This is a curated collection of books I would recommend to anybody active in Information Security or with ambitions in any of these subjects. Please note that I did not write/publish/etc any of them. If you find links that are broken, or think something should be added, feel free to let me know.
Latest Changes
Sept 6th, 2020
Instead of linking the images directly to the external resource for a book, make it open a modal with extra information.
Added a Description and (where available in text form) Table of Contents for many books, inside the new modal. These sections will be filled in for all other books in the list soon.
Added 'top' links to each category for easier navigation.
Sept 5th, 2020
New categories
Threat Intelligence / OSINT
Hardware Hacking / IoT
Mainframes
New Books
Blue Team / Defense Blue Team Field Manual (BTFM)
Blue Team / Defense Blue Team Handbook: SOC, SIEM, and Threat Hunting
Blue Team / Defense Intrusion Detection Honeypots
Databases Pro SQL Server Internals
Forensics Practical Forensic Imaging
Hacking Game Hacking
Hacking Pentesting Azure Applications
Hardware Hacking / IoT Hardware Security
Hardware Hacking / IoT Practical Industrial Internet of Things Security
Hardware Hacking / IoT The IoT Hacker's Handbook
Industrial / SCADA Applied Cyber Security and the Smart Grid
Machine Learning / Data Science Malware Data Science
Mainframes Experts' Guide to OS/400 & i5/OS Security
Mainframes Hacking iSeries
Mainframes Introduction to the New Mainframe
Mainframes Mainframe Basics for Security Professionals
Mainframes Mastering IBM i
Networking Attacking Network Protocols
Networking Hacking VoIP
Networking Linux Firewalls
OS: Linux Linux Basics for Hackers
OS: Mac MacOS and iOS Internals: Volume I
OS: Mac MacOS and iOS Internals: Volume II
OS: Mac OS X and iOS Kernel Programming
OS: Windows Windows 10 System Programming
OS: Windows Windows Kernel Programming
Physical Security / Lockpicking Car Hacker's Handbook
Physical Security / Lockpicking The Complete Book of Locks and Locksmithing
Physical Security / Lockpicking Visual Guide to Lock Picking
Incident response is critical for the active defense of any network, and incident responders need up-to-date, immediately applicable techniques with which to engage the adversary. Applied Incident Response details effective ways to respond to advanced attacks against local and remote network resources, providing proven response techniques and a framework through which to apply them. As a starting point for new incident handlers, or as a technical reference for hardened IR veterans, this book details the latest techniques for responding to threats against your network, including:
Preparing your environment for effective incident response
Leveraging MITRE ATT&CK and threat intelligence for active network defense
Local and remote triage of systems using PowerShell, WMIC, and open-source tools
Acquiring RAM and disk images locally and remotely
Analyzing RAM with Volatility and Rekall
Deep-dive forensic analysis of system drives using open-source or commercial tools
Leveraging Security Onion and Elastic Stack for network security monitoring
Techniques for log analysis and aggregating high-value logs
Static and dynamic analysis of malware with YARA rules, FLARE VM, and Cuckoo Sandbox
Detecting and responding to lateral movement techniques, including pass-the-hash, pass-the-ticket, Kerberoasting, malicious use of PowerShell, and many more
Effective threat hunting techniques
Adversary emulation with Atomic Red Team
Improving preventive and detective controls
Table of Contents
Part I Prepare 1
Chapter 1 The Threat Landscape 3
Attacker Motivations 3
Intellectual Property Theft 4
Supply Chain Attack 4
Financial Fraud 4
Extortion 5
Espionage 5
Power 5
Hacktivism 6
Revenge 6
Attack Methods 6
DoS and DDoS 7
Worms 8
Ransomware 8
Phishing 9
Spear Phishing 9
Watering Hole Attacks 10
Web Attacks 10
Wireless Attacks 11
Sniffing and MitM 11
Crypto Mining 12
Password Attacks 12
Anatomy of an Attack 13
Reconnaissance 13
Exploitation 14
Expansion/Entrenchment 15
Exfiltration/Damage 16
Clean Up 16
The Modern Adversary 16
Credentials, the Keys to the Kingdom 17
Conclusion 20
Chapter 2 Incident Readiness 21
Preparing Your Process 21
Preparing Your People 27
Preparing Your Technology 30
Ensuring Adequate Visibility 33
Arming Your Responders 37
Business Continuity and Disaster Recovery 38
Deception Techniques 40
Conclusion 43
Part II Respond 45
Chapter 3 Remote Triage 47
Finding Evil 48
Rogue Connections 49
Unusual Processes 52
Unusual Ports 55
Unusual Services 56
Rogue Accounts 56
Unusual Files 58
Autostart Locations 59
Guarding Your Credentials 61
Understanding Interactive Logons 61
Incident Handling Precautions 63
RDP Restricted Admin Mode and Remote Credential Guard 64
Conclusion 65
Chapter 4 Remote Triage Tools 67
Windows Management Instrumentation Command-Line Utility 67
Understanding WMI and the WMIC Syntax 68
Forensically Sound Approaches 71
WMIC and WQL Elements 72
Example WMIC Commands 79
PowerShell 84
Basic PowerShell Cmdlets 87
PowerShell Remoting 91
Accessing WMI/MI/CIM with PowerShell 95
Incident Response Frameworks 98
Conclusion 100
Chapter 5 Acquiring Memory 103
Order of Volatility 103
Local Memory Collection 105
Preparing Storage Media 107
The Collection Process 109
Remote Memory Collection 117
WMIC for Remote Collection 119
PowerShell Remoting for Remote Collection 122
Agents for Remote Collection 125
Live Memory Analysis 128
Local Live Memory Analysis 129
Remote Live Memory Analysis 129
Conclusion 131
Chapter 6 Disk Imaging 133
Protecting the Integrity of Evidence 133
Dead-Box Imaging 137
Using a Hardware Write Blocker 139
Using a Bootable Linux Distribution 143
Live Imaging 149
Live Imaging Locally 149
Collecting a Live Image Remotely 154
Imaging Virtual Machines 155
Conclusion 160
Chapter 7 Network Security Monitoring 161
Security Onion 161
Architecture 162
Tools 165
Snort, Sguil, and Squert 166
Zeek (Formerly Bro) 172
Elastic Stack 182
Text-Based Log Analysis 194
Conclusion 197
Chapter 8 Event Log Analysis 199
Understanding Event Logs 199
Account-Related Events 207
Object Access 218
Auditing System Configuration Changes 221
Process Auditing 224
Auditing PowerShell Use 229
Using PowerShell to Query Event Logs 231
Conclusion 233
Chapter 9 Memory Analysis 235
The Importance of Baselines 236
Sources of Memory Data 242
Using Volatility and Rekall 244
Examining Processes 249
The pslist Plug-in 249
The pstree Plug-in 252
The dlllist Plug-in 255
The psxview Plug-in 256
The handles Plug-in 256
The malfi nd Plug-in 257
Examining Windows Services 259
Examining Network Activity 261
Detecting Anomalies 264
Practice Makes Perfect 273
Conclusion 274
Chapter 10 Malware Analysis 277
Online Analysis Services 277
Static Analysis 280
Dynamic Analysis 286
Manual Dynamic Analysis 287
Automated Malware Analysis 299
Evading Sandbox Detection 305
Reverse Engineering 306
Conclusion 309
Chapter 11 Disk Forensics 311
Forensics Tools 312
Time Stamp Analysis 314
Link Files and Jump Lists 319
Prefetch 321
System Resource Usage Monitor 322
Registry Analysis 324
Browser Activity 333
USN Journal 337
Volume Shadow Copies 338
Automated Triage 340
Linux/UNIX System Artifacts 342
Conclusion 344
Chapter 12 Lateral Movement Analysis 345
Server Message Block 345
Pass-the-Hash Attacks 351
Kerberos Attacks 353
Pass-the-Ticket and Overpass-the-Hash Attacks 354
Golden and Silver Tickets 361
Kerberoasting 363
PsExec 365
Scheduled Tasks 368
Service Controller 369
Remote Desktop Protocol 370
Windows Management Instrumentation 372
Windows Remote Management 373
PowerShell Remoting 374
SSH Tunnels and Other Pivots 376
Conclusion 378
Part III Refine 379
Chapter 13 Continuous Improvement 381
Document, Document, Document 381
Validating Mitigation Efforts 383
Building On Your Successes, and Learning from Your Mistakes 384
Improving Your Defenses 388
Privileged Accounts 389
Execution Controls 392
PowerShell 394
Segmentation and Isolation 396
Conclusion 397
Chapter 14 Proactive Activities 399
Threat Hunting 399
Adversary Emulation 409
Atomic Red Team 410
Caldera 415
Conclusion 416
Index 419
Applied Incident Response
Released: 2020 Author(s): Steve Anson
Practical Vulnerability Management
Description
Bugs: they’re everywhere. Software, firmware, hardware — they all have them. Bugs even live in the cloud. And when one of these bugs is leveraged to wreak havoc or steal sensitive information, a company’s prized technology assets suddenly become serious liabilities.
Fortunately, exploitable security weaknesses are entirely preventable; you just have to find them before the bad guys do. Practical Vulnerability Management will help you achieve this goal on a budget, with a proactive process for detecting bugs and squashing the threat they pose.
The book starts by introducing the practice of vulnerability management, its tools and components, and detailing the ways it improves an enterprise’s overall security posture. Then it’s time to get your hands dirty! As the content shifts from conceptual to practical, you’re guided through creating a vulnerability-management system from the ground up, using open-source software.
Along the way, you’ll learn how to:
Generate accurate and usable vulnerability intelligence
Scan your networked systems to identify and assess bugs and vulnerabilities
Prioritize and respond to various security risks
Automate scans, data analysis, reporting, and other repetitive tasks
Customize the provided scripts to adapt them to your own needs
Playing whack-a-bug won’t cut it against today’s advanced adversaries. Use this book to set up, maintain, and enhance an effective vulnerability management system, and ensure your organization is always a step ahead of hacks and attacks.
Table of Contents
Introduction
Part I: Vulnerability Management Basics
Chapter 1: Basic Concepts
Chapter 2: Sources of Information
Chapter 3: Vulnerability Scanners
Chapter 4: Automating Vulnerability Management
Chapter 5: Vulnerability Management Outcomes
Chapter 6: Vulnerability Management and Organizational Priorities
Part II: Hands-On Vulnerability Management
Chapter 7: Setting Up Your Environment
Chapter 8: Using the Data Collection Tools
Chapter 9: Getting Your Data Into a Usable Format
Chapter 10: Maintaining the Database
Chapter 11: Generating Asset and Vulnerability Reports
Chapter 12: Automating Scans and Reporting
Chapter 13: Advanced Reporting
Chapter 14: Advanced Topics
Chapter 15: Conclusion
Practical Vulnerability Management
A Strategic Approach to Managing Cyber Risk
Released: 2020 Author(s): Andrew Magnusson
Intrusion Detection Honeypots
Description
The foundational guide for using deception against computer network adversaries.
When an attacker breaks into your network, you have a home-field advantage. But how do you use it?
Intrusion Detection Honeypots is the foundational guide to building, deploying, and monitoring honeypots -- security resources whose value lies in being probed and attacked. These fake systems, services, and tokens lure attackers in, enticing them to interact. Unbeknownst to the attacker, those interactions generate logs that alert you to their presence and educate you about their tradecraft. Intrusion Detection Honeypots teaches you how to: - Use the See-Think-Do framework to integrate honeypots into your network and lure attackers into your traps.
Leverage honey services that mimic HTTP, SSH, and RDP.
Hide honey tokens amongst legitimate documents, files, and folders.
Entice attackers to use fake credentials that give them away.
Create honey commands, honey tables, honey broadcasts, and other unique detection tools that leverage deception.
Monitor honeypots for interaction and investigate the logs they generate.
With the techniques in this book, you can safely use honeypots inside your network to detect adversaries before they accomplish their goals.
Table of Contents
Chapter 1: A Brief History of Honeypots
Chapter 2: Defining and Classifying Honeypots
Chapter 3: Planning Honeypot-Based Detection
Chapter 4: Logging and Monitoring
Chapter 5: Building Your First Honeypot from Scratch
Chapter 6: Honey Services
Chapter 7: Honey Tokens
Chapter 8: Honey Credentials
Chapter 9: Unconventional Honeypots
Intrusion Detection Honeypots
Detection through Deception
Released: 2020 Author(s): Chris Sanders
Blue Team Handbook: SOC, SIEM, and Threat Hunting
Description
BTHb:SOCTH provides the security practitioner with numerous field notes on building a security operations team, managing SIEM, and mining data sources to get the maximum amount of information out of them with a threat hunting approach. The author shares his fifteen years of experience with SIEMs and security operations is a no frills, just information format.
Don Murdoch has implemented five major platforms, integrated over one hundred data sources into various platforms, and ran an MSSP practice for two years. This book covers the topics below using a “zero fluff” approach as if you hired him as a security consultant and were sitting across the table with him (or her).
The book begins with a discussion for professionals to help them build a successful business case and a project plan, decide on SOC tier models, anticipate and answer tough questions you need to consider when proposing a SOC, and considerations in building a logging infrastructure. The book goes through numerous data sources that feed a SOC and SIEM and provides specific real world guidance on how to use those data sources to best possible effect. Most of the examples presented were implemented in one organization or another. These uses cases explain on what to monitor, how to use a SIEM and how to use the data coming into the platform, both questions that Don found is often answered poorly by many vendors.
