More information (External)

Description

Incident response is critical for the active defense of any network, and incident responders need up-to-date, immediately applicable techniques with which to engage the adversary. Applied Incident Response details effective ways to respond to advanced attacks against local and remote network resources, providing proven response techniques and a framework through which to apply them. As a starting point for new incident handlers, or as a technical reference for hardened IR veterans, this book details the latest techniques for responding to threats against your network, including:

• Preparing your environment for effective incident response
• Leveraging MITRE ATT&CK and threat intelligence for active network defense
• Local and remote triage of systems using PowerShell, WMIC, and open-source tools
• Acquiring RAM and disk images locally and remotely
• Analyzing RAM with Volatility and Rekall
• Deep-dive forensic analysis of system drives using open-source or commercial tools
• Leveraging Security Onion and Elastic Stack for network security monitoring
• Techniques for log analysis and aggregating high-value logs
• Static and dynamic analysis of malware with YARA rules, FLARE VM, and Cuckoo Sandbox
• Detecting and responding to lateral movement techniques, including pass-the-hash, pass-the-ticket, Kerberoasting, malicious use of PowerShell, and many more
• Effective threat hunting techniques
• Adversary emulation with Atomic Red Team
• Improving preventive and detective controls

Table of Contents

Part I Prepare 1
	Chapter 1 The Threat Landscape 3
		Attacker Motivations 3
		Intellectual Property Theft 4
		Supply Chain Attack 4
		Financial Fraud 4
		Extortion 5
		Espionage 5
		Power 5
		Hacktivism 6
		Revenge 6
		Attack Methods 6
		DoS and DDoS 7
		Worms 8
		Ransomware 8
		Phishing 9
		Spear Phishing 9
		Watering Hole Attacks 10
		Web Attacks 10
		Wireless Attacks 11
		Sniffing and MitM 11
		Crypto Mining 12
		Password Attacks 12
		Anatomy of an Attack 13
		Reconnaissance 13
		Exploitation 14
		Expansion/Entrenchment 15
		Exfiltration/Damage 16
		Clean Up 16
		The Modern Adversary 16
		Credentials, the Keys to the Kingdom 17
		Conclusion 20
	Chapter 2 Incident Readiness 21
		Preparing Your Process 21
		Preparing Your People 27
		Preparing Your Technology 30
		Ensuring Adequate Visibility 33
		Arming Your Responders 37
		Business Continuity and Disaster Recovery 38
		Deception Techniques 40
		Conclusion 43
Part II Respond 45
	Chapter 3 Remote Triage 47
		Finding Evil 48
		Rogue Connections 49
		Unusual Processes 52
		Unusual Ports 55
		Unusual Services 56
		Rogue Accounts 56
		Unusual Files 58
		Autostart Locations 59
		Guarding Your Credentials 61
		Understanding Interactive Logons 61
		Incident Handling Precautions 63
		RDP Restricted Admin Mode and Remote Credential Guard 64
		Conclusion 65
	Chapter 4 Remote Triage Tools 67
		Windows Management Instrumentation Command-Line Utility 67
		Understanding WMI and the WMIC Syntax 68
		Forensically Sound Approaches 71
		WMIC and WQL Elements 72
		Example WMIC Commands 79
		PowerShell 84
		Basic PowerShell Cmdlets 87
		PowerShell Remoting 91
		Accessing WMI/MI/CIM with PowerShell 95
		Incident Response Frameworks 98
		Conclusion 100
	Chapter 5 Acquiring Memory 103
		Order of Volatility 103
		Local Memory Collection 105
		Preparing Storage Media 107
		The Collection Process 109
		Remote Memory Collection 117
		WMIC for Remote Collection 119
		PowerShell Remoting for Remote Collection 122
		Agents for Remote Collection 125
		Live Memory Analysis 128
		Local Live Memory Analysis 129
		Remote Live Memory Analysis 129
		Conclusion 131
	Chapter 6 Disk Imaging 133
		Protecting the Integrity of Evidence 133
		Dead-Box Imaging 137
		Using a Hardware Write Blocker 139
		Using a Bootable Linux Distribution 143
		Live Imaging 149
		Live Imaging Locally 149
		Collecting a Live Image Remotely 154
		Imaging Virtual Machines 155
		Conclusion 160
	Chapter 7 Network Security Monitoring 161
		Security Onion 161
		Architecture 162
		Tools 165
		Snort, Sguil, and Squert 166
		Zeek (Formerly Bro) 172
		Elastic Stack 182
		Text-Based Log Analysis 194
		Conclusion 197
	Chapter 8 Event Log Analysis 199
		Understanding Event Logs 199
		Account-Related Events 207
		Object Access 218
		Auditing System Configuration Changes 221
		Process Auditing 224
		Auditing PowerShell Use 229
		Using PowerShell to Query Event Logs 231
		Conclusion 233
	Chapter 9 Memory Analysis 235
		The Importance of Baselines 236
		Sources of Memory Data 242
		Using Volatility and Rekall 244
		Examining Processes 249
		The pslist Plug-in 249
		The pstree Plug-in 252
		The dlllist Plug-in 255
		The psxview Plug-in 256
		The handles Plug-in 256
		The malfi nd Plug-in 257
		Examining Windows Services 259
		Examining Network Activity 261
		Detecting Anomalies 264
		Practice Makes Perfect 273
		Conclusion 274
	Chapter 10 Malware Analysis 277
		Online Analysis Services 277
		Static Analysis 280
		Dynamic Analysis 286
		Manual Dynamic Analysis 287
		Automated Malware Analysis 299
		Evading Sandbox Detection 305
		Reverse Engineering 306
		Conclusion 309
	Chapter 11 Disk Forensics 311
		Forensics Tools 312
		Time Stamp Analysis 314
		Link Files and Jump Lists 319
		Prefetch 321
		System Resource Usage Monitor 322
		Registry Analysis 324
		Browser Activity 333
		USN Journal 337
		Volume Shadow Copies 338
		Automated Triage 340
		Linux/UNIX System Artifacts 342
		Conclusion 344
	Chapter 12 Lateral Movement Analysis 345
		Server Message Block 345
		Pass-the-Hash Attacks 351
		Kerberos Attacks 353
		Pass-the-Ticket and Overpass-the-Hash Attacks 354
		Golden and Silver Tickets 361
		Kerberoasting 363
		PsExec 365
		Scheduled Tasks 368
		Service Controller 369
		Remote Desktop Protocol 370
		Windows Management Instrumentation 372
		Windows Remote Management 373
		PowerShell Remoting 374
		SSH Tunnels and Other Pivots 376
		Conclusion 378
Part III Refine 379
	Chapter 13 Continuous Improvement 381
		Document, Document, Document 381
		Validating Mitigation Efforts 383
		Building On Your Successes, and Learning from Your Mistakes 384
		Improving Your Defenses 388
		Privileged Accounts 389
		Execution Controls 392
		PowerShell 394
		Segmentation and Isolation 396
		Conclusion 397
	Chapter 14 Proactive Activities 399
		Threat Hunting 399
		Adversary Emulation 409
		Atomic Red Team 410
		Caldera 415
		Conclusion 416
Index 419

