As computer network technology continues to grow so does the reliance on this technology for everyday business functionality. To appeal to customers and employees alike, businesses are seeking an increased online prescience, and to increase productivity the same businesses are computerizing their day-to-day operations. The combination of a publicly accessible interface to the businesses’ network, and the increase in the amount of intellectual property present on these networks presents serious risks. All of this intellectual property now faces constant attacks from a wide variety of malicious software that is intended to uncover company and government secrets. Every year billions of dollars are invested in preventing and recovering from the introduction of malicious code into a system. However, there is little research being done on leveraging these attacks for counterintelligence opportunities. With the ever-increasing number of vulnerable computers on the Internet the task of attributing these attacks to an organization or a single person is a daunting one. This thesis will demonstrate the idea of intentionally running a piece of malicious code in a secure environment in order to gain counterintelligence on an attacker.
Nowadays, it’s rare for malicious hackers to rely on just one exploit or tool; instead, they use “chained” exploits that integrate multiple forms of attack to achieve their goals. Chained exploits are far more complex and far more difficult to defend. Few security or hacking books cover them well and most don’t cover them at all. Now there’s a book that brings together start-to-finish information about today’s most widespread chained exploits–both how to perform them and how to prevent them.
Chained Exploits demonstrates this advanced hacking attack technique through detailed examples that reflect real-world attack strategies, use today’s most common attack tools, and focus on actual high-value targets, including credit card and healthcare data. Relentlessly thorough and realistic, this book covers the full spectrum of attack avenues, from wireless networks to physical access and social engineering.
Writing for security, network, and other IT professionals, the authors take you through each attack, one step at a time, and then introduce today’s most effective countermeasures— both technical and human. Coverage includes:
- Constructing convincing new phishing attacks
- Discovering which sites other Web users are visiting
- Wreaking havoc on IT security via wireless networks
- Disrupting competitors’ Web sites
- Performing–and preventing–corporate espionage
- Destroying secure files
- Gaining access to private healthcare records
- Attacking the viewers of social networking pages
- Creating entirely new exploits
- and more
Andrew Whitaker, Director of Enterprise InfoSec and Networking for Training Camp, has been featured in The Wall Street Journal and BusinessWeek. He coauthored Penetration Testing and Network Defense. Andrew was a winner of EC Council’s Instructor of Excellence Award.
Keatron Evans is President and Chief Security Consultant of Blink Digital Security, LLC, a trainer for Training Camp, and winner of EC Council’s Instructor of Excellence Award.
Jack B. Voth specializes in penetration testing, vulnerability assessment, and perimeter security. He co-owns The Client Server, Inc., and teaches for Training Camp throughout the United States and abroad.
Cover photograph © Corbis /
You spoke, we listened! This premium RTL-SDR was designed, developed and fabricated by NooElec in the USA and Canada in order to implement a wide array of feature requests.
For full product specifications, please visit our website at nooelec.com
Continue reading “NooElec NESDR SMArt Bundle – Premium RTL-SDR w/ Aluminum Enclosure, 0.5PPM TCXO, SMA Input & 3 Antennas. RTL2832U & R820T2-Based Software Defined Radio.”
Every day, corporations are connecting the dots about our personal behavior—silently scrutinizing clues left behind by our work habits and Internet use. The data compiled and portraits created are incredibly detailed, to the point of being invasive. But who connects the dots about what firms are doing with this information? The Black Box Society argues that we all need to be able to do so—and to set limits on how big data affects our lives.
Hidden algorithms can make (or ruin) reputations, decide the destiny of entrepreneurs, or even devastate an entire economy. Shrouded in secrecy and complexity, decisions at major Silicon Valley and Wall Street firms were long assumed to be neutral and technical. But leaks, whistleblowers, and legal disputes have shed new light on automated judgment. Self-serving and reckless behavior is surprisingly common, and easy to hide in code protected by legal and real secrecy. Even after billions of dollars of fines have been levied, underfunded regulators may have only scratched the surface of this troubling behavior.
Continue reading “The Black Box Society: The Secret Algorithms That Control Money and Information”
Secure your ICS and SCADA systems the battle-tested Hacking Exposed™ way
This hands-on guide exposes the devious methods cyber threat actors use to compromise the hardware and software central to petroleum pipelines, electrical grids, and nuclear refineries. Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets and Solutions shows, step-by-step, how to implement and maintain an ICS-focused risk mitigation framework that is targeted, efficient, and cost-effective. The book arms you with the skills necessary to defend against attacks that are debilitating―and potentially deadly. See how to assess risk, perform ICS-specific threat modeling, carry out penetration tests using “ICS safe” methods, and block malware. Throughout, the authors use case studies of notorious attacks to illustrate vulnerabilities alongside actionable, ready-to-deploy countermeasures.
Continue reading “Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions”