SEC504 Workbook – Hacker Tools, Techniques, Exploits, and Incident Handling
فهرست مطالب SEC504 Workbook – Hacker Tools, Techniques, Exploits, and Incident Handling:
Step 4: Keeping Access
Application-Level Trojan Horse Suites
Virtual Network Computing Overview
Common Remote Control Backdoor Capabilities
Wrappers and Packers
Memory Analysis
LAB 5.1:Windows Analysis with Rekall
Rootkit Techniques
Kernel-Mode RootkitTechniques
Rootkit Examples
LAB 5.2: Fun with Rootkits
Covering Tracks In Linux Ln and UNIX
Hiding Files in UNIX
UNIX Log Editing Ed
nting E Editing
LAB 5.3: Shell HistoryAnalysis
Covering Tracks in Windows
Hiding Filles in NTFS
Alternate Data Streams in NTFS
LAB 5.4: Alternate Data Streams
Log Editing
LAB 5.5: Windows Log Editing
Covering Tracks on the Network
Reverse HTTP Shells
ICMP Tunnels
Covert_TCP
LAB 5.6: Covert Channels
Steganography
Hydan
Putting It All Together
Conclusions and References
Security in Wireless Mesh Networks
فهرست مطالب کتاب Security in Wireless Mesh Networks:
Contributors
PART I: INTRODUCTION
1 An Introduction to Wireless Mesh Networks
2 Mesh Networking in Wireless PANs, LANs,MANs, and WANs
PART II: SECURITY PROTOCOLS AND TECHNIQUES
3 Attacks and Security Mechanisms
4 Intrusion Detection in Wireless Mesh Networks
5 Secure Routing in Wireless Mesh Networks
6 Hop Integrity in Wireless Mesh Networks
7 Privacy Preservation in Wireless Mesh Networks
8 Providing Authentication, Trust, and Privacy in
9 Non-Interactive Key Establishment in Wireless Mesh Networks
10 Key Management in Wireless Mesh Networks
PART III: SECURITY STANDARDS, APPLICATIONS, AND ENABLING TECHNOLOGIES
11 Security in Wireless PANMesh Networks
12 Security in Wireless LANMesh Networks
13 Security in IEEE802.15.4 Cluster-Based Networks
14 Security in Wireless Sensor Networks
15 Key Management in Wireless Sensor Networks
Index
Serious Cryptography (2nd Edition) – A Practical Introduction to Modern Encryption
فهرست مطالب کتاب Serious Cryptography (2nd Edition):
Part I: Fundamentals
Chapter 1: Encryption
Chapter 2: Randomness
Chapter 3: Cryptographic Security
Part II: Symmetric Crypto
Chapter 4: Block Ciphers
Chapter 5: Stream Ciphers
Chapter 6: Hash Functions
Chapter 7: Keyed Hashing
Chapter 8: Authenticated Encryption
Part III: Asymmetric Crypto
Chapter 9: Hard Problems
Chapter 10: RSA
Chapter 11: Diffie–Hellman
Chapter 12: Elliptic Curves
Part IV: Applications
Chapter 13: TLS
Chapter 14: Quantum and Post-Quantum
Chapter 15: Cryptocurrency Cryptography
SQL Injection Attacks and Defense, Second Edition
فهرست مطالب کتاب SQL Injection Attacks and Defense:
Chapter 1. What Is SQL Injection?
Chapter 2. Testing for SQL Injection
Chapter 3. Reviewing Code for SQL Injection
Chapter 4. Exploiting SQL injection
Chapter 5. Blind SQL Injection Exploitation
Chapter 6. Exploiting the operating system
Chapter 7. Advanced topics
Chapter 8. Code-level defenses
Chapter 9. Platform level defenses
Chapter 10. Confirming and Recovering from SQL Injection Attacks
Chapter 11. References
Testing Web Security: Assessing the Security of Web Sites and Applications
فهرست مطالب کتاب Testing Web Security: Assessing the Security of Web Sites and Applications:
Part I – An Introduction to the Book
Chapter 1 – Introduction
Part II – Planning the Testing Effort
Chapter 2 – Test Planning
Part III – Test Design
Chapter 3 – Network Security
Chapter 4 – System Software Security
Chapter 5 – Client-Side Application Security
Chapter 6 – Server-Side Application Security
Chapter 7 – Sneak Attacks: Guarding Against the LessThought-of Security Threats
Chapter 8 – Intruder Confusion, Detection, and Response
Part IV – Test Implementation
Chapter 9 – Assessment and Penetration Options
Chapter 10 – Risk Analysis Epilogue
Part V – Appendixes
Appendix A – An Overview of Network Protocols, Addresses, and Devices
Appendix B – SANS Institute Top 20 Critical Internet Security Vulnerabilities
Appendix C – Test-Deliverable Templates Additional Resources
Index
The Art of Deception: Controlling the Human Element of Security
فهرست مطالب کتاب The Art of Deception:
Introduction
Part 1 Behind the Scenes
Chapter 1 Security’s Weakest Link
Part 2 The Art of the Attacker
Chapter 2 When Innocuous Information Isn’t
Chapter 3 The Direct Attack: Just Asking for it
Chapter 4 Building Trust
Chapter 5 “Let Me Help You”
Chapter 6 “Can You Help Me?”
