Building an Intelligence-Led Security Program

Rating: 
Amazon Price: N/A (as of February 15, 2019 15:12 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

As recently as five years ago, securing a network meant putting in a firewall, intrusion detection system, and installing antivirus software on the desktop. Unfortunately, attackers have grown more nimble and effective, meaning that traditional security programs are no longer effective.

Today's effective cyber security programs take these best practices and overlay them with intelligence. Adding cyber threat intelligence can help security teams uncover events not detected by traditional security platforms and correlate seemingly disparate events across the network. Properly-implemented intelligence also makes the life of the security practitioner easier by helping him more effectively prioritize and respond to security incidents.
Continue reading “Building an Intelligence-Led Security Program”

Netcat Power Tools

Rating: 
Amazon Price: N/A (as of February 15, 2019 00:47 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

Originally released in 1996, Netcat is a netowrking program designed to read and write data across both Transmission Control Protocol TCP and User Datagram Protocol (UDP) connections using the TCP/Internet Protocol (IP) protocol suite. Netcat is often referred to as a "Swiss Army knife" utility, and for good reason. Just like the multi-function usefullness of the venerable Swiss Army pocket knife, Netcat's functionality is helpful as both a standalone program and a backe-end tool in a wide range of applications. Some of the many uses of Netcat include port scanning, transferring files, grabbing banners, port listening and redirection, and more nefariously, a backdoor. This is the only book dedicated to comprehensive coverage of the tool's many features, and by the end of this book, you'll discover how Netcat can be one of the most valuable tools in your arsenal.

* Get Up and Running with Netcat Simple yet powerful…Don't let the trouble-free installation and the easy command line belie the fact that Netcat is indeed a potent and powerful program.
* Go PenTesting with Netcat Master Netcat's port scanning and service identification capabilities as well as obtaining Web server application information. Test and verify outbound firewall rules and avoid detection by using antivirus software and the Window Firewall. Also, create a backdoor using Netcat.
* Conduct Enumeration and Scanning with Netcat, Nmap, and More! Netcat's not the only game in town…Learn the process of network of enumeration and scanning, and see how Netcat along with other tools such as Nmap and Scanrand can be used to thoroughly identify all of the assets on your network.
* Banner Grabbing with Netcat Banner grabbing is a simple yet highly effective method of gathering information about a remote target, and can be performed with relative ease with the Netcat utility.
* Explore the Dark Side of Netcat See the various ways Netcat has been used to provide malicious, unauthorized access to their targets. By walking through these methods used to set up backdoor access and circumvent protection mechanisms through the use of Netcat, we can understand how malicious hackers obtain and maintain illegal access. Embrace the dark side of Netcat, so that you may do good deeds later.
* Transfer Files Using Netcat The flexability and simple operation allows Netcat to fill a niche when it comes to moving a file or files in a quick and easy fashion. Encryption is provided via several different avenues including integrated support on some of the more modern Netcat variants, tunneling via third-party tools, or operating system integrated IPsec policies.
* Troubleshoot Your Network with Netcat Examine remote systems using Netat's scanning ability. Test open ports to see if they really are active and see what protocls are on those ports. Communicate with different applications to determine what problems might exist, and gain insight into how to solve these problems.
* Sniff Traffic within a System Use Netcat as a sniffer within a system to collect incoming and outgoing data. Set up Netcat to listen at ports higher than 1023 (the well-known ports), so you can use Netcat even as a normal user.
Continue reading “Netcat Power Tools”

Sockets, Shellcode, Porting, and Coding: Reverse Engineering Exploits and Tool Coding for Security Professionals

Rating: 
Amazon Price: $54.95 $52.73 You save: $2.22 (4%). (as of February 15, 2019 23:55 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

The book is logically divided into 5 main categories with each category representing a major skill set required by most security professionals:

1. Coding – The ability to program and script is quickly becoming a mainstream requirement for just about everyone in the security industry. This section covers the basics in coding complemented with a slue of programming tips and tricks in C/C++, Java, Perl and NASL.
Continue reading “Sockets, Shellcode, Porting, and Coding: Reverse Engineering Exploits and Tool Coding for Security Professionals”

Open Source Fuzzing Tools

Amazon Price: N/A (as of February 15, 2019 16:07 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

Fuzzing is often described as a “black box software testing technique. It works by automatically feeding a program multiple input iterations in an attempt to trigger an internal error indicative of a bug, and potentially crash it. Such program errors and crashes are indicative of the existence of a security vulnerability, which can later be researched and fixed.

Fuzz testing is now making a transition from a hacker-grown tool to a commercial-grade product. There are many different types of applications that can be fuzzed, many different ways they can be fuzzed, and a variety of different problems that can be uncovered. There are also problems that arise during fuzzing; when is enough enough? These issues and many others are fully explored.
Continue reading “Open Source Fuzzing Tools”

Stealing the Network: How to Own an Identity: How to Own an Identity

Rating: 
Amazon Price: N/A (as of February 15, 2019 10:45 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

The first two books in this series “Stealing the Network: How to Own the Box and “Stealing the Network: How to Own a Continent have become classics in the Hacker and Infosec communities because of their chillingly realistic depictions of criminal hacking techniques.

In this third installment, the all-star cast of authors tackle one of the fastest growing crimes in the world: Identity Theft. Now, the criminal hackers readers have grown to both love and hate try to cover their tracks and vanish into thin air… "Stealing the Network: How to Own an Identity" is the 3rd book in the "Stealing" series, and continues in the tradition created by its predecessors by delivering real-world network attack methodologies and hacking techniques within a context of unique and original fictional accounts created by some of the world's leading security professionals and computer technologists. The seminal works in TechnoFiction, this "STN" collection yet again breaks new ground by casting light upon the mechanics and methods used by those lurking on the darker side of the Internet, engaging in the fastest growing crime in the world: Identity theft.
Continue reading “Stealing the Network: How to Own an Identity: How to Own an Identity”