Several business concepts are also introduced, because they are often overlooked by IT: value chain, PESTL, and SWOT. Major sections include: An inventory of Security Operations Center (SOC) Services. Metrics, with a focus on objective measurements for the SOC, for analysts, and for SIEM's. SOC staff onboarding, training topics, and desirable skills. Along these lines, there is a chapter on a day in the life of a SOC analyst. Maturity analysis for the SOC and the log management program. Applying a Threat Hunt mindset to the SOC. A full use case template that was used within two major Fortune 500 companies, and is in active use by one major SIEM vendor, along with a complete example of how to build a SOC and SIEM focused use case. You can see the corresponding discussion of this chapter on YouTube. Just search for the 2017 Security Onion conference for the presentation. Critical topics in deploying SIEM based on experience deploying five different technical platforms for nineteen different organizations in education, nonprofit, and commercial enterprises from 160 to 30,000 personnel. Understanding why SIEM deployments fail with actionable compensators. Real life experiences getting data into SIEM platforms and the considerations for the many different ways to provide data. Issues relating to time, time management, and time zones.
Table of Contents
No table of contents available, please check the external site for more information.
Blue Team Handbook: SOC, SIEM, and Threat Hunting
A Condensed Guide for the Security Operations Team and Threat Hunter
Released: 2019 Author(s): Don Murdoch
Blue Team Field Manual (BTFM)
Description
Blue Team Field Manual (BTFM) is a Cyber Security Incident Response Guide that aligns with the NIST Cybersecurity Framework consisting of the five core functions of Identify, Protect, Detect, Respond, and Recover by providing the tactical steps to follow and commands to use when preparing for, working through and recovering from a Cyber Security Incident.
Table of Contents
0 preparation (documentation review) 8
key documents 9
review 9
1 identify (scope) 10
scanning and vulnerabilities 11
nmap .' . 11
nessus 11
openvas . 12
windows . 14
network discovery . 14
dhcp 14
dns 14
hashing ls
netbios . 16
user activity . 16
passwords 17
microsoft baseline security analyzer (mbsa) . 17
active directory inventory 17
linux . 20
network discovery . 20
dhcp 20
dns 21
hashing 21
netbios . 21
passwords 21
2 protect (defend) 22
windows . 23
disable/stop services 23
host system firewalls 23
passwords 25
host file . 25
whitelist . 26
application restrictions . 26
ipsec 30
active directory (ad) -group policy object (gpo) 31
stand alone system -without active directory {ad) 32
linux . 36
disable/stop services 36
host system firewalls 37
passwords 39
host file . 39
whitelist . 39
ipsec 40
3 detect {visibility} . 44
network monitoring . 45
tcpdump 45
tshark 48
snort so
network capture (pcap) tools . 51
editcap . 51
mergecap 51
honey techniques . 52
windows . 52
linux . 53
netcat 54
passive dns monitoring . 55
log auditing . 56
windows . 56
linux . 63
4 respond (analysis) 66
live triage-windows . 67
system information . 67
user information 67
network information . 68
service information . 68
policy, patch and settings information 69
autorun and auto load information 69
logs 75
files, drives and shares information . 76
live triage- linux . 79
system information . 79
user information 79
network information . 80
service information . 80
policy, patch and settings information 81
logs 82
files, drives and shares information . 82
malware analysis . 85
static analysis basics 85
identify malware 88
process explorer . 88
file hash analysis 90
hash query 90
hard drive and memory acquisition 91
windows . 91
linux . 91
5 recover (remediate) 94
patching 95
windows . 95
linux . 95
backup . 97
windows . 97
linux . 100
kill malware process . 101
windows . 101
linux . 101
6 tactics (tips & tricks) 102
os cheats . 103
windows . 103
linux . 105
decoding . 107
hex conversion 107
snort 109
snort rules . 109
dos/ddos . 112
fingerprint dos/ddos . 112
tool suites 115
prebuilt iso, virtual machine and distributions . 115
7 incident management (checklist) 118
incident response checklist 119
identification tasks 119
containment tasks . 121
remediation tasks . 122
other / lessons learned tasks 124
malware attributes checklist . 125
8 security incident identification (schema) 128
vocabulary for events recording and incident sharing (veris) 129
general 129
actor 131
action 132
asset . 135
attribute . 136
course of action . 137
kill chain mapping 138
gather data for mapping kill chain 138
prioritized defended asset list (pdal) . 139
gather data and prioritize assets to defend 139
10 index (a-z) 142
Blue Team Field Manual (BTFM)
Released: 2017 Author(s): Alan J White, Ben Clark
The Practice of Network Security Monitoring
Description
Network security is not simply about building impenetrable walls—determined attackers will eventually overcome traditional defenses. The most effective computer security strategies integrate network security monitoring (NSM): the collection and analysis of data to help you detect and respond to intrusions.
In The Practice of Network Security Monitoring, Mandiant CSO Richard Bejtlich shows you how to use NSM to add a robust layer of protection around your networks—no prior experience required. To help you avoid costly and inflexible solutions, he teaches you how to deploy, build, and run an NSM operation using open source software and vendor-neutral tools.
You'll learn how to: –Determine where to deploy NSM platforms, and size them for the monitored networks –Deploy stand-alone or distributed NSM installations –Use command line and graphical packet analysis tools, and NSM consoles –Interpret network evidence from server-side and client-side intrusions –Integrate threat intelligence into NSM software to identify sophisticated adversaries
There’s no foolproof way to keep attackers out of your network. But when they get in, you’ll be prepared. The Practice of Network Security Monitoring will show you how to build a security net to detect, contain, and control them. Attacks are inevitable, but losing sensitive data shouldn't be.
Table of Contents
Part I: Getting Started
Chapter 1: Network Security Monitoring Rationale
Chapter 2: Collecting Network Traffic: Access, Storage, and Management
Part II: Security Onion Deployment
Chapter 3: Stand-alone NSM Deployment and Installation
Chapter 4: Distributed Deployment
Chapter 5: SO Platform Housekeeping
Part III: Tools
Chapter 6: Command Line Packet Analysis Tools
Chapter 7: Graphical Packet Analysis Tools
Chapter 8: NSM Consoles
Part IV: NSM in Action
Chapter 9: NSM Operations
Chapter 10: Server-side Compromise
Chapter 11: Client-side Compromise
Chapter 12: Extending SO
Chapter 13: Proxies and Checksums
Conclusion
The Practice of Network Security Monitoring
Understanding Incident Detection and Response
Released: 2013 Author(s): Richard Bejtlich
Applied Network Security Monitoring
Description
Applied Network Security Monitoring is the essential guide to becoming an NSM analyst from the ground up. This book takes a fundamental approach to NSM, complete with dozens of real-world examples that teach you the key concepts of NSM.
Network security monitoring is based on the principle that prevention eventually fails. In the current threat landscape, no matter how much you try, motivated attackers will eventually find their way into your network. At that point, it is your ability to detect and respond to that intrusion that can be the difference between a small incident and a major disaster.
The book follows the three stages of the NSM cycle: collection, detection, and analysis. As you progress through each section, you will have access to insights from seasoned NSM professionals while being introduced to relevant, practical scenarios complete with sample data.
If you've never performed NSM analysis, Applied Network Security Monitoring will give you an adequate grasp on the core concepts needed to become an effective analyst. If you are already a practicing analyst, this book will allow you to grow your analytic technique to make you more effective at your job.
Table of Contents
Chapter 1. The Practice of Applied Network Security Monitoring
Abstract
Key NSM Terms
Intrusion Detection
Network Security Monitoring
Vulnerability-Centric vs. Threat-Centric Defense
The NSM Cycle: Collection, Detection, and Analysis
Challenges to NSM
Defining the Analyst
Security Onion
Conclusion
Section 1: Collection
Chapter 2. Planning Data Collection
Abstract
The Applied Collection Framework (ACF)
Case Scenario: Online Retailer
Conclusion
Chapter 3. The Sensor Platform
Abstract
NSM Data Types
Sensor Type
Sensor Hardware
Sensor Operating System
Sensor Placement
Securing the Sensor
Conclusion
Chapter 4. Session Data
Abstract
Flow Records
Collecting Session Data
Collecting and Analyzing Flow Data with SiLK
Collecting and Analyzing Flow Data with Argus
Session Data Storage Considerations
Conclusion
Chapter 5. Full Packet Capture Data
Abstract
Dumpcap
Daemonlogger
Netsniff-NG
Choosing the Right FPC Collection Tool
Planning for FPC Collection
Decreasing the FPC Data Storage Burden
Managing FPC Data Retention
Conclusion
Chapter 6. Packet String Data
Abstract
Defining Packet String Data
PSTR Data Collection
Viewing PSTR Data
Conclusion
Section 2: Detection
Chapter 7. Detection Mechanisms, Indicators of Compromise, and Signatures
Abstract
Detection Mechanisms
Indicators of Compromise and Signatures
Managing Indicators and Signatures
Indicator and Signature Frameworks
Conclusion
Chapter 8. Reputation-Based Detection
Abstract
Public Reputation Lists
Automating Reputation-Based Detection
Conclusion
Chapter 9. Signature-Based Detection with Snort and Suricata
Abstract
Snort
Suricata
Changing IDS Engines in Security Onion
Initializing Snort and Suricata for Intrusion Detection
Configuring Snort and Suricata
IDS Rules
Viewing Snort and Suricata Alerts
Conclusion
Chapter 10. The Bro Platform
Abstract
Basic Bro Concepts
Running Bro
Bro Logs
Creating Custom Detection Tools with Bro
Conclusion
Chapter 11. Anomaly-Based Detection with Statistical Data
Abstract
Top Talkers with SiLK
Service Discovery with SiLK
Furthering Detection with Statistics
Visualizing Statistics with Gnuplot
Visualizing Statistics with Google Charts
Visualizing Statistics with Afterglow
Conclusion
Chapter 12. Using Canary Honeypots for Detection
Abstract
Canary Honeypots
Types of Honeypots
Canary Honeypot Architecture
Honeypot Platforms
Conclusion
Section 3: Analysis
Chapter 13. Packet Analysis
Abstract
Enter the Packet
Packet Math
Dissecting Packets
Tcpdump for NSM Analysis
TShark for Packet Analysis
Wireshark for NSM Analysis
Packet Filtering
Conclusion
Chapter 14. Friendly and Threat Intelligence
Abstract
The Intelligence Cycle for NSM
Generating Friendly Intelligence
Generating Threat Intelligence
Conclusion
Chapter 15. The Analysis Process
Abstract
Analysis Methods
Analysis Best Practices
Incident Morbidity and Mortality
Conclusion
Appendix 1. Security Onion Control Scripts
High Level Commands
Server Control Commands
Sensor Control Commands
Appendix 2. Important Security Onion Files and Directories
Application Directories and Configuration Files
Sensor Data Directories
Appendix 3. Packet Headers
Appendix 4. Decimal / Hex / ASCII Conversion Chart
Index
Applied Network Security Monitoring
Collection, Detection, and Analysis
Released: 2013 Author(s): Chris Sanders, Jason Smith
Will your organization be protected the day a quantum computer breaks encryption on the internet?
Computer encryption is vital for protecting users, data, and infrastructure in the digital age. Using traditional computing, even common desktop encryption could take decades for specialized ‘crackers’ to break and government and infrastructure-grade encryption would take billions of times longer. In light of these facts, it may seem that today’s computer cryptography is a rock-solid way to safeguard everything from online passwords to the backbone of the entire internet. Unfortunately, many current cryptographic methods will soon be obsolete. In 2016, the National Institute of Standards and Technology (NIST) predicted that quantum computers will soon be able to break the most popular forms of public key cryptography. The encryption technologies we rely on every day—HTTPS, TLS, WiFi protection, VPNs, cryptocurrencies, PKI, digital certificates, smartcards, and most two-factor authentication—will be virtually useless. . . unless you prepare.
Cryptography Apocalypse is a crucial resource for every IT and InfoSec professional for preparing for the coming quantum-computing revolution. Post-quantum crypto algorithms are already a reality, but implementation will take significant time and computing power. This practical guide helps IT leaders and implementers make the appropriate decisions today to meet the challenges of tomorrow. This important book:
Gives a simple quantum mechanics primer
Explains how quantum computing will break current cryptography
Offers practical advice for preparing for a post-quantum world
Presents the latest information on new cryptographic methods
Describes the appropriate steps leaders must take to implement existing solutions to guard against quantum-computer security threats
Cryptography Apocalypse: Preparing for the Day When Quantum Computing Breaks Today's Crypto is a must-have guide for anyone in the InfoSec world who needs to know if their security is ready for the day crypto break and how to fix it.
