SEC504 Workbook – Hacker Tools, Techniques, Exploits, and Incident Handling
فهرست مطالب SEC504 Workbook – Hacker Tools, Techniques, Exploits, and Incident Handling:
Step 4: Keeping Access
Application-Level Trojan Horse Suites
Virtual Network Computing Overview
Common Remote Control Backdoor Capabilities
Wrappers and Packers
Memory Analysis
LAB 5.1:Windows Analysis with Rekall
Rootkit Techniques
Kernel-Mode RootkitTechniques
Rootkit Examples
LAB 5.2: Fun with Rootkits
Covering Tracks In Linux Ln and UNIX
Hiding Files in UNIX
UNIX Log Editing Ed
nting E Editing
LAB 5.3: Shell HistoryAnalysis
Covering Tracks in Windows
Hiding Filles in NTFS
Alternate Data Streams in NTFS
LAB 5.4: Alternate Data Streams
Log Editing
LAB 5.5: Windows Log Editing
Covering Tracks on the Network
Reverse HTTP Shells
ICMP Tunnels
Covert_TCP
LAB 5.6: Covert Channels
Steganography
Hydan
Putting It All Together
Conclusions and References
Security in Wireless Mesh Networks
فهرست مطالب کتاب Security in Wireless Mesh Networks:
Contributors
PART I: INTRODUCTION
1 An Introduction to Wireless Mesh Networks
2 Mesh Networking in Wireless PANs, LANs,MANs, and WANs
PART II: SECURITY PROTOCOLS AND TECHNIQUES
3 Attacks and Security Mechanisms
4 Intrusion Detection in Wireless Mesh Networks
5 Secure Routing in Wireless Mesh Networks
6 Hop Integrity in Wireless Mesh Networks
7 Privacy Preservation in Wireless Mesh Networks
8 Providing Authentication, Trust, and Privacy in
9 Non-Interactive Key Establishment in Wireless Mesh Networks
10 Key Management in Wireless Mesh Networks
PART III: SECURITY STANDARDS, APPLICATIONS, AND ENABLING TECHNOLOGIES
11 Security in Wireless PANMesh Networks
12 Security in Wireless LANMesh Networks
13 Security in IEEE802.15.4 Cluster-Based Networks
14 Security in Wireless Sensor Networks
15 Key Management in Wireless Sensor Networks
Index
Serious Cryptography (2nd Edition) – A Practical Introduction to Modern Encryption
فهرست مطالب کتاب Serious Cryptography (2nd Edition):
Part I: Fundamentals
Chapter 1: Encryption
Chapter 2: Randomness
Chapter 3: Cryptographic Security
Part II: Symmetric Crypto
Chapter 4: Block Ciphers
Chapter 5: Stream Ciphers
Chapter 6: Hash Functions
Chapter 7: Keyed Hashing
Chapter 8: Authenticated Encryption
Part III: Asymmetric Crypto
Chapter 9: Hard Problems
Chapter 10: RSA
Chapter 11: Diffie–Hellman
Chapter 12: Elliptic Curves
Part IV: Applications
Chapter 13: TLS
Chapter 14: Quantum and Post-Quantum
Chapter 15: Cryptocurrency Cryptography
SQL Injection Attacks and Defense, Second Edition
فهرست مطالب کتاب SQL Injection Attacks and Defense:
Chapter 1. What Is SQL Injection?
Chapter 2. Testing for SQL Injection
Chapter 3. Reviewing Code for SQL Injection
Chapter 4. Exploiting SQL injection
Chapter 5. Blind SQL Injection Exploitation
Chapter 6. Exploiting the operating system
Chapter 7. Advanced topics
Chapter 8. Code-level defenses
Chapter 9. Platform level defenses
Chapter 10. Confirming and Recovering from SQL Injection Attacks
Chapter 11. References
The Art of Deception: Controlling the Human Element of Security
فهرست مطالب کتاب The Art of Deception:
Introduction
Part 1 Behind the Scenes
Chapter 1 Security’s Weakest Link
Part 2 The Art of the Attacker
Chapter 2 When Innocuous Information Isn’t
Chapter 3 The Direct Attack: Just Asking for it
Chapter 4 Building Trust
Chapter 5 “Let Me Help You”
Chapter 6 “Can You Help Me?”