More information (External)

Description

The foundational guide for using deception against computer network adversaries.

When an attacker breaks into your network, you have a home-field advantage. But how do you use it?

Intrusion Detection Honeypots is the foundational guide to building, deploying, and monitoring honeypots -- security resources whose value lies in being probed and attacked. These fake systems, services, and tokens lure attackers in, enticing them to interact. Unbeknownst to the attacker, those interactions generate logs that alert you to their presence and educate you about their tradecraft. Intrusion Detection Honeypots teaches you how to: - Use the See-Think-Do framework to integrate honeypots into your network and lure attackers into your traps.

• Leverage honey services that mimic HTTP, SSH, and RDP.
• Hide honey tokens amongst legitimate documents, files, and folders.
• Entice attackers to use fake credentials that give them away.
• Create honey commands, honey tables, honey broadcasts, and other unique detection tools that leverage deception.
• Monitor honeypots for interaction and investigate the logs they generate.

With the techniques in this book, you can safely use honeypots inside your network to detect adversaries before they accomplish their goals.

Table of Contents

Chapter 1: A Brief History of Honeypots
Chapter 2: Defining and Classifying Honeypots
Chapter 3: Planning Honeypot-Based Detection
Chapter 4: Logging and Monitoring
Chapter 5: Building Your First Honeypot from Scratch
Chapter 6: Honey Services
Chapter 7: Honey Tokens
Chapter 8: Honey Credentials
Chapter 9: Unconventional Honeypots

More information (External)

Description

BTHb:SOCTH provides the security practitioner with numerous field notes on building a security operations team, managing SIEM, and mining data sources to get the maximum amount of information out of them with a threat hunting approach. The author shares his fifteen years of experience with SIEMs and security operations is a no frills, just information format.

