Hacker Bookshelf

This is a curated collection of books I would recommend to anybody active in Information Security or with ambitions in any of these subjects. Please note that I did not write/publish/etc any of them. If you find links that are broken, or think something should be added, feel free to
let me know.

Sept 6th, 2020

Instead of linking the images directly to the external resource for a book, make it open a modal with extra information.
Added a Description and (where available in text form) Table of Contents for many books, inside the new modal. These sections will be filled in for all other books in the list soon.
Added 'top' links to each category for easier navigation.

Sept 5th, 2020

New categories

Threat Intelligence / OSINT
Hardware Hacking / IoT
Mainframes

New Books

Blue Team / Defense Blue Team Field Manual (BTFM)
Blue Team / Defense Blue Team Handbook: SOC, SIEM, and Threat Hunting
Blue Team / Defense Intrusion Detection Honeypots
Databases Pro SQL Server Internals
Forensics Practical Forensic Imaging
Hacking Game Hacking
Hacking Pentesting Azure Applications
Hardware Hacking / IoT Hardware Security
Hardware Hacking / IoT Practical Industrial Internet of Things Security
Hardware Hacking / IoT The IoT Hacker's Handbook
Industrial / SCADA Applied Cyber Security and the Smart Grid
Machine Learning / Data Science Malware Data Science
Mainframes Experts' Guide to OS/400 & i5/OS Security
Mainframes Hacking iSeries
Mainframes Introduction to the New Mainframe
Mainframes Mainframe Basics for Security Professionals
Mainframes Mastering IBM i
Networking Attacking Network Protocols
Networking Hacking VoIP
Networking Linux Firewalls
OS: Linux Linux Basics for Hackers
OS: Mac MacOS and iOS Internals: Volume I
OS: Mac MacOS and iOS Internals: Volume II
OS: Mac OS X and iOS Kernel Programming
OS: Windows Windows 10 System Programming
OS: Windows Windows Kernel Programming
Physical Security / Lockpicking Car Hacker's Handbook
Physical Security / Lockpicking The Complete Book of Locks and Locksmithing
Physical Security / Lockpicking Visual Guide to Lock Picking
Programming Black Hat Go
Programming Gray Hat C#
Reverse Engineering Practical Binary Analysis
Reverse Engineering Rootkits and Bootkits
Security Foundations of Information Security
Security Silence on the Wire
Threat Intelligence / OSINT Extreme Privacy
Threat Intelligence / OSINT Hunting Cyber Criminals
Threat Intelligence / OSINT Open Source Intelligence Techniques
Web Real-World Bug Hunting
Web Web Security for Developers

Updated Books

Hacking The Hacker Playbook 3 (Replaced 'Hacker Playbook 2')
Hacking Gray Hat Hacking (5th edition replaces 4th edition)
Hacking Kali Linux Revealed (Replaced 'Mastering Kali Linux for Advanced Penetration Testing' from 2014)

Other changes

Renamed 'Machine Learning / AI' to 'Machine Learning / Data Science'
Moved 19 outdated books to Legacy category
Added 4 new Future Releases
Moved 2 security monitoring books from Networking to Blue Team / Defense
Updated to latest Bootstrap and some minor layout fixes

Blue Team / Defense Cryptography Databases Exploitation Forensics Hacking Hardware Hacking / IoT Industrial / SCADA Machine Learning / Data Science Mainframes Malware Mobile Networking OS: Generic OS: Linux OS: Mac OS: Windows Physical Security / Lockpicking Programming Reverse Engineering Secure Code Review Security Social Engineering / Organisations Threat Intelligence / OSINT Web Threat Hunting / Purple Teaming Legacy Future Releases

Blue Team / Defense

🔝

Description

Incident response is critical for the active defense of any network, and incident responders need up-to-date, immediately applicable techniques with which to engage the adversary. Applied Incident Response details effective ways to respond to advanced attacks against local and remote network resources, providing proven response techniques and a framework through which to apply them. As a starting point for new incident handlers, or as a technical reference for hardened IR veterans, this book details the latest techniques for responding to threats against your network, including:

Preparing your environment for effective incident response
Leveraging MITRE ATT&CK and threat intelligence for active network defense
Local and remote triage of systems using PowerShell, WMIC, and open-source tools
Acquiring RAM and disk images locally and remotely
Analyzing RAM with Volatility and Rekall
Deep-dive forensic analysis of system drives using open-source or commercial tools
Leveraging Security Onion and Elastic Stack for network security monitoring
Techniques for log analysis and aggregating high-value logs
Static and dynamic analysis of malware with YARA rules, FLARE VM, and Cuckoo Sandbox
Detecting and responding to lateral movement techniques, including pass-the-hash, pass-the-ticket, Kerberoasting, malicious use of PowerShell, and many more
Effective threat hunting techniques
Adversary emulation with Atomic Red Team
Improving preventive and detective controls

Part I Prepare 1
	Chapter 1 The Threat Landscape 3
		Attacker Motivations 3
		Intellectual Property Theft 4
		Supply Chain Attack 4
		Financial Fraud 4
		Extortion 5
		Espionage 5
		Power 5
		Hacktivism 6
		Revenge 6
		Attack Methods 6
		DoS and DDoS 7
		Worms 8
		Ransomware 8
		Phishing 9
		Spear Phishing 9
		Watering Hole Attacks 10
		Web Attacks 10
		Wireless Attacks 11
		Sniffing and MitM 11
		Crypto Mining 12
		Password Attacks 12
		Anatomy of an Attack 13
		Reconnaissance 13
		Exploitation 14
		Expansion/Entrenchment 15
		Exfiltration/Damage 16
		Clean Up 16
		The Modern Adversary 16
		Credentials, the Keys to the Kingdom 17
		Conclusion 20
	Chapter 2 Incident Readiness 21
		Preparing Your Process 21
		Preparing Your People 27
		Preparing Your Technology 30
		Ensuring Adequate Visibility 33
		Arming Your Responders 37
		Business Continuity and Disaster Recovery 38
		Deception Techniques 40
		Conclusion 43
Part II Respond 45
	Chapter 3 Remote Triage 47
		Finding Evil 48
		Rogue Connections 49
		Unusual Processes 52
		Unusual Ports 55
		Unusual Services 56
		Rogue Accounts 56
		Unusual Files 58
		Autostart Locations 59
		Guarding Your Credentials 61
		Understanding Interactive Logons 61
		Incident Handling Precautions 63
		RDP Restricted Admin Mode and Remote Credential Guard 64
		Conclusion 65
	Chapter 4 Remote Triage Tools 67
		Windows Management Instrumentation Command-Line Utility 67
		Understanding WMI and the WMIC Syntax 68
		Forensically Sound Approaches 71
		WMIC and WQL Elements 72
		Example WMIC Commands 79
		PowerShell 84
		Basic PowerShell Cmdlets 87
		PowerShell Remoting 91
		Accessing WMI/MI/CIM with PowerShell 95
		Incident Response Frameworks 98
		Conclusion 100
	Chapter 5 Acquiring Memory 103
		Order of Volatility 103
		Local Memory Collection 105
		Preparing Storage Media 107
		The Collection Process 109
		Remote Memory Collection 117
		WMIC for Remote Collection 119
		PowerShell Remoting for Remote Collection 122
		Agents for Remote Collection 125
		Live Memory Analysis 128
		Local Live Memory Analysis 129
		Remote Live Memory Analysis 129
		Conclusion 131
	Chapter 6 Disk Imaging 133
		Protecting the Integrity of Evidence 133
		Dead-Box Imaging 137
		Using a Hardware Write Blocker 139
		Using a Bootable Linux Distribution 143
		Live Imaging 149
		Live Imaging Locally 149
		Collecting a Live Image Remotely 154
		Imaging Virtual Machines 155
		Conclusion 160
	Chapter 7 Network Security Monitoring 161
		Security Onion 161
		Architecture 162
		Tools 165
		Snort, Sguil, and Squert 166
		Zeek (Formerly Bro) 172
		Elastic Stack 182
		Text-Based Log Analysis 194
		Conclusion 197
	Chapter 8 Event Log Analysis 199
		Understanding Event Logs 199
		Account-Related Events 207
		Object Access 218
		Auditing System Configuration Changes 221
		Process Auditing 224
		Auditing PowerShell Use 229
		Using PowerShell to Query Event Logs 231
		Conclusion 233
	Chapter 9 Memory Analysis 235
		The Importance of Baselines 236
		Sources of Memory Data 242
		Using Volatility and Rekall 244
		Examining Processes 249
		The pslist Plug-in 249
		The pstree Plug-in 252
		The dlllist Plug-in 255
		The psxview Plug-in 256
		The handles Plug-in 256
		The malfi nd Plug-in 257
		Examining Windows Services 259
		Examining Network Activity 261
		Detecting Anomalies 264
		Practice Makes Perfect 273
		Conclusion 274
	Chapter 10 Malware Analysis 277
		Online Analysis Services 277
		Static Analysis 280
		Dynamic Analysis 286
		Manual Dynamic Analysis 287
		Automated Malware Analysis 299
		Evading Sandbox Detection 305
		Reverse Engineering 306
		Conclusion 309
	Chapter 11 Disk Forensics 311
		Forensics Tools 312
		Time Stamp Analysis 314
		Link Files and Jump Lists 319
		Prefetch 321
		System Resource Usage Monitor 322
		Registry Analysis 324
		Browser Activity 333
		USN Journal 337
		Volume Shadow Copies 338
		Automated Triage 340
		Linux/UNIX System Artifacts 342
		Conclusion 344
	Chapter 12 Lateral Movement Analysis 345
		Server Message Block 345
		Pass-the-Hash Attacks 351
		Kerberos Attacks 353
		Pass-the-Ticket and Overpass-the-Hash Attacks 354
		Golden and Silver Tickets 361
		Kerberoasting 363
		PsExec 365
		Scheduled Tasks 368
		Service Controller 369
		Remote Desktop Protocol 370
		Windows Management Instrumentation 372
		Windows Remote Management 373
		PowerShell Remoting 374
		SSH Tunnels and Other Pivots 376
		Conclusion 378
Part III Refine 379
	Chapter 13 Continuous Improvement 381
		Document, Document, Document 381
		Validating Mitigation Efforts 383
		Building On Your Successes, and Learning from Your Mistakes 384
		Improving Your Defenses 388
		Privileged Accounts 389
		Execution Controls 392
		PowerShell 394
		Segmentation and Isolation 396
		Conclusion 397
	Chapter 14 Proactive Activities 399
		Threat Hunting 399
		Adversary Emulation 409
		Atomic Red Team 410
		Caldera 415
		Conclusion 416
Index 419

Applied Incident Response

Released: 2020
Author(s): Steve Anson

Practical Vulnerability Management

A Strategic Approach to Managing Cyber Risk

Released: 2020
Author(s): Andrew Magnusson

Intrusion Detection Honeypots

Detection through Deception

Released: 2020
Author(s): Chris Sanders

Description

BTHb:SOCTH provides the security practitioner with numerous field notes on building a security operations team, managing SIEM, and mining data sources to get the maximum amount of information out of them with a threat hunting approach. The author shares his fifteen years of experience with SIEMs and security operations is a no frills, just information format.

Don Murdoch has implemented five major platforms, integrated over one hundred data sources into various platforms, and ran an MSSP practice for two years. This book covers the topics below using a “zero fluff” approach as if you hired him as a security consultant and were sitting across the table with him (or her).

The book begins with a discussion for professionals to help them build a successful business case and a project plan, decide on SOC tier models, anticipate and answer tough questions you need to consider when proposing a SOC, and considerations in building a logging infrastructure. The book goes through numerous data sources that feed a SOC and SIEM and provides specific real world guidance on how to use those data sources to best possible effect. Most of the examples presented were implemented in one organization or another. These uses cases explain on what to monitor, how to use a SIEM and how to use the data coming into the platform, both questions that Don found is often answered poorly by many vendors.

Several business concepts are also introduced, because they are often overlooked by IT: value chain, PESTL, and SWOT. Major sections include: An inventory of Security Operations Center (SOC) Services. Metrics, with a focus on objective measurements for the SOC, for analysts, and for SIEM's. SOC staff onboarding, training topics, and desirable skills. Along these lines, there is a chapter on a day in the life of a SOC analyst. Maturity analysis for the SOC and the log management program. Applying a Threat Hunt mindset to the SOC. A full use case template that was used within two major Fortune 500 companies, and is in active use by one major SIEM vendor, along with a complete example of how to build a SOC and SIEM focused use case. You can see the corresponding discussion of this chapter on YouTube. Just search for the 2017 Security Onion conference for the presentation. Critical topics in deploying SIEM based on experience deploying five different technical platforms for nineteen different organizations in education, nonprofit, and commercial enterprises from 160 to 30,000 personnel. Understanding why SIEM deployments fail with actionable compensators. Real life experiences getting data into SIEM platforms and the considerations for the many different ways to provide data. Issues relating to time, time management, and time zones.

No table of contents available, please check the external site for more information.

Blue Team Handbook: SOC, SIEM, and Threat Hunting

A Condensed Guide for the Security Operations Team and Threat Hunter

Released: 2019
Author(s): Don Murdoch

Description

Blue Team Field Manual (BTFM) is a Cyber Security Incident Response Guide that aligns with the NIST Cybersecurity Framework consisting of the five core functions of Identify, Protect, Detect, Respond, and Recover by providing the tactical steps to follow and commands to use when preparing for, working through and recovering from a Cyber Security Incident.