Chapter 7 Phony Sites and Dangerous Attachments
Chapter 8 Using Sympathy, Guilt and Intimidation
Chapter 9 The Reverse Sting
Part 3 Intruder Alert
Chapter 10 Entering the Premises
Chapter 11 Combining Technology and Social Engineering
Chapter 12 Attacks on the Entry-Level Employee
Chapter 13 Clever Cons
Chapter 14 Industrial Espionage
Part 4 Raising the Bar
Chapter 15 Information Security Awareness and Training
Chapter 16 Recommended Corporate Information Security Policies
The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy
فهرست مطالب کتاب The Basics of Hacking and Penetration Testing:
Acknowledgments
About the Author
About the Technical Editor
Introduction
Chapter 1: What Is Penetration Testing?
Chapter 2: Reconnaissance
Chapter 3: Scanning
Chapter 4: Exploitation
Chapter 5: Web-based Exploitation
Chapter 6: Maintaining Access with Backdoors and Rootkits
Chapter 7: Wrapping Up the Penetration Test
Index
The Basics of Web Hacking: Tools and Techniques to Attack the Web
فهرست مطالب کتاب The Basics of Web Hacking:
Introduction
About This Book
A Hands-On Approach
What’s In This Book?
A Quick Disclaimer
Chapter 1. The Basics of Web Hacking
Introduction
What Is a Web Application?
What You Need to Know About Web Servers
What You Need to Know About HTTP
The Basics of Web Hacking: Our Approach
Web Apps Touch Every Part of IT
Existing Methodologies
Most Common Web Vulnerabilities
Setting Up a Test Environment
Chapter 2. Web Server Hacking
Introduction
Reconnaissance
Port Scanning
Vulnerability Scanning
Exploitation
Maintaining Access
Chapter 3. Web Application Recon and Scanning
Introduction
Web Application Recon
Web Application Scanning
Chapter 4. Web Application Exploitation with Injection
Introduction
SQL Injection Vulnerabilities
SQL Injection Attacks
Sqlmap
Operating System Command Injection Vulnerabilities
Operating System Command Injection Attacks
Web Shells
Chapter 5. Web Application Exploitation with Broken Authentication and Path Traversal
Introduction
Authentication and Session Vulnerabilities
Path Traversal Vulnerabilities
Brute Force Authentication Attacks
Session Attacks
Path Traversal Attacks
Chapter 6. Web User Hacking
Introduction
Cross-Site Scripting (XSS) Vulnerabilities
Cross-Site Request Forgery (CSRF) Vulnerabilities
Technical Social Engineering Vulnerabilities
Web User Recon
Web User Scanning
Web User Exploitation
Cross-Site Scripting (XSS) Attacks
Reflected XSS Attacks
Stored XSS Attacks
Cross-Site Request Forgery (CSRF) Attacks
User Attack Frameworks
Chapter 7. Fixes
Introduction
Web Server Fixes
Web Application Fixes
Web User Fixes
Chapter 8. Next Steps
Introduction
Security Community Groups and Events
Formal Education
Certifications
Additional Books
Index
The Official CompTIA PenTest+ Student Guide (Exam PT0-002)
فهرست مطالب کتاب The Official CompTIA PenTest+ Student Guide:
Lesson 1: Scoping Organizational/Customer Requirements
Lesson 2: Defining the Rules of Engagement
Lesson 3: Footprinting and Gathering Intelligence
Lesson 4: Evaluating Human and Physical Vulnerabilities
Lesson 5: Preparing the Vulnerability Scan
Lesson 6: Scanning Logical Vulnerabilities
Lesson 7: Analyzing Scanning Results
Lesson 8: Avoiding Detection and Covering Tracks
Lesson 9: Exploiting the LAN and Cloud
Lesson 10: Testing Wireless Networks
Lesson 11: Targeting Mobile Devices
Lesson 12: Attacking Specialized Systems
Lesson 13: Web Application-Based Attacks
Lesson 14: Performing System Hacking
Lesson 15: Scripting and Software Development
Lesson 16: Leveraging the Attack: Pivot and Penetrate
Lesson 17: Communicating During the PenTesting Process
Lesson 18: Summarizing Report Components