Table of Contents
I Quantum Computing Primer 1
1 Introduction to Quantum Mechanics 3
What is Quantum Mechanics? 3
Quantum is Counterintuitive 4
Quantum Mechanics is Real 5
The Basic Properties of Quantum Mechanics 8
Photons and Quantum Mechanics 8
Photoelectric Effect 9
Wave-Particle Duality 10
Probability Principle 14
Uncertainty Principle 17
Spin States and Charges 20
Quantum Tunneling 20
Superposition 21
Observer Effect 22
No-Cloning Theorem 24
Spooky Entanglement 24
Decoherence 25
Quantum Examples in Our World Today 27
For Additional Information 28
Summary 29
2 Introduction to Quantum Computers 31
How are Quantum Computers Different? 31
Traditional Computers Use Bits 31
Quantum Computers Use Qubits 33
Quantum Computers are Not Ready for Prime Time Yet 37
Quantum Will Reign Supreme Soon 38
Quantum Computers Improve Qubits Using Error Correction 39
Types of Quantum Computers 44
Superconducting Quantum Computers 44
Quantum Annealing Computers 45
Universal Quantum Computers 47
Topological Quantum Computers 49
Microsoft Majorana Fermion Computers 50
Ion Trap Quantum Computers 51
Quantum Computers in the Cloud 53
Non-U.S. Quantum Computers 53
Components of a Quantum Computer 54
Quantum Software 55
Quantum Stack 55
Quantum National Guidance 56
National Policy Guidance 56
Money Grants and Investments 56
Other Quantum Information Science Besides Computers 57
For More Information 58
Summary 58
3 How Can Quantum Computing Break Today’s Cryptography? 59
Cryptography Basics 59
Encryption 59
Integrity Hashing 72
Cryptographic Uses 73
How Quantum Computers Can Break Cryptography 74
Cutting Time 74
Quantum Algorithms 76
What Quantum Can and Can’t Break 79
Still Theoretical 82
Summary 83
4 When Will the Quantum Crypto Break Happen? 85
It Was Always “10 Years from Now” 85
Quantum Crypto Break Factors 86
Is Quantum Mechanics Real? 86
Are Quantum Computers Real? 87
Is Superposition Real? 87
Is Peter Shor’s Algorithm Real? 88
Do We Have Enough Stable Qubits? 88
Quantum Resources and Competition 89
Do We Have Steady Improvement? 89
Expert Opinions 90
When the Quantum Cyber Break Will Happen 90
Timing Scenarios 90
When Should You Prepare? 93
Breakout Scenarios 95
Stays in the Realm of Nation-States for a Long Time 95
Used by Biggest Companies 97
Mass Proliferation 97
Most Likely Breakout Scenario 97
Summary 98
5 What Will a Post-Quantum World Look Like? 99
Broken Applications 99
Weakened Hashes and Symmetric Ciphers 100
Broken Asymmetric Ciphers 103
Weakened and Broken Random Number Generators 103
Weakened or Broken Dependent Applications 104
Quantum Computing 114
Quantum Computers 114
Quantum Processors 115
Quantum Clouds 115
Quantum Cryptography Will Be Used 116
Quantum Perfect Privacy 116
Quantum Networking Arrives 117
Quantum Applications 117
Better Chemicals and Medicines 118
Better Batteries 118
True Artificial Intelligence 119
Supply Chain Management 120
Quantum Finance 120
Improved Risk Management 120
Quantum Marketing 120
Better Weather Prediction 121
Quantum Money 121
Quantum Simulation 122
More Precise Military and Weapons 122
Quantum Teleportation 122
Summary 126
II Preparing for the Quantum Break 127
6 Quantum-Resistant Cryptography 129
NIST Post-Quantum Contest 129
NIST Security Strength Classifications 132
PKE vs. KEM 133
Formal Indistinguishability Assurances 134
Key and Ciphertext Sizes 135
Types of Post-Quantum Algorithms 136
Code-Based Cryptography 136
Hash-Based Cryptography 137
Lattice-Based Cryptography 138
Multivariate Cryptography 140
Supersingular Elliptic Curve Isogeny Cryptography 140
Zero-Knowledge Proof 141
Symmetric Key Quantum Resistance 142
Quantum-Resistant Asymmetric Encryption Ciphers 143
BIKE 145
Classic McEliece 145
CRYSTALS-Kyber 146
FrodoKEM 146
HQC 147
LAC 148
LEDAcrypt 148
NewHope 149
NTRU 149
NTRU Prime 150
NTS-KEM 150
ROLLO 151
Round5 151
RQC 151
SABER 152
SIKE 152
ThreeBears 153
General Observations on PKE and KEM Key and Ciphertext Sizes 155
Quantum-Resistant Digital Signatures 156
CRYSTALS-Dilithium 156
FALCON 157
GeMSS 158
LUOV 158
MQDSS 159
Picnic 159
qTESLA 160
Rainbow 160
SPHINCS+ 161
General Observations on Signature Key and Sizes 162
Caution Advised 164
A Lack of Standards 164
Performance Concerns 165
Lack of Verified Protection 165
For Additional Information 166
Summary 166
7 Quantum Cryptography 167
Quantum RNGs 168
Random is Not Always Random 168
Why is True Randomness So Important? 170
Quantum-Based RNGs 172
Quantum Hashes and Signatures 177
Quantum Hashes 177
Quantum Digital Signatures 178
Quantum Encryption Ciphers 180
Quantum Key Distribution 181
Summary 188
8 Quantum Networking 189
Quantum Network Components 189
Transmission Media 189
Distance vs. Speed 191
Point-to-Point 192
Trusted Repeaters 193
True Quantum Repeaters 194
Quantum Network Protocols 196
Quantum Network Applications 199
More Secure Networks 199
Quantum Computing Cloud 200
Better Time Syncing 200
Prevent Jamming 201
Quantum Internet 202
Other Quantum Networks 203
For More Information 204
Summary 204
9 Preparing Now 207
Four Major Post-Quantum Mitigation Phases 207
Stage 1: Strengthen Current Solutions 207
Stage 2: Move to Quantum-Resistant Solutions 211
Stage 3: Implement Quantum-Hybrid Solutions 213
Stage 4: Implement Fully Quantum Solutions 214
The Six Major Post-Quantum Mitigation Project Steps 214
Step 1: Educate 215
Step 2: Create a Plan 220
Step 3: Collect Data 225
Step 4: Analyze 226
Step 5: Take Action/Remediate 228
Step 6: Review and Improve 230
Summary 230
Appendix: Additional Quantum Resources 231
Index 239
Cryptography Apocalypse
Preparing for the Day When Quantum Computing Breaks Today's Crypto
Released: 2019 Author(s): Roger A. Grimes
Serious Cryptography
Description
This practical guide to modern encryption breaks down the fundamental mathematical concepts at the heart of cryptography without shying away from meaty discussions of how they work. You’ll learn about authenticated encryption, secure randomness, hash functions, block ciphers, and public-key techniques such as RSA and elliptic curve cryptography.
You'll also learn:
Key concepts in cryptography, such as computational security, attacker models, and forward secrecy
The strengths and limitations of the TLS protocol behind HTTPS secure websites
Quantum computation and post-quantum cryptography
About various vulnerabilities by examining numerous code examples and use cases
How to choose the best algorithm or protocol and ask vendors the right questions
Each chapter includes a discussion of common implementation mistakes using real-world examples and details what could go wrong and how to avoid these pitfalls.
Whether you’re a seasoned practitioner or a beginner looking to dive into the field, Serious Cryptography will provide a complete survey of modern encryption and its applications.
Bulletproof SSL and TLS is a complete guide to using SSL and TLS encryption to deploy secure servers and web applications. Written by Ivan Ristic, the author of the popular SSL Labs web site, this book will teach you everything you need to know to protect your systems from eavesdropping and impersonation attacks.
In this book, you'll find just the right mix of theory, protocol detail, vulnerability and weakness information, and deployment advice to get your job done:
Comprehensive coverage of the ever-changing field of SSL/TLS and Internet PKI, with updates to the digital version
For IT security professionals, help to understand the risks
For system administrators, help to deploy systems securely
For developers, help to design and implement secure web applications
Practical and concise, with added depth when details are relevant
Introduction to cryptography and the latest TLS protocol version
Discussion of weaknesses at every level, covering implementation issues, HTTP and browser problems, and protocol vulnerabilities
Coverage of the latest attacks, such as BEAST, CRIME, BREACH, Lucky 13, RC4 biases, Triple Handshake Attack, and Heartbleed
Thorough deployment advice, including advanced technologies, such as Strict Transport Security, Content Security Policy, and pinning
Guide to using OpenSSL to generate keys and certificates and to create and run a private certification authority
Guide to using OpenSSL to test servers for vulnerabilities
Practical advice for secure server configuration using Apache httpd, IIS, Java, Nginx, Microsoft Windows, and Tomcat
Table of Contents
Part I: SSL/TLS and PKI
1. SSL, TLS, and Cryptography
2. Protocol
3. Public Key Infrastructure
4. Attacks against PKI
5. HTTP and Browser Issues
6. Implementation Issues
7. Protocol Attacks
Part II: Deployment and Development
8. Deployment
9. Performance Optimization
10. HSTS, CSP and Pinning
Part III: Practical Configuration
11. OpenSSL Cookbook
12. Testing with OpenSSL
13. Configuring Apache
14. Configuring Java and Tomcat
15. Configuring Microsoft Windows and IIS
16. Configuring Nginx
Bulletproof SSL and TLS
Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications
Released: 2017 Author(s): Ivan Ristic
Introduction to Modern Cryptography
Description
Cryptography is ubiquitous and plays a key role in ensuring data secrecy and integrity as well as in securing computer systems more broadly. Introduction to Modern Cryptography provides a rigorous yet accessible treatment of this fascinating subject.
The authors introduce the core principles of modern cryptography, with an emphasis on formal definitions, clear assumptions, and rigorous proofs of security. The book begins by focusing on private-key cryptography, including an extensive treatment of private-key encryption, message authentication codes, and hash functions. The authors also present design principles for widely used stream ciphers and block ciphers including RC4, DES, and AES, plus provide provable constructions of stream ciphers and block ciphers from lower-level primitives. The second half of the book covers public-key cryptography, beginning with a self-contained introduction to the number theory needed to understand the RSA, Diffie-Hellman, and El Gamal cryptosystems (and others), followed by a thorough treatment of several standardized public-key encryption and digital signature schemes.
Integrating a more practical perspective without sacrificing rigor, this widely anticipated Second Edition offers improved treatment of:
Stream ciphers and block ciphers, including modes of operation and design principles
Authenticated encryption and secure communication sessions
Hash functions, including hash-function applications and design principles
Attacks on poorly implemented cryptography, including attacks on chained-CBC encryption, padding-oracle attacks, and timing attacks
The random-oracle model and its application to several standardized, widely used public-key encryption and signature schemes
Elliptic-curve cryptography and associated standards such as DSA/ECDSA and DHIES/ECIES
Containing updated exercises and worked examples, Introduction to Modern Cryptography, Second Edition can serve as a textbook for undergraduate- or graduate-level courses in cryptography, a valuable reference for researchers and practitioners, or a general introduction suitable for self-study.
Table of Contents
I Introduction and Classical Cryptography
1 Introduction 3
2 Perfectly Secret Encryption 25
3 Private-Key Encryption 43
4 Message Authentication Codes 107
5 Hash Functions and Applications 153
6 Practical Constructions of Symmetric-Key Primitives 193
7 Theoretical Constructions of Symmetric-Key Primitives 241
8 Number Theory and Cryptographic Hardness Assumptions 285
9 Algorithms for Factoring and Computing Discrete Logarithms 341
10 Key Management and the Public-Key Revolution 359
11 Public-Key Encryption 375
12 Digital Signature Schemes 439
13 Advanced Topics in Public-Key Encryption 487
Introduction to Modern Cryptography
Released: 2014 (2nd edition) Author(s): Jonathan Katz, Yehuda Lindell
Computational Number Theory and Modern Cryptography
Description
The only book to provide a unified view of the interplay between computationalnumber theory and cryptography
Computational number theory and modern cryptography are two of the most important and fundamental research fields in information security. In this book, Song Y. Yang combines knowledge of these two critical fields, providing a unified view of the relationships between computational number theory and cryptography. The author takes an innovative approach, presenting mathematical ideas first, thereupon treating cryptography as an immediate application of the mathematical concepts. The book also presents topics from number theory, which are relevant for applications in public-key cryptography, as well as modern topics, such as coding and lattice based cryptography for post-quantum cryptography. The author further covers the current research and applications for common cryptographic algorithms, describing the mathematical problems behind these applications in a manner accessible to computer scientists and engineers.
Makes mathematical problems accessible to computer scientists and engineers by showing their immediate application
Presents topics from number theory relevant for public-key cryptography applications
Covers modern topics such as coding and lattice based cryptography for post-quantum cryptography
Starts with the basics, then goes into applications and areas of active research
Geared at a global audience; classroom tested in North America, Europe, and Asia
Incudes exercises in every chapter
Instructor resources available on the book’s Companion Website
Computational Number Theory and Modern Cryptography is ideal for graduate and advanced undergraduate students in computer science, communications engineering, cryptography and mathematics. Computer scientists, practicing cryptographers, and other professionals involved in various security schemes will also find this book to be a helpful reference.
