Cybersecurity w Humble Bundle

Ashampoo_Snap_wtorek, 18 lipca 2017_09h47m06s_006_

No i tym razem mamy gratkę dla ludzi IT, zwłaszcza tych od bezpieczeństwa, choć w tej materii uważam, że większość tych książek powinna być adresowana właśnie do szarego Kowalskiego – może w ten sposób wzrost świadomości nabrałby odpowiedniego tempa?

Jeszcze przez 11 dni możemy nabyć niesamowitą paczkę książek traktujących o bezpieczeństwie – głównie w dziedzinie cyfrowej, choć wiele tematów dotyczy szerszej „przestrzeni życiowej”. Płacą przynajmniej 15 dolarów zgarniemy pełną kolekcję czternastu książek! Ponieważ temat jest mi bardzo bliski, to chętnie poświęcę troszkę więcej czasu, aby przedstawić te lektury dokładniej. Wśród książek, na które warto zwrócić uwagę to:

  • Social Engineering – opowiadający o hackowaniu ludzi,
  • The Art of Deception: Controlling the Human Element of Security – książka napisana przez Kevina Mitnicka, będąca rozwinięciem powyższej pozycji,
  • The Art of Memory Forensics – czyli jak analizować pamięć komputera, aby wychwycić wszelkie podejrzane aktywności,
  • Secret & Lies: Digital Security in a Networked World – przegląd faktów i mitów na temat bezpieczeństwa w Internecie.

Za jednego dolara otrzymujemy zestaw czterech książek. Oto ich opisy:

  • Social engineering: Art of Human Hacking
    • The first book to reveal and dissect the technical aspect of many social engineering maneuvers.From elicitation, pretexting, influence and manipulation all aspects of social engineering are picked apart, discussed and explained by using real world examples, personal experience and the science behind them to unraveled the mystery in social engineering.Kevin Mitnick—one of the most famous social engineers in the world—popularized the term “social engineering.” He explained that it is much easier to trick someone into revealing a password for a system than to exert the effort of hacking into the system. Mitnick claims that this social engineering tactic was the single-most effective method in his arsenal. This indispensable book examines a variety of maneuvers that are aimed at deceiving unsuspecting victims, while it also addresses ways to prevent social engineering threats.Examines social engineering, the science of influencing a target to perform a desired task or divulge information.Arms you with invaluable information about the many methods of trickery that hackers use in order to gather information with the intent of executing identity theft, fraud, or gaining computer system access
      Reveals vital steps for preventing social engineering threats
      Social Engineering: The Art of Human Hacking does its part to prepare you against nefarious hackers—now you can do your part by putting to good use the critical information within its pages. 
  • The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws, 2nd Edition
    • The highly successful security book returns with a new edition, completely updatedWeb applications are the front door to most organizations, exposing them to attacks that may disclose personal information, execute fraudulent transactions, or compromise ordinary users. This practical book has been completely updated and revised to discuss the latest step-by-step techniques for attacking and defending the range of ever-evolving web applications. You’ll explore the various new technologies employed in web applications that have appeared since the first edition and review the new attack techniques that have been developed, particularly in relation to the client side.Reveals how to overcome the new technologies and techniques aimed at defending web applications against attacks that have appeared since the previous edition.Discusses new remoting frameworks, HTML5, cross-domain integration techniques, UI redress, framebusting, HTTP parameter pollution, hybrid file attacks, and more.Features a companion web site hosted by the authors that allows readers to try out the attacks described, gives answers to the questions that are posed at the end of each chapter, and provides a summarized methodology and checklist of tasks
      Focusing on the areas of web application security where things have changed in recent years, this book is the most current resource on the critical topic of discovering, exploiting, and preventing web application security flaws.Also available as a set with, CEHv8: Certified Hacker Version 8 Study Guide, Ethical Hacking and Web Hacking Set, 9781119072171. 
  • Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation
    • Analyzing how hacks are done, so as to stop them in the futureReverse engineering is the process of analyzing hardware or software and understanding it, without having access to the source code or design documents. Hackers are able to reverse engineer systems and exploit what they find with scary results. Now the good guys can use the same tools to thwart these threats. Practical Reverse Engineering goes under the hood of reverse engineering for security analysts, security engineers, and system programmers, so they can learn how to use these same processes to stop hackers in their tracks.The book covers x86, x64, and ARM (the first book to cover all three); Windows kernel-mode code rootkits and drivers; virtual machine protection techniques; and much more. Best of all, it offers a systematic approach to the material, with plenty of hands-on exercises and real-world examples.
      • Offers a systematic approach to understanding reverse engineering, with hands-on exercises and real-world examples
      • Covers x86, x64, and advanced RISC machine (ARM) architectures as well as deobfuscation and virtual machine protection techniques
      • Provides special coverage of Windows kernel-mode code (rootkits/drivers), a topic not often covered elsewhere, and explains how to analyze drivers step by step
      • Demystifies topics that have a steep learning curve
      • Includes a bonus chapter on reverse engineering tools


      Practical Reverse Engineering: Using x86, x64, ARM, Windows Kernel, and Reversing Tools 
      provides crucial, up-to-date guidance for a broad range of IT professionals.