0 preparation (documentation review)  8
	key documents  9
	review  9
1 identify (scope)  10
	scanning and vulnerabilities  11
		nmap  .' . 11
		nessus  11
		openvas . 12
	windows . 14
		network discovery . 14
		dhcp  14
		dns  14
		hashing  ls
		netbios . 16
		user activity . 16
		passwords  17
		microsoft baseline security analyzer (mbsa) . 17
		active directory inventory  17
	linux . 20
		network discovery . 20
		dhcp  20
		dns  21
		hashing  21
		netbios . 21
		passwords  21
2 protect (defend)  22
	windows . 23
		disable/stop services  23
		host system firewalls  23
		passwords  25
		host file . 25
		whitelist . 26
		application restrictions . 26
		ipsec  30
		active directory (ad) -group policy object (gpo)  31
		stand alone system -without active directory {ad)  32
	linux . 36
		disable/stop services  36
		host system firewalls  37
		passwords  39
		host file . 39
		whitelist . 39
		ipsec  40
3 detect {visibility} . 44
	network monitoring . 45
		tcpdump  45
		tshark  48
		snort  so
	network capture (pcap) tools . 51
		editcap . 51
		mergecap  51
	honey techniques . 52
		windows . 52
		linux . 53
		netcat  54
		passive dns monitoring . 55
	log auditing . 56
	windows . 56
	linux . 63
4 respond (analysis)  66
	live triage-windows . 67
		system information . 67
		user information  67
		network information . 68
		service information . 68
		policy, patch and settings information  69
		autorun and auto load information  69
		logs  75
		files, drives and shares information . 76
	live triage- linux . 79
		system information . 79
		user information  79
		network information . 80
		service information . 80
		policy, patch and settings information  81
		logs  82
		files, drives and shares information . 82
	malware analysis . 85
		static analysis basics  85
	identify malware  88
		process explorer . 88
	file hash analysis  90
		hash query  90
	hard drive and memory acquisition  91
		windows . 91
		linux . 91
5 recover (remediate)  94
	patching  95
		windows . 95
		linux . 95
	backup . 97
		windows . 97
		linux . 100
	kill malware process . 101
		windows . 101
		linux . 101
6 tactics (tips & tricks)  102
	os cheats . 103
		windows . 103
		linux . 105
	decoding . 107
		hex conversion  107
	snort  109
		snort rules . 109
	dos/ddos . 112
		fingerprint dos/ddos . 112
	tool suites  115
		prebuilt iso, virtual machine and distributions . 115
7 incident management (checklist)  118
	incident response checklist  119
		identification tasks  119
		containment tasks . 121
		remediation tasks . 122
		other / lessons learned tasks  124
		malware attributes checklist . 125
8 security incident identification (schema)  128
	vocabulary for events recording and incident sharing (veris)  129
		general  129
		actor  131
		action  132
		asset . 135
		attribute . 136
		course of action . 137
	kill chain mapping  138
		gather data for mapping kill chain  138
	prioritized defended asset list (pdal) . 139
		gather data and prioritize assets to defend  139
10 index (a-z)  142

Blue Team Field Manual (BTFM)

Released: 2017
Author(s): Alan J White, Ben Clark

The Practice of Network Security Monitoring

Understanding Incident Detection and Response

Released: 2013
Author(s): Richard Bejtlich

Description

Applied Network Security Monitoring is the essential guide to becoming an NSM analyst from the ground up. This book takes a fundamental approach to NSM, complete with dozens of real-world examples that teach you the key concepts of NSM.

Network security monitoring is based on the principle that prevention eventually fails. In the current threat landscape, no matter how much you try, motivated attackers will eventually find their way into your network. At that point, it is your ability to detect and respond to that intrusion that can be the difference between a small incident and a major disaster.

The book follows the three stages of the NSM cycle: collection, detection, and analysis. As you progress through each section, you will have access to insights from seasoned NSM professionals while being introduced to relevant, practical scenarios complete with sample data.

If you've never performed NSM analysis, Applied Network Security Monitoring will give you an adequate grasp on the core concepts needed to become an effective analyst. If you are already a practicing analyst, this book will allow you to grow your analytic technique to make you more effective at your job.

Chapter 1. The Practice of Applied Network Security Monitoring
	Abstract
	Key NSM Terms
	Intrusion Detection
	Network Security Monitoring
	Vulnerability-Centric vs. Threat-Centric Defense
	The NSM Cycle: Collection, Detection, and Analysis
	Challenges to NSM
	Defining the Analyst
	Security Onion
	Conclusion
Section 1: Collection
Chapter 2. Planning Data Collection
	Abstract
	The Applied Collection Framework (ACF)
	Case Scenario: Online Retailer
	Conclusion
Chapter 3. The Sensor Platform
	Abstract
	NSM Data Types
	Sensor Type
	Sensor Hardware
	Sensor Operating System
	Sensor Placement
	Securing the Sensor
	Conclusion
Chapter 4. Session Data
	Abstract
	Flow Records
	Collecting Session Data
	Collecting and Analyzing Flow Data with SiLK
	Collecting and Analyzing Flow Data with Argus
	Session Data Storage Considerations
	Conclusion
Chapter 5. Full Packet Capture Data
	Abstract
	Dumpcap
	Daemonlogger
	Netsniff-NG
	Choosing the Right FPC Collection Tool
	Planning for FPC Collection
	Decreasing the FPC Data Storage Burden
	Managing FPC Data Retention
	Conclusion
Chapter 6. Packet String Data
	Abstract
	Defining Packet String Data
	PSTR Data Collection
	Viewing PSTR Data
	Conclusion
Section 2: Detection
Chapter 7. Detection Mechanisms, Indicators of Compromise, and Signatures
	Abstract
	Detection Mechanisms
	Indicators of Compromise and Signatures
	Managing Indicators and Signatures
	Indicator and Signature Frameworks
	Conclusion
Chapter 8. Reputation-Based Detection
	Abstract
	Public Reputation Lists
	Automating Reputation-Based Detection
	Conclusion
Chapter 9. Signature-Based Detection with Snort and Suricata
	Abstract
	Snort
	Suricata
	Changing IDS Engines in Security Onion
	Initializing Snort and Suricata for Intrusion Detection
	Configuring Snort and Suricata
	IDS Rules
	Viewing Snort and Suricata Alerts
	Conclusion
Chapter 10. The Bro Platform
	Abstract
	Basic Bro Concepts
	Running Bro
	Bro Logs
	Creating Custom Detection Tools with Bro
	Conclusion
Chapter 11. Anomaly-Based Detection with Statistical Data
	Abstract
	Top Talkers with SiLK
	Service Discovery with SiLK
	Furthering Detection with Statistics
	Visualizing Statistics with Gnuplot
	Visualizing Statistics with Google Charts
	Visualizing Statistics with Afterglow
	Conclusion
Chapter 12. Using Canary Honeypots for Detection
	Abstract
	Canary Honeypots
	Types of Honeypots
	Canary Honeypot Architecture
	Honeypot Platforms
	Conclusion
Section 3: Analysis
Chapter 13. Packet Analysis
	Abstract
	Enter the Packet
	Packet Math
	Dissecting Packets
	Tcpdump for NSM Analysis
	TShark for Packet Analysis
	Wireshark for NSM Analysis
	Packet Filtering
	Conclusion
Chapter 14. Friendly and Threat Intelligence
	Abstract
	The Intelligence Cycle for NSM
	Generating Friendly Intelligence
	Generating Threat Intelligence
	Conclusion
Chapter 15. The Analysis Process
	Abstract
	Analysis Methods
	Analysis Best Practices
	Incident Morbidity and Mortality
	Conclusion
Appendix 1. Security Onion Control Scripts
	High Level Commands
	Server Control Commands
	Sensor Control Commands
Appendix 2. Important Security Onion Files and Directories
	Application Directories and Configuration Files
	Sensor Data Directories
Appendix 3. Packet Headers
Appendix 4. Decimal / Hex / ASCII Conversion Chart
Index

Applied Network Security Monitoring

Collection, Detection, and Analysis

Released: 2013
Author(s): Chris Sanders, Jason Smith

Cryptography

🔝

Description

Will your organization be protected the day a quantum computer breaks encryption on the internet?

Computer encryption is vital for protecting users, data, and infrastructure in the digital age. Using traditional computing, even common desktop encryption could take decades for specialized ‘crackers’ to break and government and infrastructure-grade encryption would take billions of times longer. In light of these facts, it may seem that today’s computer cryptography is a rock-solid way to safeguard everything from online passwords to the backbone of the entire internet. Unfortunately, many current cryptographic methods will soon be obsolete. In 2016, the National Institute of Standards and Technology (NIST) predicted that quantum computers will soon be able to break the most popular forms of public key cryptography. The encryption technologies we rely on every day—HTTPS, TLS, WiFi protection, VPNs, cryptocurrencies, PKI, digital certificates, smartcards, and most two-factor authentication—will be virtually useless. . . unless you prepare.

Cryptography Apocalypse is a crucial resource for every IT and InfoSec professional for preparing for the coming quantum-computing revolution. Post-quantum crypto algorithms are already a reality, but implementation will take significant time and computing power. This practical guide helps IT leaders and implementers make the appropriate decisions today to meet the challenges of tomorrow. This important book:

Gives a simple quantum mechanics primer
Explains how quantum computing will break current cryptography
Offers practical advice for preparing for a post-quantum world
Presents the latest information on new cryptographic methods
Describes the appropriate steps leaders must take to implement existing solutions to guard against quantum-computer security threats

Cryptography Apocalypse: Preparing for the Day When Quantum Computing Breaks Today's Crypto is a must-have guide for anyone in the InfoSec world who needs to know if their security is ready for the day crypto break and how to fix it.