Table of Contents
Part I Preliminaries
1 Introduction 3
1.1 What is Number Theory? 3
1.2 What is Computation Theory? 9
1.3 What is Computational Number Theory? 15
1.4 What is Modern Cryptography? 29
1.5 Bibliographic Notes and Further Reading 32
References 32
2 Fundamentals 35
2.1 Basic Algebraic Structures 35
2.2 Divisibility Theory 46
2.3 Arithmetic Functions 75
2.4 Congruence Theory 89
2.5 Primitive Roots 131
2.6 Elliptic Curves 141
2.7 Bibliographic Notes and Further Reading 154
References 155
Part II Computational Number Theory
3 Primality Testing 159
3.1 Basic Tests 159
3.2 Miller–Rabin Test 168
3.3 Elliptic Curve Tests 173
3.4 AKS Test 178
3.5 Bibliographic Notes and Further Reading 187
References 188
4 Integer Factorization 191
4.1 Basic Concepts 191
4.2 Trial Divisions Factoring 194
4.3 ρ and p − 1 Methods 198
4.4 Elliptic Curve Method 205
4.5 Continued Fraction Method 209
4.6 Quadratic Sieve 214
4.7 Number Field Sieve 219
4.8 Bibliographic Notes and Further Reading 231
References 232
5 Discrete Logarithms 235
5.1 Basic Concepts 235
5.2 Baby-Step Giant-Step Method 237
5.3 Pohlig–Hellman Method 240
5.4 Index Calculus 246
5.5 Elliptic Curve Discrete Logarithms 251
5.6 Bibliographic Notes and Further Reading 260
References 261
Part III Modern Cryptography
6 Secret-Key Cryptography 265
6.1 Cryptography and Cryptanalysis 265
6.2 Classic Secret-Key Cryptography 277
6.3 Modern Secret-Key Cryptography 285
6.4 Bibliographic Notes and Further Reading 291
References 291
7 Integer Factorization Based Cryptography 293
7.1 RSA Cryptography 293
7.2 Cryptanalysis of RSA 302
7.3 Rabin Cryptography 319
7.4 Residuosity Based Cryptography 326
7.5 Zero-Knowledge Proof 331
7.6 Bibliographic Notes and Further Reading 335
References 335
8 Discrete Logarithm Based Cryptography 337
8.1 Diffie–Hellman–Merkle Key-Exchange Protocol 337
8.2 ElGamal Cryptography 342
8.3 Massey–Omura Cryptography 344
8.4 DLP-Based Digital Signatures 348
8.5 Bibliographic Notes and Further Reading 351
References 351
9 Elliptic Curve Discrete Logarithm Based Cryptography 353
9.1 Basic Ideas 353
9.2 Elliptic Curve Diffie–Hellman–Merkle Key Exchange Scheme 356
9.3 Elliptic Curve Massey–Omura Cryptography 360
9.4 Elliptic Curve ElGamal Cryptography 365
9.5 Elliptic Curve RSA Cryptosystem 370
9.6 Menezes–Vanstone Elliptic Curve Cryptography 371
9.7 Elliptic Curve DSA 373
9.8 Bibliographic Notes and Further Reading 374
References 375
Part IV Quantum Resistant Cryptography
10 Quantum Computational Number Theory 379
10.1 Quantum Algorithms for Order Finding 379
10.2 Quantum Algorithms for Integer Factorization 385
10.3 Quantum Algorithms for Discrete Logarithms 390
10.4 Quantum Algorithms for Elliptic Curve Discrete Logarithms 393
10.5 Bibliographic Notes and Further Reading 397
References 397
11 Quantum Resistant Cryptography 401
11.1 Coding-Based Cryptography 401
11.2 Lattice-Based Cryptography 403
11.3 Quantum Cryptography 404
11.4 DNA Biological Cryptography 406
11.5 Bibliographic Notes and Further Reading 409
Computational Number Theory and Modern Cryptography
Released: 2013 Author(s): Song Y. Yan
Cryptography Engineering
Description
The ultimate guide to cryptography, updated from an author team of the world's top cryptography experts.
Cryptography is vital to keeping information safe, in an era when the formula to do so becomes more and more challenging. Written by a team of world-renowned cryptography experts, this essential guide is the definitive introduction to all major areas of cryptography: message security, key negotiation, and key management. You'll learn how to think like a cryptographer. You'll discover techniques for building cryptography into products from the start and you'll examine the many technical changes in the field.
After a basic overview of cryptography and what it means today, this indispensable resource covers such topics as block ciphers, block modes, hash functions, encryption modes, message authentication codes, implementation issues, negotiation protocols, and more. Helpful examples and hands-on exercises enhance your understanding of the multi-faceted field of cryptography.
An author team of internationally recognized cryptography experts updates you on vital topics in the field of cryptography
Shows you how to build cryptography into products from the start
Examines updates and changes to cryptography
Includes coverage on key servers, message security, authentication codes, new standards, block ciphers, message authentication codes, and more
Cryptography Engineering gets you up to speed in the ever-evolving field of cryptography.
Table of Contents
Part I Introduction.
Chapter 1 The Context of Cryptography.
Chapter 2 Introduction to Cryptography.
Part II Message Security.
Chapter 3 Block Ciphers.
Chapter 4 Block Cipher Modes.
Chapter 5 Hash Functions.
Chapter 6 Message Authentication Codes.
Chapter 7 The Secure Channel.
Chapter 8 Implementation Issues (I).
Part III Key Negotiation.
Chapter 9 Generating Randomness.
Chapter 10 Primes.
Chapter 11 Diffie-Hellman.
Chapter 12 RSA.
Chapter 13 Introduction to Cryptographic Protocols.
Chapter 14 Key Negotiation.
Chapter 15 Implementation Issues (II).
Part IV Key Management.
Chapter 16 The Clock.
Chapter 17 Key Servers.
Chapter 18 The Dream of PKI.
Chapter 19 PKI Reality.
Chapter 20 PKI Practicalities.
Chapter 21 Storing Secrets.
Part V Miscellaneous.
Chapter 22 Standards and Patents.
Chapter 23 Involving Experts.
Cryptography Engineering
Design Principles and Practical Applications
Released: 2010 Author(s): Niels Ferguson, Bruce Schneier, Tadayoshi Kohno
Improve your ability to develop, manage, and troubleshoot SQL Server solutions by learning how different components work "under the hood," and how they communicate with each other. The detailed knowledge helps in implementing and maintaining high-throughput databases critical to your business and its customers. You'll learn how to identify the root cause of each problem and understand how different design and implementation decisions affect performance of your systems.
New in this second edition is coverage of SQL Server 2016 Internals, including In-Memory OLTP, columnstore enhancements, Operational Analytics support, Query Store, JSON, temporal tables, stretch databases, security features, and other improvements in the new SQL Server version. The knowledge also can be applied to Microsoft Azure SQL Databases that share the same code with SQL Server 2016.
Pro SQL Server Internals is a book for developers and database administrators, and it covers multiple SQL Server versions starting with SQL Server 2005 and going all the way up to the recently released SQL Server 2016. The book provides a solid road map for understanding the depth and power of the SQL Server database server and teaches how to get the most from the platform and keep your databases running at the level needed to support your business. The book:
Provides detailed knowledge of new SQL Server 2016 features and enhancements
Includes revamped coverage of columnstore indexes and In-Memory OLTP
Covers indexing and transaction strategies
Shows how various database objects and technologies are implemented internally, and when they should or should not be used
Demonstrates how SQL Server executes queries and works with data and transaction log
What You Will Learn
Design and develop database solutions with SQL Server.
Troubleshoot design, concurrency, and performance issues.
Choose the right database objects and technologies for the job.
Reduce costs and improve availability and manageability.
Design disaster recovery and high-availability strategies.
Improve performance of OLTP and data warehouse systems through in-memory OLTP and Columnstore indexes.
Who This Book Is For
Developers and database administrators who want to design, develop, and maintain systems in a way that gets the most from SQL Server. This book is an excellent choice for people who prefer to understand and fix the root cause of a problem rather than applying a 'band aid' to it.
Table of Contents
1. Tables and Indexes
1. Data Storage Internals
2. Tables and Indexes: Internal Structure and Access Methods
3. Statistics
4. Special Indexing and Storage Features
5. SQL Server 2016 Features
6. Index Fragmentation
7. Designing and Tuning the Indexes
2. Other Things That Matter
8. Constraints
9. Triggers
10. Views
11. User-Defined Functions
12. XML and JSON
13. Temporary Objects and TempDB
14. CLR
15. CLR Types
16. Data Partitioning
3. Locking, Blocking, and Concurrency
17. Lock Types and Transaction Isolation Levels
18. Troubleshooting Blocking Issues
19. Deadlocks
20. Lock Escalation
21. Optimistic Isolation Levels
22. Application Locks
23. Schema Locks
24. Designing Transaction Strategies
4. Query Life Cycle
25. Query Optimization and Execution
26. Plan Caching
5. Practical Troubleshooting
27. Extended Events
28. System Troubleshooting
29. Query Store
6. Inside the Transaction Log
30. Transaction Log Internals
31. Backup and Restore
32. High Availability Technologies
7. Columnstore Indexes
33. Column-Based Storage and Batch Mode Execution
34. Columnstore Indexes
8. In-Memory OLTP Engine
Part Frontmatter
35. In-Memory OLTP Internals
36. Transaction Processing in In-Memory OLTP
37. In-Memory OLTP Programmability
Pro SQL Server Internals
Released: 2016 (2nd edition) Author(s): Dmitri Korotkevitch
Microsoft SQL Server 2012 Internals
Description
Dive deep inside the architecture of SQL Server 2012
Explore the core engine of Microsoft SQL Server 2012—and put that practical knowledge to work. Led by a team of SQL Server experts, you’ll learn the skills you need to exploit key architectural features. Go behind the scenes to understand internal operations for creating, expanding, shrinking, and moving databases—whether you’re a database developer, architect, or administrator.
Discover how to:
Dig into SQL Server 2012 architecture and configuration
Use the right recovery model and control transaction logging
Reduce query execution time through proper index design
Track events, from triggers to the Extended Event Engine
Examine internal structures with database console commands
Transcend row-size limitations with special storage capabilities
Choose the right transaction isolation level and concurrency model
Take control over query plan caching and reuse
Table of Contents
1: SQL Server 2012 architecture and configuration
2: The SQLOS
3: Databases and database files
4: Special databases
5: Logging and recovery
6: Table storage
7: Indexes: internals and management
8: Special storage
9: Special indexes
10: Query execution
11: The Query Optimizer
12: Plan caching and recompilation
13: Transactions and concurrency
14: DBCC internals
Microsoft SQL Server 2012 Internals
Developer Reference
Released: 2013 Author(s): Kalen Delaney, Bob Beauchemin, Conor Cunningham, Jonathan Kehayias, Paul S. Randal, Benjamin Nevarez
The Database Hacker's Handbook
Description
Databases are the nerve center of our economy. Every piece of your personal information is stored there-medical records, bank accounts, employment history, pensions, car registrations, even your children's grades and what groceries you buy. Database attacks are potentially crippling-and relentless.
In this essential follow-up to The Shellcoder's Handbook, four of the world's top security experts teach you to break into and defend the seven most popular database servers. You'll learn how to identify vulnerabilities, how attacks are carried out, and how to stop the carnage. The bad guys already know all this. You need to know it too. * Identify and plug the new holes in Oracle and Microsoft(r) SQL Server * Learn the best defenses for IBM's DB2(r), PostgreSQL, Sybase ASE, and MySQL(r) servers * Discover how buffer overflow exploitation, privilege escalation through SQL, stored procedure or trigger abuse, and SQL injection enable hacker access * Recognize vulnerabilities peculiar to each database * Find out what the attackers already know
Go to www.wiley.com/go/dbhackershandbook for code samples, security alerts , and programs available for download.
Table of Contents
Part I: Introduction.
Chapter 1: Why Care About Database Security?
Part II: Oracle.
Chapter 2: The Oracle Architecture.
Chapter 3: Attacking Oracle.
Chapter 4: Oracle: Moving Further into the Network.
Chapter 5: Securing Oracle.
Part III: DB2.
Chapter 6: IBM DB2 Universal Database.
Chapter 7: DB2: Discovery, Attack, and Defense.
Chapter 8: Attacking DB2.
Chapter 9: Securing DB2.
Part IV: Informix.
Chapter 10: The Informix Architecture.
Chapter 11: Informix: Discovery, Attack, and Defense.
Chapter 12: Securing Informix.
Part V: Sybase ASE.
Chapter 13: Sybase Architecture.
Chapter 14: Sybase: Discovery, Attack, and Defense.
Chapter 15: Sybase: Moving Further into the Network.
Chapter 16: Securing Sybase.
Part VI: MySQL.
Chapter 17: MySQL Architecture.
Chapter 18: MySQL: Discovery, Attack, and Defense.
Chapter 19: MySQL: Moving Further into the Network.
Chapter 20: Securing MySQL.
Part VII: SQL Server.
Chapter 21: Microsoft SQL Server Architecture.
Chapter 22: SQL Server: Exploitation, Attack, and Defense.
Chapter 23: Securing SQL Server.
Part VIII: PostgreSQL.
Chapter 24: The PostgreSQL Architecture.
Chapter 25: PostgreSQL: Discovery and Attack.
Chapter 26: Securing PostgreSQL.
Appendix A: Example C Code for a Time-Delay SQL Injection Harness.
Appendix B: Dangerous Extended Stored Procedures.
Appendix C: Oracle Default Usernames and Passwords.
The Database Hacker's Handbook
Defending Database Servers
Released: 2005 Author(s): David Litchfield, Chris Anley, John Heasman, Bill Grindlay
A Bug Hunter's Diary follows security expert Tobias Klein as he tracks down and exploits bugs in some of the world's most popular software, like Apple's iOS, the VLC media player, web browsers, and even the Mac OS X kernel. In this one-of-a-kind account, you'll see how the developers responsible for these flaws patched the bugs—or failed to respond at all. As you follow Klein on his journey, you'll gain deep technical knowledge and insight into how hackers approach difficult problems and experience the true joys (and frustrations) of bug hunting.
Along the way you'll learn how to:
Use field-tested techniques to find bugs, like identifying and tracing user input data and reverse engineering
Exploit vulnerabilities like NULL pointer dereferences, buffer overflows, and type conversion flaws
Develop proof of concept code that verifies the security flaw
Report bugs to vendors or third party brokers
A Bug Hunter's Diary is packed with real-world examples of vulnerable code and the custom programs used to find and test bugs. Whether you're hunting bugs for fun, for profit, or to make the world a safer place, you'll learn valuable new skills by looking over the shoulder of a professional bug hunter in action.
Table of Contents
Chapter 1: Bug Hunting
Chapter 2: Back to the 90s
Chapter 3: Escape from the WWW Zone
Chapter 4: NULL Pointer FTW
Chapter 5: Browse and You're Owned
Chapter 6: One Kernel to Rule Them All
Chapter 7: A Bug Older Than 4.4BSD
Chapter 8: The Ringtone Massacre
Appendix A: Hints for Hunting
Appendix B: Debugging
Appendix C: Mitigation
A Bug Hunter's Diary
A Guided Tour Through the Wilds of Software Security
Released: 2011 Author(s): Tobias Klein
A Guide to Kernel Exploitation
Description
A Guide to Kernel Exploitation: Attacking the Core discusses the theoretical techniques and approaches needed to develop reliable and effective kernel-level exploits, and applies them to different operating systems, namely, UNIX derivatives, Mac OS X, and Windows. Concepts and tactics are presented categorically so that even when a specifically detailed vulnerability has been patched, the foundational information provided will help hackers in writing a newer, better attack; or help pen testers, auditors, and the like develop a more concrete design and defensive structure. The book is organized into four parts. Part I introduces the kernel and sets out the theoretical basis on which to build the rest of the book. Part II focuses on different operating systems and describes exploits for them that target various bug classes. Part III on remote kernel exploitation analyzes the effects of the remote scenario and presents new techniques to target remote issues. It includes a step-by-step analysis of the development of a reliable, one-shot, remote exploit for a real vulnerabilitya bug affecting the SCTP subsystem found in the Linux kernel. Finally, Part IV wraps up the analysis on kernel exploitation and looks at what the future may hold.
