Authors: T. J. Klevinsky. Scott Laliberte. Ajay Gupta.
Paperback, 544 pages
Publisher: Addison-Wesley Professional
Publication Date: 2002-02


Reviews :

    "This book covers not just the glamorous aspects such as the intrusion act itself, but all of the pitfalls, contracts, clauses, and other gotchas that can occur. The authors have taken their years of trial and error, as well as experience, and documented a previously unknown black art." --From the Foreword by Simple Nomad, Senior Security Analyst, BindView RAZOR Team Penetration testing--in which professional, "white hat" hackers attempt to break through an organization's security defenses--has become a key defense weapon in today's information systems security arsenal. Through penetration testing, I.T. and security professionals can take action to prevent true "black hat" hackers from compromising systems and exploiting proprietary information. Hack I.T. introduces penetration testing and its vital role in an overall network security plan. You will learn about the roles and responsibilities of a penetration testing professional, the motivation and strategies of the underground hacking community, and potential system vulnerabilities, along with corresponding avenues of attack.Most importantly, the book provides a framework for performing penetration testing and offers step-by-step descriptions of each stage in the process. The latest information on the necessary hardware for performing penetration testing, as well as an extensive reference on the available security tools, is included. Comprehensive in scope Hack I.T. provides in one convenient resource the background, strategies, techniques, and tools you need to test and protect your system--before the real hackers attack. Specific topics covered in this book include: *Hacking myths *Potential drawbacks of penetration testing *Announced versus unannounced testing *Application-level holes and defenses *Penetration through the Internet, including zone transfer, sniffing, and port scanning *War dialing *Enumerating NT systems to expose security holes *Social engineering methods *Unix-specific vulnerabilities, such as RPC and buffer overflow attacks *The Windows NT Resource kit *Port scanners and discovery tools *Sniffers and password crackers *Web testing tools *Remote control tools *Firewalls and intrusion detection systems *Numerous DoS attacks and tools 0201719568B01042002...

Authors: Victor Oppleman. Oliver Friedrichs. Brett Watson.
Paperback, 448 pages
Publisher: McGraw-Hill Osborne Media
Publication Date: 2005-07-18
Edition: 1

Reviews :

    Protect your network and web sites from malicious attacks with help from this cutting-edge guide. Extreme Exploits is packed with never-before-published advanced security techniques and concise instructions that explain how to defend against devastating vulnerabilities in software and network infrastructure. This book will give a detailed analysis of modern threats and their solutions along with a checklist for developing defenses at the end of each chapter. You’ll also be introduced to a winning methodology for custom vulnerability assessments including attack profiling and the theatre of war concept. Through in-depth explanations of underlying technologies, you’ll learn to prepare your network and software from threats that don’t yet exist. This is a must-have volume for anyone responsible for network security....

Authors: Paul Craig.
Paperback, 356 pages
Publisher: Syngress
Publication Date: 2005-09-01


Reviews :

    For every $2 worth of software purchased legally, $1 worth of software is pirated illegally. For the first time ever, the dark underground of how software is stolen and traded over the internet is revealed. The technical detail provided will open the eyes of software users and manufacturers worldwide! This book is a tell-it-like-it-is expos of how tens of billions of dollars worth of software is stolen every year.

Did you know that most of the software on your computer, and nearly every program you've heard of, can be obtained without charge? In less time than it would take you to drive down to your "friendly neighborhood computer store" and purchase a software program, you can download the exact same program from the internet for free! Obtaining something intended to be sold without paying is "controversial" to say the least. But whether you call if "free for the asking," "software piracy," or just out-and-out "stealing;" downloading, copying, and sharing software is being done by thousands of people everyday. This book explains the epidemic problem of software piracy in great detail for both software users and manufacturers.

...

Authors: Amber Schroader; Tyler Cohen.
Paperback, 400 pages
Publisher: Syngress Publishing
Publication Date: 2007-05-15


Reviews :

    Learn to pull "digital fingerprints" from alternate data storage (ADS) devices including: iPod, Xbox, digital cameras and more from the cyber sleuths who train the Secret Service, FBI, and Department of Defense in bleeding edge digital forensics techniques. This book sets a new forensic methodology standard for investigators to use.
This book begins by describing how alternate data storage devices are used to both move and hide data. From here a series of case studies using bleeding edge forensic analysis tools demonstrate to readers how to perform forensic investigations on a variety of ADS devices including: Apple iPods, Digital Video Recorders, Cameras, Gaming Consoles (Xbox, PS2, and PSP), Bluetooth devices, and more using state of the art tools. Finally, the book takes a look into the future at "not yet every day" devices which will soon be common repositories for hiding and moving data for both legitimate and illegitimate purposes.