Lesson 19: Recommending Remediation
Lesson 20: Performing Post-Report Delivery Activities
The Official CompTIA Security+ Study Guide (Exam SY0-601)
فهرست مطالب کتاب The Official CompTIA Security+ Study Guide (Exam SY0‑601):
Lesson 1: Comparing Security Roles and Security Controls
Lesson 2: Explaining Threat Actors and Threat Intelligence
Lesson 3: Performing Security Assessments
Lesson 4: Identifying Social Engineering and Malware
Lesson 5: Summarizing Basic Cryptographic Concepts
Lesson 6: Implementing Public Key Infrastructure
Lesson 7: Implementing Authentication Controls
Lesson 8: Implementing Identity and Account Management Controls
Lesson 9: Implementing Secure Network Designs
Lesson 10: Implementing Network Security Appliances
Lesson 11: Implementing Secure Network Protocols
Lesson 12: Implementing Host Security Solutions
Lesson 13: Implementing Secure Mobile Solutions
Lesson 14: Summarizing Secure Application Concepts
Lesson 15: Implementing Secure Cloud Solutions
Lesson 16: Explaining Data Privacy and Protection Concepts
Lesson 17: Performing Incident Response
Lesson 18: Explaining Digital Forensics
Lesson 19: Summarizing Risk Management Concepts
Lesson 20: Implementing Cybersecurity Resilience
Lesson 21: Explaining Physical Security
The Shellcoders Handbook: Discovering and Exploiting Security Holes (Second Edition)
فهرست مطالب کتاب The Shellcoders Handbook: Discovering and Exploiting Security Holes:
Part I: Introduction to Exploitation: Linux on x86
Chapter 1: Before You Begin
Chapter 2: Stack Overflows
Chapter 3: Shellcode
Chapter 4: Introduction to Format String Bugs
Chapter 5: Introduction to Heap Overflows
Part II: Other Platforms — Windows, Solaris, OS X, and Cisco
Chapter 6: The Wild World of Windows
Chapter 7: Windows Shellcode
Chapter 8: Windows Overflows
Chapter 9: Overcoming Filters
Chapter 10: Introduction to Solaris Exploitation
Chapter 11: Advanced Solaris Exploitation
Chapter 12: OS X Shellcode
Chapter 13: Cisco IOS Exploitation
Chapter 14: Protection Mechanisms
Part III: Vulnerability Discovery
Chapter 15: Establishing a Working Environment
Chapter 16: Fault Injection
Chapter 17: The Art of Fuzzing
Chapter 18: Source Code Auditing: Finding Vulnerabilities in C-Based Languages
Chapter 19: Instrumented Investigation: A Manual Approach
Chapter 20: Tracing for Vulnerabilities
Chapter 21: Binary Auditing: Hacking Closed Source Software
Part IV: Advanced Materials
Chapter 22: Alternative Payload Strategies
Chapter 23: Writing Exploits that Work in the Wild
Chapter 24: Attacking Database Software
Chapter 25: Unix Kernel Overflows
Chapter 26: Exploiting Unix Kernel Vulnerabilities
Chapter 27: Hacking the Windows Kernel
The Ultimate Kali Linux Book (Third Edition)
فهرست مطالب کتاب The Ultimate Kali Linux Book (Third Edition):
Chapter 1: Introduction to Ethical Hacking
Chapter 2: Building a Penetration Testing Lab
Chapter 3: Setting up for Advanced Penetration Testing Techniques
Chapter 4: Passive Reconnaissace
Chapter 5: Exploring Open Source Intelligence
Chapter 6: Active Reconnaissance
Chapter 7: Performing Vulnerability Assessments
Chapter 8: Understanding Network Penetration Testing
Chapter 9: Post Exploitation techniques
Chapter 10: Working with Active Directory attacks
Chapter 11: Advanced Active Directory attacks
Chapter 12: Delving into Command and Control tactics
Chapter 13: Advanced wireless penetration testing
Chapter 14: Exploring Social Engineering attacks
Chapter 15: Understanding Website Application security
Chapter 16: Advanced Website Penetration Testing Techniques
17. Chapter 17: Best Practices for the real world