Don Murdoch has implemented five major platforms, integrated over one hundred data sources into various platforms, and ran an MSSP practice for two years. This book covers the topics below using a “zero fluff” approach as if you hired him as a security consultant and were sitting across the table with him (or her).

The book begins with a discussion for professionals to help them build a successful business case and a project plan, decide on SOC tier models, anticipate and answer tough questions you need to consider when proposing a SOC, and considerations in building a logging infrastructure. The book goes through numerous data sources that feed a SOC and SIEM and provides specific real world guidance on how to use those data sources to best possible effect. Most of the examples presented were implemented in one organization or another. These uses cases explain on what to monitor, how to use a SIEM and how to use the data coming into the platform, both questions that Don found is often answered poorly by many vendors.

Several business concepts are also introduced, because they are often overlooked by IT: value chain, PESTL, and SWOT. Major sections include: An inventory of Security Operations Center (SOC) Services. Metrics, with a focus on objective measurements for the SOC, for analysts, and for SIEM's. SOC staff onboarding, training topics, and desirable skills. Along these lines, there is a chapter on a day in the life of a SOC analyst. Maturity analysis for the SOC and the log management program. Applying a Threat Hunt mindset to the SOC. A full use case template that was used within two major Fortune 500 companies, and is in active use by one major SIEM vendor, along with a complete example of how to build a SOC and SIEM focused use case. You can see the corresponding discussion of this chapter on YouTube. Just search for the 2017 Security Onion conference for the presentation. Critical topics in deploying SIEM based on experience deploying five different technical platforms for nineteen different organizations in education, nonprofit, and commercial enterprises from 160 to 30,000 personnel. Understanding why SIEM deployments fail with actionable compensators. Real life experiences getting data into SIEM platforms and the considerations for the many different ways to provide data. Issues relating to time, time management, and time zones.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

Blue Team Field Manual (BTFM) is a Cyber Security Incident Response Guide that aligns with the NIST Cybersecurity Framework consisting of the five core functions of Identify, Protect, Detect, Respond, and Recover by providing the tactical steps to follow and commands to use when preparing for, working through and recovering from a Cyber Security Incident.

Table of Contents

0 preparation (documentation review)  8
	key documents  9
	review  9
1 identify (scope)  10
	scanning and vulnerabilities  11
		nmap  .' . 11
		nessus  11
		openvas . 12
	windows . 14
		network discovery . 14
		dhcp  14
		dns  14
		hashing  ls
		netbios . 16
		user activity . 16
		passwords  17
		microsoft baseline security analyzer (mbsa) . 17
		active directory inventory  17
	linux . 20
		network discovery . 20
		dhcp  20
		dns  21
		hashing  21
		netbios . 21
		passwords  21
2 protect (defend)  22
	windows . 23
		disable/stop services  23
		host system firewalls  23
		passwords  25
		host file . 25
		whitelist . 26
		application restrictions . 26
		ipsec  30
		active directory (ad) -group policy object (gpo)  31
		stand alone system -without active directory {ad)  32
	linux . 36
		disable/stop services  36
		host system firewalls  37
		passwords  39
		host file . 39
		whitelist . 39
		ipsec  40
3 detect {visibility} . 44
	network monitoring . 45
		tcpdump  45
		tshark  48
		snort  so
	network capture (pcap) tools . 51
		editcap . 51
		mergecap  51
	honey techniques . 52
		windows . 52
		linux . 53
		netcat  54
		passive dns monitoring . 55
	log auditing . 56
	windows . 56
	linux . 63
4 respond (analysis)  66
	live triage-windows . 67
		system information . 67
		user information  67
		network information . 68
		service information . 68
		policy, patch and settings information  69
		autorun and auto load information  69
		logs  75
		files, drives and shares information . 76
	live triage- linux . 79
		system information . 79
		user information  79
		network information . 80
		service information . 80
		policy, patch and settings information  81
		logs  82
		files, drives and shares information . 82
	malware analysis . 85
		static analysis basics  85
	identify malware  88
		process explorer . 88
	file hash analysis  90
		hash query  90
	hard drive and memory acquisition  91
		windows . 91
		linux . 91
5 recover (remediate)  94
	patching  95
		windows . 95
		linux . 95
	backup . 97
		windows . 97
		linux . 100
	kill malware process . 101
		windows . 101
		linux . 101
6 tactics (tips & tricks)  102
	os cheats . 103
		windows . 103
		linux . 105
	decoding . 107
		hex conversion  107
	snort  109
		snort rules . 109
	dos/ddos . 112
		fingerprint dos/ddos . 112
	tool suites  115
		prebuilt iso, virtual machine and distributions . 115
7 incident management (checklist)  118
	incident response checklist  119
		identification tasks  119
		containment tasks . 121
		remediation tasks . 122
		other / lessons learned tasks  124
		malware attributes checklist . 125
8 security incident identification (schema)  128
	vocabulary for events recording and incident sharing (veris)  129
		general  129
		actor  131
		action  132
		asset . 135
		attribute . 136
		course of action . 137
	kill chain mapping  138
		gather data for mapping kill chain  138
	prioritized defended asset list (pdal) . 139
		gather data and prioritize assets to defend  139
10 index (a-z)  142 

