s Instructor of Excellence Award. Keatron Evans is President and Chief Security Consultant of Blink Digital Security, LLC, a trainer for Training Camp, and winner of EC Council’s Instructor of Excellence Award. Jack B. Voth specializes in penetration testing, vulnerability assessment, and perimeter security. He co-owns The Client Server, Inc., and teaches for Training Camp throughout the United States and abroad. informit.com/aw Cover photograph © Corbis / Jupiter Images

Presents a framework for defending your network against attacks in an environment where it might seem impossible. This title discusses along with their delivery methods, such as browser exploitation, use of rich Internet applications, and file format vulnerabilities. It includes antivirus and anti-spyware, intrusion detection systems.

Seven Deadliest Social Network Attacks describes the seven deadliest social networking attacks and how to defend against them. This book pinpoints the most dangerous hacks and exploits specific to social networks like Facebook, Twitter, and MySpace, and provides a comprehensive view into how such attacks have impacted the livelihood and lives of adults and children. It lays out the anatomy of these attacks, including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. The book is separated into seven chapters, with each focusing on a specific type of attack that has been furthered with social networking tools and devices. These are: social networking infrastructure attacks; malware attacks; phishing attacks; Evil Twin Attacks; identity theft; cyberbullying; and physical threat. Each chapter takes readers through a detailed overview of a particular attack to demonstrate how it was used, what was accomplished as a result, and the ensuing consequences. In addition to analyzing the anatomy of the attacks, the book offers insights into how to develop mitigation strategies, including forecasts of where these types of attacks are heading. This book can serve as a reference guide to anyone who is or will be involved in oversight roles within the information security field. It will also benefit those involved or interested in providing defense mechanisms surrounding social media as well as information security professionals at all levels, those in the teaching profession, and recreational hackers. - Knowledge is power, find out about the most dominant attacks currently waging war on computers and networks globally - Discover the best ways to defend against these vicious attacks; step-by-step instruction shows you how - Institute countermeasures, don't be caught defenseless again, and learn techniques to make your computer and network impenetrable

Cyber-crime increasingly impacts both the online and offline world, and targeted attacks play a significant role in disrupting services in both. Targeted attacks are those that are aimed at a particular individual, group, or type of site or service. Unlike worms and viruses that usually attack indiscriminately, targeted attacks involve intelligence-gathering and planning to a degree that drastically changes its profile. Individuals, corporations, and even governments are facing new threats from targeted attacks. Targeted Cyber Attacks examines real-world examples of directed attacks and provides insight into what techniques and resources are used to stage these attacks so that you can counter them more effectively. - A well-structured introduction into the world of targeted cyber-attacks - Includes analysis of real-world attacks - Written by cyber-security researchers and experts

Penetration testers simulate cyber attacks to find security weaknesses in networks, operating systems, and applications. Information security experts worldwide use penetration techniques to evaluate enterprise defenses. In Penetration Testing, security expert, researcher, and trainer Georgia Weidman introduces you to the core skills and techniques that every pentester needs. Using a virtual machine–based lab that includes Kali Linux and vulnerable operating systems, you’ll run through a series of practical lessons with tools like Wireshark, Nmap, and Burp Suite. As you follow along with the labs and launch attacks, you’ll experience the key stages of an actual assessment—including information gathering, finding exploitable vulnerabilities, gaining access to systems, post exploitation, and more. Learn how to: –Crack passwords and wireless network keys with brute-forcing and wordlists –Test web applications for vulnerabilities –Use the Metasploit Framework to launch exploits and write your own Metasploit modules –Automate social-engineering attacks –Bypass antivirus software –Turn access to one machine into total control of the enterprise in the post exploitation phase You’ll even explore writing your own exploits. Then it’s on to mobile hacking—Weidman’s particular area of research—with her tool, the Smartphone Pentest Framework. With its collection of hands-on lessons that cover key tools and strategies, Penetration Testing is the introduction that every aspiring hacker needs.

Advanced Persistent Security covers secure network design and implementation, including authentication, authorization, data and access integrity, network monitoring, and risk assessment. Using such recent high profile cases as Target, Sony, and Home Depot, the book explores information security risks, identifies the common threats organizations face, and presents tactics on how to prioritize the right countermeasures. The book discusses concepts such as malignant versus malicious threats, adversary mentality, motivation, the economics of cybercrime, the criminal infrastructure, dark webs, and the criminals organizations currently face. - Contains practical and cost-effective recommendations for proactive and reactive protective measures - Teaches users how to establish a viable threat intelligence program - Focuses on how social networks present a double-edged sword against security programs

While many resources for network and IT security are available, detailed knowledge regarding modern web application security has been lacking—until now. This practical guide provides both offensive and defensive security concepts that software engineers can easily learn and apply. Andrew Hoffman, a senior security engineer at Salesforce, introduces three pillars of web application security: recon, offense, and defense. You’ll learn methods for effectively researching and analyzing modern web applications—including those you don’t have direct access to. You’ll also learn how to break into web applications using the latest hacking techniques. Finally, you’ll learn how to develop mitigations for use in your own web applications to protect against hackers. Explore common vulnerabilities plaguing today's web applications Learn essential hacking techniques attackers use to exploit applications Map and document web applications for which you don’t have direct access Develop and deploy customized exploits that can bypass common defenses Develop and deploy mitigations to protect your applications against hackers Integrate secure coding best practices into your development lifecycle Get practical tips to help you improve the overall security of your web applications