* Authors are undisputed leaders who train the Secret Service, FBI, and Department of Defense
* Book presents "one of a kind" bleeding edge information that absolutely can not be found anywhere else
* Today the industry has exploded and cyber investigators can be found in almost every field...

Authors: John Chirillo.
Paperback, 960 pages
Publisher: John Wiley & Sons
Publication Date: 2001-08-22


Reviews :

    Network hacking continues to be the number one menace for organizations worldwide. In his previous books, "Hack Attacks Revealed" and "Hack Attacks Denied", John Chirillo showed how to fight both standard and never-before-published hacks. In this companion book, he helps readers close remaining security holes by going back to the variations of old hacks that underground hackers are still using to break into corporate networks....

    Hack Attacks Encyclopedia is a collection of hacker goodies in print and on CD-ROM. Gleaned from file repositories old and new, the collection includes handy, potentially naughty utilities--process listers, password crackers, and port scanners, among others--and scores of text articles. The text articles explain how to extract value from systems of various kinds (mostly the North American telecommunications network and various kinds of computers). Reading articles about how to get free calls from (1980s-vintage) payphones is interesting, and articles (some quite old) written by hackers about themselves and their community reveal a lot of truth.

In order to appreciate this book, you have to take note of the word History in its subtitle. That word appears because the articles in this book, though many of them make excellent reading, deal largely with old technologies and well-known attacks for which defenses now exist. Interesting problems that contemporary hackers may have solved--such as how to get free satellite Internet access, how to defeat ATMs' "service fees," how to defeat password protection on Windows XP, and how to get an overwhelming number of positive reviews to appear for your book--aren't covered. This book is all about the exploits of the past. Articles about how to get free phone calls on old pulse-signaling public phones aren't of much practical value anymore, and viruses for the Amiga computer are of purely academic interest these days (though virus source code, several examples of which appear here, shows up in few other books). Therefore, don't buy this book so much for how-to information as for its history lessons and entertainment value. Read it for its first-hand look at hacker culture.

That said, Hack Attacks Encyclopedia would be a lot better if John Chirillo had looked at his considerable collection of text files and software and unified it with a running narrative. Good historians and documenters of cultures don't just present primary sources without annotating them. They use their knowledge and skill to derive meaning from the primary sources, and perhaps make some predictions about the future. --David Wall

Topics covered: Hack attacks--which is to say, tools and techniques for getting services and information you're not really supposed to have--through the ages (mostly in the 1970s, 1980s, and early 1990s). Emphasis falls on "harmless" hacker exploits, such as getting free phone calls, rather than on "black-hat" stuff like shutting down Web servers for no real reason. A large glossary explains technical terms and hacker lingo. ...

Authors: Keith Jones. Mike Shema. Bradley Johnson.
Paperback, 711 pages
Publisher: McGraw-Hill Osborne Media
Publication Date: 2002-06-25
Edition: 1

Reviews :

    Get in–depth details on the most effective security tools and learn how to use them with this hands-on resource. A must-have companion to the best-selling security book Hacking Exposed, this toolkit includes tips and configuration advice for getting the best results from the creators of the top hacking tools in use today....

Authors:
Paperback, 189 pages
Publisher: Willan Publishing (UK)
Publication Date: 2006-11


Reviews :

    This book provides a highly authoritative account and analysis of key issues within the rapidly burgeoning field of cybercrime. Drawing upon a range of internationally known experts in the fields, and representing a variety of different disciplines, "Crime Online" focuses on different constructions and manifestations of cybercrime and diverse responses to its regulation. It will be essential reading for anybody with an interest in one of the most exciting and fast-moving areas of crime, policing and legislation....