More information (External)

Description

Network security is not simply about building impenetrable walls—determined attackers will eventually overcome traditional defenses. The most effective computer security strategies integrate network security monitoring (NSM): the collection and analysis of data to help you detect and respond to intrusions.

In The Practice of Network Security Monitoring, Mandiant CSO Richard Bejtlich shows you how to use NSM to add a robust layer of protection around your networks—no prior experience required. To help you avoid costly and inflexible solutions, he teaches you how to deploy, build, and run an NSM operation using open source software and vendor-neutral tools.

You'll learn how to:
–Determine where to deploy NSM platforms, and size them for the monitored networks
–Deploy stand-alone or distributed NSM installations
–Use command line and graphical packet analysis tools, and NSM consoles
–Interpret network evidence from server-side and client-side intrusions
–Integrate threat intelligence into NSM software to identify sophisticated adversaries

There’s no foolproof way to keep attackers out of your network. But when they get in, you’ll be prepared. The Practice of Network Security Monitoring will show you how to build a security net to detect, contain, and control them. Attacks are inevitable, but losing sensitive data shouldn't be.

Table of Contents

Part I: Getting Started
	Chapter 1: Network Security Monitoring Rationale
	Chapter 2: Collecting Network Traffic: Access, Storage, and Management
Part II: Security Onion Deployment
	Chapter 3: Stand-alone NSM Deployment and Installation
	Chapter 4: Distributed Deployment
	Chapter 5: SO Platform Housekeeping
Part III: Tools
	Chapter 6: Command Line Packet Analysis Tools
	Chapter 7: Graphical Packet Analysis Tools
	Chapter 8: NSM Consoles
Part IV: NSM in Action
	Chapter 9: NSM Operations
	Chapter 10: Server-side Compromise
	Chapter 11: Client-side Compromise
	Chapter 12: Extending SO
	Chapter 13: Proxies and Checksums
Conclusion

More information (External)

Description

Applied Network Security Monitoring is the essential guide to becoming an NSM analyst from the ground up. This book takes a fundamental approach to NSM, complete with dozens of real-world examples that teach you the key concepts of NSM.

Network security monitoring is based on the principle that prevention eventually fails. In the current threat landscape, no matter how much you try, motivated attackers will eventually find their way into your network. At that point, it is your ability to detect and respond to that intrusion that can be the difference between a small incident and a major disaster.

The book follows the three stages of the NSM cycle: collection, detection, and analysis. As you progress through each section, you will have access to insights from seasoned NSM professionals while being introduced to relevant, practical scenarios complete with sample data.

If you've never performed NSM analysis, Applied Network Security Monitoring will give you an adequate grasp on the core concepts needed to become an effective analyst. If you are already a practicing analyst, this book will allow you to grow your analytic technique to make you more effective at your job.