  • Threat Modeling: Designing for Security
    • The only security book to be chosen as a Dr. Dobbs Jolt Award Finalist since Bruce Schneier’s Secrets and Lies andApplied Cryptography Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You’ll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies.Systems security managers, you’ll find tools and a framework for structured thinking about what can go wrong. Software developers, you’ll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you’ll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling.
      • Provides a unique how-to for security and software developers who need to design secure products and systems and test their designs
      • Explains how to threat model and explores various threat modeling approaches, such as asset-centric, attacker-centric and software-centric
      • Provides effective approaches and techniques that have been proven at Microsoft and elsewhere
      • Offers actionable how-to advice not tied to any specific software, operating system, or programming language
      • Authored by a Microsoft professional who is one of the most prominent threat modeling experts in the world

      As more software is delivered on the Internet or operates on Internet-connected devices, the design of secure software is absolutely critical. Make sure you’re ready with Threat Modeling: Designing for Security .

Ashampoo_Snap_wtorek, 18 lipca 2017_09h47m28s_007_

Gdy kwotę zapłaty podniesiemy do przynajmniej ośmiu dolarów, otrzymamy pięć dalszych książek, wśród których znajdziemy między innymi książkę napisaną przez Kevina Mitnicka:

  • Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Edition
    • The world has changed radically since the first edition of this book was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy and as they specialize, they get better. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice. Here?s straight talk on critical topics such as technical engineering basics, types of attack, specialized protection mechanisms, security psychology, policy, and more.
  • The Shellcoder’s Handbook: Discovering and Exploiting Security Holes, 2nd Edition
    • This much-anticipated revision, written by the ultimate group of top security experts in the world, features 40 percent new content on how to find security holes in any operating system or application
    • New material addresses the many new exploitation techniques that have been discovered since the first edition, including attacking „unbreakable” software packages such as McAfee’s Entercept, Mac OS X, XP, Office 2003, and Vista
    • Also features the first-ever published information on exploiting Cisco’s IOS, with content that has never before been explored
    • The companion Web site features downloadable code files
  • Cryptography Engineering: Design Principles and Practical Applications
    • The ultimate guide to cryptography, updated from an author team of the world’s top cryptography experts.Cryptography is vital to keeping information safe, in an era when the formula to do so becomes more and more challenging. Written by a team of world-renowned cryptography experts, this essential guide is the definitive introduction to all major areas of cryptography: message security, key negotiation, and key management. You’ll learn how to think like a cryptographer. You’ll discover techniques for building cryptography into products from the start and you’ll examine the many technical changes in the field.After a basic overview of cryptography and what it means today, this indispensable resource covers such topics as block ciphers, block modes, hash functions, encryption modes, message authentication codes, implementation issues, negotiation protocols, and more. Helpful examples and hands-on exercises enhance your understanding of the multi-faceted field of cryptography.
      • An author team of internationally recognized cryptography experts updates you on vital topics in the field of cryptography
      • Shows you how to build cryptography into products from the start
      • Examines updates and changes to cryptography
      • Includes coverage on key servers, message security, authentication codes, new standards, block ciphers, message authentication codes, and more

      Cryptography Engineering gets you up to speed in the ever-evolving field of cryptography

