The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy (Syngress Basics Series)
The Basics of Hacking and Penetration Testing serves as an introduction to the steps required to complete a penetration test or perform an ethical hack from beginning to end. This book makes ethical hacking and penetration testing easy – no prior hacking experience is required. It shows how to properly utilize and interpret the results of the modern-day hacking tools required to complete a penetration test. With a simple and clean explanation of how to effectively utilize these tools – as well as the introduction to a four-step methodology for conducting a penetration test or hack – the book provides students with the know-how required to jump start their careers and gain a better understanding of offensive security. The book is organized into 7 chapters that cover hacking tools such as Backtrack Linux, Google reconnaissance, MetaGooFil, dig, Nmap, Nessus, Metasploit, Fast Track Autopwn, Netcat, and Hacker Defender rootkit. Each chapter contains hands-on examples and exercises that are designed to teach learners how to interpret results and utilize those results in later phases. PowerPoint slides are available for use in class. This book is an ideal reference for security consultants, beginning InfoSec professionals, and students.
- Named a 2011 Best Hacking and Pen Testing Book by InfoSec Reviews
- Each chapter contains hands-on examples and exercises that are designed to teach you how to interpret the results and utilize those results in later phases.
- Writen by an author who works in the field as a Penetration Tester and who teaches Offensive Security, Penetration Testing, and Ethical Hacking, and Exploitation classes at Dakota State University.
- Utilizes the Backtrack Linus distribution and focuses on the seminal tools required to complete a penetration test.
Published by: Syngress | Publication date: 07/21/2011Kindle book details: Kindle Edition, 178 pages
The definitive work for IT professionals responsible for the management of the design, configuration, deployment, and maintenance of enterprise wide security projects. Provides specialized coverage of key project areas including Penetration Testing, Intrusion Detection and Prevention Systems, and Access Control Systems. The first and last word on managing IT security projects, this book provides the level of detail and content expertise required to competently handle highly complex security deployments. In most enterprises, be they corporate or governmental, these are generally the highest priority projects and the security of the entire business may depend on their success.* The first book devoted exclusively to managing IT security projects * Expert authors combine superb project management skills with in-depth coverage of highly complex security projects* By mastering the content in this book, managers will realise shorter schedules, fewer cost over runs, and successful deployments
Published by: Syngress | Publication date: 07/04/2006Kindle book details: Kindle Edition, 608 pages
CISSP Study Guide, Third Edition provides readers with information on the CISSP certification, the most prestigious, globally-recognized, vendor-neutral exam for information security professionals. With over 100,000 professionals certified worldwide, and many more joining their ranks, this new third edition presents everything a reader needs to know on the newest version of the exam's Common Body of Knowledge. The eight domains are covered completely and as concisely as possible, allowing users to ace the exam. Each domain has its own chapter that includes a specially-designed pedagogy to help users pass the exam, including clearly-stated exam objectives, unique terms and definitions, exam warnings, "learning by example" modules, hands-on exercises, and chapter ending questions.
- Provides the most complete and effective study guide to prepare users for passing the CISSP exam, giving them exactly what they need to pass the test
- Authored by Eric Conrad who has prepared hundreds of professionals for passing the CISSP exam through SANS, a popular and well-known organization for information security professionals
- Covers all of the new information in the Common Body of Knowledge updated in January 2015, and also provides two exams, tiered end-of-chapter questions for a gradual learning curve, and a complete self-test appendix
Published by: Syngress | Publication date: 12/08/2015Kindle book details: Kindle Edition, 598 pages
Eleventh Hour CISSP Study Guide serves as a guide for those who want to be information security professionals. The main job of an information security professional is to evaluate the risks involved in securing assets and to find ways to mitigate those risks. Information security jobs include firewall engineers, penetration testers, auditors, and the like. The book is composed of 10 domains of the Common Body of Knowledge. In each section, it defines each domain. The first domain provides information about risk analysis and mitigation, and it discusses security governance. The second domain discusses techniques of access control, which is the basis for all security disciplines. The third domain explains the concepts behind cryptography, which is a secure way of communicating that is understood only by certain recipients. Domain 5 discusses security system design, which is fundamental in operating the system and software security components. Domain 6 is one of the critical domains in the Common Body of Knowledge, the Business Continuity Planning and Disaster Recovery Planning. It is the final control against extreme events such as injury, loss of life, or failure of an organization. Domain 7, Domain 8 and Domain 9 discuss telecommunications and network security, application development security, and the operations domain, respectively. Domain 10 focuses on the major legal systems that provide a framework for determining laws about information system.