Table of Contents

Chapter 1. The Practice of Applied Network Security Monitoring
	Abstract
	Key NSM Terms
	Intrusion Detection
	Network Security Monitoring
	Vulnerability-Centric vs. Threat-Centric Defense
	The NSM Cycle: Collection, Detection, and Analysis
	Challenges to NSM
	Defining the Analyst
	Security Onion
	Conclusion
Section 1: Collection
Chapter 2. Planning Data Collection
	Abstract
	The Applied Collection Framework (ACF)
	Case Scenario: Online Retailer
	Conclusion
Chapter 3. The Sensor Platform
	Abstract
	NSM Data Types
	Sensor Type
	Sensor Hardware
	Sensor Operating System
	Sensor Placement
	Securing the Sensor
	Conclusion
Chapter 4. Session Data
	Abstract
	Flow Records
	Collecting Session Data
	Collecting and Analyzing Flow Data with SiLK
	Collecting and Analyzing Flow Data with Argus
	Session Data Storage Considerations
	Conclusion
Chapter 5. Full Packet Capture Data
	Abstract
	Dumpcap
	Daemonlogger
	Netsniff-NG
	Choosing the Right FPC Collection Tool
	Planning for FPC Collection
	Decreasing the FPC Data Storage Burden
	Managing FPC Data Retention
	Conclusion
Chapter 6. Packet String Data
	Abstract
	Defining Packet String Data
	PSTR Data Collection
	Viewing PSTR Data
	Conclusion
Section 2: Detection
Chapter 7. Detection Mechanisms, Indicators of Compromise, and Signatures
	Abstract
	Detection Mechanisms
	Indicators of Compromise and Signatures
	Managing Indicators and Signatures
	Indicator and Signature Frameworks
	Conclusion
Chapter 8. Reputation-Based Detection
	Abstract
	Public Reputation Lists
	Automating Reputation-Based Detection
	Conclusion
Chapter 9. Signature-Based Detection with Snort and Suricata
	Abstract
	Snort
	Suricata
	Changing IDS Engines in Security Onion
	Initializing Snort and Suricata for Intrusion Detection
	Configuring Snort and Suricata
	IDS Rules
	Viewing Snort and Suricata Alerts
	Conclusion
Chapter 10. The Bro Platform
	Abstract
	Basic Bro Concepts
	Running Bro
	Bro Logs
	Creating Custom Detection Tools with Bro
	Conclusion
Chapter 11. Anomaly-Based Detection with Statistical Data
	Abstract
	Top Talkers with SiLK
	Service Discovery with SiLK
	Furthering Detection with Statistics
	Visualizing Statistics with Gnuplot
	Visualizing Statistics with Google Charts
	Visualizing Statistics with Afterglow
	Conclusion
Chapter 12. Using Canary Honeypots for Detection
	Abstract
	Canary Honeypots
	Types of Honeypots
	Canary Honeypot Architecture
	Honeypot Platforms
	Conclusion
Section 3: Analysis
Chapter 13. Packet Analysis
	Abstract
	Enter the Packet
	Packet Math
	Dissecting Packets
	Tcpdump for NSM Analysis
	TShark for Packet Analysis
	Wireshark for NSM Analysis
	Packet Filtering
	Conclusion
Chapter 14. Friendly and Threat Intelligence
	Abstract
	The Intelligence Cycle for NSM
	Generating Friendly Intelligence
	Generating Threat Intelligence
	Conclusion
Chapter 15. The Analysis Process
	Abstract
	Analysis Methods
	Analysis Best Practices
	Incident Morbidity and Mortality
	Conclusion
Appendix 1. Security Onion Control Scripts
	High Level Commands
	Server Control Commands
	Sensor Control Commands
Appendix 2. Important Security Onion Files and Directories
	Application Directories and Configuration Files
	Sensor Data Directories
Appendix 3. Packet Headers
Appendix 4. Decimal / Hex / ASCII Conversion Chart
Index

More information (External)

Description

Will your organization be protected the day a quantum computer breaks encryption on the internet?

Computer encryption is vital for protecting users, data, and infrastructure in the digital age. Using traditional computing, even common desktop encryption could take decades for specialized ‘crackers’ to break and government and infrastructure-grade encryption would take billions of times longer. In light of these facts, it may seem that today’s computer cryptography is a rock-solid way to safeguard everything from online passwords to the backbone of the entire internet. Unfortunately, many current cryptographic methods will soon be obsolete. In 2016, the National Institute of Standards and Technology (NIST) predicted that quantum computers will soon be able to break the most popular forms of public key cryptography. The encryption technologies we rely on every day—HTTPS, TLS, WiFi protection, VPNs, cryptocurrencies, PKI, digital certificates, smartcards, and most two-factor authentication—will be virtually useless. . . unless you prepare. 

Cryptography Apocalypse is a crucial resource for every IT and InfoSec professional for preparing for the coming quantum-computing revolution. Post-quantum crypto algorithms are already a reality, but implementation will take significant time and computing power. This practical guide helps IT leaders and implementers make the appropriate decisions today to meet the challenges of tomorrow. This important book:

• Gives a simple quantum mechanics primer
• Explains how quantum computing will break current cryptography
• Offers practical advice for preparing for a post-quantum world
• Presents the latest information on new cryptographic methods
• Describes the appropriate steps leaders must take to implement existing solutions to guard against quantum-computer security threats 

Cryptography Apocalypse: Preparing for the Day When Quantum Computing Breaks Today's Crypto is a must-have guide for anyone in the InfoSec world who needs to know if their security is ready for the day crypto break and how to fix it.