Table of Contents
Part I A Journey to Kernel Land
Chapter 1 From User-Land to Kernel-Land Attacks
Introduction
Introducing the Kernel and the World of Kernel Exploitation
Why Doesn’t My User-Land Exploit Work Anymore?
An Exploit Writer’s View of the Kernel
Open Source versus Closed Source Operating Systems
Summary
Related Reading
Endnote
Chapter 2 A Taxonomy of Kernel Vulnerabilities
Introduction
Uninitialized/Nonvalidated/Corrupted Pointer Dereference
Memory Corruption Vulnerabilities
Integer Issues
Race Conditions
Logic Bugs (a.k.a. the Bug Grab Bag)
Summary
Endnotes
Chapter 3 Stairway to Successful Kernel Exploitation
Introduction
A Look at the Architecture Level
The Execution Step
The Triggering Step
The Information-Gathering Step
Summary
Related Reading
Part II The UNIX Family, Mac OS X, and Windows
Chapter 4 The UNIX Family
Introduction
The Members of the UNIX Family
The Execution Step
Practical UNIX Exploitation
Summary
Endnotes
Chapter 5 Mac OS X
Introduction
An Overview of XNU
Kernel Debugging
Kernel Extensions (Kext)
The Execution Step
Exploitation Notes
Summary
Endnotes
Chapter 6 Windows
Introduction
Windows Kernel Overview
The Execution Step
Practical Windows Exploitation
Summary
Endnotes
Part III Remote Kernel Exploitation
Chapter 7 Facing the Challenges of Remote Kernel Exploitation
Introduction
Attacking Remote Vulnerabilities
Executing the First Instruction
Remote Payloads
Summary
Endnote
Chapter 8 Putting It All Together: A Linux Case Study
Introduction
SCTP FWD Chunk Heap Memory Corruption
Remote Exploitation: An Overall Analysis
Getting the Arbitrary Memory Overwrite Primitive
Installing the Shellcode
Executing the Shellcode
Summary
Related Reading
Endnote
Part IV Final Words
Chapter 9 Kernel Evolution: Future Forms of Attack and Defense
Introduction
Kernel Attacks
Kernel Defense
Beyond Kernel Bugs: Virtualization
Summary
Index
Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.
Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker's perspective.
The included LiveCD provides a complete Linux programming and debugging environment—all without modifying your current operating system. Use it to follow along with the book's examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to: – Program computers using C, assembly language, and shell scripts – Corrupt system memory to run arbitrary code using buffer overflows and format strings – Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening – Outsmart common security measures like nonexecutable stacks and intrusion detection systems – Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence – Redirect network traffic, conceal open ports, and hijack TCP connections – Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix
Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don't already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity.
Table of Contents
0x100. INTRODUCTION
0x200. PROGRAMMING
0x210. What Is Programming?
0x220. Pseudo-code
0x230. Control Structures
0x231. If-Then-Else
0x232. While/Until Loops
0x233. For Loops
0x240. More Fundamental Programming Concepts
0x241. Variables
0x242. Arithmetic Operators
0x243. Comparison Operators
0x244. Functions
0x250. Getting Your Hands Dirty
0x251. The Bigger Picture
0x252. The x86 Processor
0x253. Assembly Language
0x260. Back to Basics
0x261. Strings
0x262. Signed, Unsigned, Long, and Short
0x263. Pointers
0x264. Format Strings
0x265. Typecasting
0x266. Command-Line Arguments
0x267. Variable Scoping
0x270. Memory Segmentation
0x271. Memory Segments in C
0x272. Using the Heap
0x273. Error-Checked malloc()
0x280. Building on Basics
0x281. File Access
0x282. File Permissions
0x283. User IDs
0x284. Structs
0x285. Function Pointers
0x286. Pseudo-random Numbers
0x287. A Game of Chance
0x300. EXPLOITATION
0x310. Generalized Exploit Techniques
0x320. Buffer Overflows
0x321. Stack-Based Buffer Overflow Vulnerabilities
0x330. Experimenting with BASH
0x331. Using the Environment
0x340. Overflows in Other Segments
0x341. A Basic Heap-Based Overflow
0x342. Overflowing Function Pointers
0x350. Format Strings
0x351. Format Parameters
0x352. The Format String Vulnerability
0x353. Reading from Arbitrary Memory Addresses
0x354. Writing to Arbitrary Memory Addresses
0x355. Direct Parameter Access
0x356. Using Short Writes
0x357. Detours with .dtors
0x358. Another notesearch Vulnerability
0x359. Overwriting the Global Offset Table
0x400. NETWORKING
0x410. OSI Model
0x420. Sockets
0x421. Socket Functions
0x422. Socket Addresses
0x423. Network Byte Order
0x424. Internet Address Conversion
0x425. A Simple Server Example
0x426. A Web Client Example
0x427. A Tinyweb Server
0x430. Peeling Back the Lower Layers
0x431. Data-Link Layer
0x432. Network Layer
0x433. Transport Layer
0x440. Network Sniffing
0x441. Raw Socket Sniffer
0x442. libpcap Sniffer
0x443. Decoding the Layers
0x444. Active Sniffing
0x450. Denial of Service
0x451. SYN Flooding
0x452. The Ping of Death
0x453. Teardrop
0x454. Ping Flooding
0x455. Amplification Attacks
0x456. Distributed DoS Flooding
0x460. TCP/IP Hijacking
0x461. RST Hijacking
0x462. Continued Hijacking
0x470. Port Scanning
0x471. Stealth SYN Scan
0x472. FIN, X-mas, and Null Scans
0x473. Spoofing Decoys
0x474. Idle Scanning
0x475. Proactive Defense (shroud)
0x480. Reach Out and Hack Someone
0x481. Analysis with GDB
0x482. Almost Only Counts with Hand Grenades
0x483. Port-Binding Shellcode
0x500. SHELLCODE
0x510. Assembly vs. C
0x511. Linux System Calls in Assembly
0x520. The Path to Shellcode
0x521. Assembly Instructions Using the Stack
0x522. Investigating with GDB
0x523. Removing Null Bytes
0x530. Shell-Spawning Shellcode
0x531. A Matter of Privilege
0x532. And Smaller Still
0x540. Port-Binding Shellcode
0x541. Duplicating Standard File Descriptors
0x542. Branching Control Structures
0x550. Connect-Back Shellcode
0x600. COUNTERMEASURES
0x610. Countermeasures That Detect
0x620. System Daemons
0x621. Crash Course in Signals
0x622. Tinyweb Daemon
0x630. Tools of the Trade
0x631. tinywebd Exploit Tool
0x640. Log Files
0x641. Blend In with the Crowd
0x650. Overlooking the Obvious
0x651. One Step at a Time
0x652. Putting Things Back Together Again
0x653. Child Laborers
0x660. Advanced Camouflage
0x661. Spoofing the Logged IP Address
0x662. Logless Exploitation
0x670. The Whole Infrastructure
0x671. Socket Reuse
0x680. Payload Smuggling
0x681. String Encoding
0x682. How to Hide a Sled
0x690. Buffer Restrictions
0x691. Polymorphic Printable ASCII Shellcode
0x6a0. Hardening Countermeasures
0x6b0. Nonexecutable Stack
0x6b1. ret2libc
0x6b2. Returning into system()
0x6c0. Randomized Stack Space
0x6c1. Investigations with BASH and GDB
0x6c2. Bouncing Off linux-gate
0x6c3. Applied Knowledge
0x6c4. A First Attempt
0x6c5. Playing the Odds
0x700. CRYPTOLOGY
0x710. Information Theory
0x711. Unconditional Security
0x712. One-Time Pads
0x713. Quantum Key Distribution
0x714. Computational Security
0x720. Algorithmic Run Time
0x721. Asymptotic Notation
0x730. Symmetric Encryption
0x731. Lov Grover's Quantum Search Algorithm
0x740. Asymmetric Encryption
0x741. RSA
0x742. Peter Shor's Quantum Factoring Algorithm
0x750. Hybrid Ciphers
0x751. Man-in-the-Middle Attacks
0x752. Differing SSH Protocol Host Fingerprints
0x753. Fuzzy Fingerprints
0x760. Password Cracking
0x761. Dictionary Attacks
0x762. Exhaustive Brute-Force Attacks
0x763. Hash Lookup Table
0x764. Password Probability Matrix
0x770. Wireless 802.11b Encryption
0x771. Wired Equivalent Privacy
0x772. RC4 Stream Cipher
0x780. WEP Attacks
0x781. Offline Brute-Force Attacks
0x782. Keystream Reuse
0x783. IV-Based Decryption Dictionary Tables
0x784. IP Redirection
0x785. Fluhrer, Mantin, and Shamir Attack
0x800. CONCLUSION
0x810. References
0x820. Sources
The Art of Exploitation
Released: 2008 (2nd edition) Author(s): Jon Erickson
The Shellcoder's Handbook
Description
This much-anticipated revision, written by the ultimate group of top security experts in the world, features 40 percent new content on how to find security holes in any operating system or application
New material addresses the many new exploitation techniques that have been discovered since the first edition, including attacking "unbreakable" software packages such as McAfee's Entercept, Mac OS X, XP, Office 2003, and Vista
Also features the first-ever published information on exploiting Cisco's IOS, with content that has never before been explored
The companion Web site features downloadable code files
Table of Contents
Part I: Introduction to Exploitation: Linux on x86.
Chapter 1: Before You Begin.
Chapter 2: Stack Overflows.
Chapter 3: Shellcode.
Chapter 4: Introduction to Format String Bugs.
Chapter 5: Introduction to Heap Overflows.
Part II: Other Platforms—Windows, Solaris, OS/X, and Cisco.
Chapter 6: The Wild World of Windows.
Chapter 7: Windows Shellcode.
Chapter 8: Windows Overflows.
Chapter 9: Overcoming Filters.
Chapter 10: Introduction to Solaris Exploitation.
Chapter 11: Advanced Solaris Exploitation.
Chapter 12: OS X Shellcode.
Chapter 13: Cisco IOS Exploitation.
Chapter 14: Protection Mechanisms.
Part III: Vulnerability Discovery.
Chapter 15: Establishing a Working Environment.
Chapter 16: Fault Injection.
Chapter 17: The Art of Fuzzing.
Chapter 18: Source Code Auditing: Finding Vulnerabilities in C-Based Languages.
Chapter 19: Instrumented Investigation: A Manual Approach.
Chapter 20: Tracing for Vulnerabilities.
Chapter 21: Binary Auditing: Hacking Closed Source Software.
Part IV: Advanced Materials.
Chapter 22: Alternative Payload Strategies.
Chapter 23: Writing Exploits that Work in the Wild.
Chapter 24: Attacking Database Software.
Chapter 25: Unix Kernel Overflows.
Chapter 26: Exploiting Unix Kernel Vulnerabilities.
Chapter 27: Hacking the Windows Kernel.
The Shellcoder's Handbook
Discovering and Exploiting Security Holes
Released: 2007 (2nd edition) Author(s): Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte
Writing Security Tools and Exploits
Description
Writing Security Tools and Exploits will be the foremost authority on vulnerability and security code and will serve as the premier educational reference for security professionals and software developers. The book will have over 600 pages of dedicated exploit, vulnerability, and tool code with corresponding instruction. Unlike other security and programming books that dedicate hundreds of pages to architecture and theory based flaws and exploits, this book will dive right into deep code analysis. Previously undisclosed security research in combination with superior programming techniques will be included in both the Local and Remote Code sections of the book.
The book will be accompanied with a companion Web site containing both commented and uncommented versions of the source code examples presented throughout the book. In addition to the book source code, the CD will also contain a copy of the author-developed Hacker Code Library v1.0. The Hacker Code Library will include multiple attack classes and functions that can be utilized to quickly create security programs and scripts. These classes and functions will simplify exploit and vulnerability tool development to an extent never before possible with publicly available software.
Table of Contents
Chapter 1 - Writing Exploits and Security Tools
Chapter 2 - Assembly and Shellcode
Chapter 3 - Exploits: Stack
Chapter 4 - Exploits: Heap
Chapter 5 - Exploits: Format Strings
Chapter 6 - Writing Exploits I
Chapter 7 - Writing Exploits II
Chapter 8 - Coding for Ethereal
Chapter 9 - Coding for Nessus
Chapter 10 - Extending Metasploit I
Chapter 11 - Extending Metasploit II
Chapter 12 - Extending Metasploit III
Appendix A - Data Conversion Reference
Appendix B - Syscall Reference
Appendix C - Taps Currently Embedded Within Ethereal
Appendix D - Glossary
Writing Security Tools and Exploits
Released: 2006 Author(s): James C. Foster, VIncent T. Liu
Sockets, Shellcode, Porting, and Coding
Description
The book is logically divided into 5 main categories with each category representing a major skill set required by most security professionals:
1. Coding – The ability to program and script is quickly becoming a mainstream requirement for just about everyone in the security industry. This section covers the basics in coding complemented with a slue of programming tips and tricks in C/C++, Java, Perl and NASL.