I Quantum Computing Primer 1
1 Introduction to Quantum Mechanics 3
	What is Quantum Mechanics? 3
	Quantum is Counterintuitive 4
	Quantum Mechanics is Real 5
	The Basic Properties of Quantum Mechanics 8
	Photons and Quantum Mechanics 8
	Photoelectric Effect 9
	Wave-Particle Duality 10
	Probability Principle 14
	Uncertainty Principle 17
	Spin States and Charges 20
	Quantum Tunneling 20
	Superposition 21
	Observer Effect 22
	No-Cloning Theorem 24
	Spooky Entanglement 24
	Decoherence 25
	Quantum Examples in Our World Today 27
	For Additional Information 28
	Summary 29
2 Introduction to Quantum Computers 31
	How are Quantum Computers Different? 31
	Traditional Computers Use Bits 31
	Quantum Computers Use Qubits 33
	Quantum Computers are Not Ready for Prime Time Yet 37
	Quantum Will Reign Supreme Soon 38
	Quantum Computers Improve Qubits Using Error Correction 39
	Types of Quantum Computers 44
	Superconducting Quantum Computers 44
	Quantum Annealing Computers 45
	Universal Quantum Computers 47
	Topological Quantum Computers 49
	Microsoft Majorana Fermion Computers 50
	Ion Trap Quantum Computers 51
	Quantum Computers in the Cloud 53
	Non-U.S. Quantum Computers 53
	Components of a Quantum Computer 54
	Quantum Software 55
	Quantum Stack 55
	Quantum National Guidance 56
	National Policy Guidance 56
	Money Grants and Investments 56
	Other Quantum Information Science Besides Computers 57
	For More Information 58
	Summary 58
3 How Can Quantum Computing Break Today’s Cryptography? 59
	Cryptography Basics 59
	Encryption 59
	Integrity Hashing 72
	Cryptographic Uses 73
	How Quantum Computers Can Break Cryptography 74
	Cutting Time 74
	Quantum Algorithms 76
	What Quantum Can and Can’t Break 79
	Still Theoretical 82
	Summary 83
4 When Will the Quantum Crypto Break Happen? 85
	It Was Always “10 Years from Now” 85
	Quantum Crypto Break Factors 86
	Is Quantum Mechanics Real? 86
	Are Quantum Computers Real? 87
	Is Superposition Real? 87
	Is Peter Shor’s Algorithm Real? 88
	Do We Have Enough Stable Qubits? 88
	Quantum Resources and Competition 89
	Do We Have Steady Improvement? 89
	Expert Opinions 90
	When the Quantum Cyber Break Will Happen 90
	Timing Scenarios 90
	When Should You Prepare? 93
	Breakout Scenarios 95
	Stays in the Realm of Nation-States for a Long Time 95
	Used by Biggest Companies 97
	Mass Proliferation 97
	Most Likely Breakout Scenario 97
	Summary 98
5 What Will a Post-Quantum World Look Like? 99
	Broken Applications 99
	Weakened Hashes and Symmetric Ciphers 100
	Broken Asymmetric Ciphers 103
	Weakened and Broken Random Number Generators 103
	Weakened or Broken Dependent Applications 104
	Quantum Computing 114
	Quantum Computers 114
	Quantum Processors 115
	Quantum Clouds 115
	Quantum Cryptography Will Be Used 116
	Quantum Perfect Privacy 116
	Quantum Networking Arrives 117
	Quantum Applications 117
	Better Chemicals and Medicines 118
	Better Batteries 118
	True Artificial Intelligence 119
	Supply Chain Management 120
	Quantum Finance 120
	Improved Risk Management 120
	Quantum Marketing 120
	Better Weather Prediction 121
	Quantum Money 121
	Quantum Simulation 122
	More Precise Military and Weapons 122
	Quantum Teleportation 122
	Summary 126
	II Preparing for the Quantum Break 127
6 Quantum-Resistant Cryptography 129
	NIST Post-Quantum Contest 129
	NIST Security Strength Classifications 132
	PKE vs. KEM 133
	Formal Indistinguishability Assurances 134
	Key and Ciphertext Sizes 135
	Types of Post-Quantum Algorithms 136
	Code-Based Cryptography 136
	Hash-Based Cryptography 137
	Lattice-Based Cryptography 138
	Multivariate Cryptography 140
	Supersingular Elliptic Curve Isogeny Cryptography 140
	Zero-Knowledge Proof 141
	Symmetric Key Quantum Resistance 142
	Quantum-Resistant Asymmetric Encryption Ciphers 143
	BIKE 145
	Classic McEliece 145
	CRYSTALS-Kyber 146
	FrodoKEM 146
	HQC 147
	LAC 148
	LEDAcrypt 148
	NewHope 149
	NTRU 149
	NTRU Prime 150
	NTS-KEM 150
	ROLLO 151
	Round5 151
	RQC 151
	SABER 152
	SIKE 152
	ThreeBears 153
	General Observations on PKE and KEM Key and Ciphertext Sizes 155
	Quantum-Resistant Digital Signatures 156
	CRYSTALS-Dilithium 156
	FALCON 157
	GeMSS 158
	LUOV 158
	MQDSS 159
	Picnic 159
	qTESLA 160
	Rainbow 160
	SPHINCS+ 161
	General Observations on Signature Key and Sizes 162
	Caution Advised 164
	A Lack of Standards 164
	Performance Concerns 165
	Lack of Verified Protection 165
	For Additional Information 166
	Summary 166
7 Quantum Cryptography 167
	Quantum RNGs 168
	Random is Not Always Random 168
	Why is True Randomness So Important? 170
	Quantum-Based RNGs 172
	Quantum Hashes and Signatures 177
	Quantum Hashes 177
	Quantum Digital Signatures 178
	Quantum Encryption Ciphers 180
	Quantum Key Distribution 181
	Summary 188
8 Quantum Networking 189
	Quantum Network Components 189
	Transmission Media 189
	Distance vs. Speed 191
	Point-to-Point 192
	Trusted Repeaters 193
	True Quantum Repeaters 194
	Quantum Network Protocols 196
	Quantum Network Applications 199
	More Secure Networks 199
	Quantum Computing Cloud 200
	Better Time Syncing 200
	Prevent Jamming 201
	Quantum Internet 202
	Other Quantum Networks 203
	For More Information 204
	Summary 204
9 Preparing Now 207
	Four Major Post-Quantum Mitigation Phases 207
	Stage 1: Strengthen Current Solutions 207
	Stage 2: Move to Quantum-Resistant Solutions 211
	Stage 3: Implement Quantum-Hybrid Solutions 213
	Stage 4: Implement Fully Quantum Solutions 214
	The Six Major Post-Quantum Mitigation Project Steps 214
	Step 1: Educate 215
	Step 2: Create a Plan 220
	Step 3: Collect Data 225
	Step 4: Analyze 226
	Step 5: Take Action/Remediate 228
	Step 6: Review and Improve 230
	Summary 230
Appendix: Additional Quantum Resources 231
Index 239

Cryptography Apocalypse

Preparing for the Day When Quantum Computing Breaks Today's Crypto

Released: 2019
Author(s): Roger A. Grimes

Serious Cryptography

A Practical Introduction to Modern Encryption

Released: 2018
Author(s): Jean-Philippe Aumasson

Bulletproof SSL and TLS

Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications

Released: 2017
Author(s): Ivan Ristic

Description

Cryptography is ubiquitous and plays a key role in ensuring data secrecy and integrity as well as in securing computer systems more broadly. Introduction to Modern Cryptography provides a rigorous yet accessible treatment of this fascinating subject.

The authors introduce the core principles of modern cryptography, with an emphasis on formal definitions, clear assumptions, and rigorous proofs of security. The book begins by focusing on private-key cryptography, including an extensive treatment of private-key encryption, message authentication codes, and hash functions. The authors also present design principles for widely used stream ciphers and block ciphers including RC4, DES, and AES, plus provide provable constructions of stream ciphers and block ciphers from lower-level primitives. The second half of the book covers public-key cryptography, beginning with a self-contained introduction to the number theory needed to understand the RSA, Diffie-Hellman, and El Gamal cryptosystems (and others), followed by a thorough treatment of several standardized public-key encryption and digital signature schemes.

Integrating a more practical perspective without sacrificing rigor, this widely anticipated Second Edition offers improved treatment of:

Stream ciphers and block ciphers, including modes of operation and design principles
Authenticated encryption and secure communication sessions
Hash functions, including hash-function applications and design principles
Attacks on poorly implemented cryptography, including attacks on chained-CBC encryption, padding-oracle attacks, and timing attacks
The random-oracle model and its application to several standardized, widely used public-key encryption and signature schemes
Elliptic-curve cryptography and associated standards such as DSA/ECDSA and DHIES/ECIES

Containing updated exercises and worked examples, Introduction to Modern Cryptography, Second Edition can serve as a textbook for undergraduate- or graduate-level courses in cryptography, a valuable reference for researchers and practitioners, or a general introduction suitable for self-study.

I Introduction and Classical Cryptography
1 Introduction 3
2 Perfectly Secret Encryption 25
3 Private-Key Encryption 43
4 Message Authentication Codes 107
5 Hash Functions and Applications 153
6 Practical Constructions of Symmetric-Key Primitives 193
7 Theoretical Constructions of Symmetric-Key Primitives 241
8 Number Theory and Cryptographic Hardness Assumptions 285
9 Algorithms for Factoring and Computing Discrete Logarithms 341
10 Key Management and the Public-Key Revolution 359
11 Public-Key Encryption 375
12 Digital Signature Schemes 439
13 Advanced Topics in Public-Key Encryption 487

Introduction to Modern Cryptography

Released: 2014 (2nd edition)
Author(s): Jonathan Katz, Yehuda Lindell

Description

The only book to provide a unified view of the interplay between computational number theory and cryptography

Computational number theory and modern cryptography are two of the most important and fundamental research fields in information security. In this book, Song Y. Yang combines knowledge of these two critical fields, providing a unified view of the relationships between computational number theory and cryptography. The author takes an innovative approach, presenting mathematical ideas first, thereupon treating cryptography as an immediate application of the mathematical concepts. The book also presents topics from number theory, which are relevant for applications in public-key cryptography, as well as modern topics, such as coding and lattice based cryptography for post-quantum cryptography. The author further covers the current research and applications for common cryptographic algorithms, describing the mathematical problems behind these applications in a manner accessible to computer scientists and engineers.

Makes mathematical problems accessible to computer scientists and engineers by showing their immediate application
Presents topics from number theory relevant for public-key cryptography applications
Covers modern topics such as coding and lattice based cryptography for post-quantum cryptography
Starts with the basics, then goes into applications and areas of active research
Geared at a global audience; classroom tested in North America, Europe, and Asia
Incudes exercises in every chapter
Instructor resources available on the book’s Companion Website

Computational Number Theory and Modern Cryptography is ideal for graduate and advanced undergraduate students in computer science, communications engineering, cryptography and mathematics. Computer scientists, practicing cryptographers, and other professionals involved in various security schemes will also find this book to be a helpful reference.

Part I Preliminaries
1 Introduction 3
	1.1 What is Number Theory? 3
	1.2 What is Computation Theory? 9
	1.3 What is Computational Number Theory? 15
	1.4 What is Modern Cryptography? 29
	1.5 Bibliographic Notes and Further Reading 32
	References 32
2 Fundamentals 35
	2.1 Basic Algebraic Structures 35
	2.2 Divisibility Theory 46
	2.3 Arithmetic Functions 75
	2.4 Congruence Theory 89
	2.5 Primitive Roots 131
	2.6 Elliptic Curves 141
	2.7 Bibliographic Notes and Further Reading 154
	References 155

Part II Computational Number Theory
3 Primality Testing 159
	3.1 Basic Tests 159
	3.2 Miller–Rabin Test 168
	3.3 Elliptic Curve Tests 173
	3.4 AKS Test 178
	3.5 Bibliographic Notes and Further Reading 187
	References 188
4 Integer Factorization 191
	4.1 Basic Concepts 191
	4.2 Trial Divisions Factoring 194
	4.3 ρ and p − 1 Methods 198
	4.4 Elliptic Curve Method 205
	4.5 Continued Fraction Method 209
	4.6 Quadratic Sieve 214
	4.7 Number Field Sieve 219
	4.8 Bibliographic Notes and Further Reading 231
	References 232
5 Discrete Logarithms 235
	5.1 Basic Concepts 235
	5.2 Baby-Step Giant-Step Method 237
	5.3 Pohlig–Hellman Method 240
	5.4 Index Calculus 246
	5.5 Elliptic Curve Discrete Logarithms 251
	5.6 Bibliographic Notes and Further Reading 260
	References 261

Part III Modern Cryptography
6 Secret-Key Cryptography 265
	6.1 Cryptography and Cryptanalysis 265
	6.2 Classic Secret-Key Cryptography 277
	6.3 Modern Secret-Key Cryptography 285
	6.4 Bibliographic Notes and Further Reading 291
	References 291
7 Integer Factorization Based Cryptography 293
	7.1 RSA Cryptography 293
	7.2 Cryptanalysis of RSA 302
	7.3 Rabin Cryptography 319
	7.4 Residuosity Based Cryptography 326
	7.5 Zero-Knowledge Proof 331
	7.6 Bibliographic Notes and Further Reading 335
	References 335
8 Discrete Logarithm Based Cryptography 337
	8.1 Diffie–Hellman–Merkle Key-Exchange Protocol 337
	8.2 ElGamal Cryptography 342
	8.3 Massey–Omura Cryptography 344
	8.4 DLP-Based Digital Signatures 348
	8.5 Bibliographic Notes and Further Reading 351
	References 351
9 Elliptic Curve Discrete Logarithm Based Cryptography 353
	9.1 Basic Ideas 353
	9.2 Elliptic Curve Diffie–Hellman–Merkle Key Exchange Scheme 356
	9.3 Elliptic Curve Massey–Omura Cryptography 360
	9.4 Elliptic Curve ElGamal Cryptography 365
	9.5 Elliptic Curve RSA Cryptosystem 370
	9.6 Menezes–Vanstone Elliptic Curve Cryptography 371
	9.7 Elliptic Curve DSA 373
	9.8 Bibliographic Notes and Further Reading 374
	References 375

Part IV Quantum Resistant Cryptography
10 Quantum Computational Number Theory 379
	10.1 Quantum Algorithms for Order Finding 379
	10.2 Quantum Algorithms for Integer Factorization 385
	10.3 Quantum Algorithms for Discrete Logarithms 390
	10.4 Quantum Algorithms for Elliptic Curve Discrete Logarithms 393
	10.5 Bibliographic Notes and Further Reading 397
	References 397
11 Quantum Resistant Cryptography 401
	11.1 Coding-Based Cryptography 401
	11.2 Lattice-Based Cryptography 403
	11.3 Quantum Cryptography 404
	11.4 DNA Biological Cryptography 406
	11.5 Bibliographic Notes and Further Reading 409

Computational Number Theory and Modern Cryptography

Released: 2013
Author(s): Song Y. Yan

Description

The ultimate guide to cryptography, updated from an author team of the world's top cryptography experts.

Cryptography is vital to keeping information safe, in an era when the formula to do so becomes more and more challenging. Written by a team of world-renowned cryptography experts, this essential guide is the definitive introduction to all major areas of cryptography: message security, key negotiation, and key management. You'll learn how to think like a cryptographer. You'll discover techniques for building cryptography into products from the start and you'll examine the many technical changes in the field.

After a basic overview of cryptography and what it means today, this indispensable resource covers such topics as block ciphers, block modes, hash functions, encryption modes, message authentication codes, implementation issues, negotiation protocols, and more. Helpful examples and hands-on exercises enhance your understanding of the multi-faceted field of cryptography.

An author team of internationally recognized cryptography experts updates you on vital topics in the field of cryptography
Shows you how to build cryptography into products from the start
Examines updates and changes to cryptography
Includes coverage on key servers, message security, authentication codes, new standards, block ciphers, message authentication codes, and more

Cryptography Engineering gets you up to speed in the ever-evolving field of cryptography.

Part I Introduction.
	Chapter 1 The Context of Cryptography.
	Chapter 2 Introduction to Cryptography.
Part II Message Security.
	Chapter 3 Block Ciphers.
	Chapter 4 Block Cipher Modes.
	Chapter 5 Hash Functions.
	Chapter 6 Message Authentication Codes.
	Chapter 7 The Secure Channel.
	Chapter 8 Implementation Issues (I).
Part III Key Negotiation.
	Chapter 9 Generating Randomness.
	Chapter 10 Primes.
	Chapter 11 Diffie-Hellman.
	Chapter 12 RSA.
	Chapter 13 Introduction to Cryptographic Protocols.
	Chapter 14 Key Negotiation.
	Chapter 15 Implementation Issues (II).
Part IV Key Management.
	Chapter 16 The Clock.
	Chapter 17 Key Servers.
	Chapter 18 The Dream of PKI.
	Chapter 19 PKI Reality.
	Chapter 20 PKI Practicalities.
	Chapter 21 Storing Secrets.
Part V Miscellaneous.
	Chapter 22 Standards and Patents.
	Chapter 23 Involving Experts.