Table of Contents

I Quantum Computing Primer 1
1 Introduction to Quantum Mechanics 3
	What is Quantum Mechanics? 3
	Quantum is Counterintuitive 4
	Quantum Mechanics is Real 5
	The Basic Properties of Quantum Mechanics 8
	Photons and Quantum Mechanics 8
	Photoelectric Effect 9
	Wave-Particle Duality 10
	Probability Principle 14
	Uncertainty Principle 17
	Spin States and Charges 20
	Quantum Tunneling 20
	Superposition 21
	Observer Effect 22
	No-Cloning Theorem 24
	Spooky Entanglement 24
	Decoherence 25
	Quantum Examples in Our World Today 27
	For Additional Information 28
	Summary 29
2 Introduction to Quantum Computers 31
	How are Quantum Computers Different? 31
	Traditional Computers Use Bits 31
	Quantum Computers Use Qubits 33
	Quantum Computers are Not Ready for Prime Time Yet 37
	Quantum Will Reign Supreme Soon 38
	Quantum Computers Improve Qubits Using Error Correction 39
	Types of Quantum Computers 44
	Superconducting Quantum Computers 44
	Quantum Annealing Computers 45
	Universal Quantum Computers 47
	Topological Quantum Computers 49
	Microsoft Majorana Fermion Computers 50
	Ion Trap Quantum Computers 51
	Quantum Computers in the Cloud 53
	Non-U.S. Quantum Computers 53
	Components of a Quantum Computer 54
	Quantum Software 55
	Quantum Stack 55
	Quantum National Guidance 56
	National Policy Guidance 56
	Money Grants and Investments 56
	Other Quantum Information Science Besides Computers 57
	For More Information 58
	Summary 58
3 How Can Quantum Computing Break Today’s Cryptography? 59
	Cryptography Basics 59
	Encryption 59
	Integrity Hashing 72
	Cryptographic Uses 73
	How Quantum Computers Can Break Cryptography 74
	Cutting Time 74
	Quantum Algorithms 76
	What Quantum Can and Can’t Break 79
	Still Theoretical 82
	Summary 83
4 When Will the Quantum Crypto Break Happen? 85
	It Was Always “10 Years from Now” 85
	Quantum Crypto Break Factors 86
	Is Quantum Mechanics Real? 86
	Are Quantum Computers Real? 87
	Is Superposition Real? 87
	Is Peter Shor’s Algorithm Real? 88
	Do We Have Enough Stable Qubits? 88
	Quantum Resources and Competition 89
	Do We Have Steady Improvement? 89
	Expert Opinions 90
	When the Quantum Cyber Break Will Happen 90
	Timing Scenarios 90
	When Should You Prepare? 93
	Breakout Scenarios 95
	Stays in the Realm of Nation-States for a Long Time 95
	Used by Biggest Companies 97
	Mass Proliferation 97
	Most Likely Breakout Scenario 97
	Summary 98
5 What Will a Post-Quantum World Look Like? 99
	Broken Applications 99
	Weakened Hashes and Symmetric Ciphers 100
	Broken Asymmetric Ciphers 103
	Weakened and Broken Random Number Generators 103
	Weakened or Broken Dependent Applications 104
	Quantum Computing 114
	Quantum Computers 114
	Quantum Processors 115
	Quantum Clouds 115
	Quantum Cryptography Will Be Used 116
	Quantum Perfect Privacy 116
	Quantum Networking Arrives 117
	Quantum Applications 117
	Better Chemicals and Medicines 118
	Better Batteries 118
	True Artificial Intelligence 119
	Supply Chain Management 120
	Quantum Finance 120
	Improved Risk Management 120
	Quantum Marketing 120
	Better Weather Prediction 121
	Quantum Money 121
	Quantum Simulation 122
	More Precise Military and Weapons 122
	Quantum Teleportation 122
	Summary 126
	II Preparing for the Quantum Break 127
6 Quantum-Resistant Cryptography 129
	NIST Post-Quantum Contest 129
	NIST Security Strength Classifications 132
	PKE vs. KEM 133
	Formal Indistinguishability Assurances 134
	Key and Ciphertext Sizes 135
	Types of Post-Quantum Algorithms 136
	Code-Based Cryptography 136
	Hash-Based Cryptography 137
	Lattice-Based Cryptography 138
	Multivariate Cryptography 140
	Supersingular Elliptic Curve Isogeny Cryptography 140
	Zero-Knowledge Proof 141
	Symmetric Key Quantum Resistance 142
	Quantum-Resistant Asymmetric Encryption Ciphers 143
	BIKE 145
	Classic McEliece 145
	CRYSTALS-Kyber 146
	FrodoKEM 146
	HQC 147
	LAC 148
	LEDAcrypt 148
	NewHope 149
	NTRU 149
	NTRU Prime 150
	NTS-KEM 150
	ROLLO 151
	Round5 151
	RQC 151
	SABER 152
	SIKE 152
	ThreeBears 153
	General Observations on PKE and KEM Key and Ciphertext Sizes 155
	Quantum-Resistant Digital Signatures 156
	CRYSTALS-Dilithium 156
	FALCON 157
	GeMSS 158
	LUOV 158
	MQDSS 159
	Picnic 159
	qTESLA 160
	Rainbow 160
	SPHINCS+ 161
	General Observations on Signature Key and Sizes 162
	Caution Advised 164
	A Lack of Standards 164
	Performance Concerns 165
	Lack of Verified Protection 165
	For Additional Information 166
	Summary 166
7 Quantum Cryptography 167
	Quantum RNGs 168
	Random is Not Always Random 168
	Why is True Randomness So Important? 170
	Quantum-Based RNGs 172
	Quantum Hashes and Signatures 177
	Quantum Hashes 177
	Quantum Digital Signatures 178
	Quantum Encryption Ciphers 180
	Quantum Key Distribution 181
	Summary 188
8 Quantum Networking 189
	Quantum Network Components 189
	Transmission Media 189
	Distance vs. Speed 191
	Point-to-Point 192
	Trusted Repeaters 193
	True Quantum Repeaters 194
	Quantum Network Protocols 196
	Quantum Network Applications 199
	More Secure Networks 199
	Quantum Computing Cloud 200
	Better Time Syncing 200
	Prevent Jamming 201
	Quantum Internet 202
	Other Quantum Networks 203
	For More Information 204
	Summary 204
9 Preparing Now 207
	Four Major Post-Quantum Mitigation Phases 207
	Stage 1: Strengthen Current Solutions 207
	Stage 2: Move to Quantum-Resistant Solutions 211
	Stage 3: Implement Quantum-Hybrid Solutions 213
	Stage 4: Implement Fully Quantum Solutions 214
	The Six Major Post-Quantum Mitigation Project Steps 214
	Step 1: Educate 215
	Step 2: Create a Plan 220
	Step 3: Collect Data 225
	Step 4: Analyze 226
	Step 5: Take Action/Remediate 228
	Step 6: Review and Improve 230
	Summary 230
Appendix: Additional Quantum Resources 231
Index 239

