A Bug Hunters Diary: A Guided Tour Through the Wilds of Software Security
فهرست مطالب کتاب A Bug Hunters Diary:
Acknowledgments
Introduction
Chapter 1: Bug Hunting
Chapter 2: Back to the ’90s
Chapter 3: Escape from the WWW Zone
Chapter 4: NULL Pointer FTW
Chapter 5: Browse and You’re Owned
Chapter 6: One Kernel to Rule Them All
Chapter 7: A Bug Older Than 4.4BSD
Chapter 8: The Ringtone Massacre
Appendix A: Hints for Hunting
Appendix B: Debugging
Appendix C: Mitigation
Index
Advanced Penetration Testing: Hacking the World’s Most Secure Networks
فهرست مطالب کتاب Advanced Penetration Testing:
Introduction
Coming Full Circle
Advanced Persistent Threat (APT)
Next Generation Technology
“Hackers”
Forget Everything You Think You Know About Penetration Testing
How This Book Is Organized
Chapter 1. Medical Records (In)security
An Introduction to Simulating Advanced Persistent Threat
Background and Mission Briefing
Payload Delivery – Part I: Learning How to Use the VBA Macro
Command and Control – Part I: Basics and Essentials
The Attack
Summary
Exercises
Chapter 2. Stealing Research
Background and Mission Briefing
Payload Delivery – Part II: Using the Java Applet for Payload Delivery
Notes on Payload Persistence
Command and Control – Part II: Advanced Attack Management
The Attack
Summary
Exercises
Chapter 3. Twenty-First Century Heist
What Might Work?
Nothing Is Secure
Organizational Politics
APT Modeling Versus Traditional Penetration Testing
Background and Mission Briefing
Command and Control – Part III: Advanced Channels and Data
Exfiltration
Payload Delivery – Part III: Physical Media
The Attack
Summary
Exercises
Chapter 4. Pharma Karma
Background and Mission Briefing
Payload Delivery – Part IV: Client-Side Exploits
Command and Control – Part IV: Metasploit Integration
The Attack
Summary
Exercises
Chapter 5. Guns and Ammo
Background and Mission Briefing
Payload Delivery – Part V: Simulating a Ransomware Attack
Command and Control – Part V: Creating a Covert C2 Solution
New Strategies in Stealth and Deployment
The Attack
Summary
Exercises
Chapter 6. Criminal Intelligence
Payload Delivery – Part VI: Deploying with HTA
Privilege Escalation in Microsoft Windows
Command and Control – Part VI: The Creeper Box
The Attack
Summary
Exercises
Chapter 7. War Games
Background and Mission Briefing
Payload Delivery – Part VII: USB Shotgun Attack
Command and Control – Part VII: Advanced Autonomous Data
Exfiltration
The Attack
Summary
Exercises
Chapter 8. Hack Journalists
Briefing
Advanced Concepts in Social Engineering
Command and Control – Part VIII: Experimental Concepts
Payload Delivery – Part VIII: Miscellaneous Rich Web Content
The Attack
Summary
Exercises
Chapter 9. Northern Exposure
Overview
Operating Systems
North Korean Public IP Space
The North Korean Telephone System
Approved Mobile Devices
The “Walled Garden”: The Kwangmyong Intranet
Audio and Video Eavesdropping
Summary
Exercises
End User License Agreement
An Introduction to Computer Security: The NIST Handbook
فهرست مطالب کتاب An Introduction to Computer Security: The NIST Handbook:
INTRODUCTION AND OVERVIEW
Chapter 1: INTRODUCTION
Chapter 2: ELEMENTS OF COMPUTER SECURITY
Chapter 3: ROLES AND RESPONSIBILITIES
