Metasploit: The Penetration Tester’s Guide

Rating: 
Amazon Price: $49.95 $47.45 You save: $2.50 (5%). (as of November 24, 2017 08:24 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors.

Once you've built your foundation for penetration testing, you’ll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You’ll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks.
Continue reading “Metasploit: The Penetration Tester's Guide”

A Bug Hunter’s Diary: A Guided Tour Through the Wilds of Software Security

Rating: 
Amazon Price: N/A (as of November 24, 2017 06:39 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

"This is one of the most interesting infosec books to come out in the last several years."
–Dino Dai Zovi, Information Security Professional

"Give a man an exploit and you make him a hacker for a day; teach a man to exploit bugs and you make him a hacker for a lifetime."
–Felix 'FX' Lindner
Continue reading “A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security”

Gray Hat C#: Creating and Automating Security Tools

Rating: 
Amazon Price: $39.95 $27.16 You save: $12.79 (32%). (as of November 24, 2017 17:58 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

Learn to use C#'s powerful set of core libraries to automate tedious yet important tasks like performing vulnerability scans, malware analysis, and incident response. With some help from Mono, you can write your own practical security tools that will run on Mac, Linux, and even mobile devices.

Following a crash course in C# and some of its advanced features, you'll learn how to:Write fuzzers that use the HTTP and XML libraries to scan for SQL and XSS injectionGenerate shellcode in Metasploit to create cross-platform and cross-architecture payloadsAutomate Nessus, OpenVAS, and sqlmap to scan for vulnerabilities and exploit SQL injectionsWrite a .NET decompiler for Mac and LinuxParse and read offline registry hives to dump system informationAutomate the security tools Arachni and Metasploit using their MSGPACK RPCs
Continue reading “Gray Hat C#: Creating and Automating Security Tools”

Practical Packet Analysis: Using Wireshark to Solve Real-world Network Problems 2nd (second) edition Text Only

Rating: 
Amazon Price: N/A (as of November 25, 2017 05:53 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

Android Security Internals: An In-Depth Guide to Android’s Security Architecture

Rating: 
Amazon Price: $49.95 $39.96 You save: $9.99 (20%). (as of November 24, 2017 18:34 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

There are more than one billion Android devices in use today, each one a potential target. Unfortunately, many fundamental Android security features have been little more than a black box to all but the most elite security professionals—until now.

In Android Security Internals, top Android security expert Nikolay Elenkov takes us under the hood of the Android security sys­tem. Elenkov describes Android security archi­tecture from the bottom up, delving into the imple­mentation of major security-related components and subsystems, like Binder IPC, permissions, cryptographic providers, and device administration.
Continue reading “Android Security Internals: An In-Depth Guide to Android's Security Architecture”