More information (External)

Description

This practical guide to modern encryption breaks down the fundamental mathematical concepts at the heart of cryptography without shying away from meaty discussions of how they work. You’ll learn about authenticated encryption, secure randomness, hash functions, block ciphers, and public-key techniques such as RSA and elliptic curve cryptography.

You'll also learn:

• Key concepts in cryptography, such as computational security, attacker models, and forward secrecy
• The strengths and limitations of the TLS protocol behind HTTPS secure websites
• Quantum computation and post-quantum cryptography
• About various vulnerabilities by examining numerous code examples and use cases
• How to choose the best algorithm or protocol and ask vendors the right questions

Each chapter includes a discussion of common implementation mistakes using real-world examples and details what could go wrong and how to avoid these pitfalls.

Whether you’re a seasoned practitioner or a beginner looking to dive into the field, Serious Cryptography will provide a complete survey of modern encryption and its applications.

Table of Contents

Chapter 1: Encryption
Chapter 2: Randomness
Chapter 3: Cryptographic Security
Chapter 4: Block Ciphers
Chapter 5: Stream Ciphers
Chapter 6: Hash Functions
Chapter 7: Keyed Hashing
Chapter 8: Authenticated Encryption
Chapter 9: Hard Problems
Chapter 10: RSA
Chapter 11: Diffie-Hellman
Chapter 12: Elliptic Curves
Chapter 13: TLS
Chapter 14: Quantum and Post-Quantum

More information (External)

Description

Bulletproof SSL and TLS is a complete guide to using SSL and TLS encryption to deploy secure servers and web applications. Written by Ivan Ristic, the author of the popular SSL Labs web site, this book will teach you everything you need to know to protect your systems from eavesdropping and impersonation attacks.