2. Sockets – The technology that allows programs and scripts to communicate over a network is sockets. Even though the theory remains the same – communication over TCP and UDP, sockets are implemented differently in nearly ever language.
3. Shellcode – Shellcode, commonly defined as bytecode converted from Assembly, is utilized to execute commands on remote systems via direct memory access.
4. Porting – Due to the differences between operating platforms and language implementations on those platforms, it is a common practice to modify an original body of code to work on a different platforms. This technique is known as porting and is incredible useful in the real world environments since it allows you to not “recreate the wheel.
5. Coding Tools – The culmination of the previous four sections, coding tools brings all of the techniques that you have learned to the forefront. With the background technologies and techniques you will now be able to code quick utilities that will not only make you more productive, they will arm you with an extremely valuable skill that will remain with you as long as you make the proper time and effort dedications.
Table of Contents
1 Security Coding
2 NASL Scripting
3 BSD Sockets
4 Winsock
5 Java Sockets
6 Writing Portable Code
7 Portable Network Programming
8 Writing Shellcode I
9 Writing Shellcode II
10 Writing Exploits I
11 Writing Exploits II
12 Writing Exploits III
13 Writing Security Components
14 Creating a Web Security Tool
A - Glossary
B - Security Tool Compendium
C - Exploit Archives
D - Syscall Reference
E - Data Conversion Reference
Sockets, Shellcode, Porting, and Coding
Reverse Engineering Exploits and Tool Coding for Security Professionals
Released: 2005 Author(s): James C. Foster
Buffer Overflow Attacks
Description
The SANS Institute maintains a list of the "Top 10 Software Vulnerabilities." At the current time, over half of these vulnerabilities are exploitable by Buffer Overflow attacks, making this class of attack one of the most common and most dangerous weapon used by malicious attackers. This is the first book specifically aimed at detecting, exploiting, and preventing the most common and dangerous attacks.
Buffer overflows make up one of the largest collections of vulnerabilities in existence; And a large percentage of possible remote exploits are of the overflow variety. Almost all of the most devastating computer attacks to hit the Internet in recent years including SQL Slammer, Blaster, and I Love You attacks. If executed properly, an overflow vulnerability will allow an attacker to run arbitrary code on the victim’s machine with the equivalent rights of whichever process was overflowed. This is often used to provide a remote shell onto the victim machine, which can be used for further exploitation.
A buffer overflow is an unexpected behavior that exists in certain programming languages. This book provides specific, real code examples on exploiting buffer overflow attacks from a hacker's perspective and defending against these attacks for the software developer.
Table of Contents
Part 1 Expanding on Buffer Overflows
Chapter 1 Buffer Overflows: The Essentials
Chapter 2 Understanding Shellcode
Chapter 3 Writing Shellcode
Chapter 4 Win32 Assembly
Case Study 1.1 FreeBSD NN Exploit Code
Case Study 1.2 xlockmore User Supplied Format String
Case Study 1.3 Frontpage Denial of Service Utilizing
Case Study 1.4 cURL buffer overflow on FreeBSD
Part II Exploiting Buffer Overflows
Chapter 5 Stack Overflows
Chapter 6 Heap Corruption
Chapter 7 Format String Attacks
Chapter 8 Windows Buffer Overflows
Case Study 2.1 cURL Buffer Overflow on Linux
Case Study 2.2 SSLv2 Malformed Client Key Remote
Case Study 2.3 X11R6 4.2 XLOCALEDIR Overflow
Case Study 2.4 Microsoft MDAC Denial of Service
Case Study 2.5 Local UUX Buffer Overflow on HPUX
Part III Finding Buffer Overflows
Chapter 9 Finding Buffer Overflows in Source
Case Study 3.1 InlineEgg I
Case Study 3.2 InlineEgg II
Case Study 3.3 Seti@Home Exploit Code
Case Study 3.4 Microsoft CodeBlue Exploit Code
Appendix A The Complete Data Conversion Table
Appendix B Useful Syscalls
Buffer Overflow Attacks
Detect, Exploit, Prevent
Released: 2005 Author(s): James C. Foster, Vitaly Osipov
Investigate crimes involving cryptocurrencies and other blockchain technologies
Bitcoin has traditionally been the payment system of choice for a criminal trading on the Dark Web, and now many other blockchain cryptocurrencies are entering the mainstream as traders are accepting them from low-end investors putting their money into the market. Worse still, the blockchain can even be used to hide information and covert messaging, unknown to most investigators.
Investigating Cryptocurrencies is the first book to help corporate, law enforcement, and other investigators understand the technical concepts and the techniques for investigating crimes utilizing the blockchain and related digital currencies such as Bitcoin and Ethereum.
Understand blockchain and transaction technologies
Set up and run cryptocurrency accounts
Build information about specific addresses
Access raw data on blockchain ledgers
Identify users of cryptocurrencies
Extracting cryptocurrency data from live and imaged computers
Following the money
With nearly $150 billion in cryptocurrency circulating and $3 billion changing hands daily, crimes committed with or paid for with digital cash are a serious business. Luckily, Investigating Cryptocurrencies Forensics shows you how to detect it and, more importantly, stop it in its tracks.
Table of Contents
Part I Understanding the Technology 1
Chapter 1 What Is a Cryptocurrency? 3
A New Concept? 3
Leading Currencies in the Field 8
Is Blockchain Technology Just for Cryptocurrencies? 9
Setting Yourself Up as a Bitcoin User 10
Summary 14
Chapter 2 The Hard Bit 15
Hashing 16
Public/Private Key Encryption 21
RSA Cryptography 23
Elliptic Curve Cryptography 28
Building a Simple Cryptocurrency in the Lab 32
Summary 36
Chapter 3 Understanding the Blockchain 39
The Structure of a Block 40
The Block Header 42
Deconstructing Raw Blocks from Hex 47
Applying This to the Downloaded Hex 51
Number of Transactions 55
Block Height 57
Forks 58
The Ethereum Block 61
Summary 65
Chapter 4 Transactions 67
The Concept behind a Transaction 67
The Mechanics of a Transaction 69
Understanding the Mempool 76
Understanding the ScriptSig and ScriptPubKey 77
Interpreting Raw Transactions 79
Extracting JSON Data 81
Analyzing Address History 82
Creating Vanity Addresses 83
Interpreting Ethereum Transactions 85
Summary 86
Chapter 5 Mining 87
The Proof-of-Work Concept 89
The Proof-of-Stake Concept 90
Mining Pools 90
Mining Fraud 92
Summary 93
Chapter 6 Wallets 95
Wallet Types 96
Software Wallets 96
Hardware Wallets 97
Cold Wallets or Cold Storage 98
Why Is Recognizing Wallets Important? 99
Software Wallets 100
Hardware Wallets 100
Paper Wallets 100
The Wallet Import Format (WIF) 101
How Wallets Store Keys 102
Setting Up a Covert Wallet 105
Summary 107
Chapter 7 Contracts and Tokens 109
Contracts 109
Bitcoin 110
Ethereum 110
Tokens and Initial Coin Offerings 112
Summary 116
Part II Carrying Out Investigations 117
Chapter 8 Detecting the Use of Cryptocurrencies 119
The Premises Search 120
A New Category of Search Targets 121
Questioning 124
Searching Online 125
Extracting Private and Public Keys from Seized Computers 130
Commercial Tools 130
Extracting the Wallet File 131
Automating the Search for Bitcoin Addresses 135
Finding Data in a Memory Dump 136
Working on a Live Computer 137
Acquiring the Wallet File 138
Exporting Data from the Bitcoin Daemon 140
Extracting Wallet Data from Live Linux and OSX Systems 144
Summary 145
Chapter 9 Analysis of Recovered Addresses and Wallets 147
Finding Information on a Recovered Address 147
Extracting Raw Data from Ethereum 154
Searching for Information on a Specifi c Address 155
Analyzing a Recovered Wallet 161
Setting Up Your Investigation Environment 161
Importing a Private Key 166
Dealing with an Encrypted Wallet 167
Inferring Other Data 172
Summary 173
Chapter 10 Following the Money 175
Initial Hints and Tips 175
Transactions on Blockchain.info 176
Identifying Change Addresses 177
Another Simple Method to Identify Clusters 181
Moving from Transaction to Transaction 182
Putting the Techniques Together 184
Other Explorer Sites 186
Following Ethereum Transactions 189
Monitoring Addresses 193
Blockonomics.co 193
Bitnotify.com 194
Writing Your Own Monitoring Script 194
Monitoring Ethereum Addresses 196
Summary 197
Chapter 11 Visualization Systems 199
Online Blockchain Viewers 199
Blockchain.info 200
Etherscan.io 201
Commercial Visualization Systems 214
Summary 215
Chapter 12 Finding Your Suspect 217
Tracing an IP Address 217
Bitnodes 219
Other Areas Where IPs Are Stored 226
Is the Suspect Using Tor? 228
Is the Suspect Using a Proxy or a VPN? 229
Tracking to a Service Provider 231
Considering Open-Source Methods 235
Accessing and Searching the Dark Web 237
Detecting and Reading Micromessages 241
Summary 244
Chapter 13 Sniffing Cryptocurrency Traffic 245
What Is Intercept? 246
Watching a Bitcoin Node 247
Sniffing Data on the Wire 248
Summary 254
Chapter 14 Seizing Coins 255
Asset Seizure 256
Cashing Out 256
Setting Up a Storage Wallet 259
Importing a Suspect’s Private Key 261
Storage and Security 263
Seizure from an Online Wallet 265
Practice, Practice, Practice 265
Summary 266
Chapter 15 Putting It All Together 267
Examples of Cryptocurrency Crimes 268
Buying Illegal Goods 268
Selling Illegal Goods 268
Stealing Cryptocurrency 269
Money Laundering 269
Kidnap and Extortion 270
What Have You Learned? 270
Where Do You Go from Here? 273
Index 275
Investigating Cryptocurrencies
Understanding, Extracting, and Analyzing Blockchain Evidence
Released: 2018 Author(s): Nick Furneaux
Practical Forensic Imaging
Description
Forensic image acquisition is an important part of postmortem incident response and evidence collection. Digital forensic investigators acquire, preserve, and manage digital evidence to support civil and criminal cases; examine organizational policy violations; resolve disputes; and analyze cyber attacks.
Practical Forensic Imaging takes a detailed look at how to secure and manage digital evidence using Linux-based command line tools. This essential guide walks you through the entire forensic acquisition process and covers a wide range of practical scenarios and situations related to the imaging of storage media.
You’ll learn how to:
Perform forensic imaging of magnetic hard disks, SSDs and flash drives, optical discs, magnetic tapes, and legacy technologies
Protect attached evidence media from accidental modification
Manage large forensic image files, storage capacity, image format conversion, compression, splitting, duplication, secure transfer and storage, and secure disposal
Preserve and verify evidence integrity with cryptographic and piecewise hashing, public key signatures, and RFC-3161 timestamping
Work with newer drive and interface technologies like NVME, SATA Express, 4K-native sector drives, SSHDs, SAS, UASP/USB3x, and Thunderbolt
Manage drive security such as ATA passwords; encrypted thumb drives; Opal self-encrypting drives; OS-encrypted drives using BitLocker, FileVault, and TrueCrypt; and others
Acquire usable images from more complex or challenging situations such as RAID systems, virtual machine images, and damaged media
With its unique focus on digital forensic acquisition and evidence preservation, Practical Forensic Imaging is a valuable resource for experienced digital forensic investigators wanting to advance their Linux skills and experienced Linux administrators wanting to learn digital forensics. This is a must-have reference for every digital forensics lab.
Table of Contents
Chapter 0: Digital Forensics Overview
Chapter 1: Storage Media Overview<
Chapter 2: Linux as a Forensic Acquisition Platform
Chapter 3: Forensic Image Formats
Chapter 4: Planning and Preparation
Chapter 5: Attaching Subject Media to an Acquisition Host
Chapter 6: Forensic Image Acquisition
Chapter 7: Forensic Image Management
Chapter 8: Special Image Access Topics
Chapter 9: Extracting Subsets of Forensic Images
Practical Forensic Imaging
Securing Digital Evidence with Linux Tools
Released: 2016 Author(s): Bruce Nikkel
The Art of Memory Forensics
Description
Memory forensics provides cutting edge technology to help investigate digital attacks
Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes. As a follow-up to the best seller Malware Analyst's Cookbook, experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics—now the most sought after skill in the digital forensics and incident response fields.
Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory is based on a five day training course that the authors have presented to hundreds of students. It is the only book on the market that focuses exclusively on memory forensics and how to deploy such techniques properly. Discover memory forensics techniques:
How volatile memory analysis improves digital investigations
Proper investigative steps for detecting stealth malware and advanced threats
How to use free, open source tools for conducting thorough memory forensics
Ways to acquire memory from suspect systems in a forensically sound manner
The next era of malware and security breaches are more sophisticated and targeted, and the volatile memory of a computer is often overlooked or destroyed as part of the incident response process. The Art of Memory Forensics explains the latest technological innovations in digital forensics to help bridge this gap. It covers the most popular and recently released versions of Windows, Linux, and Mac, including both the 32 and 64-bit editions.