Authors: Michael Gregg.
Paperback, 416 pages
Publisher: Syngress
Publication Date: 2006-10-17


Reviews :

    Remember the first time someone told you about the OSI model and described the various layers? It's probably something you never forgot. This book takes that same layered approach but applies it to network security in a new and refreshing way. It guides readers step-by-step through the stack starting with physical security and working its way up through each of the seven OSI layers. Each chapter focuses on one layer of the stack along with the attacks, vulnerabilities, and exploits that can be found at that layer. The book even includes a chapter on the mythical eighth layer. It's called the people layer. It's included because security is not just about technology it also requires interaction with people, policy and office politics.

This book is designed to offer readers a deeper understanding of many common vulnerabilities and the ways in which attacker's exploit, manipulate, misuse, and abuse protocols and applications. The authors guide the readers through this process by using tools such as Ethereal (sniffer) and Snort (IDS). The sniffer is used to help readers understand how the protocols should work and what the various attacks are doing to break them. IDS is used to demonstrate the format of specific signatures and provide the reader with the skills needed to recognize and detect attacks when they occur. What makes this book unique is that it presents the material in a layer by layer approach which offers the readers a way to learn about exploits in a manner similar to which they most likely originally learned networking. This methodology makes this book a useful tool to not only security professionals but also for networking professionals, application programmers, and others. All of the primary protocols such as IP, ICMP, TCP are discussed but each from a security perspective. The authors convey the mindset of the attacker by examining how seemingly small flaws are often the catalyst of potential threats. The book considers the general kinds of things that may be monitored that would have alerted users of an attack.

...

Authors: Neil R. Wyler. Bruce Potter. Chris Hurley.
Paperback, 448 pages
Publisher: Syngress
Publication Date: 2005-02-01
Edition: 1

Reviews :

    I'm Mad As Hell, and I'm Not Gonna Take it Anymore!

• Analyze the technical, legal, and financial ramifications of revolutionary and controversial network strike-back and active defense techniques.
• Follow the travails of eight system administrators who take cyber law into their own hands.
• See chillingly realistic examples of everything from a PDA to the MD5 hash being used as weapons in cyber dog fights.

There is a certain satisfaction for me in seeing this book published. When I presented my "strike-back" concept to the security community years ago, I was surprised by the ensuing criticism from my peers. I thought they would support our right to defend ourselves, and that the real challenge would be educating the general public. It was the other way around, however. This is why I'm happy to see Aggressive Network Self-Defense published. It shows that people are beginning to consider the reality of today's internet. Many issues are not black and white, right or wrong, legal or illegal. Some of the strike-back approaches in this book I support. Others, I outright disagree with. But that's good--it gives us the chance to truly think about each situation--and thinking is the most important part of the security business. Now is the time to analyze the technologies and consider the stories presented in this book before fiction becomes reality.--Timothy M. Mullen, CIO and Chief Software Architect for AnchorIS.Com

• When the Worm Turns... Analyze the technical and legal implications of "neutralizing" machines that propagate malicious worms across the Internet.
• Are You the Hunter or the Hunted? Discover for yourself how easy it is to cross the line from defender to aggressor, and understand the potential consequences.
• Reverse Engineer Working Trojans, Viruses, and Keyloggers Perform forensic analysis of malicious code attacking a Pocket PC to track down, identify, and strike back against the attacker.
• To Catch a Thief... Track stolen software as it propagates through peer-to-peer networks and learn to bypass MD5 checksum verification to allow multiple generations of attackers to be traced.
• Learn the Definition of "Hostile Corporate Takeover" in Cyberspace Find out who will own the fictional Primulus Corporation as attacker and defender wage war.
• Understand the Active Defense Algorithm Model (ADAM) Analyze the primary considerations of implementing an active defense strategy in your organization: ethical, legal, unintended consequences, and risk validation.
• See What Can Happen when the Virtual World Meets the Real World Use keyloggers, Bluetooth device exploitation, and Windows forensics to discover if your cubicle mate has been stealing more than post-it notes.
• Where the Wild Things Are... Follow along as a real-life "in-the-wild" format string bug is morphed into strike-back code that launches a listening shell on the attacker's own machine.
• Implement Passive Strike-Back Technologies Learn the strategy and implement the tools for responding to footprinting, network reconnaissance, vulnerability scanning, and exploit code.