  • The Art of Deception: Controlling the Human Element of Security
    • The world’s most infamous hacker offers an insider’s view of the low-tech threats to high-tech security
      Kevin Mitnick’s exploits as a cyber-desperado and fugitive form one of the most exhaustive FBI manhunts in history and have spawned dozens of articles, books, films, and documentaries. Since his release from federal prison, in 1998, Mitnick has turned his life around and established himself as one of the most sought-after computer security experts worldwide. Now, in The Art of Deception, the world’s most notorious hacker gives new meaning to the old adage, „It takes a thief to catch a thief.”
      Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. With the help of many fascinating true stories of successful attacks on business and government, he illustrates just how susceptible even the most locked-down information systems are to a slick con artist impersonating an IRS agent. Narrating from the points of view of both the attacker and the victims, he explains why each attack was so successful and how it could have been prevented in an engaging and highly readable style reminiscent of a true-crime novel. And, perhaps most importantly, Mitnick offers advice for preventing these types of social engineering hacks through security protocols, training programs, and manuals that address the human element of security.
  • The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac
    • Memory forensics provides cutting edge technology to help investigate digital attacks
      Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes. As a follow-up to the best seller Malware Analyst’s Cookbook, experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics—now the most sought after skill in the digital forensics and incident response fields.Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory is based on a five day training course that the authors have presented to hundreds of students. It is the only book on the market that focuses exclusively on memory forensics and how to deploy such techniques properly. Discover memory forensics techniques:
    • How volatile memory analysis improves digital investigations
    • Proper investigative steps for detecting stealth malware and advanced threats
    • How to use free, open source tools for conducting thorough memory forensics
    • Ways to acquire memory from suspect systems in a forensically sound manner.

      The next era of malware and security breaches are more sophisticated and targeted, and the volatile memory of a computer is often overlooked or destroyed as part of the incident response process. The Art of Memory Forensics explains the latest technological innovations in digital forensics to help bridge this gap. It covers the most popular and recently released versions of Windows, Linux, and Mac, including both the 32 and 64-bit editions.

Ashampoo_Snap_wtorek, 18 lipca 2017_09h47m44s_008_

Ostatnia paczka, za przynajmniej 15 USD, to kolejne pięć książek:

  • Malware Analyst’s Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
    • A computer forensics „how-to” for fighting malicious code and analyzing incidentsWith our ever-increasing reliance on computers comes an ever-growing risk of malware. Security professionals will find plenty of solutions in this book to the problems posed by viruses, Trojan horses, worms, spyware, rootkits, adware, and other invasive software. Written by well-known malware experts, this guide reveals solutions to numerous problems and includes a DVD of custom programs and tools that illustrate the concepts, enhancing your skills.
      • Security professionals face a constant battle against malicious software; this practical manual will improve your analytical capabilities and provide dozens of valuable and innovative solutions
      • Covers classifying malware, packing and unpacking, dynamic malware analysis, decoding and decrypting, rootkit detection, memory forensics, open source malware research, and much more
      • Includes generous amounts of source code in C, Python, and Perl to extend your favorite tools or build new ones, and custom programs on the DVD to demonstrate the solutions

      Malware Analyst’s Cookbook is indispensible to IT security administrators, incident responders, forensic analysts, and malware researchers.

  • Unauthorized Access: Physical Penetration Testing for IT Security Teams
    • The first guide to planning and performing a physical penetration test on your computer’s security

      Most IT security teams concentrate on keeping networks and systems safe from attacks from the outside-but what if your attacker was on the inside? While nearly all IT teams perform a variety of network and application penetration testing procedures, an audit and test of the physical location has not been as prevalent. IT teams are now increasingly requesting physical penetration tests, but there is little available in terms of training. The goal of the test is to demonstrate any deficiencies in operating procedures concerning physical security.

      Featuring a Foreword written by world-renowned hacker Kevin D. Mitnick and lead author of The Art of Intrusion and The Art of Deception , this book is the first guide to planning and performing a physical penetration test. Inside, IT security expert Wil Allsopp guides you through the entire process from gathering intelligence, getting inside, dealing with threats, staying hidden (often in plain sight), and getting access to networks and data.

      • Teaches IT security teams how to break into their own facility in order to defend against such attacks, which is often overlooked by IT security teams but is of critical importance
      • Deals with intelligence gathering, such as getting access building blueprints and satellite imagery, hacking security cameras, planting bugs, and eavesdropping on security channels
      • Includes safeguards for consultants paid to probe facilities unbeknown to staff
      • Covers preparing the report and presenting it to management

      In order to defend data, you need to think like a thief – let Unauthorised Access show you how to get inside

  • Secrets and Lies: Digital Security in a Networked World, 15th Anniversary Edition
    • This anniversary edition which has stood the test of time as a runaway best-seller provides a practical, straight-forward guide to achieving security throughout computer networks. No theory, no math, no fiction of what should be working but isn’t, just the facts. Known as the master of cryptography, Schneier uses his extensive field experience with his own clients to dispel the myths that often mislead IT managers as they try to build secure systems. A much-touted section: Schneier’s tutorial on just what cryptography (a subset of computer security) can and cannot do for them, has received far-reaching praise from both the technical and business community.

