Writing Security Tools and Exploits

Rating: 
Amazon Price: N/A (as of November 24, 2017 00:08 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

Writing Security Tools and Exploits will be the foremost authority on vulnerability and security code and will serve as the premier educational reference for security professionals and software developers. The book will have over 600 pages of dedicated exploit, vulnerability, and tool code with corresponding instruction. Unlike other security and programming books that dedicate hundreds of pages to architecture and theory based flaws and exploits, this book will dive right into deep code analysis. Previously undisclosed security research in combination with superior programming techniques will be included in both the Local and Remote Code sections of the book.

The book will be accompanied with a companion Web site containing both commented and uncommented versions of the source code examples presented throughout the book. In addition to the book source code, the CD will also contain a copy of the author-developed Hacker Code Library v1.0. The Hacker Code Library will include multiple attack classes and functions that can be utilized to quickly create security programs and scripts. These classes and functions will simplify exploit and vulnerability tool development to an extent never before possible with publicly available software.
Continue reading “Writing Security Tools and Exploits”

Open Source Fuzzing Tools

Amazon Price: N/A (as of November 24, 2017 07:06 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

Fuzzing is often described as a “black box software testing technique. It works by automatically feeding a program multiple input iterations in an attempt to trigger an internal error indicative of a bug, and potentially crash it. Such program errors and crashes are indicative of the existence of a security vulnerability, which can later be researched and fixed.

Fuzz testing is now making a transition from a hacker-grown tool to a commercial-grade product. There are many different types of applications that can be fuzzed, many different ways they can be fuzzed, and a variety of different problems that can be uncovered. There are also problems that arise during fuzzing; when is enough enough? These issues and many others are fully explored.
Continue reading “Open Source Fuzzing Tools”

Breaking into Information Security: Crafting a Custom Career Path to Get the Job You Really Want

Rating: 
Amazon Price: N/A (as of November 24, 2017 01:03 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

Whether you want to break into information security, move from one job to another, or transition into management, Breaking into Information Security will help. No other book surveys all the different jobs available in the industry, frankly discusses the positives and negatives of each, and what you need to learn to get into and out of each role.

Unlike books that focus on a specific skill set or on how to gain a certification or get a job, this book encompasses the "big picture," including why certifications, if any, are worthwhile for you. In a profession where new career paths aren’t always clear, Breaking into Information Security will teach you how to identify where you are in your career today, understand where you wish to go, and provide proven methods to get there.
Continue reading “Breaking into Information Security: Crafting a Custom Career Path to Get the Job You Really Want”

Introduction to Social Media Investigation: A Hands-on Approach

Rating: 
Amazon Price: N/A (as of November 24, 2017 16:17 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

If you’re interested in using social media as an investigative tool, Introduction to Social Media Investigation will show you how! Social networks and social media, like Facebook, Twitter, and Foursquare, are some of the most popular services on the Web, with hundreds of millions of users. The public information that people share on these sites can be valuable for anyone interested in investigating people of interest through open, public sources.

Social media as an investigative device is in its infancy and not well understood. This book presents an overview of social media and discusses special skills and techniques to use when conducting investigations. The book features hands-on tutorials and case studies and offers additional data-gathering techniques.
Continue reading “Introduction to Social Media Investigation: A Hands-on Approach”

Hacking Web Intelligence: Open Source Intelligence and Web Reconnaissance Concepts and Techniques

Rating: 
Amazon Price: $59.95 $53.94 You save: $6.01 (10%). (as of November 24, 2017 16:10 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

Open source intelligence (OSINT) and web reconnaissance are rich topics for infosec professionals looking for the best ways to sift through the abundance of information widely available online. In many cases, the first stage of any security assessment―that is, reconnaissance―is not given enough attention by security professionals, hackers, and penetration testers. Often, the information openly present is as critical as the confidential data.
Hacking Web Intelligence shows you how to dig into the Web and uncover the information many don't even know exists. The book takes a holistic approach that is not only about using tools to find information online but also how to link all the information and transform it into presentable and actionable intelligence. You will also learn how to secure your information online to prevent it being discovered by these reconnaissance methods.
Hacking Web Intelligence is an in-depth technical reference covering the methods and techniques you need to unearth open source information from the Internet and utilize it for the purpose of targeted attack during a security assessment. This book will introduce you to many new and leading-edge reconnaissance, information gathering, and open source intelligence methods and techniques, including metadata extraction tools, advanced search engines, advanced browsers, power searching methods, online anonymity tools such as TOR and i2p, OSINT tools such as Maltego, Shodan, Creepy, SearchDiggity, Recon-ng, Social Network Analysis (SNA), Darkweb/Deepweb, data visualization, and much more.Provides a holistic approach to OSINT and Web recon, showing you how to fit all the data together into actionable intelligenceFocuses on hands-on tools such as TOR, i2p, Maltego, Shodan, Creepy, SearchDiggity, Recon-ng, FOCA, EXIF, Metagoofil, MAT, and many moreCovers key technical topics such as metadata searching, advanced browsers and power searching, online anonymity, Darkweb / Deepweb, Social Network Analysis (SNA), and how to manage, analyze, and visualize the data you gatherIncludes hands-on technical examples and case studies, as well as a Python chapter that shows you how to create your own information-gathering tools and modify existing APIs