Cryptography Engineering

Design Principles and Practical Applications

Released: 2010
Author(s): Niels Ferguson, Bruce Schneier, Tadayoshi Kohno

Databases

🔝

Description

Improve your ability to develop, manage, and troubleshoot SQL Server solutions by learning how different components work "under the hood," and how they communicate with each other. The detailed knowledge helps in implementing and maintaining high-throughput databases critical to your business and its customers. You'll learn how to identify the root cause of each problem and understand how different design and implementation decisions affect performance of your systems.

New in this second edition is coverage of SQL Server 2016 Internals, including In-Memory OLTP, columnstore enhancements, Operational Analytics support, Query Store, JSON, temporal tables, stretch databases, security features, and other improvements in the new SQL Server version. The knowledge also can be applied to Microsoft Azure SQL Databases that share the same code with SQL Server 2016.

Pro SQL Server Internals is a book for developers and database administrators, and it covers multiple SQL Server versions starting with SQL Server 2005 and going all the way up to the recently released SQL Server 2016. The book provides a solid road map for understanding the depth and power of the SQL Server database server and teaches how to get the most from the platform and keep your databases running at the level needed to support your business. The book:

Provides detailed knowledge of new SQL Server 2016 features and enhancements
Includes revamped coverage of columnstore indexes and In-Memory OLTP
Covers indexing and transaction strategies
Shows how various database objects and technologies are implemented internally, and when they should or should not be used
Demonstrates how SQL Server executes queries and works with data and transaction log

What You Will Learn

Design and develop database solutions with SQL Server.
Troubleshoot design, concurrency, and performance issues.
Choose the right database objects and technologies for the job.
Reduce costs and improve availability and manageability.
Design disaster recovery and high-availability strategies.
Improve performance of OLTP and data warehouse systems through in-memory OLTP and Columnstore indexes.

Who This Book Is For

Developers and database administrators who want to design, develop, and maintain systems in a way that gets the most from SQL Server. This book is an excellent choice for people who prefer to understand and fix the root cause of a problem rather than applying a 'band aid' to it.

1. Tables and Indexes
	1. Data Storage Internals
	2. Tables and Indexes: Internal Structure and Access Methods
	3. Statistics
	4. Special Indexing and Storage Features
	5. SQL Server 2016 Features
	6. Index Fragmentation
	7. Designing and Tuning the Indexes
2. Other Things That Matter
	8. Constraints
	9. Triggers
	10. Views
	11. User-Defined Functions
	12. XML and JSON
	13. Temporary Objects and TempDB
	14. CLR
	15. CLR Types
	16. Data Partitioning
3. Locking, Blocking, and Concurrency
	17. Lock Types and Transaction Isolation Levels
	18. Troubleshooting Blocking Issues
	19. Deadlocks
	20. Lock Escalation
	21. Optimistic Isolation Levels
	22. Application Locks
	23. Schema Locks
	24. Designing Transaction Strategies
4. Query Life Cycle
	25. Query Optimization and Execution
	26. Plan Caching
5. Practical Troubleshooting
	27. Extended Events
	28. System Troubleshooting
	29. Query Store
6. Inside the Transaction Log
	30. Transaction Log Internals
	31. Backup and Restore
	32. High Availability Technologies
7. Columnstore Indexes
	33. Column-Based Storage and Batch Mode Execution
	34. Columnstore Indexes
8. In-Memory OLTP Engine
	Part Frontmatter
	35. In-Memory OLTP Internals
	36. Transaction Processing in In-Memory OLTP
	37. In-Memory OLTP Programmability

Pro SQL Server Internals

Released: 2016 (2nd edition)
Author(s): Dmitri Korotkevitch

Microsoft SQL Server 2012 Internals

Developer Reference

Released: 2013
Author(s): Kalen Delaney, Bob Beauchemin, Conor Cunningham, Jonathan Kehayias, Paul S. Randal, Benjamin Nevarez

Description

Databases are the nerve center of our economy. Every piece of your personal information is stored there-medical records, bank accounts, employment history, pensions, car registrations, even your children's grades and what groceries you buy. Database attacks are potentially crippling-and relentless.

In this essential follow-up to The Shellcoder's Handbook, four of the world's top security experts teach you to break into and defend the seven most popular database servers. You'll learn how to identify vulnerabilities, how attacks are carried out, and how to stop the carnage. The bad guys already know all this. You need to know it too.
* Identify and plug the new holes in Oracle and Microsoft(r) SQL Server
* Learn the best defenses for IBM's DB2(r), PostgreSQL, Sybase ASE, and MySQL(r) servers
* Discover how buffer overflow exploitation, privilege escalation through SQL, stored procedure or trigger abuse, and SQL injection enable hacker access
* Recognize vulnerabilities peculiar to each database
* Find out what the attackers already know

Go to www.wiley.com/go/dbhackershandbook for code samples, security alerts , and programs available for download.

Part I: Introduction.
	Chapter 1: Why Care About Database Security?
Part II: Oracle.
	Chapter 2: The Oracle Architecture.
	Chapter 3: Attacking Oracle.
	Chapter 4: Oracle: Moving Further into the Network.
	Chapter 5: Securing Oracle.
Part III: DB2.
	Chapter 6: IBM DB2 Universal Database.
	Chapter 7: DB2: Discovery, Attack, and Defense.
	Chapter 8: Attacking DB2.
	Chapter 9: Securing DB2.
Part IV: Informix.
	Chapter 10: The Informix Architecture.
	Chapter 11: Informix: Discovery, Attack, and Defense.
	Chapter 12: Securing Informix.
Part V: Sybase ASE.
	Chapter 13: Sybase Architecture.
	Chapter 14: Sybase: Discovery, Attack, and Defense.
	Chapter 15: Sybase: Moving Further into the Network.
	Chapter 16: Securing Sybase.
Part VI: MySQL.
	Chapter 17: MySQL Architecture.
	Chapter 18: MySQL: Discovery, Attack, and Defense.
	Chapter 19: MySQL: Moving Further into the Network.
	Chapter 20: Securing MySQL.
Part VII: SQL Server.
	Chapter 21: Microsoft SQL Server Architecture.
	Chapter 22: SQL Server: Exploitation, Attack, and Defense.
	Chapter 23: Securing SQL Server.
Part VIII: PostgreSQL.
	Chapter 24: The PostgreSQL Architecture.
	Chapter 25: PostgreSQL: Discovery and Attack.
	Chapter 26: Securing PostgreSQL.
Appendix A: Example C Code for a Time-Delay SQL Injection Harness.
Appendix B: Dangerous Extended Stored Procedures.
Appendix C: Oracle Default Usernames and Passwords.

The Database Hacker's Handbook

Defending Database Servers

Released: 2005
Author(s): David Litchfield, Chris Anley, John Heasman, Bill Grindlay

Exploitation

🔝

A Bug Hunter's Diary

A Guided Tour Through the Wilds of Software Security

Released: 2011
Author(s): Tobias Klein

Description

A Guide to Kernel Exploitation: Attacking the Core discusses the theoretical techniques and approaches needed to develop reliable and effective kernel-level exploits, and applies them to different operating systems, namely, UNIX derivatives, Mac OS X, and Windows. Concepts and tactics are presented categorically so that even when a specifically detailed vulnerability has been patched, the foundational information provided will help hackers in writing a newer, better attack; or help pen testers, auditors, and the like develop a more concrete design and defensive structure. The book is organized into four parts. Part I introduces the kernel and sets out the theoretical basis on which to build the rest of the book. Part II focuses on different operating systems and describes exploits for them that target various bug classes. Part III on remote kernel exploitation analyzes the effects of the remote scenario and presents new techniques to target remote issues. It includes a step-by-step analysis of the development of a reliable, one-shot, remote exploit for a real vulnerabilitya bug affecting the SCTP subsystem found in the Linux kernel. Finally, Part IV wraps up the analysis on kernel exploitation and looks at what the future may hold.

Part I A Journey to Kernel Land
Chapter 1 From User-Land to Kernel-Land Attacks
	Introduction
	Introducing the Kernel and the World of Kernel Exploitation
	Why Doesn’t My User-Land Exploit Work Anymore?
	An Exploit Writer’s View of the Kernel
	Open Source versus Closed Source Operating Systems
	Summary
	Related Reading
	Endnote
Chapter 2 A Taxonomy of Kernel Vulnerabilities
	Introduction
	Uninitialized/Nonvalidated/Corrupted Pointer Dereference
	Memory Corruption Vulnerabilities
	Integer Issues
	Race Conditions
	Logic Bugs (a.k.a. the Bug Grab Bag)
	Summary
	Endnotes
Chapter 3 Stairway to Successful Kernel Exploitation
	Introduction
	A Look at the Architecture Level
	The Execution Step
	The Triggering Step
	The Information-Gathering Step
	Summary
	Related Reading

Part II The UNIX Family, Mac OS X, and Windows
Chapter 4 The UNIX Family
	Introduction
	The Members of the UNIX Family
	The Execution Step
	Practical UNIX Exploitation
	Summary
	Endnotes
Chapter 5 Mac OS X
	Introduction
	An Overview of XNU
	Kernel Debugging
	Kernel Extensions (Kext)
	The Execution Step
	Exploitation Notes
	Summary
	Endnotes
Chapter 6 Windows
	Introduction
	Windows Kernel Overview
	The Execution Step
	Practical Windows Exploitation
	Summary
	Endnotes

Part III Remote Kernel Exploitation
Chapter 7 Facing the Challenges of Remote Kernel Exploitation
	Introduction
	Attacking Remote Vulnerabilities
	Executing the First Instruction
	Remote Payloads
	Summary
	Endnote
Chapter 8 Putting It All Together: A Linux Case Study
	Introduction
	SCTP FWD Chunk Heap Memory Corruption
	Remote Exploitation: An Overall Analysis
	Getting the Arbitrary Memory Overwrite Primitive
	Installing the Shellcode
	Executing the Shellcode
	Summary
	Related Reading
	Endnote

Part IV Final Words
Chapter 9 Kernel Evolution: Future Forms of Attack and Defense
	Introduction
	Kernel Attacks
	Kernel Defense
	Beyond Kernel Bugs: Virtualization
	Summary
	Index

A Guide to Kernel Exploitation

Attacking the Core

Released: 2010
Author(s): Enrico Perla, Massimiliano Oldani

Description

Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.

Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker's perspective.

The included LiveCD provides a complete Linux programming and debugging environment—all without modifying your current operating system. Use it to follow along with the book's examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to:
– Program computers using C, assembly language, and shell scripts
– Corrupt system memory to run arbitrary code using buffer overflows and format strings
– Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening
– Outsmart common security measures like nonexecutable stacks and intrusion detection systems
– Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence
– Redirect network traffic, conceal open ports, and hijack TCP connections
– Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix

Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don't already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity.