Table of Contents
I An Introduction to Memory Forensics 1
1 Systems Overview 3
Digital Environment 3
PC Architecture 4
Operating Systems 17
Process Management 18
Memory Management 20
File System 24
I/O Subsystem 25
Summary 26
2 Data Structures 27
Basic Data Types 27
Summary 43
3 The Volatility Framework 45
Why Volatility? 45
What Volatility Is Not 46
Installation 47
The Framework 51
Using Volatility 59
Summary 67
4 Memory Acquisition 69
Preserving the Digital Environment 69
Software Tools 79
Memory Dump Formats 95
Converting Memory Dumps 106
Volatile Memory on Disk 107
Summary 114
II Windows Memory Forensics 115
5 Windows Objects and Pool Allocations 117
Windows Executive Objects 117
Pool-Tag Scanning 129
Limitations of Pool Scanning 140
Big Page Pool 142
Pool-Scanning Alternatives 146
Summary 148
6 Processes, Handles, and Tokens 149
Processes 149
Process Tokens 164
Privileges 170
Process Handles 176
Enumerating Handles in Memory 181
Summary 187
7 Process Memory Internals 189
What’s in Process Memory? 189
Enumerating Process Memory 193
Summary 217
8 Hunting Malware in Process Memory 219
Process Environment Block 219
PE Files in Memory 238
Packing and Compression 245
Code Injection 251
Summary 263
9 Event Logs 265
Event Logs in Memory 265
Real Case Examples 275
Summary 279
10 Registry in Memory 281
Windows Registry Analysis 281
Volatility’s Registry API 292
Parsing Userassist Keys 295
Detecting Malware with the Shimcache 297
Reconstructing Activities with Shellbags 298
Dumping Password Hashes 304
Obtaining LSA Secrets 305
Summary 307
11 Networking 309
Network Artifacts 309
Hidden Connections 323
Raw Sockets and Sniffers 325
Next Generation TCP/IP Stack 327
Internet History 333
DNS Cache Recovery 339
Summary 341
12 Windows Services 343
Service Architecture 343
Installing Services 345
Tricks and Stealth 346
Investigating Service Activity 347
Summary 366
13 Kernel Forensics and Rootkits 367
Kernel Modules 367
Modules in Memory Dumps 372
Threads in Kernel Mode 378
Driver Objects and IRPs 381
Device Trees 386
Auditing the SSDT 390
Kernel Callbacks 396
Kernel Timers 399
Putting It All Together 402
Summary 406
14 Windows GUI Subsystem, Part I 407
The GUI Landscape 407
GUI Memory Forensics 410
The Session Space 410
Window Stations 416
Desktops 422
Atoms and Atom Tables 429
Windows 435
Summary 452
15 Windows GUI Subsystem, Part II 453
Window Message Hooks 453
User Handles 459
Event Hooks 466
Windows Clipboard 468
Case Study: ACCDFISA Ransomware 472
Summary 476
16 Disk Artifacts in Memory 477
Master File Table 477
Extracting Files 493
Defeating TrueCrypt Disk Encryption 503
Summary 510
17 Event Reconstruction 511
Strings 511
Command History 523
Summary 536
18 Timelining 537
Finding Time in Memory 537
Generating Timelines 539
Gh0st in the Enterprise 543
Summary 573
III Linux Memory Forensics 575
19 Linux Memory Acquisition 577
Historical Methods of Acquisition 577
Modern Acquisition 579
Volatility Linux Profiles 583
Summary 589
20 Linux Operating System 591
ELF Files 591
Linux Data Structures 603
Linux Address Translation 607
procfs and sysfs 609
Compressed Swap 610
Summary 610
21 Processes and Process Memory 611
Processes in Memory 611
Enumerating Processes 613
Process Address Space 616
Process Environment Variables 625
Open File Handles 626
Saved Context State 630
Bash Memory Analysis 630
Summary 635
22 Networking Artifacts 637
Network Socket File Descriptors 637
Network Connections 640
Queued Network Packets 643
Network Interfaces 646
The Route Cache 650
ARP Cache 652
Summary655
23 Kernel Memory Artifacts 657
Physical Memory Maps 657
Virtual Memory Maps 661
Kernel Debug Buffer 663
Loaded Kernel Modules 667
Summary 673
24 File Systems in Memory 675
Mounted File Systems 675
Listing Files and Directories 681
Extracting File Metadata 684
Recovering File Contents 691
Summary 695
25 Userland Rootkits 697
Shellcode Injection 698
Process Hollowing 703
Shared Library Injection 705
LD_PRELOAD Rootkits 712
GOT/PLT Overwrites 716
Inline Hooking 718
Summary 719
26 Kernel Mode Rootkits 721
Accessing Kernel Mode 721
Hidden Kernel Modules 722
Hidden Processes 728
Elevating Privileges 730
System Call Handler Hooks 734
Keyboard Notifiers 735
TTY Handlers 739
Network Protocol Structures 742
Netfilter Hooks 745
File Operations 748
Inline Code Hooks 752
Summary754
27 Case Study: Phalanx2 755
Phalanx2 755
Phalanx2 Memory Analysis 757
Reverse Engineering Phalanx2 763
Final Thoughts on Phalanx2 772
Summary 772
IV Mac Memory Forensics 773
28 Mac Acquisition and Internals 775
Mac Design 775
Memory Acquisition 780
Mac Volatility Profiles 784
Mach-O Executable Format 787
Summary 791
29 Mac Memory Overview 793
Mac versus Linux Analysis 793
Process Analysis 794
Address Space Mappings 799
Networking Artifacts 804
SLAB Allocator 808
Recovering File Systems from Memory 811
Loaded Kernel Extensions 815
Other Mac Plugins 818
Mac Live Forensics 819
Summary 821
30 Malicious Code and Rootkits 823
Userland Rootkit Analysis 823
Kernel Rootkit Analysis 828
Common Mac Malware in Memory 838
Summary 844
31 Tracking User Activity 845
Keychain Recovery 845
Mac Application Analysis 849
Summary 858
The Art of Memory Forensics
Detecting Malware and Threats in Windows, Linux, and Mac Memory
Released: 2014 Author(s): Michael Hale Ligh, Andrew Case, Jamie Levy, Aaron Walters
Digital Forensics with Open Source Tools
Description
Digital Forensics with Open Source Tools is the definitive book on investigating and analyzing computer systems and media using open source tools. The book is a technical procedural guide, and explains the use of open source tools on Mac, Linux and Windows systems as a platform for performing computer forensics. Both well-known and novel forensic methods are demonstrated using command-line and graphical open source computer forensic tools for examining a wide range of target systems and artifacts.
Written by world-renowned forensic practitioners, this book uses the most current examination and analysis techniques in the field. It consists of 9 chapters that cover a range of topics such as the open source examination platform; disk and file system analysis; Windows systems and artifacts; Linux systems and artifacts; Mac OS X systems and artifacts; Internet artifacts; and automating analysis and extending capabilities. The book lends itself to use by students and those entering the field who do not have means to purchase new tools for different investigations.
This book will appeal to forensic practitioners from areas including incident response teams and computer forensic investigators; forensic technicians from legal, audit, and consulting firms; and law enforcement agencies.
Table of Contents
CHAPTER 1 Digital Forensics with Open Source Tools
Welcome to “Digital Forensics with Open Source Tools”
What Is “Digital Forensics?”
Goals of Forensic Analysis
The Digital Forensics Process
What Is “Open Source?”
“Free” vs. “Open”
Open Source Licenses
Benefits of Open Source Tools
Education
Portability and Flexibility
Price
Ground Truth
Summary
References
CHAPTER 2 Open Source Examination Platform
Preparing the Examination System
Building Software
Installing Interpreters
Working with Image Files
Working with File Systems
Using Linux as the Host
Extracting Software
GNU Build System
Version Control Systems
Installing Interpreters
Working with Images
Using Windows as the Host
Building Software
Installing Interpreters
Working with Images
Working with File Systems
Summary
References
CHAPTER 3 Disk and File System Analysis
Media Analysis Concepts
File System Abstraction Model
The Sleuth Kit
Installing the Sleuth Kit
Sleuth Kit Tools
Partitioning and Disk Layouts
Partition Identification and Recovery
Redundant Array of Inexpensive Disks
Special Containers
Virtual Machine Disk Images
Forensic Containers
Hashing
Carving
Foremost
Forensic Imaging
Deleted Data
File Slack
dd
dcfldd
dc3dd
Summary
References
CHAPTER 4 Windows Systems and Artifacts
Introduction
Windows File Systems
File Allocation Table
New Technology File System
File System Summary
Registry
Event Logs
Prefetch Files
Shortcut Files
Windows Executables
Summary
References
CHAPTER 5 Linux Systems and Artifacts
Introduction
Linux File Systems
Contents vii
File System Layer
File Name Layer
Metadata Layer
Data Unit Layer
Journal Tools
Deleted Data
Linux Logical Volume Manager
Linux Boot Process and Services
System V
BSD
Linux System Organization and Artifacts
Partitioning
Filesystem Hierarchy
Ownership and Permissions
File Attributes
Hidden Files
/tmp
User Accounts
Home Directories
Shell History
ssh
GNOME Windows Manager Artifacts
Logs
User Activity Logs
Syslog
Command Line Log Processing
Scheduling Tasks
Summary
References
CHAPTER 6 Mac OS X Systems and Artifacts
Introduction
OS X File System Artifacts
HFS+ Structures
OS X System Artifacts
Property Lists
Bundles
System Startup and Services
Kexts
Network Configuration
Hidden Directories
viii Contents
Installed Applications
Swap and Hibernation dataData
System Logs
User Artifacts
Home Directories
Summary
References
CHAPTER 7 Internet Artifacts
Introduction
Browser Artifacts
Internet Explorer
Firefox
Chrome
Safari
Mail Artifacts
Personal Storage Table
mbox and maildir
Summary
References
CHAPTER 8 File Analysis
File Analysis Concepts
Content Identification
Content Examination
Metadata Extraction
Images
JPEG
GIF
PNG
TIFF
Audio
WAV
MPEG-3/MP3
MPEG-4 Audio (AAC/M4A)
ASF/WMA
Video
MPEG-1 and MPEG-2
MPEG-4 Video (MP4)
AVI
ASF/WMV
Contents ix
MOV (Quicktime)
MKV
Archives
ZIP
RAR
7-zip
TAR, GZIP, and BZIP2
Documents
OLE Compound Files (Office Documents)
Office Open XML
OpenDocument Format
Rich Text Format
PDF
Summary
References
CHAPTER 9 Automating Analysis and Extending Capabilities
Introduction
Graphical Investigation Environments
PyFLAG
Digital Forensics Framework
Automating Artifact Extraction
Fiwalk
Timelines
Relative Times
Inferred Times
Embedded Times
Periodicity
Frequency Patterns and Outliers (Least Frequency of Occurrence)
Summary
References
Appendix A Free, Non-open Tools of Note
Introduction
Chapter 3: Disk and File System Analysis
FTK Imager
ProDiscover Free
Chapter 4: Windows Systems and Artifacts
Windows File Analysis
Event Log Explorer
Log Parser
x Contents
Chapter 7: Internet Artifacts
NirSoft Tools
Woanware Tools
Chapter 8: File Analysis
Mitec.cz: Structured Storage Viewer
OffVis
FileInsight
Chapter 9: Automating Analysis and Extending Capabilities
Mandiant: Highlighter
CaseNotes
Validation and Testing Resources
Digital Corpora
Digital Forensics Tool Testing Images
Electronic Discovery Reference Model
Digital Forensics Research Workshop Challenges
Additional Images
References
The Definitive Guide to File System Analysis: Key Concepts and Hands-on Techniques
Most digital evidence is stored within the computer's file system, but understanding how file systems work is one of the most technically challenging concepts for a digital investigator because there exists little documentation. Now, security expert Brian Carrier has written the definitive reference for everyone who wants to understand and be able to testify about how file system analysis is performed.
Carrier begins with an overview of investigation and computer foundations and then gives an authoritative, comprehensive, and illustrated overview of contemporary volume and file systems: Crucial information for discovering hidden evidence, recovering deleted data, and validating your tools. Along the way, he describes data structures, analyzes example disk images, provides advanced investigation scenarios, and uses today's most valuable open source file system analysis tools—including tools he personally developed. Coverage includes
Preserving the digital crime scene and duplicating hard disks for "dead analysis"
Identifying hidden data on a disk's Host Protected Area (HPA)
Reading source data: Direct versus BIOS access, dead versus live acquisition, error handling, and more
Analyzing DOS, Apple, and GPT partitions; BSD disk labels; and Sun Volume Table of Contents using key concepts, data structures, and specific techniques
Analyzing the contents of multiple disk volumes, such as RAID and disk spanning
Analyzing FAT, NTFS, Ext2, Ext3, UFS1, and UFS2 file systems using key concepts, data structures, and specific techniques
Finding evidence: File metadata, recovery of deleted files, data hiding locations, and more
Using The Sleuth Kit (TSK), Autopsy Forensic Browser, and related open source tools
When it comes to file system analysis, no other book offers this much detail or expertise. Whether you're a digital forensics specialist, incident response team member, law enforcement officer, corporate security specialist, or auditor, this book will become an indispensable resource for forensic investigations, no matter what analysis tools you use.
Table of Contents
Part I: Foundations
1. Digital Investigation Foundations
2. Computer Foundations
3. Hard Disk Data Acquisition
Part II: Volume Analysis
4. Volume Analysis
5. PC-based Partitions
6. Server-based Partitions
7. Multiple Disk Volumes
Part III: File System Analysis
8. File System Analysis
9. FAT Concepts and Analysis
10. FAT Data Structures
11. NTFS Concepts
12. NTFS Analysis
13. NTFS Data Structures
14. Ext2 and Ext3 Concepts and Analysis
15. Ext2 and Ext3 Data Structures
16. UFS1 and UFS2 Concepts and Analysis
17. UFS1 and UFS2 Data Structures
A. The Sleuth Kit and Autopsy
File System Forensic Analysis
Released: 2005 Author(s): Brian Carrier
Forensic Discovery
Description
The Definitive Guide to Computer Forensics: Theory and Hands-On Practice
Computer forensics--the art and science of gathering and analyzing digital evidence, reconstructing data and attacks, and tracking perpetrators--is becoming ever more important as IT and law enforcement professionals face an epidemic in computer crime. In Forensic Discovery, two internationally recognized experts present a thorough and realistic guide to the subject.
