Zero-day vulnerabilities—software vulnerabilities for which no patch or fix has been publicly released—and their exploits are useful in cyber operations, as well as in defensive and academic settings. This report provides findings from real-world zero-day vulnerability and exploit data that can inform ongoing policy debates regarding stockpiling (i.e., keeping zero-day vulnerabilities private) versus disclosing them to the public.
DNS Security: Hacking and Defending the Domain Name System provides tactics on how to secure a Domain Name System (DNS) framework by exploring common DNS vulnerabilities using real-world examples of DNS exploits and providing step-by-step guidelines for securing the infrastructure.
The book is a timely reference as DNS is an integral part of the Internet that translates IP addresses into easily remembered domain names. The book focuses entirely on the security aspects of DNS, combining internal and external data to analyze and effectively prioritize network threats. It shows how to build a security infrastructure based around intelligence, demonstrating how theory can work in real-life situations. Presents a multi-platform approach, covering Linux, BSD, and Windows DNS security tipsDemonstrates how to implement DNS Security tools, including numerous screen shots and configuration examplesProvides a timely reference on DNS, an integral part of the Internet that translates IP addresses into easily remembered domain namesIncludes information of interest to those working in 4DNS, authoritative services, BIND files, buffer overflows, DDoS Attacks, firewalls, transaction signatures, and version control, amongst other topics
Is Your Information Easy to Steal? Every business has something it needs to protect. Whether it’s top-secret IP, an exclusive client list, or a secure payment portal, your data is what sets you apart from the competition. But most businesses aren’t doing a very good job of protecting what’s theirs. The digital world is changing fast—and cybercrime is changing with it. Whether it’s a 12-year-old “script kiddie” crippling your website with denial-of-service attacks, or a master hacker targeting a project leader with phishing e-mails, the bad guys have dozens of clever and creative ways to take your assets. Sooner or later, you will come under attack. The future of your organisation depends on making your information hard to steal. But most business owners don’t know where to start. This book is the answer.
Fourth Edition Sheds New Light on Open Source Intelligence Collection and Analysis.
Author Michael Bazzell has been well known and respected in government circles for his ability to locate personal information about any target through Open Source Intelligence (OSINT). In this book, he shares his methods in great detail. Each step of his process is explained throughout sixteen chapters of specialized websites, application programming interfaces, and software solutions. Based on his live and online video training at IntelTechniques.com, over 250 resources are identified with narrative tutorials and screen captures.
Continue reading “Open Source Intelligence Techniques: Resources for Searching and Analyzing Online Information”
Cyber security involves protecting organisations from cyber risks, the threats to organisations caused by digital technology. These risks can cause direct damage to revenues and profits as well as indirect damage through reduced efficiency, lower employee morale, and reputational damage.
Cyber security is often thought to be the domain of specialist IT professionals however, cyber risks are found across and within organisations. Unfortunately, many managers outside IT feel they are ill equipped to deal with cyber risks and the use of jargon makes the subject especially hard to understand. For this reason cyber threats are worse than they really need to be.
The reality is that the threat from cyber risks is constantly growing, thus non-technical managers need to understand and manage it. As well as offering practical advice, the author guides readers through the processes that will enable them to manage and mitigate such threats and protect their organisations.