0x100. INTRODUCTION
0x200. PROGRAMMING
	0x210. What Is Programming?
	0x220. Pseudo-code
	0x230. Control Structures
	0x231. If-Then-Else
	0x232. While/Until Loops
	0x233. For Loops
	0x240. More Fundamental Programming Concepts
	0x241. Variables
	0x242. Arithmetic Operators
	0x243. Comparison Operators
	0x244. Functions
	0x250. Getting Your Hands Dirty
	0x251. The Bigger Picture
	0x252. The x86 Processor
	0x253. Assembly Language
	0x260. Back to Basics
	0x261. Strings
	0x262. Signed, Unsigned, Long, and Short
	0x263. Pointers
	0x264. Format Strings
	0x265. Typecasting
	0x266. Command-Line Arguments
	0x267. Variable Scoping
	0x270. Memory Segmentation
	0x271. Memory Segments in C
	0x272. Using the Heap
	0x273. Error-Checked malloc()
	0x280. Building on Basics
	0x281. File Access
	0x282. File Permissions
	0x283. User IDs
	0x284. Structs
	0x285. Function Pointers
	0x286. Pseudo-random Numbers
	0x287. A Game of Chance
0x300. EXPLOITATION
	0x310. Generalized Exploit Techniques
	0x320. Buffer Overflows
	0x321. Stack-Based Buffer Overflow Vulnerabilities
	0x330. Experimenting with BASH
	0x331. Using the Environment
	0x340. Overflows in Other Segments
	0x341. A Basic Heap-Based Overflow
	0x342. Overflowing Function Pointers
	0x350. Format Strings
	0x351. Format Parameters
	0x352. The Format String Vulnerability
	0x353. Reading from Arbitrary Memory Addresses
	0x354. Writing to Arbitrary Memory Addresses
	0x355. Direct Parameter Access
	0x356. Using Short Writes
	0x357. Detours with .dtors
	0x358. Another notesearch Vulnerability
	0x359. Overwriting the Global Offset Table
0x400. NETWORKING
	0x410. OSI Model
	0x420. Sockets
	0x421. Socket Functions
	0x422. Socket Addresses
	0x423. Network Byte Order
	0x424. Internet Address Conversion
	0x425. A Simple Server Example
	0x426. A Web Client Example
	0x427. A Tinyweb Server
	0x430. Peeling Back the Lower Layers
	0x431. Data-Link Layer
	0x432. Network Layer
	0x433. Transport Layer
	0x440. Network Sniffing
	0x441. Raw Socket Sniffer
	0x442. libpcap Sniffer
	0x443. Decoding the Layers
	0x444. Active Sniffing
	0x450. Denial of Service
	0x451. SYN Flooding
	0x452. The Ping of Death
	0x453. Teardrop
	0x454. Ping Flooding
	0x455. Amplification Attacks
	0x456. Distributed DoS Flooding
	0x460. TCP/IP Hijacking
	0x461. RST Hijacking
	0x462. Continued Hijacking
	0x470. Port Scanning
	0x471. Stealth SYN Scan
	0x472. FIN, X-mas, and Null Scans
	0x473. Spoofing Decoys
	0x474. Idle Scanning
	0x475. Proactive Defense (shroud)
	0x480. Reach Out and Hack Someone
	0x481. Analysis with GDB
	0x482. Almost Only Counts with Hand Grenades
	0x483. Port-Binding Shellcode
0x500. SHELLCODE
	0x510. Assembly vs. C
	0x511. Linux System Calls in Assembly
	0x520. The Path to Shellcode
	0x521. Assembly Instructions Using the Stack
	0x522. Investigating with GDB
	0x523. Removing Null Bytes
	0x530. Shell-Spawning Shellcode
	0x531. A Matter of Privilege
	0x532. And Smaller Still
	0x540. Port-Binding Shellcode
	0x541. Duplicating Standard File Descriptors
	0x542. Branching Control Structures
	0x550. Connect-Back Shellcode
0x600. COUNTERMEASURES
	0x610. Countermeasures That Detect
	0x620. System Daemons
	0x621. Crash Course in Signals
	0x622. Tinyweb Daemon
	0x630. Tools of the Trade
	0x631. tinywebd Exploit Tool
	0x640. Log Files
	0x641. Blend In with the Crowd
	0x650. Overlooking the Obvious
	0x651. One Step at a Time
	0x652. Putting Things Back Together Again
	0x653. Child Laborers
	0x660. Advanced Camouflage
	0x661. Spoofing the Logged IP Address
	0x662. Logless Exploitation
	0x670. The Whole Infrastructure
	0x671. Socket Reuse
	0x680. Payload Smuggling
	0x681. String Encoding
	0x682. How to Hide a Sled
	0x690. Buffer Restrictions
	0x691. Polymorphic Printable ASCII Shellcode
	0x6a0. Hardening Countermeasures
	0x6b0. Nonexecutable Stack
	0x6b1. ret2libc
	0x6b2. Returning into system()
	0x6c0. Randomized Stack Space
	0x6c1. Investigations with BASH and GDB
	0x6c2. Bouncing Off linux-gate
	0x6c3. Applied Knowledge
	0x6c4. A First Attempt
	0x6c5. Playing the Odds
0x700. CRYPTOLOGY
	0x710. Information Theory
	0x711. Unconditional Security
	0x712. One-Time Pads
	0x713. Quantum Key Distribution
	0x714. Computational Security
	0x720. Algorithmic Run Time
	0x721. Asymptotic Notation
	0x730. Symmetric Encryption
	0x731. Lov Grover's Quantum Search Algorithm
	0x740. Asymmetric Encryption
	0x741. RSA
	0x742. Peter Shor's Quantum Factoring Algorithm
	0x750. Hybrid Ciphers
	0x751. Man-in-the-Middle Attacks
	0x752. Differing SSH Protocol Host Fingerprints
	0x753. Fuzzy Fingerprints
	0x760. Password Cracking
	0x761. Dictionary Attacks
	0x762. Exhaustive Brute-Force Attacks
	0x763. Hash Lookup Table
	0x764. Password Probability Matrix
	0x770. Wireless 802.11b Encryption
	0x771. Wired Equivalent Privacy
	0x772. RC4 Stream Cipher
	0x780. WEP Attacks
	0x781. Offline Brute-Force Attacks
	0x782. Keystream Reuse
	0x783. IV-Based Decryption Dictionary Tables
	0x784. IP Redirection
	0x785. Fluhrer, Mantin, and Shamir Attack
0x800. CONCLUSION
	0x810. References
	0x820. Sources

The Art of Exploitation

Released: 2008 (2nd edition)
Author(s): Jon Erickson

The Shellcoder's Handbook

Discovering and Exploiting Security Holes

Released: 2007 (2nd edition)
Author(s): Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte

Writing Security Tools and Exploits

Released: 2006
Author(s): James C. Foster, VIncent T. Liu

Sockets, Shellcode, Porting, and Coding

Reverse Engineering Exploits and Tool Coding for Security Professionals

Released: 2005
Author(s): James C. Foster

Description

The SANS Institute maintains a list of the "Top 10 Software Vulnerabilities." At the current time, over half of these vulnerabilities are exploitable by Buffer Overflow attacks, making this class of attack one of the most common and most dangerous weapon used by malicious attackers. This is the first book specifically aimed at detecting, exploiting, and preventing the most common and dangerous attacks.

Buffer overflows make up one of the largest collections of vulnerabilities in existence; And a large percentage of possible remote exploits are of the overflow variety. Almost all of the most devastating computer attacks to hit the Internet in recent years including SQL Slammer, Blaster, and I Love You attacks. If executed properly, an overflow vulnerability will allow an attacker to run arbitrary code on the victim’s machine with the equivalent rights of whichever process was overflowed. This is often used to provide a remote shell onto the victim machine, which can be used for further exploitation.

A buffer overflow is an unexpected behavior that exists in certain programming languages. This book provides specific, real code examples on exploiting buffer overflow attacks from a hacker's perspective and defending against these attacks for the software developer.

Part 1 Expanding on Buffer Overflows 
	Chapter 1 Buffer Overflows: The Essentials 
	Chapter 2 Understanding Shellcode
	Chapter 3 Writing Shellcode
	Chapter 4 Win32 Assembly 
	Case Study 1.1 FreeBSD NN Exploit Code
	Case Study 1.2 xlockmore User Supplied Format String
	Case Study 1.3 Frontpage Denial of Service Utilizing
	Case Study 1.4 cURL buffer overflow on FreeBSD 

Part II Exploiting Buffer Overflows
	Chapter 5 Stack Overflows
	Chapter 6 Heap Corruption
	Chapter 7 Format String Attacks
	Chapter 8 Windows Buffer Overflows
	Case Study 2.1 cURL Buffer Overflow on Linux
	Case Study 2.2 SSLv2 Malformed Client Key Remote
	Case Study 2.3 X11R6 4.2 XLOCALEDIR Overflow
	Case Study 2.4 Microsoft MDAC Denial of Service 
	Case Study 2.5 Local UUX Buffer Overflow on HPUX

Part III Finding Buffer Overflows
	Chapter 9 Finding Buffer Overflows in Source
	Case Study 3.1 InlineEgg I 
	Case Study 3.2 InlineEgg II
	Case Study 3.3 Seti@Home Exploit Code 
	Case Study 3.4 Microsoft CodeBlue Exploit Code

Appendix A The Complete Data Conversion Table
Appendix B Useful Syscalls

Buffer Overflow Attacks

Detect, Exploit, Prevent

Released: 2005
Author(s): James C. Foster, Vitaly Osipov

Forensics

🔝

Description

Investigate crimes involving cryptocurrencies and other blockchain technologies

Bitcoin has traditionally been the payment system of choice for a criminal trading on the Dark Web, and now many other blockchain cryptocurrencies are entering the mainstream as traders are accepting them from low-end investors putting their money into the market. Worse still, the blockchain can even be used to hide information and covert messaging, unknown to most investigators.

Investigating Cryptocurrencies is the first book to help corporate, law enforcement, and other investigators understand the technical concepts and the techniques for investigating crimes utilizing the blockchain and related digital currencies such as Bitcoin and Ethereum.

Understand blockchain and transaction technologies
Set up and run cryptocurrency accounts
Build information about specific addresses
Access raw data on blockchain ledgers
Identify users of cryptocurrencies
Extracting cryptocurrency data from live and imaged computers
Following the money

With nearly $150 billion in cryptocurrency circulating and $3 billion changing hands daily, crimes committed with or paid for with digital cash are a serious business. Luckily, Investigating Cryptocurrencies Forensics shows you how to detect it and, more importantly, stop it in its tracks.

Part I Understanding the Technology 1
Chapter 1 What Is a Cryptocurrency? 3
	A New Concept? 3
	Leading Currencies in the Field 8
	Is Blockchain Technology Just for Cryptocurrencies? 9
	Setting Yourself Up as a Bitcoin User 10
	Summary 14
Chapter 2 The Hard Bit 15
	Hashing 16
	Public/Private Key Encryption 21
	RSA Cryptography 23
	Elliptic Curve Cryptography 28
	Building a Simple Cryptocurrency in the Lab 32
	Summary 36
Chapter 3 Understanding the Blockchain 39
	The Structure of a Block 40
	The Block Header 42
	Deconstructing Raw Blocks from Hex 47
	Applying This to the Downloaded Hex 51
	Number of Transactions 55
	Block Height 57
	Forks 58
	The Ethereum Block 61
	Summary 65
Chapter 4 Transactions 67
	The Concept behind a Transaction 67
	The Mechanics of a Transaction 69
	Understanding the Mempool 76
	Understanding the ScriptSig and ScriptPubKey 77
	Interpreting Raw Transactions 79
	Extracting JSON Data 81
	Analyzing Address History 82
	Creating Vanity Addresses 83
	Interpreting Ethereum Transactions 85
	Summary 86
Chapter 5 Mining 87
	The Proof-of-Work Concept 89
	The Proof-of-Stake Concept 90
	Mining Pools 90
	Mining Fraud 92
	Summary 93
Chapter 6 Wallets 95
	Wallet Types 96
	Software Wallets 96
	Hardware Wallets 97
	Cold Wallets or Cold Storage 98
	Why Is Recognizing Wallets Important? 99
	Software Wallets 100
	Hardware Wallets 100
	Paper Wallets 100
	The Wallet Import Format (WIF) 101
	How Wallets Store Keys 102
	Setting Up a Covert Wallet 105
	Summary 107
Chapter 7 Contracts and Tokens 109
	Contracts 109
	Bitcoin 110
	Ethereum 110
	Tokens and Initial Coin Offerings 112
	Summary 116

Part II Carrying Out Investigations 117
Chapter 8 Detecting the Use of Cryptocurrencies 119
	The Premises Search 120
	A New Category of Search Targets 121
	Questioning 124
	Searching Online 125
	Extracting Private and Public Keys from Seized Computers 130
	Commercial Tools 130
	Extracting the Wallet File 131
	Automating the Search for Bitcoin Addresses 135
	Finding Data in a Memory Dump 136
	Working on a Live Computer 137
	Acquiring the Wallet File 138
	Exporting Data from the Bitcoin Daemon 140
	Extracting Wallet Data from Live Linux and OSX Systems 144
	Summary 145
Chapter 9 Analysis of Recovered Addresses and Wallets 147
	Finding Information on a Recovered Address 147
	Extracting Raw Data from Ethereum 154
	Searching for Information on a Specifi c Address 155
	Analyzing a Recovered Wallet 161
	Setting Up Your Investigation Environment 161
	Importing a Private Key 166
	Dealing with an Encrypted Wallet 167
	Inferring Other Data 172
	Summary 173
Chapter 10 Following the Money 175
	Initial Hints and Tips 175
	Transactions on Blockchain.info 176
	Identifying Change Addresses 177
	Another Simple Method to Identify Clusters 181
	Moving from Transaction to Transaction 182
	Putting the Techniques Together 184
	Other Explorer Sites 186
	Following Ethereum Transactions 189
	Monitoring Addresses 193
	Blockonomics.co 193
	Bitnotify.com 194
	Writing Your Own Monitoring Script 194
	Monitoring Ethereum Addresses 196
	Summary 197
Chapter 11 Visualization Systems 199
	Online Blockchain Viewers 199
	Blockchain.info 200
	Etherscan.io 201
	Commercial Visualization Systems 214
	Summary 215
Chapter 12 Finding Your Suspect 217
	Tracing an IP Address 217
	Bitnodes 219
	Other Areas Where IPs Are Stored 226
	Is the Suspect Using Tor? 228
	Is the Suspect Using a Proxy or a VPN? 229
	Tracking to a Service Provider 231
	Considering Open-Source Methods 235
	Accessing and Searching the Dark Web 237
	Detecting and Reading Micromessages 241
	Summary 244
Chapter 13 Sniffing Cryptocurrency Traffic 245
	What Is Intercept? 246
	Watching a Bitcoin Node 247
	Sniffing Data on the Wire 248
	Summary 254
Chapter 14 Seizing Coins 255
	Asset Seizure 256
	Cashing Out 256
	Setting Up a Storage Wallet 259
	Importing a Suspect’s Private Key 261
	Storage and Security 263
	Seizure from an Online Wallet 265
	Practice, Practice, Practice 265
	Summary 266
Chapter 15 Putting It All Together 267
	Examples of Cryptocurrency Crimes 268
	Buying Illegal Goods 268
	Selling Illegal Goods 268
	Stealing Cryptocurrency 269
	Money Laundering 269
	Kidnap and Extortion 270
	What Have You Learned? 270
	Where Do You Go from Here? 273
Index 275

Investigating Cryptocurrencies

Understanding, Extracting, and Analyzing Blockchain Evidence

Released: 2018
Author(s): Nick Furneaux

Description

Forensic image acquisition is an important part of postmortem incident response and evidence collection. Digital forensic investigators acquire, preserve, and manage digital evidence to support civil and criminal cases; examine organizational policy violations; resolve disputes; and analyze cyber attacks.

