Python is fast becoming the programming language of choice for hackers, reverse engineers, and software testers because it's easy to write quickly, and it has the low-level support and libraries that make hackers happy. But until now, there has been no real manual on how to use Python for a variety of hacking tasks. You had to dig through forum posts and man pages, endlessly tweaking your own code to get everything working. Not anymore.
Gray Hat Python explains the concepts behind hacking tools and techniques like debuggers, trojans, fuzzers, and emulators. But author Justin Seitz goes beyond theory, showing you how to harness existing Python-based security tools – and how to build your own when the pre-built ones won't cut it.
You'll learn how to:
Automate tedious reversing and security tasks
Design and program your own debugger
Learn how to fuzz Windows drivers and create powerful fuzzers from scratch
Have fun with code and library injection, soft and hard hooking techniques, and other software trickery
Sniff secure traffic out of an encrypted web browser session
Use PyDBG, Immunity Debugger, Sulley, IDAPython, PyEMU, and more
The world's best hackers are using Python to do their handiwork. Shouldn't you?
This book will take readers from the discovery of vulnerabilities and the creation of the corresponding exploits, through a complete security assessment, all the way through deploying patches against these vulnerabilities to protect their networks.
This is unique in that it details both the management and technical skill and tools required to develop an effective vulnerability management system. Business case studies and real world vulnerabilities are used through the book. It starts by introducing the reader to the concepts of a vulnerability management system. Readers will be provided detailed timelines of exploit development, vendors' time to patch, and corporate path installations. Next, the differences between security assessment s and penetration tests will be clearly explained along with best practices for conducting both. Next, several case studies from different industries will illustrate the effectiveness of varying vulnerability assessment methodologies. The next several chapters will define the steps of a vulnerability assessment including: defining objectives, identifying and classifying assets, defining rules of engagement, scanning hosts, and identifying operating systems and applications. The next several chapters provide detailed instructions and examples for differentiating vulnerabilities from configuration problems, validating vulnerabilities through penetration testing. The last section of the book provides best practices for vulnerability management and remediation.
* Unique coverage detailing both the management and technical skill and tools required to develop an effective vulnerability management system
* Vulnerability management is rated the #2 most pressing concern for security professionals in a poll conducted by Information Security Magazine
* Covers in the detail the vulnerability management lifecycle from discovery through patch.
The Ethical Hack: A Framework for Business Value Penetration Testing lays out the underlying methodologies and concepts required for performing successful and valuable penetration testing. The author discusses the process of penetration testing from a consultative point of view to ensure that the true value of the test is realized. He supplies a technical perspective of the common tools and exploits used by attackers along with the rational for why they are used and the information they provide the attacker. Finally, the text brings it all together in the form of attack scenarios to show the complete cycle of the attack from the hacker's perspective to the client's.
This book is designed to give readers of all backgrounds and experience levels a well-researched and engaging introduction to the fascinating realm of network security. With real-world examples that reflect today's most important and relevant security topics, Penetration Testing will address how and why people attack computers and networks, so that readers can be armed with the knowledge and techniques to successfully combat hackers. Because the world of information security changes so quickly and is often the subject of much hype, this book also aims to provide a clear differentiation between hacking myths and hacking facts. Straightforward in its approach, this valuable resource teaches the skills needed to go from hoping a system is secure to knowing that it is.
“This is an excellent book. It contains the ‘in the trenches' coverage that the enterprise administrator needs to know to deploy wireless networks securely.” –Robert Haskins, Chief Technology Officer, ZipLink Wi-Foo: The Secrets of Wireless Hacking is the first practical and realistic book about 802.11 network penetration testing and hardening. Unlike other books, it is based on a daily experience of breaking into and securing wireless LANs. Rather than collecting random wireless security news, tools, and methodologies, Wi-Foo presents a systematic approach to wireless security threats and countermeasures starting from the rational wireless hardware selection for security auditing and finishing with how to choose the optimal encryption ciphers for the particular network you are trying to protect.