Chapter 4: COMMON THREATS: A BRIEF OVERVIEW
MANAGEMENT CONTROLS
Chapter 5: COMPUTER SECURITY POLICY
Chapter 6: COMPUTER SECURITY PROGRAM MANAGEMENT
Chapter 7: COMPUTER SECURITY RISK MANAGEMENT
Chapter 8: SECURITY AND PLANNING IN THE COMPUTER SYSTEM LIFE CYCLE
Chapter 9: ASSURANCE
OPERATIONAL CONTROLS
Chapter 10: PERSONNEL / USER ISSUES
Chapter 11: PREPARING FOR CONTINGENCIES AND DISASTERS
Chapter 12: COMPUTER SECURITY INCIDENT HANDLING
Chapter 13: AWARENESS, TRAINING, AND EDUCATION
Chapter 14: SECURITY CONSIDERATIONS IN COMPUTER SUPPORT AND OPERATIONS
Chapter 15: PHYSICAL AND ENVIRONMENTAL SECURITY
TECHNICAL CONTROLS
Chapter 16: IDENTIFICATION AND AUTHENTICATION
Chapter 17: LOGICAL ACCESS CONTROL
Chapter 18: AUDIT TRAILS
Chapter 19: CRYPTOGRAPHY
EXAMPLE
Chapter 20: ASSESSING AND MITIGATING THE RISKS TO A HYPOTHETICAL COMPUTER SYSTEM
Attacking and Exploiting Modern Web Applications
فهرست مطالب Attacking and Exploiting Modern Web Applications:
Part 1: Attack Preparation
1 Mindset and Methodologies 3
2 Toolset for Web Attacks and Exploitation 25
Part 2: Evergreen Attacks
3 Attacking the Authentication Layer – a SAML Use Case 63
4 Attacking Internet-Facing Web Applications – SQL Injection and Cross-Site Scripting (XSS) on WordPress 103
5 Attacking IoT Devices – Command Injection and Path Traversal 141
Part 3: Novel Attacks
6 Attacking Electron JavaScript Applications – from Cross-Site Scripting (XSS) to Remote Command Execution (RCE) 201
7 Attacking Ethereum Smart Contracts – Reentrancy, Weak Sources of Randomness, and Business Logic 247
8 Continuing the Journey of Vulnerability Discovery 297
Attacking and Exploiting Modern Web Applications: Discover the Mindset, Techniques, and Tools to Perform Modern Web Attacks and Exploitation
فهرست مطالب:
Part 1: Attack Preparation
Mindset and Methodologies
Toolset for Web Attacks and Exploitation
Part 2: Evergreen Attacks
Attacking the Authentication Layer – a SAML Use Case
Attacking Internet-Facing Web Applications – SQL Injection and Cross-Site Scripting (XSS) on WordPress
Attacking IoT Devices – Command Injection and Path Traversal
Part 3: Novel Attacks
Attacking Electron JavaScript Applications – from CrossSite Scripting (XSS) to Remote Command Execution (RCE)
Attacking Ethereum Smart Contracts – Reentrancy, Weak Sources of Randomness, and Business Logic
Continuing the Journey of Vulnerability Discovery
Index
Beginning Ethical Hacking with Kali Linux: Computational Techniques for Resolving Security Issues
فهرست مطالب:
About the Author
About the Technical Reviewer
Acknowledgments
Introduction
Chapter 1: Security Trends
Chapter 2: Setting Up a Penetration Testing and Network Security Lab
Chapter 3: Elementary Linux Commands
Chapter 4: Know Your Network
Chapter 5: How to Build a Kali Web Server
Chapter 6: Kali Linux from the Inside Out
Chapter 7: Kali Linux and Python
Chapter 8: Information Gathering
Chapter 9: SQL Mapping
Chapter 10: Vulnerability Analysis
Chapter 11: Information Assurance Model
Chapter 12: Introducing Metasploit in Kali Linux
Chapter 13: Hashes and Passwords
Chapter 14: Classic and Modern Encryption
Chapter 15: Exploiting Targets
Index
Black Hat Bash: Bash Scripting for Hackers and Pentesters
فهرست مطالب:
Chapter 1: Bash Basics