Practical Forensic Imaging takes a detailed look at how to secure and manage digital evidence using Linux-based command line tools. This essential guide walks you through the entire forensic acquisition process and covers a wide range of practical scenarios and situations related to the imaging of storage media.

You’ll learn how to:

Perform forensic imaging of magnetic hard disks, SSDs and flash drives, optical discs, magnetic tapes, and legacy technologies
Protect attached evidence media from accidental modification
Manage large forensic image files, storage capacity, image format conversion, compression, splitting, duplication, secure transfer and storage, and secure disposal
Preserve and verify evidence integrity with cryptographic and piecewise hashing, public key signatures, and RFC-3161 timestamping
Work with newer drive and interface technologies like NVME, SATA Express, 4K-native sector drives, SSHDs, SAS, UASP/USB3x, and Thunderbolt
Manage drive security such as ATA passwords; encrypted thumb drives; Opal self-encrypting drives; OS-encrypted drives using BitLocker, FileVault, and TrueCrypt; and others
Acquire usable images from more complex or challenging situations such as RAID systems, virtual machine images, and damaged media

With its unique focus on digital forensic acquisition and evidence preservation, Practical Forensic Imaging is a valuable resource for experienced digital forensic investigators wanting to advance their Linux skills and experienced Linux administrators wanting to learn digital forensics. This is a must-have reference for every digital forensics lab.

Chapter 0: Digital Forensics Overview
Chapter 1: Storage Media Overview<
Chapter 2: Linux as a Forensic Acquisition Platform
Chapter 3: Forensic Image Formats
Chapter 4: Planning and Preparation
Chapter 5: Attaching Subject Media to an Acquisition Host
Chapter 6: Forensic Image Acquisition
Chapter 7: Forensic Image Management
Chapter 8: Special Image Access Topics
Chapter 9: Extracting Subsets of Forensic Images

Practical Forensic Imaging

Securing Digital Evidence with Linux Tools

Released: 2016
Author(s): Bruce Nikkel

Description

Memory forensics provides cutting edge technology to help investigate digital attacks

Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes. As a follow-up to the best seller Malware Analyst's Cookbook, experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics—now the most sought after skill in the digital forensics and incident response fields.

Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory is based on a five day training course that the authors have presented to hundreds of students. It is the only book on the market that focuses exclusively on memory forensics and how to deploy such techniques properly. Discover memory forensics techniques:

How volatile memory analysis improves digital investigations
Proper investigative steps for detecting stealth malware and advanced threats
How to use free, open source tools for conducting thorough memory forensics
Ways to acquire memory from suspect systems in a forensically sound manner

The next era of malware and security breaches are more sophisticated and targeted, and the volatile memory of a computer is often overlooked or destroyed as part of the incident response process. The Art of Memory Forensics explains the latest technological innovations in digital forensics to help bridge this gap. It covers the most popular and recently released versions of Windows, Linux, and Mac, including both the 32 and 64-bit editions.

I An Introduction to Memory Forensics 1
1 Systems Overview 3
	Digital Environment 3
	PC Architecture 4
	Operating Systems  17
	Process Management 18
	Memory Management   20
	File System 24
	I/O Subsystem 25
	Summary 26
2 Data Structures  27
	Basic Data Types   27
	Summary 43
3 The Volatility Framework  45
	Why Volatility? 45
	What Volatility Is Not   46
	Installation 47
	The Framework 51
	Using Volatility 59
	Summary 67
4 Memory Acquisition 69
	Preserving the Digital Environment 69
	Software Tools 79
	Memory Dump Formats 95
	Converting Memory Dumps 106
	Volatile Memory on Disk 107
	Summary 114

II Windows Memory Forensics 115
5 Windows Objects and Pool Allocations 117
	Windows Executive Objects  117
	Pool-Tag Scanning 129
	Limitations of Pool Scanning 140
	Big Page Pool 142
	Pool-Scanning Alternatives  146
	Summary 148
6 Processes, Handles, and Tokens 149
	Processes  149
	Process Tokens 164
	Privileges 170
	Process Handles 176
	Enumerating Handles in Memory 181
	Summary 187
7 Process Memory Internals  189
	What’s in Process Memory? 189
	Enumerating Process Memory 193
	Summary 217
8 Hunting Malware in Process Memory 219
	Process Environment Block  219
	PE Files in Memory 238
	Packing and Compression   245
	Code Injection 251
	Summary 263
9 Event Logs 265
	Event Logs in Memory  265
	Real Case Examples 275
	Summary 279
10 Registry in Memory  281
	Windows Registry Analysis  281
	Volatility’s Registry API 292
	Parsing Userassist Keys 295
	Detecting Malware with the Shimcache 297
	Reconstructing Activities with Shellbags   298
	Dumping Password Hashes  304
	Obtaining LSA Secrets  305
	Summary 307
11 Networking 309
	Network Artifacts  309
	Hidden Connections 323
	Raw Sockets and Sniffers 325
	Next Generation TCP/IP Stack   327
	Internet History   333
	DNS Cache Recovery   339
	Summary 341
12 Windows Services 343
	Service Architecture 343
	Installing Services 345
	Tricks and Stealth 346
	Investigating Service Activity 347
	Summary 366
13 Kernel Forensics and Rootkits 367
	Kernel Modules   367
	Modules in Memory Dumps 372
	Threads in Kernel Mode  378
	Driver Objects and IRPs 381
	Device Trees  386
	Auditing the SSDT 390
	Kernel Callbacks   396
	Kernel Timers 399
	Putting It All Together  402
	Summary 406
14 Windows GUI Subsystem, Part I 407
	The GUI Landscape 407
	GUI Memory Forensics 410
	The Session Space  410
	Window Stations   416
	Desktops 422
	Atoms and Atom Tables 429
	Windows 435
	Summary 452
15 Windows GUI Subsystem, Part II 453
	Window Message Hooks 453
	User Handles 459
	Event Hooks  466
	Windows Clipboard 468
	Case Study: ACCDFISA Ransomware 472
	Summary 476
16 Disk Artifacts in Memory  477
	Master File Table  477
	Extracting Files   493
	Defeating TrueCrypt Disk Encryption  503
	Summary 510
17 Event Reconstruction 511
	Strings  511
	Command History 523
	Summary 536
18 Timelining 537
	Finding Time in Memory 537
	Generating Timelines   539
	Gh0st in the Enterprise 543
	Summary 573

III Linux Memory Forensics 575
19 Linux Memory Acquisition 577
	Historical Methods of Acquisition 577
	Modern Acquisition 579
	Volatility Linux Profiles 583
	Summary 589
20 Linux Operating System 591
	ELF Files 591
	Linux Data Structures  603
	Linux Address Translation   607
	procfs and sysfs   609
	Compressed Swap   610
	Summary 610
21 Processes and Process Memory 611
	Processes in Memory   611
	Enumerating Processes 613
	Process Address Space   616
	Process Environment Variables   625
	Open File Handles 626
	Saved Context State 630
	Bash Memory Analysis 630
	Summary 635
22 Networking Artifacts 637
	Network Socket File Descriptors  637
	Network Connections   640
	Queued Network Packets 643
	Network Interfaces 646
	The Route Cache   650
	ARP Cache   652
	Summary655
23 Kernel Memory Artifacts 657
	Physical Memory Maps 657
	Virtual Memory Maps  661
	Kernel Debug Buffer   663
	Loaded Kernel Modules 667
	Summary 673
24 File Systems in Memory  675
	Mounted File Systems  675
	Listing Files and Directories 681
	Extracting File Metadata 684
	Recovering File Contents 691
	Summary 695
25 Userland Rootkits  697
	Shellcode Injection 698
	Process Hollowing 703
	Shared Library Injection 705
	LD_PRELOAD Rootkits 712
	GOT/PLT Overwrites  716
	Inline Hooking 718
	Summary 719
26 Kernel Mode Rootkits 721
	Accessing Kernel Mode 721
	Hidden Kernel Modules 722
	Hidden Processes  728
	Elevating Privileges 730
	System Call Handler Hooks  734
	Keyboard Notifiers 735
	TTY Handlers 739
	Network Protocol Structures 742
	Netfilter Hooks 745
	File Operations 748
	Inline Code Hooks 752
	Summary754
27 Case Study: Phalanx2 755
	Phalanx2 755
	Phalanx2 Memory Analysis  757
	Reverse Engineering Phalanx2   763
	Final Thoughts on Phalanx2 772
	Summary 772

IV Mac Memory Forensics 773
28 Mac Acquisition and Internals 775
	Mac Design  775
	Memory Acquisition   780
	Mac Volatility Profiles  784
	Mach-O Executable Format 787
	Summary 791
29 Mac Memory Overview 793
	Mac versus Linux Analysis  793
	Process Analysis   794
	Address Space Mappings 799
	Networking Artifacts   804
	SLAB Allocator   808
	Recovering File Systems from Memory 811
	Loaded Kernel Extensions   815
	Other Mac Plugins 818
	Mac Live Forensics 819
	Summary 821
30 Malicious Code and Rootkits 823
	Userland Rootkit Analysis   823
	Kernel Rootkit Analysis 828
	Common Mac Malware in Memory   838
	Summary 844
31 Tracking User Activity  845
	Keychain Recovery 845
	Mac Application Analysis   849
	Summary 858

The Art of Memory Forensics

Detecting Malware and Threats in Windows, Linux, and Mac Memory

Released: 2014
Author(s): Michael Hale Ligh, Andrew Case, Jamie Levy, Aaron Walters

Description

Digital Forensics with Open Source Tools is the definitive book on investigating and analyzing computer systems and media using open source tools. The book is a technical procedural guide, and explains the use of open source tools on Mac, Linux and Windows systems as a platform for performing computer forensics. Both well-known and novel forensic methods are demonstrated using command-line and graphical open source computer forensic tools for examining a wide range of target systems and artifacts.

Written by world-renowned forensic practitioners, this book uses the most current examination and analysis techniques in the field. It consists of 9 chapters that cover a range of topics such as the open source examination platform; disk and file system analysis; Windows systems and artifacts; Linux systems and artifacts; Mac OS X systems and artifacts; Internet artifacts; and automating analysis and extending capabilities. The book lends itself to use by students and those entering the field who do not have means to purchase new tools for different investigations.

This book will appeal to forensic practitioners from areas including incident response teams and computer forensic investigators; forensic technicians from legal, audit, and consulting firms; and law enforcement agencies.