      Praise for Secrets and Lies

      „This is a business issue, not a technical one, and executives can no longer leave such decisions to techies. That’s why Secrets and Lies belongs in every manager’s library.”-Business Week

      „Startlingly lively….a jewel box of little surprises you can actually use.”-Fortune

      „Secrets is a comprehensive, well-written work on a topic few business leaders can afford to neglect.”-Business 2.0

      „Instead of talking algorithms to geeky programmers, [Schneier] offers a primer in practical computer security aimed at those shopping, communicating or doing business online-almost everyone, in other words.”-The Economist

      „Schneier…peppers the book with lively anecdotes and aphorisms, making it unusually accessible.”-Los Angeles Times

      With a new and compelling Introduction by the author, this premium edition will become a keepsake for security enthusiasts of every stripe.

  • CEH v9: Certified Ethical Hacker Version 9 Study Guide
    • The ultimate preparation guide for the unique CEH exam.The CEH v9: Certified Ethical Hacker Version 9 Study Guide is your ideal companion for CEH v9 exam preparation. This comprehensive, in-depth review of CEH certification requirements is designed to help you internalize critical information using concise, to-the-point explanations and an easy-to-follow approach to the material. Covering all sections of the exam, the discussion highlights essential topics like intrusion detection, DDoS attacks, buffer overflows, and malware creation in detail, and puts the concepts into the context of real-world scenarios. Each chapter is mapped to the corresponding exam objective for easy reference, and the Exam Essentials feature helps you identify areas in need of further study. You also get access to online study tools including chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms to help you ensure full mastery of the exam material.

      The Certified Ethical Hacker is one-of-a-kind in the cybersecurity sphere, allowing you to delve into the mind of a hacker for a unique perspective into penetration testing. This guide is your ideal exam preparation resource, with specific coverage of all CEH objectives and plenty of practice material.

      • Review all CEH v9 topics systematically
      • Reinforce critical skills with hands-on exercises
      • Learn how concepts apply in real-world scenarios
      • Identify key proficiencies prior to the exam

      The CEH certification puts you in professional demand, and satisfies the Department of Defense’s 8570 Directive for all Information Assurance government positions. Not only is it a highly-regarded credential, but it’s also an expensive exam—making the stakes even higher on exam day. The CEH v9: Certified Ethical Hacker Version 9 Study Guide gives you the intense preparation you need to pass with flying colors.

  • Applied Cryptography: Protocols, Algorithms and Source Code in C, 20th Anniversary Edition
    • From the world’s most renowned security technologist, Bruce Schneier, this 20th Anniversary Edition is the most definitive reference on cryptography ever published and is the seminal work on cryptography. Cryptographic techniques have applications far beyond the obvious uses of encoding and decoding information. For developers who need to know about capabilities, such as digital signatures, that depend on cryptographic techniques, there’s no better overview than Applied Cryptography , the definitive book on the subject. Bruce Schneier covers general classes of cryptographic protocols and then specific techniques, detailing the inner workings of real-world cryptographic algorithms including the Data Encryption Standard and RSA public-key cryptosystems. The book includes source-code listings and extensive advice on the practical aspects of cryptography implementation, such as the importance of generating truly random numbers and of keeping keys secure.

      „. . .the best introduction to cryptography I’ve ever seen. . . .The book the National Security Agency wanted never to be published. . . .” -Wired Magazine

      „. . .monumental . . . fascinating . . . comprehensive . . . the definitive work on cryptography for computer programmers . . .” -Dr. Dobb’s Journal

      „. . .easily ranks as one of the most authoritative in its field.” -PC Magazine

      The book details how programmers and electronic communications professionals can use cryptography-the technique of enciphering and deciphering messages-to maintain the privacy of computer data. It describes dozens of cryptography algorithms, gives practical advice on how to implement them into cryptographic software, and shows how they can be used to solve security problems. The book shows programmers who design computer applications, networks, and storage systems how they can build security into their software and systems.

      With a new Introduction by the author, this premium edition will be a keepsake for all those committed to computer and cyber security.

Ashampoo_Snap_wtorek, 18 lipca 2017_09h48m00s_009_


Skomentuj

Wprowadź swoje dane lub kliknij jedną z tych ikon, aby się zalogować:

Logo WordPress.com

Komentujesz korzystając z konta WordPress.com. Wyloguj / Zmień )

Zdjęcie z Twittera

Komentujesz korzystając z konta Twitter. Wyloguj / Zmień )

Zdjęcie na Facebooku

Komentujesz korzystając z konta Facebook. Wyloguj / Zmień )

Zdjęcie na Google+

Komentujesz korzystając z konta Google+. Wyloguj / Zmień )

Connecting to %s