Chapter 2: Advanced Bash Concepts
Chapter 3: Setting Up a Hacking Lab
Chapter 4: Reconnaissance
Chapter 5: Vulnerability Scanning and Fuzzing
Chapter 6: Gaining a Web Shell
Chapter 7: Reverse Shells
Chapter 8: Local Information Gathering
Chapter 9: Privilege Escalation
Chapter 10: Persistence
Chapter 11: Network Probing and Lateral Movement
Chapter 12: Defense Evasion
Chapter 13: Exfiltration and Counter-Forensics
Bluetooth Security
فهرست مطالب کتاب Bluetooth Security:
Preface
Part I: Bluetooth Security Basics
1 Introduction
2 Overview of the Bluetooth Security Architecture
3 Bluetooth Pairing and Key Management
4 Algorithms
5 Broadcast Encryption
6 Security Policies and Access Control
7 Attacks, Strengths, and Weaknesses
Part II: Bluetooth Security Enhancements
8 Providing Anonymity
9 Key Management Extensions
10 Security for Bluetooth Applications
References
Glossary
List of Acronyms and Abbreviations
About the Authors
Index
Bug Bounty Hunting Essentials
فهرست مطالب:
Preface
Chapter 1: Basics of Bug Bounty Hunting
Chapter 2: How to Write a Bug Bounty Report
Chapter 3: SQL Injection Vulnerabilities
Chapter 4: Cross-Site Request Forgery
Chapter 5: Application Logic Vulnerabilities
Chapter 6: Cross-Site Scripting Attacks
Chapter 7: SQL Injection
Chapter 8: Open Redirect Vulnerabilities
Chapter 9: Sub-Domain Takeovers
Chapter 10: XML External Entity Vulnerability
Chapter 11: Template Injection
Chapter 12: Top Bug Bounty Hunting Tools
Chapter 13: Top Learning Resources
Other Books You May Enjoy
Index
Burp Suite Cookbook: Web Application Security Made Easy with Burp Suite – Second Edition
فهرست مطالب:
Preface
Getting Started with Burp Suite
Getting to Know the Burp Suite of Tools
Configuring, Crawling, Auditing, and Reporting with Burp
Assessing Authentication Schemes
Assessing Authorization Checks
Assessing Session Management Mechanisms
Assessing Business Logic
Evaluating Input Validation Checks
Attacking the Client
Working with Burp Suite Macros and Extensions
Implementing Advanced Topic Attacks
Index
CC Certified in Cybersecurity Cert Guide
فهرست مطالب:
Introduction
1 Cybersecurity Principles
2 Risk Management
3 Threats to Security
4 Physical Access Controls
5 Logical Access Controls
6 Computer Networking Fundamentals
7 Network Security Infrastructure
8 Data and the System
9 Security in the Life
10 Security in Emergencies
11 Tying It All Together
12 After the Certification
13 Final Preparation
Glossary of Key Terms
Appendix A Answers to the “Do I Know This Already?” Quizzes and Q&A
Appendix B CC Certified in Cybersecurity Cert Guide Exam Updates
Appendix C Study Planner
CC Certified in Cybersecurity Cert Guide
فهرست مطالب کتاب CC Certified in Cybersecurity Cert Guide:
Introduction
1 Cybersecurity Principles
2 Risk Management
3 Threats to Security
4 Physical Access Controls
5 Logical Access Controls
6 Computer Networking Fundamentals
7 Network Security Infrastructure
8 Data and the System
9 Security in the Life
10 Security in Emergencies
11 Tying It All Together
12 After the Certification
13 Final Preparation
Glossary of Key Terms
Appendix A Answers to the “Do I Know This Already?” Quizzes and
Q&A
Appendix B CC Certified in Cybersecurity Cert Guide Exam Updates
Appendix C Study Planner