CHAPTER 1 Digital Forensics with Open Source Tools
	 Welcome to “Digital Forensics with Open Source Tools” 
	 What Is “Digital Forensics?” 
	    Goals of Forensic Analysis
	    The Digital Forensics Process
	 What Is “Open Source?” 
	    “Free” vs. “Open”
	    Open Source Licenses
	 Benefits of Open Source Tools
	    Education
	    Portability and Flexibility
	    Price
	    Ground Truth
	 Summary 
	 References
CHAPTER 2 Open Source Examination Platform
	 Preparing the Examination System
	    Building Software
	    Installing Interpreters 
	    Working with Image Files
	    Working with File Systems 
	 Using Linux as the Host
	    Extracting Software
	    GNU Build System
	    Version Control Systems
	    Installing Interpreters 
	    Working with Images 
	 Using Windows as the Host 
	    Building Software
	    Installing Interpreters 
	    Working with Images 
	    Working with File Systems 
	 Summary 
	 References
CHAPTER 3 Disk and File System Analysis 
	 Media Analysis Concepts
	    File System Abstraction Model
	 The Sleuth Kit 
	    Installing the Sleuth Kit
	    Sleuth Kit Tools
	 Partitioning and Disk Layouts
	    Partition Identification and Recovery
	    Redundant Array of Inexpensive Disks
	 Special Containers
	    Virtual Machine Disk Images
	    Forensic Containers
	 Hashing 
	 Carving
	    Foremost
	 Forensic Imaging
	    Deleted Data
	    File Slack
	    dd
	    dcfldd
	    dc3dd 
	 Summary 
	 References
CHAPTER 4 Windows Systems and Artifacts 
	 Introduction
	 Windows File Systems
	    File Allocation Table 
	    New Technology File System
	    File System Summary 
	 Registry 
	 Event Logs 
	 Prefetch Files
	 Shortcut Files 
	 Windows Executables 
	 Summary 
	 References
CHAPTER 5 Linux Systems and Artifacts
	 Introduction
	 Linux File Systems
	    Contents vii
	    File System Layer
	    File Name Layer
	    Metadata Layer
	    Data Unit Layer
	    Journal Tools 
	    Deleted Data
	    Linux Logical Volume Manager
	 Linux Boot Process and Services
	    System V 
	    BSD 
	 Linux System Organization and Artifacts
	    Partitioning 
	    Filesystem Hierarchy
	    Ownership and Permissions
	    File Attributes
	    Hidden Files 
	    /tmp
	 User Accounts
	 Home Directories
	    Shell History
	    ssh
	    GNOME Windows Manager Artifacts
	 Logs
	    User Activity Logs 
	    Syslog 
	    Command Line Log Processing 
	 Scheduling Tasks
	 Summary 
	 References
CHAPTER 6 Mac OS X Systems and Artifacts
	 Introduction
	 OS X File System Artifacts
	    HFS+ Structures
	 OS X System Artifacts
	    Property Lists 
	    Bundles
	    System Startup and Services
	    Kexts
	    Network Configuration
	    Hidden Directories 
	    viii Contents
	    Installed Applications
	    Swap and Hibernation dataData 
	    System Logs
	 User Artifacts
	    Home Directories 
	 Summary 
	 References
CHAPTER 7 Internet Artifacts
	 Introduction
	 Browser Artifacts 
	    Internet Explorer
	    Firefox 
	    Chrome 
	    Safari 
	 Mail Artifacts
	    Personal Storage Table 
	    mbox and maildir 
	 Summary 
	 References
CHAPTER 8 File Analysis
	 File Analysis Concepts
	    Content Identification
	    Content Examination
	    Metadata Extraction 
	 Images
	    JPEG
	    GIF 
	    PNG
	    TIFF
	 Audio
	    WAV 
	    MPEG-3/MP3
	    MPEG-4 Audio (AAC/M4A)
	    ASF/WMA 
	 Video 
	    MPEG-1 and MPEG-2 
	    MPEG-4 Video (MP4)
	    AVI 
	    ASF/WMV 
	    Contents ix
	    MOV (Quicktime) 
	    MKV
	 Archives 
	    ZIP
	    RAR
	    7-zip
	    TAR, GZIP, and BZIP2 
	 Documents
	    OLE Compound Files (Office Documents)
	    Office Open XML 
	    OpenDocument Format 
	    Rich Text Format
	    PDF
	 Summary 
	 References
CHAPTER 9 Automating Analysis and Extending Capabilities
	 Introduction
	 Graphical Investigation Environments
	    PyFLAG 
	    Digital Forensics Framework 
	 Automating Artifact Extraction
	    Fiwalk
	 Timelines
	    Relative Times
	    Inferred Times
	    Embedded Times
	    Periodicity 
	    Frequency Patterns and Outliers (Least Frequency of Occurrence)
	 Summary 
	 References
Appendix A Free, Non-open Tools of Note
	 Introduction
	 Chapter 3: Disk and File System Analysis
	    FTK Imager
	    ProDiscover Free
	 Chapter 4: Windows Systems and Artifacts
	    Windows File Analysis
	    Event Log Explorer 
	    Log Parser
	    x Contents
	 Chapter 7: Internet Artifacts
	    NirSoft Tools
	    Woanware Tools
	 Chapter 8: File Analysis
	    Mitec.cz: Structured Storage Viewer
	    OffVis
	    FileInsight
	 Chapter 9: Automating Analysis and Extending Capabilities
	    Mandiant: Highlighter
	    CaseNotes
	 Validation and Testing Resources 
	    Digital Corpora
	    Digital Forensics Tool Testing Images
	    Electronic Discovery Reference Model
	    Digital Forensics Research Workshop Challenges
	    Additional Images
	 References

Digital Forensics with Open Source Tools

Released: 2011
Author(s): Cory Altheide, Harlan Carvey

Description

The Definitive Guide to File System Analysis: Key Concepts and Hands-on Techniques

Most digital evidence is stored within the computer's file system, but understanding how file systems work is one of the most technically challenging concepts for a digital investigator because there exists little documentation. Now, security expert Brian Carrier has written the definitive reference for everyone who wants to understand and be able to testify about how file system analysis is performed.

Carrier begins with an overview of investigation and computer foundations and then gives an authoritative, comprehensive, and illustrated overview of contemporary volume and file systems: Crucial information for discovering hidden evidence, recovering deleted data, and validating your tools. Along the way, he describes data structures, analyzes example disk images, provides advanced investigation scenarios, and uses today's most valuable open source file system analysis tools—including tools he personally developed. Coverage includes

Preserving the digital crime scene and duplicating hard disks for "dead analysis"
Identifying hidden data on a disk's Host Protected Area (HPA)
Reading source data: Direct versus BIOS access, dead versus live acquisition, error handling, and more
Analyzing DOS, Apple, and GPT partitions; BSD disk labels; and Sun Volume Table of Contents using key concepts, data structures, and specific techniques
Analyzing the contents of multiple disk volumes, such as RAID and disk spanning
Analyzing FAT, NTFS, Ext2, Ext3, UFS1, and UFS2 file systems using key concepts, data structures, and specific techniques
Finding evidence: File metadata, recovery of deleted files, data hiding locations, and more
Using The Sleuth Kit (TSK), Autopsy Forensic Browser, and related open source tools

When it comes to file system analysis, no other book offers this much detail or expertise. Whether you're a digital forensics specialist, incident response team member, law enforcement officer, corporate security specialist, or auditor, this book will become an indispensable resource for forensic investigations, no matter what analysis tools you use.

Part I: Foundations
1. Digital Investigation Foundations
2. Computer Foundations
3. Hard Disk Data Acquisition

Part II: Volume Analysis
4. Volume Analysis
5. PC-based Partitions
6. Server-based Partitions
7. Multiple Disk Volumes

Part III: File System Analysis
8. File System Analysis
9. FAT Concepts and Analysis
10. FAT Data Structures
11. NTFS Concepts
12. NTFS Analysis
13. NTFS Data Structures
14. Ext2 and Ext3 Concepts and Analysis
15. Ext2 and Ext3 Data Structures
16. UFS1 and UFS2 Concepts and Analysis
17. UFS1 and UFS2 Data Structures
A. The Sleuth Kit and Autopsy

File System Forensic Analysis

Released: 2005
Author(s): Brian Carrier

Description

The Definitive Guide to Computer Forensics: Theory and Hands-On Practice

Computer forensics--the art and science of gathering and analyzing digital evidence, reconstructing data and attacks, and tracking perpetrators--is becoming ever more important as IT and law enforcement professionals face an epidemic in computer crime. In Forensic Discovery, two internationally recognized experts present a thorough and realistic guide to the subject.

Dan Farmer and Wietse Venema cover both theory and hands-on practice, introducing a powerful approach that can often recover evidence considered lost forever.

The authors draw on their extensive firsthand experience to cover everything from file systems, to memory and kernel hacks, to malware. They expose a wide variety of computer forensics myths that often stand in the way of success. Readers will find extensive examples from Solaris, FreeBSD, Linux, and Microsoft Windows, as well as practical guidance for writing one's own forensic tools. The authors are singularly well-qualified to write this book: They personally created some of the most popular security tools ever written, from the legendary SATAN network scanner to the powerful Coroner's Toolkit for analyzing UNIX break-ins.

After reading this book you will be able to

Understand essential forensics concepts: volatility, layering, and trust
Gather the maximum amount of reliable evidence from a running system
Recover partially destroyed information--and make sense of it
Timeline your system: understand what really happened when
Uncover secret changes to everything from system utilities to kernel modules
Avoid cover-ups and evidence traps set by intruders
Identify the digital footprints associated with suspicious activity
Understand file systems from a forensic analyst's point of view
Analyze malware--without giving it a chance to escape
Capture and examine the contents of main memory on running systems
Walk through the unraveling of an intrusion, one step at a time

The book's companion Web site contains complete source and binary code for open source software discussed in the book, plus additional computer forensics case studies and resource links.

Preface
Introduction to Part 1
Chapter 1 - The spirit of forensic discovery
Chapter 2 - Time Machines
Introduction to Part 2
Chapter 3 - File sytem basics
Chapter 4 - File system analysis
Chapter 5 - Systems and subversion
Chapter 6 - Malware analysis basics
Introduction to Part 3
Chapter 7 - Persistence of deleted file information
Chapter 8 - Beyond Processes
Appendix A
Appendix B

Forensic Discovery

Released: 2005
Author(s): Dan Farmer, Wietse Venema

Real Digital Forensics

Computer Security and Incident Response

Released: 2005
Author(s): Keith J. Jones, Richard Bejtlich, Curtis W. Rose

Hacking

🔝

Gray Hat Hacking

The Ethical Hacker's Handbook

Released: 2018 (5th edition)
Author(s): Allen Harper, Daniel Regalado, Ryan Linn, Stephen Sims, Branko Spasojevic, Linda Martinez, Michael Baucom, Chris Eagle, Shon Harris

The Hacker Playbook 3

Practical Guide To Penetration Testing

Released: 2018
Author(s): Peter Kim

Pentesting Azure Applications

The Definitive Guide to Testing and Securing Deployments

Released: 2018
Author(s): Matt Burrough

Kali Linux Revealed

Mastering the Penetration Testing Distribution

Released: 2017
Author(s): Raphael Hertzog, Jim O'Gorman

Advanced Penetration Testing

Hacking the World's Most Secure Networks

Released: 2017
Author(s): Wil Allsopp

Game Hacking

Developing Autonomous Bots for Online Games

Released: 2016
Author(s): Nick Cano

Rtfm: Red Team Field Manual

Released: 2014
Author(s): Ben Clark

Penetration Testing

A Hands-On Introduction to Hacking

Released: 2014
Author(s): Georgia Weidman

Metasploit

The Penetration Tester's Guide

Released: 2011
Author(s): David Kennedy, Jim O'Gorman, Devon Keams, Mati Aharoni

Hardware Hacking / IoT

🔝

The IoT Hacker's Handbook

A Practical Guide to Hacking the Internet of Things

Released: 2019
Author(s): Aditya Gupta

Practical Industrial Internet of Things Security

A practitioner's guide to securing connected industries

Released: 2018
Author(s): Sravani Bhattacharjee

Hardware Security

A Hands-on Learning Approach

Released: 2018
Author(s): Swarup Bhunia, Mark Tehranipoor

Industrial / SCADA

🔝

Handbook of SCADA/Control Systems Security

Released: 2016 (2nd edition)
Author(s): Robert Radvanovsky, Jacob Brodsky

Hacking Exposed Industrial Control Systems

ICS and SCADA Security Secrets & Solutions

Released: 2016
Author(s): Clint Bodungen, Bryan Singer, Aaron Shbeeb, Kyle Wilhoit, Stephen Hilt

Countdown to Zero Day

Stuxnet and the Launch of the World's First Digital Weapon

Released: 2015
Author(s): Kim Zetter

Industrial Network Security

Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems

Released: 2014 (2nd edition)
Author(s): Eric D. Knapp, Joel Thomas Langill

Applied Cyber Security and the Smart Grid

Implementing Security Controls into the Modern Power Infrastructure

Released: 2013
Author(s): Eric D. Knapp, Raj Samani

Robust Control System Networks

How to achieve reliable control after Stuxnet

Released: 2011
Author(s): Ralph Langner

Cybersecurity for Industrial Control Systems

SCADA, DCS, PLC, HMI, and SIS

Released: 2011
Author(s): Tyson Macaulay, Bryan L. Singer

Machine Learning / Data Science

🔝

Machine Learning and Security

Protecting Systems with Data and Algorithms

Released: 2018
Author(s): Clarence Chio, David Freeman

Malware Data Science

Attack Detection and Attribution

Released: 2018
Author(s): Joshua Saxe, Hillary Sanders

Mainframes

🔝

Introduction to the New Mainframe

z/OS Basics

Released: 2011
Author(s): Mike Ebbers, John Kettner, Wayne O'Brien, Bill Ogden

Mastering IBM i

The Complete Resource for Today's IBM i System

Released: 2011
Author(s): Jim Buck, Jerry Fottral

Mainframe Basics for Security Professionals

Getting Started with RACF

Released: 2008
Author(s): Ori Pomerantz, Barbara Vander Weele, Mark Nelson, Tim Hahn

Hacking iSeries

Released: 2006
Author(s): Shalom Carmel

Experts' Guide to OS/400 & i5/OS Security

Released: 2004
Author(s): Carol Woodbury, Patrick Botz

Malware

🔝

Practical Malware Analysis

The Hands-On Guide to Dissecting Malicious Software

Released: 2012
Author(s): Michael Sikorski, Andrew Honig

The Rootkit Arsenal

Escape and Evasion in the Dark Corners of the System

Released: 2012 (2nd edition)
Author(s): Bill Blunden

Malware Analyst's Cookbook

Tools and Techniques for Fighting Malicious Code

Released: 2010
Author(s): Michael Ligh, Steven Adair, Blake Hartstein, Matthew Richard

Malware Forensics

Investigating and Analyzing Malicious Code

Released: 2008
Author(s): Cameron H. Malin, Eoghan Casey, James M. Aquilina

The Art of Computer Virus Research and Defense

Released: 2005
Author(s): Peter Szor

Malicious Cryptography

Exposing Cryptovirology

Released: 2004
Author(s): Adam Young, Moti Yung

Mobile

🔝

iOS Application Security

The Definitive Guide for Hackers and Developers

Released: 2016
Author(s): David Thiel

The Mobile Application Hacker's Handbook

Released: 2015
Author(s): Dominic Chell, Tyrone Erasmus, Shaun Colley, Ollie Whitehouse