- The only guide you need for last-minute studying
- Answers the toughest questions and highlights core topics
- Can be paired with any other study guide so you are completely prepared
Published by: Syngress | Publication date: 12/13/2010Kindle book details: Kindle Edition, 205 pages
Practical Lock Picking, Second Edition, is an instructional manual that covers everything from straightforward lockpicking to quick-entry techniques such as shimming, bumping, and bypassing. Written by Deviant Ollam, one of the security industry's best-known lockpicking teachers, and winner of the Best Book Bejtlich Read in 2010 award, this book contains detailed photos that make learning as easy as picking a lock. Material is offered in easy-to-follow lessons that allow even beginners to acquire the knowledge very quickly. Whether the student will be hired at some point to penetrate security or simply trying to harden his or her own defenses, this book is essential. This edition has been updated to reflect the changing landscape of tools and tactics which have emerged in recent years. It consists of 6 chapters that discuss topics such as the fundamentals of pin tumbler and wafer locks; the basics of picking, with emphasis on how to exploit weaknesses; tips for beginners on how to get very good and very fast in picking locks; advanced training; quick-entry tricks about shimming, bumping, and bypassing; and pin tumblers in other configurations. This book is geared specifically toward penetration testers, security consultants, IT security professionals, and hackers.
- Detailed full-color photos make learning as easy as picking a lock
- Extensive appendix details tools and toolkits currently available for all your lock picking needs
Published by: Syngress | Publication date: 11/13/2012Kindle book details: Kindle Edition, 296 pages
Data Breach Preparation and Response: Breaches are Certain, Impact is Not is the first book to provide 360 degree visibility and guidance on how to proactively prepare for and manage a data breach and limit impact. Data breaches are inevitable incidents that can disrupt business operations and carry severe reputational and financial impact, making them one of the largest risks facing organizations today. The effects of a breach can be felt across multiple departments within an organization, who will each play a role in effectively managing the breach. Kevvie Fowler has assembled a team of leading forensics, security, privacy, legal, public relations and cyber insurance experts to create the definitive breach management reference for the whole organization.
- Discusses the cyber criminals behind data breaches and the underground dark web forums they use to trade and sell stolen data
- Features never-before published techniques to qualify and discount a suspected breach or to verify and precisely scope a confirmed breach
- Helps identify your sensitive data, and the commonly overlooked data sets that, if stolen, can result in a material breach
- Defines breach response plan requirements and describes how to develop a plan tailored for effectiveness within your organization
- Explains strategies for proactively self-detecting a breach and simplifying a response
- Covers critical first-responder steps and breach management practices, including containing a breach and getting the scope right, the first time
- Shows how to leverage threat intelligence to improve breach response and management effectiveness
- Offers guidance on how to manage internal and external breach communications, restore trust, and resume business operations after a breach, including the critical steps after the breach to reduce breach-related litigation and regulatory fines
- Illustrates how to define your cyber-defensible position to improve data protection and demonstrate proper due diligence practices
Published by: Syngress | Publication date: 06/08/2016Kindle book details: Kindle Edition, 240 pages
Operating System Forensics is the first book to cover all three critical operating systems for digital forensic investigations in one comprehensive reference. Users will learn how to conduct successful digital forensic examinations in Windows, Linux, and Mac OS, the methodologies used, key technical concepts, and the tools needed to perform examinations. Mobile operating systems such as Android, iOS, Windows, and Blackberry are also covered, providing everything practitioners need to conduct a forensic investigation of the most commonly used operating systems, including technical details of how each operating system works and how to find artifacts. This book walks you through the critical components of investigation and operating system functionality, including file systems, data recovery, memory forensics, system configuration, Internet access, cloud computing, tracking artifacts, executable layouts, malware, and log files. You'll find coverage of key technical topics like Windows Registry, /etc directory, Web browers caches, Mbox, PST files, GPS data, ELF, and more. Hands-on exercises in each chapter drive home the concepts covered in the book. You'll get everything you need for a successful forensics examination, including incident response tactics and legal requirements. Operating System Forensics is the only place you'll find all this covered in one book.
- Covers digital forensic investigations of the three major operating systems, including Windows, Linux, and Mac OS
- Presents the technical details of each operating system, allowing users to find artifacts that might be missed using automated tools
- Hands-on exercises drive home key concepts covered in the book.