Chapter 7 Phony Sites and Dangerous Attachments
Chapter 8 Using Sympathy, Guilt and Intimidation
Chapter 9 The Reverse Sting
Part 3 Intruder Alert
Chapter 10 Entering the Premises
Chapter 11 Combining Technology and Social Engineering
Chapter 12 Attacks on the Entry-Level Employee
Chapter 13 Clever Cons
Chapter 14 Industrial Espionage
Part 4 Raising the Bar
Chapter 15 Information Security Awareness and Training
Chapter 16 Recommended Corporate Information Security Policies
The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers
فهرست مطالب کتاب The Art of Intrusion:
Chapter 1 Hacking the Casinos for a Million Bucks
Chapter 2 When Terrorists Come Calling
Chapter 3 The Texas Prison Hack
Chapter 4 Cops and Robbers
Chapter 5 The Robin Hood Hacker
Chapter 6 The Wisdom and Folly of Penetration Testing
Chapter 7 Of Course Your Bank Is Secure — Right?
Chapter 8 Your Intellectual Property Isn’t Safe
Chapter 9 On the Continent
Chapter 10 Social Engineers — How They Work
and How to Stop Them
Chapter 11 Short Takes
Index
The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy
فهرست مطالب کتاب The Basics of Hacking and Penetration Testing:
Acknowledgments
About the Author
About the Technical Editor
Introduction
Chapter 1: What Is Penetration Testing?
Chapter 2: Reconnaissance
Chapter 3: Scanning
Chapter 4: Exploitation
Chapter 5: Web-based Exploitation
Chapter 6: Maintaining Access with Backdoors and Rootkits
Chapter 7: Wrapping Up the Penetration Test
Index
The Basics of Web Hacking: Tools and Techniques to Attack the Web
فهرست مطالب کتاب The Basics of Web Hacking:
Introduction
About This Book
A Hands-On Approach
What’s In This Book?
A Quick Disclaimer
Chapter 1. The Basics of Web Hacking
Introduction
What Is a Web Application?
What You Need to Know About Web Servers
What You Need to Know About HTTP
The Basics of Web Hacking: Our Approach
Web Apps Touch Every Part of IT
Existing Methodologies
Most Common Web Vulnerabilities
Setting Up a Test Environment
Chapter 2. Web Server Hacking
Introduction
Reconnaissance
Port Scanning
Vulnerability Scanning
Exploitation
Maintaining Access
Chapter 3. Web Application Recon and Scanning
Introduction
Web Application Recon
Web Application Scanning
Chapter 4. Web Application Exploitation with Injection
Introduction
SQL Injection Vulnerabilities
SQL Injection Attacks
Sqlmap
Operating System Command Injection Vulnerabilities
Operating System Command Injection Attacks
Web Shells
Chapter 5. Web Application Exploitation with Broken Authentication and Path Traversal
Introduction
Authentication and Session Vulnerabilities
Path Traversal Vulnerabilities
Brute Force Authentication Attacks
Session Attacks
Path Traversal Attacks
Chapter 6. Web User Hacking
Introduction
Cross-Site Scripting (XSS) Vulnerabilities
Cross-Site Request Forgery (CSRF) Vulnerabilities
Technical Social Engineering Vulnerabilities
Web User Recon
Web User Scanning
Web User Exploitation
Cross-Site Scripting (XSS) Attacks
Reflected XSS Attacks
Stored XSS Attacks
Cross-Site Request Forgery (CSRF) Attacks
User Attack Frameworks
Chapter 7. Fixes
Introduction
Web Server Fixes
Web Application Fixes
Web User Fixes
Chapter 8. Next Steps
Introduction
Security Community Groups and Events
Formal Education
Certifications
Additional Books
Index
The Official CompTIA PenTest+ Student Guide (Exam PT0-002)
فهرست مطالب کتاب The Official CompTIA PenTest+ Student Guide:
Lesson 1: Scoping Organizational/Customer Requirements
Lesson 2: Defining the Rules of Engagement
Lesson 3: Footprinting and Gathering Intelligence
Lesson 4: Evaluating Human and Physical Vulnerabilities
Lesson 5: Preparing the Vulnerability Scan
Lesson 6: Scanning Logical Vulnerabilities
Lesson 7: Analyzing Scanning Results
Lesson 8: Avoiding Detection and Covering Tracks
Lesson 9: Exploiting the LAN and Cloud
Lesson 10: Testing Wireless Networks
Lesson 11: Targeting Mobile Devices
Lesson 12: Attacking Specialized Systems
Lesson 13: Web Application-Based Attacks
Lesson 14: Performing System Hacking
Lesson 15: Scripting and Software Development
Lesson 16: Leveraging the Attack: Pivot and Penetrate
Lesson 17: Communicating During the PenTesting Process
Lesson 18: Summarizing Report Components
Lesson 19: Recommending Remediation
Lesson 20: Performing Post-Report Delivery Activities