Android Security Internals

An In-Depth Guide to Android's Security Architecture

Released: 2014
Author(s): Nikolay Elenkov

Android Hacker's Handbook

Released: 2014
Author(s): Joshua J. Drake, Zach Lanier, Collin Mulliner, Pau Oliva Fora, Stephen A. Ridley, Georg Wicherski

iOS Hacker's Handbook

Released: 2012
Author(s): Charlie Miller, Dion Blazakis, Dino DaiZovi, Stefan Esser, Vincenzo Iozzo, Ralf-Philipp Weinmann

Decompiling Android

Released: 2012
Author(s): Godfrey Nolan

Networking

🔝

Practical Packet Analysis

Using Wireshark to Solve Real-World Network Problems

Released: 2017 (3rd edition)
Author(s): Chris Sanders

Wireshark for Security Professionals

Using Wireshark and the Metasploit Framework

Released: 2017
Author(s): Jessey Bullock, Jeff T. Parker

Attacking Network Protocols

A Hacker's Guide to Capture, Analysis, and Exploitation

Released: 2017
Author(s): James Forshaw

Computer Networking

A Top-Down Approach

Released: 2016 (7th edition)
Author(s): Jim Kurose, Keith Ross

Mastering Nmap Scripting Engine

Released: 2015
Author(s): Paulino Calderon Pale

Hacking VoIP

Protocols, Attacks, and Countermeasures

Released: 2008
Author(s): Himanshu Dwivedi

Linux Firewalls

Attack Detection and Response with iptables, psad, and fwsnort

Released: 2007
Author(s): Michael Rash

OS: Generic

🔝

Computer Organization and Design

The Hardware Software Interface: ARM Edition

Released: 2016
Author(s): David A. Patterson, John L. Hennessy

Modern Operating Systems

Released: 2014 (4th edition)
Author(s): Andrew S. Tanenbaum, Herbert Bos

Operating System Concepts

Released: 2012 (9th edition)
Author(s): Abraham Silberschatz, Peter B. Galvin, Greg Gagne

Operating Systems In Depth

Design and Programming

Released: 2010
Author(s): Thomas W. Doeppner

OS: Linux

🔝

Linux Basics for Hackers

Getting Started with Networking, Scripting, and Security in Kali

Released: 2018
Author(s): OccupyTheWeb

Linux Kernel Development

A thorough guide to the design and implementation of the Linux kernel

Released: 2010 (3rd edition)
Author(s): Robert Love

The Linux Programming Interface

A Linux and UNIX System Programming Handbook

Released: 2010
Author(s): Michael Kerrisk

Solaris Internals

Solaris 10 and OpenSolaris Kernel Architecture

Released: 2006 (2nd edition)
Author(s): Richard McDougall

OS: Mac

🔝

MacOS and iOS Internals

Volume II: Kernel Mode

Released: 2019
Author(s): Jonathan Levin

MacOS and iOS Internals

Volume I: User Mode (v1.3)

Released: 2017
Author(s): Jonathan Levin

MacOS and iOS Internals

Volume III: Security & Insecurity

Released: 2016
Author(s): Jonathan Levin

Mac OS X and iOS Internals

To the Apple's Core

Released: 2012
Author(s): Jonathan Levin

OS X and iOS Kernel Programming

Released: 2011
Author(s): Ole Henry Halvorsen, Douglas Clarke

OS: Windows

🔝

Windows 10 System Programming

Part 1

Released: 2020
Author(s): Pavel Yosifovich

Windows Kernel Programming

Released: 2019
Author(s): Pavel Yosifovich

Windows Internals

Part 1: System architecture, processes, threads, memory management, and more

Released: 2017 (7th edition)
Author(s): Pavel Yosifovich, Alex Ionescu, Mark E. Russinovich, David A. Solomon

Windows 10 Forensic Analysis

Released: 2016
Author(s): Rhys P J Evans

Windows Forensic Analysis Toolkit

Advanced Analysis Techniques for Windows 8

Released: 2014 (4th edition)
Author(s): Harlan Carvey

Windows Forensic Analysis Toolkit

Advanced Analysis Techniques for Windows 7

Released: 2012 (3rd edition)
Author(s): Harlan Carvey

What Makes It Page?

The Windows 7 (x64) Virtual Memory Manager

Released: 2012
Author(s): Enrico Martignetti

Physical Security / Lockpicking

🔝

The Complete Book of Locks and Locksmithing

Released: 2016 (7th edition)
Author(s): Bill Phillips

Car Hacker's Handbook

A Guide for the Penetration Tester

Released: 2016
Author(s): Craig Smith

Practical Lock Picking

A Physical Penetration Tester's Training Guide

Released: 2012 (2nd edition)
Author(s): Deviant Ollam

Keys to the Kingdom

Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks

Released: 2012
Author(s): Deviant Ollam

Visual Guide to Lock Picking

Released: 2007 (3rd edition)
Author(s): Mark McCloud, Gonzalez de Santos

Programming

🔝

Black Hat Go

Go Programming for Hackers and Pentesters

Released: 2020
Author(s): Tom Steele, Chris Patten, Dan Kottmann

Modern C

Released: 2019
Author(s): Jens Gustedt

Gray Hat C#

A Hacker's Guide to Creating and Automating Security Tools

Released: 2017
Author(s): Brandon Perry

Black Hat Python

Python Programming for Hackers and Pentesters

Released: 2014
Author(s): Justin Seitz

Threat Modeling

Designing for Security

Released: 2014
Author(s): Adam Shostack

Violent Python

A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers

Released: 2012
Author(s): TJ O'Connor

Hacker's Delight

Released: 2012 (2nd edition)
Author(s): Henry S. Warren

Gray Hat Python

Python Programming for Hackers and Reverse Engineers

Released: 2009
Author(s): Justin Seitz

Assembly Language Step-by-step

Programming with Linux

Released: 2009 (3rd edition)
Author(s): Jeff Duntemann

Surreptitious Software

Obfuscation, Watermarking, and Tamperproofing for Software Protection

Released: 2009
Author(s): Christian Collberg, Jasvir Nagra

ATL Internals: Working with ATL 8

Released: 2006 (2nd edition)
Author(s): Christopher Tavares, Kirk Fertitta, Brent E. Rector, Chris Sells

Reverse Engineering

🔝

The Ghidra Book

The Definitive Guide

Released: 2020
Author(s): Chris Eagle, Kara Nance

Rootkits and Bootkits

Reversing Modern Malware and Next Generation Threats

Released: 2019
Author(s): Alex Matrosov, Eugene Rodionov, Sergey Bratus

Practical Binary Analysis

Build Your Own Linux Tools for Binary Instrumentation, Analysis, and Disassembly

Released: 2018
Author(s): Dennis Andriesse

Practical Reverse Engineering

x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation

Released: 2014
Author(s): Bruce Dang, Alexandre Gazet, Elias Bachaalany, Sébastien Josse

Decompiling Java

Released: 2014
Author(s): Godfrey Nolan

The IDA Pro Book

The Unofficial Guide to the World's Most Popular Disassembler

Released: 2011 (2nd edition)
Author(s): Chris Eagle

Hacker Disassembling Uncovered

Released: 2007 (2nd edition)
Author(s): Kris Kaspersky

BIOS Disassembly Ninjutsu Uncovered

Released: 2006
Author(s): Darmawan Salihun

Reversing

Secrets of Reverse Engineering

Released: 2005
Author(s): Eldad Eilam

Secure Code Review

🔝

Secure Coding in C and C++

SEI Series in Software Engineering

Released: 2013 (2nd edition)
Author(s): Robert C. Seacord

The CERT Oracle Secure Coding Standard for Java

SEI Series in Software Engineering

Released: 2011
Author(s): Fred Long, Dhruv Mohindra, Robert C. Seacord, Dean F. Sutherland, David Svoboda

The Art of Software Security Assessment

Identifying and Preventing Software Vulnerabilities

Released: 2006
Author(s): Mark Dowd, John McDonald, Justin Schuh

Security

🔝

Foundations of Information Security

A Straightforward Introduction

Released: 2019
Author(s): Jason Andress

Secrets and Lies

Digital Security in a Networked World

Released: 2015 (15th edition)
Author(s): Bruce Schneier

Security Engineering

A Guide to Building Dependable Distributed Systems

Released: 2008 (2nd edition)
Author(s): Ross J. Anderson

Silence on the Wire

A Field Guide to Passive Reconnaissance and Indirect Attacks

Released: 2005
Author(s): Michal Zalewski

Social Engineering / Organisations

🔝

Social Engineering

The Science of Human Hacking

Released: 2018 (2nd edition)
Author(s): Christopher Hadnagy

Advanced Persistent Threat Hacking

The Art and Science of Hacking Any Organization

Released: 2014
Author(s): Tyler Wrightson

The Art of Intrusion

The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers

Released: 2005 (60282nd edition)
Author(s): Kevin D. Mitnick, William L. Simon

The Art of Deception

Controlling the Human Element of Security

Released: 2003
Author(s): Kevin D. Mitnick, William L. Simon

Threat Intelligence / OSINT

🔝

Hunting Cyber Criminals

A Hacker's Guide to Online Intelligence Gathering Tools and Techniques

Released: 2020
Author(s): Vinny Troia

Extreme Privacy

What It Takes to Disappear

Released: 2020
Author(s): Michael Bazzell

Open Source Intelligence Techniques

Resources for Searching and Analyzing Online Information

Released: 2019 (7th edition)
Author(s): Michael Bazzell

Web

🔝

Web Security for Developers

Released: 2020
Author(s): Malcolm McDonald

Real-World Bug Hunting

A Field Guide to Web Hacking

Released: 2019
Author(s): Peter Yaworski

The Browser Hacker's Handbook

Released: 2014
Author(s): Wade Alcorn, Christian Frichot, Michele Orru

Burp Suite Essentials

Released: 2014
Author(s): Akash Mahajan

The Tangled Web

A Guide to Securing Modern Webapplications

Released: 2011
Author(s): Michal Zalewski

The Web Application Hacker's Handbook

Finding and Exploiting Security Flaws

Released: 2011 (2nd edition)
Author(s): Dafydd Stuttard, Marcus Pinto

Threat Hunting / Purple Teaming

🔝

Legacy

🔝

Windows System Programming

Released: 2015 (4th edition)
Author(s): Johnson M. Hart

CLR via C#

Released: 2012 (4th edition)
Author(s): Jeffrey Richter

OS X and iOS Kernel Programming

Released: 2011
Author(s): Ole Henry Halvorsen, Douglas Clarke

TCP/IP Illustrated, Volume 1: The Protocols

Released: 2011 (2nd edition)
Author(s): Kevin R. Fall, W. Richard Stevens

Microsoft SQL Server 2008 Internals

Developer Reference

Released: 2009
Author(s): Kalen Delaney, Paul S. Randal, Kimberly L. Tripp, Conor Cunninghan, Adam Machanic, Benjamin Nevarez

The Mac Hacker's Handbook

Released: 2009
Author(s): Charlie Miller, Dino Dai Zovi

SQL Server Forensic Analysis

Released: 2008
Author(s): Kevvie Fowler

Designing BSD Rootkits

An Introduction to Kernel Hacking

Released: 2007
Author(s): Joseph Kong

Windows Via C/C++

Released: 2007 (5th edition)
Author(s): Jeffrey Richter, Christophe Nasarre

Mac OS X Internals

A Systems Approach

Released: 2006
Author(s): Amit Singh

Understanding the Linux Kernel

Released: 2005 (3rd edition)
Author(s): Daniel P. Bovet, Marco Cesati

Linux Device Drivers

Released: 2005 (3rd edition)
Author(s): Jonathan Corbet, Alessandro Rubini, Greg Kroah-Hartman

Rootkits

Subverting the Windows Kernel

Released: 2005
Author(s): Greg Hoglund, Jamie Butler

Practical Cryptography

Released: 2003
Author(s): Niels Ferguson, Bruce Schneier

The Code Book

The Science of Secrecy from Ancient Egypt to Quantum Cryptography

Released: 2000
Author(s): Simon Singh

Windows NT Device Driver Development

Released: 1998
Author(s): Peter G. Viscarola, W. Anthony Mason

Essential COM

Released: 1998
Author(s): Don Box

Windows NT File System Internals

A Developer's Guide

Released: 1997
Author(s): Rajeev Nagar

The Codebreakers

The Comprehensive History of Secret Communication from Ancient Times to the Internet

Released: 1996
Author(s): David Kahn

Handbook of Applied Cryptography

Released: 1996
Author(s): Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone

Applied Cryptography

Protocols, Algorithms and Source Code in C

Released: 1995 (2nd edition)
Author(s): Bruce Schneier

The C Programming Language

Released: 1988 (2nd edition)
Author(s): Brian W. Kernighan, Dennis M. Ritchie

Future Releases

🔝

Windows Internals

Part 2

Will be released: 2021 (7th edition)
Author(s): Mark E. Russinovich, Andrea Allievi, Alex Ionescu, David A. Solomon

The Hardware Hacking Handbook

Breaking Embedded Security with Hardware Attacks

Will be released: 2021
Author(s): Jasper van Woudenberg, Colin O'Flynn