- Includes discussions of cloud, Internet, and major mobile operating systems such as Android and iOS
Published by: Syngress | Publication date: 11/12/2015Kindle book details: Kindle Edition, 373 pages
SQL Injection Attacks and Defense, First Edition: Winner of the Best Book Bejtlich Read Award "SQL injection is probably the number one problem for any server-side application, and this book unequaled in its coverage." –Richard Bejtlich, Tao Security blog SQL injection represents one of the most dangerous and well-known, yet misunderstood, security vulnerabilities on the Internet, largely because there is no central repository of information available for penetration testers, IT security consultants and practitioners, and web/software developers to turn to for help. SQL Injection Attacks and Defense, Second Edition is the only book devoted exclusively to this long-established but recently growing threat. This is the definitive resource for understanding, finding, exploiting, and defending against this increasingly popular and particularly destructive type of Internet-based attack. SQL Injection Attacks and Defense, Second Edition includes all the currently known information about these attacks and significant insight from its team of SQL injection experts, who tell you about:
- Understanding SQL Injection – Understand what it is and how it works
- Find, confirm and automate SQL injection discovery
- Tips and tricks for finding SQL injection within code
- Create exploits for using SQL injection
- Design apps to avoid the dangers these attacks
- SQL injection on different databases
- SQL injection on different technologies
- SQL injection testing techniques
- Case Studies
- Securing SQL Server, Second Edition is the only book to provide a complete understanding of SQL injection, from the basics of vulnerability to discovery, exploitation, prevention, and mitigation measures.
- Covers unique, publicly unavailable information, by technical experts in such areas as Oracle, Microsoft SQL Server, and MySQL---including new developments for Microsoft SQL Server 2012 (Denali).
- Written by an established expert, author, and speaker in the field, with contributions from a team of equally renowned creators of SQL injection tools, applications, and educational materials.
Published by: Syngress | Publication date: 06/16/2009Kindle book details: Kindle Edition, 577 pages
Python Passive Network Mapping: P2NMAP is the first book to reveal a revolutionary and open source method for exposing nefarious network activity. The "Heartbleed" vulnerability has revealed significant weaknesses within enterprise environments related to the lack of a definitive mapping of network assets. In Python Passive Network Mapping, Chet Hosmer shows you how to effectively and definitively passively map networks. Active or probing methods to network mapping have traditionally been used, but they have many drawbacks - they can disrupt operations, crash systems, and - most importantly - miss critical nefarious activity. You require an accurate picture of the environments you protect and operate in order to rapidly investigate, mitigate, and then recover from these new attack vectors. This book gives you a deep understanding of new innovations to passive network mapping, while delivering open source Python-based tools that can be put into practice immediately. Python Passive Network Mapping is for practitioners, forensic investigators, IT teams, and individuals who work together when performing incident response and investigating potential damage, or are examining the impacts of new malware threats. Those defending critical infrastructures will have a special interest in this book, as active or probing methods of network mapping are rarely used within these environments as any resulting impacts can be disastrous. Python Passive Network Mapping is ideally suited for use as a text in a variety of academic programs to expose and engage students in the art of passively mapping enterprise networks, with the added benefit of providing exposure to open source Python solutions.
- First book to show you how to use open source Python to conduct passive network mapping
- Provides a new method for conducting incident response and investigating the extent of potential damage to your systems
- Python code forensics toolkit for network mapping included on the companion website
Published by: Syngress | Publication date: 06/10/2015Kindle book details: Kindle Edition, 149 pages
The Basics of IT Audit: Purposes, Processes, and Practical Information provides you with a thorough, yet concise overview of IT auditing. Packed with specific examples, this book gives insight into the auditing process and explains regulations and standards such as the ISO-27000, series program, CoBIT, ITIL, Sarbanes-Oxley, and HIPPA. IT auditing occurs in some form in virtually every organization, private or public, large or small. The large number and wide variety of laws, regulations, policies, and industry standards that call for IT auditing make it hard for organizations to consistently and effectively prepare for, conduct, and respond to the results of audits, or to comply with audit requirements. This guide provides you with all the necessary information if you're preparing for an IT audit, participating in an IT audit or responding to an IT audit.
- Provides a concise treatment of IT auditing, allowing you to prepare for, participate in, and respond to the results
- Discusses the pros and cons of doing internal and external IT audits, including the benefits and potential drawbacks of each
- Covers the basics of complex regulations and standards, such as Sarbanes-Oxley, SEC (public companies), HIPAA, and FFIEC
- Includes most methods and frameworks, including GAAS, COSO, COBIT, ITIL, ISO (27000), and FISCAM
Published by: Syngress | Publication date: 10/31/2013Kindle book details: Kindle Edition, 218 pages