Your Solutions Membership Gives You Access to: A comprehensive FAQ page that consolidates all of the key points of this book into an easy-to-search Web page "From the Author" forum where the authors post timely updates and links to related sites The complete code listings from the book Downloadable chapters from these best-selling books: Black Hat Physical Device Security Google Hacking for Penetration Testers Buffer Overflow Attacks: Detect, Exploit, Prevent Hacking a Terror Network: The Silent Threat of Covert Channels TABLE OF CONTENTS Part I Fictionalized Cases of Network Strike-Back, Self-Defense, and Revenge Chapter 1 PDA Perils: Revenge from the Palm of Your Hand Chapter 2 The Case of a WLAN Attacker: In the Booth Chapter 3 MD5: Exploiting the Generous Chapter 4 A VPN Victim's Story: Jack's Smirking Revenge Chapter 5 Network Protection: Cyber-Attacks Meet Physical Response Chapter 6 Network Insecurity: Taking Patch Management to the Masses Chapter 7 The Fight for the Primulus Network: Yaseen vs Nathan Chapter 8 Undermining the Network: A Breach of Trust Part II The Technologies and Concepts Behind Network Strike Back Chapter 9 ADAM: Active Defense Algorithm and Model Chapter 10 Defending Your Right to Defend Chapter 11 MD5 to Be Considered Harmful Someday Chapter 12 When the Tables Turn: Passive Strike-Back 339 ...

Authors: Louis R. Mizell.
Paperback, 253 pages
Publisher: Wiley
Publication Date: 1996-10


Reviews :

    "White-collar criminals continue to pick our pockets to the tune of $300 billion every year. These 'socially acceptable' criminals rob more from companies and individuals with a pen or key stroke than a street thug can plunder with a high-powered pistol." --from the Introduction

In Masters of Deception, former special agent and intelligence officer Louis Mizell addresses the growing problem of white-collar crime in America. Using actual cases, Mizell exposes scores of perpetrators and their modus operandi, and offers invaluable advice on what to look for, how to avoid being a victim, and how to fight back.

Praise for Louis Mizell and Masters of Deception

"Mizell stands out as a true expert in crime and terrorism who earned his title fighting the bad guys in back alleys, courts, corporate suites, and the new global economy. No one else out there can match his knowledge of what the bad guys are doing and how." --James Grady, author of Six Days of the Condor and White Flame

"Masters of Deception exposes little known facts that should be revealed to the unsuspecting public. Mizell may well be the next Ralph Nader in exposing the many ways innocent people are victimized by white-collar crime." --Dr. Richard Ward, Associate Chancellor and Professor of Criminal Justice, University of Chicago at Illinois

White-collar crime is an alarming epidemic that has reached every big city and small town in America. Invading all sectors, from health care and religion to law and education, it claims millions of victims, and bilks taxpayers out of billions of dollars every year. In Masters of Deception, top crime expert Louis Mizell addresses this serious--and costly--problem, exposing some of the most notorious offenders, and providing precautionary measures everyone should take to avoid being "taken to the cleaners."

Leaving no get-rich-quick stone unturned, white-collar criminals strike from every angle. Whether they're doctors overbilling patients, charity workers pocketing donations, or lawyers abusing powers of attorney, their fraudulent practices cost individuals, companies, and institutions billions of dollars. Consider the following:
* Every year an average of $160 million is stolen or embezzled from schools and colleges all over the country
* Insurance fraud--property, casualty, and health--is a $95 billion-a-year scam
* Credit card fraud costs taxpayers nearly $3 billion per year
* Dishonest lawyers pocket more than $14 billion annually
* More than $21 billion is being stolen from charities each year


In Masters of Deception, Mizell explores the full spectrum of white-collar crime and the misuse of power by professionals we trust, including health care, business, education, and religion. He reveals hundreds of actual cases, from local crimes to such highly publicized incidents as the PTL scandal. With his experienced analytical eye, Mizell is able to spot new and emerging trends and pinpoint signs to look for in identifying potential cons. Sharing his expertise and insight as a former special agent and intelligence officer, Mizell also offers proven tips for fighting back--specific to each sector--as well as an extensive list of contacts for receiving further information, getting help, or reporting a crime.

And anyone who believes that white- collar crime is nonviolent will be shocked to learn that crime in the suites causes as much death and injury as crime in the streets.

Masters of Deception is a timely and authoritative book that will not only raise awareness about white-collar crime, but also allow readers "to empower themselves with enough knowledge to never be a victim."...