Dan Farmer and Wietse Venema cover both theory and hands-on practice, introducing a powerful approach that can often recover evidence considered lost forever.
The authors draw on their extensive firsthand experience to cover everything from file systems, to memory and kernel hacks, to malware. They expose a wide variety of computer forensics myths that often stand in the way of success. Readers will find extensive examples from Solaris, FreeBSD, Linux, and Microsoft Windows, as well as practical guidance for writing one's own forensic tools. The authors are singularly well-qualified to write this book: They personally created some of the most popular security tools ever written, from the legendary SATAN network scanner to the powerful Coroner's Toolkit for analyzing UNIX break-ins.
After reading this book you will be able to
Understand essential forensics concepts: volatility, layering, and trust
Gather the maximum amount of reliable evidence from a running system
Recover partially destroyed information--and make sense of it
Timeline your system: understand what really happened when
Uncover secret changes to everything from system utilities to kernel modules
Avoid cover-ups and evidence traps set by intruders
Identify the digital footprints associated with suspicious activity
Understand file systems from a forensic analyst's point of view
Analyze malware--without giving it a chance to escape
Capture and examine the contents of main memory on running systems
Walk through the unraveling of an intrusion, one step at a time
The book's companion Web site contains complete source and binary code for open source software discussed in the book, plus additional computer forensics case studies and resource links.
Table of Contents
Preface
Introduction to Part 1
Chapter 1 - The spirit of forensic discovery
Chapter 2 - Time Machines
Introduction to Part 2
Chapter 3 - File sytem basics
Chapter 4 - File system analysis
Chapter 5 - Systems and subversion
Chapter 6 - Malware analysis basics
Introduction to Part 3
Chapter 7 - Persistence of deleted file information
Chapter 8 - Beyond Processes
Appendix A
Appendix B
Forensic Discovery
Released: 2005 Author(s): Dan Farmer, Wietse Venema
Real Digital Forensics
Description
An interactive book-and-DVD package designed to help readers master the tools and techniques of forensic analysis offers a hands-on approach to identifying and solving problems related to computer security issues; introduces the tools, methods, techniques, and applications of computer forensic investigation; and allows readers to test skills by working with real data with the help of five scenarios. Original. (Intermediate)
Table of Contents
I. LIVE INCIDENT RESPONSE.
1. Windows Live Response.
2. Unix Live Response.
II. NETWORK-BASED FORENSICS.
3. Collecting Network-Based Evidence.
4. Analyzing Network-Based Evidence for a Windows Intrusion.
5. Analyzing Network-Based Evidence for a Unix Intrusion.
III. ACQUIRING A FORENSIC DUPLICATION.
6. Before You Jump Right In…
7. Commercial-Based Forensic Duplications.
8. Noncommercial-Based Forensic Duplications.
IV. FORENSIC ANALYSIS TECHNIQUES.
9. Common Forensic Analysis Techniques.
10. Web Browsing Activity Reconstruction.
11. E-Mail Activity Reconstruction.
12. Microsoft Windows Registry Reconstruction.
13. Forensic Tool Analysis: An Introduction to Using Linux for Analyzing Files of Unknown Origin.
14. Forensic Tool Analysis: A Hands-On Analysis of the Linux File aio.
15. Forensic Tool Analysis: Analyzing Files of Unknown Origin (Windows).
V. CREATING A COMPLETE FORENSIC TOOL KIT.
16. Building the Ultimate Response CD.
17. Making Your CD-ROM a Bootable Environment.
VI. MOBILE DEVICE FORENSICS.
18. Forensic Duplication and Analysis of Personal Digital Assistants.
19. Forensic Duplication of USB and Compact Flash Memory Devices.
20. Forensic Analysis of USB and Compact Flash Memory Devices.
VII. ONELINE-BASED FORENSCIS.
21. Tracing E-Mail.
22. Domain Name Ownership.
Appendix: An Introduction to Perl.
Real Digital Forensics
Computer Security and Incident Response
Released: 2005 Author(s): Keith J. Jones, Richard Bejtlich, Curtis W. Rose
No description available, please check the external site for more information.
Table of Contents
No table of contents available, please check the external site for more information.
Gray Hat Hacking
The Ethical Hacker's Handbook
Released: 2018 (5th edition) Author(s): Allen Harper, Daniel Regalado, Ryan Linn, Stephen Sims, Branko Spasojevic, Linda Martinez, Michael Baucom, Chris Eagle, Shon Harris
The Hacker Playbook 3
Description
No description available, please check the external site for more information.
Table of Contents
No table of contents available, please check the external site for more information.
The Hacker Playbook 3
Practical Guide To Penetration Testing
Released: 2018 Author(s): Peter Kim
Pentesting Azure Applications
Description
No description available, please check the external site for more information.
Table of Contents
No table of contents available, please check the external site for more information.
Pentesting Azure Applications
The Definitive Guide to Testing and Securing Deployments
Released: 2018 Author(s): Matt Burrough
Kali Linux Revealed
Description
No description available, please check the external site for more information.
Table of Contents
No table of contents available, please check the external site for more information.
Kali Linux Revealed
Mastering the Penetration Testing Distribution
Released: 2017 Author(s): Raphael Hertzog, Jim O'Gorman
Advanced Penetration Testing
Description
No description available, please check the external site for more information.
Table of Contents
No table of contents available, please check the external site for more information.
Advanced Penetration Testing
Hacking the World's Most Secure Networks
Released: 2017 Author(s): Wil Allsopp
Game Hacking
Description
No description available, please check the external site for more information.
Table of Contents
No table of contents available, please check the external site for more information.
Game Hacking
Developing Autonomous Bots for Online Games
Released: 2016 Author(s): Nick Cano
Rtfm: Red Team Field Manual
Description
No description available, please check the external site for more information.
Table of Contents
No table of contents available, please check the external site for more information.
Rtfm: Red Team Field Manual
Released: 2014 Author(s): Ben Clark
Penetration Testing
Description
No description available, please check the external site for more information.
Table of Contents
No table of contents available, please check the external site for more information.
Penetration Testing
A Hands-On Introduction to Hacking
Released: 2014 Author(s): Georgia Weidman
Metasploit
Description
No description available, please check the external site for more information.
Table of Contents
No table of contents available, please check the external site for more information.
Metasploit
The Penetration Tester's Guide
Released: 2011 Author(s): David Kennedy, Jim O'Gorman, Devon Keams, Mati Aharoni
No description available, please check the external site for more information.
Table of Contents
No table of contents available, please check the external site for more information.
Black Hat Go
Go Programming for Hackers and Pentesters
Released: 2020 Author(s): Tom Steele, Chris Patten, Dan Kottmann
Modern C
Description
Modern C introduces you to modern day C programming, emphasizing the unique and new features of this powerful language. For new C coders, it starts with fundamentals like structure, grammar, compilation, and execution. From there, you’ll advance to control structures, data types, operators, and functions, as you gain a deeper understanding of what’s happening under the hood. In the final chapters, you’ll explore performance considerations, reentrancy, atomicity, threads, and type-generic programming. You’ll code as you go with concept-reinforcing exercises and skill-honing challenges along the way.
Table of Contents
Part 0. Encounter
Ch 1. Getting started
Ch 2. The principal structure of a program
Part 1. Acquaintance
Ch 3. Everything is about control
Ch 4. Expressing computations
Ch 5. Basic values and data
Ch 6. Derived data types
Ch 7. Functions
Ch 8. C library functions
Part 2. Cognition
Ch 9. Style
Ch 10. Organization and documentation
Ch 11. Pointers
Ch 12. The C memory model
Ch 13. Storage
Ch 14. More involved processing and IO
Part 3. Experience
Ch 15. Performance
Ch 16. Function-like macros
Ch 17. Variations in control flow
Ch 18. Threads
Ch 19. Atomic access and memory consistency
Modern C
Released: 2019 Author(s): Jens Gustedt
Gray Hat C#
Description
No description available, please check the external site for more information.
Table of Contents
No table of contents available, please check the external site for more information.
Gray Hat C#
A Hacker's Guide to Creating and Automating Security Tools
Released: 2017 Author(s): Brandon Perry
Black Hat Python
Description
No description available, please check the external site for more information.
Table of Contents
No table of contents available, please check the external site for more information.
Black Hat Python
Python Programming for Hackers and Pentesters
Released: 2014 Author(s): Justin Seitz
Threat Modeling
Description
No description available, please check the external site for more information.
Table of Contents
No table of contents available, please check the external site for more information.
Threat Modeling
Designing for Security
Released: 2014 Author(s): Adam Shostack
Violent Python
Description
No description available, please check the external site for more information.
Table of Contents
No table of contents available, please check the external site for more information.
Violent Python
A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers
Released: 2012 Author(s): TJ O'Connor
Hacker's Delight
Description
No description available, please check the external site for more information.
Table of Contents
No table of contents available, please check the external site for more information.
Hacker's Delight
Released: 2012 (2nd edition) Author(s): Henry S. Warren
Gray Hat Python
Description
No description available, please check the external site for more information.
Table of Contents
No table of contents available, please check the external site for more information.
Gray Hat Python
Python Programming for Hackers and Reverse Engineers
Released: 2009 Author(s): Justin Seitz
Assembly Language Step-by-step
Description
No description available, please check the external site for more information.
Table of Contents
No table of contents available, please check the external site for more information.
Assembly Language Step-by-step
Programming with Linux
Released: 2009 (3rd edition) Author(s): Jeff Duntemann
Surreptitious Software
Description
No description available, please check the external site for more information.
Table of Contents
No table of contents available, please check the external site for more information.
Surreptitious Software
Obfuscation, Watermarking, and Tamperproofing for Software Protection
Released: 2009 Author(s): Christian Collberg, Jasvir Nagra
ATL Internals: Working with ATL 8
Description
No description available, please check the external site for more information.
Table of Contents
No table of contents available, please check the external site for more information.
ATL Internals: Working with ATL 8
Released: 2006 (2nd edition) Author(s): Christopher Tavares, Kirk Fertitta, Brent E. Rector, Chris Sells
The result of more than a decade of research and development within the NSA, the Ghidra platform was developed to address some of the agency’s most challenging reverse-engineering problems. With the open-source release of this formerly restricted tool suite, one of the world’s most capable disassemblers and intuitive decompilers is now in the hands of cybersecurity defenders everywhere — and The Ghidra Book is the one and only guide you need to master it.
In addition to discussing RE techniques useful in analyzing software and malware of all kinds, the book thoroughly introduces Ghidra’s components, features, and unique capacity for group collaboration. You’ll learn how to:
Navigate a disassembly
Use Ghidra’s built-in decompiler to expedite analysis
Analyze obfuscated binaries
Extend Ghidra to recognize new data types
Build new Ghidra analyzers and loaders
Add support for new processors and instruction sets
Script Ghidra tasks to automate workflows
Set up and use a collaborative reverse engineering environment
Designed for beginner and advanced users alike, The Ghidra Book will effectively prepare you to meet the needs and challenges of RE, so you can analyze files like a pro.
Table of Contents
Chapter 1: Introduction to Disassembly
Chapter 2: Reversing and Disassembly Tools
Chapter 3: Meet Ghidra
Chapter 4: Getting Started with Ghidra
Chapter 5: Ghidra Data Displays
Chapter 6: Making Sense of a Ghidra Disassembly
Chapter 7: Disassembly Manipulation
Chapter 8: Data Types and Data Structures
Chapter 9: Cross-References
Chapter 10: Graphs
Chapter 11: Collaborative SRE with Ghidra
Chapter 12: Customizing Ghidra
Chapter 13: Extending Ghidra’s Worldview
Chapter 14: Basic Ghidra Scripting
Chapter 15: Eclipse and GhidraDev
Chapter 16: Ghidra in Headless Mode
Chapter 17: Ghidra Loaders
Chapter 18: Ghidra Processors
Chapter 19: The Ghidra Decompiler
Chapter 20: Compiler Variations
Chapter 21: Obfuscated Code Analysis
Chapter 22: Patching Binaries
Chapter 23: Binary Differencing and Version Tracking
The Ghidra Book
The Definitive Guide
Released: 2020 Author(s): Chris Eagle, Kara Nance
Rootkits and Bootkits
Description
No description available, please check the external site for more information.
Table of Contents
No table of contents available, please check the external site for more information.
Rootkits and Bootkits
Reversing Modern Malware and Next Generation Threats
Released: 2019 Author(s): Alex Matrosov, Eugene Rodionov, Sergey Bratus
Practical Binary Analysis
Description
No description available, please check the external site for more information.
Table of Contents
No table of contents available, please check the external site for more information.
Practical Binary Analysis
Build Your Own Linux Tools for Binary Instrumentation, Analysis, and Disassembly
Released: 2018 Author(s): Dennis Andriesse
Practical Reverse Engineering
Description
No description available, please check the external site for more information.
Table of Contents
No table of contents available, please check the external site for more information.
Practical Reverse Engineering
x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation
Released: 2014 Author(s): Bruce Dang, Alexandre Gazet, Elias Bachaalany, Sébastien Josse
Decompiling Java
Description
No description available, please check the external site for more information.
Table of Contents
No table of contents available, please check the external site for more information.
Decompiling Java
Released: 2014 Author(s): Godfrey Nolan
The IDA Pro Book
Description
No description available, please check the external site for more information.
Table of Contents
No table of contents available, please check the external site for more information.
The IDA Pro Book
The Unofficial Guide to the World's Most Popular Disassembler
Released: 2011 (2nd edition) Author(s): Chris Eagle
Hacker Disassembling Uncovered
Description
No description available, please check the external site for more information.
Table of Contents
No table of contents available, please check the external site for more information.