In this book, you'll find just the right mix of theory, protocol detail, vulnerability and weakness information, and deployment advice to get your job done:

• Comprehensive coverage of the ever-changing field of SSL/TLS and Internet PKI, with updates to the digital version
• For IT security professionals, help to understand the risks
• For system administrators, help to deploy systems securely
• For developers, help to design and implement secure web applications
• Practical and concise, with added depth when details are relevant
• Introduction to cryptography and the latest TLS protocol version
• Discussion of weaknesses at every level, covering implementation issues, HTTP and browser problems, and protocol vulnerabilities
• Coverage of the latest attacks, such as BEAST, CRIME, BREACH, Lucky 13, RC4 biases, Triple Handshake Attack, and Heartbleed
• Thorough deployment advice, including advanced technologies, such as Strict Transport Security, Content Security Policy, and pinning
• Guide to using OpenSSL to generate keys and certificates and to create and run a private certification authority
• Guide to using OpenSSL to test servers for vulnerabilities
• Practical advice for secure server configuration using Apache httpd, IIS, Java, Nginx, Microsoft Windows, and Tomcat

Table of Contents

Part I: SSL/TLS and PKI
1. SSL, TLS, and Cryptography
2. Protocol
3. Public Key Infrastructure
4. Attacks against PKI
5. HTTP and Browser Issues
6. Implementation Issues
7. Protocol Attacks

Part II: Deployment and Development
8. Deployment
9. Performance Optimization
10. HSTS, CSP and Pinning

Part III: Practical Configuration
11. OpenSSL Cookbook
12. Testing with OpenSSL
13. Configuring Apache
14. Configuring Java and Tomcat
15. Configuring Microsoft Windows and IIS
16. Configuring Nginx

More information (External)

Description

Cryptography is ubiquitous and plays a key role in ensuring data secrecy and integrity as well as in securing computer systems more broadly. Introduction to Modern Cryptography provides a rigorous yet accessible treatment of this fascinating subject.

The authors introduce the core principles of modern cryptography, with an emphasis on formal definitions, clear assumptions, and rigorous proofs of security. The book begins by focusing on private-key cryptography, including an extensive treatment of private-key encryption, message authentication codes, and hash functions. The authors also present design principles for widely used stream ciphers and block ciphers including RC4, DES, and AES, plus provide provable constructions of stream ciphers and block ciphers from lower-level primitives. The second half of the book covers public-key cryptography, beginning with a self-contained introduction to the number theory needed to understand the RSA, Diffie-Hellman, and El Gamal cryptosystems (and others), followed by a thorough treatment of several standardized public-key encryption and digital signature schemes.

Integrating a more practical perspective without sacrificing rigor, this widely anticipated Second Edition offers improved treatment of:

• Stream ciphers and block ciphers, including modes of operation and design principles
• Authenticated encryption and secure communication sessions
• Hash functions, including hash-function applications and design principles
• Attacks on poorly implemented cryptography, including attacks on chained-CBC encryption, padding-oracle attacks, and timing attacks
• The random-oracle model and its application to several standardized, widely used public-key encryption and signature schemes
• Elliptic-curve cryptography and associated standards such as DSA/ECDSA and DHIES/ECIES

Containing updated exercises and worked examples, Introduction to Modern Cryptography, Second Edition can serve as a textbook for undergraduate- or graduate-level courses in cryptography, a valuable reference for researchers and practitioners, or a general introduction suitable for self-study.

Table of Contents

I Introduction and Classical Cryptography
1 Introduction 3
2 Perfectly Secret Encryption 25
3 Private-Key Encryption 43
4 Message Authentication Codes 107
5 Hash Functions and Applications 153
6 Practical Constructions of Symmetric-Key Primitives 193
7 Theoretical Constructions of Symmetric-Key Primitives 241
8 Number Theory and Cryptographic Hardness Assumptions 285
9 Algorithms for Factoring and Computing Discrete Logarithms 341
10 Key Management and the Public-Key Revolution 359
11 Public-Key Encryption 375
12 Digital Signature Schemes 439
13 Advanced Topics in Public-Key Encryption 487

More information (External)

Description

The only book to provide a unified view of the interplay between computational number theory and cryptography

Computational number theory and modern cryptography are two of the most important and fundamental research fields in information security. In this book, Song Y. Yang combines knowledge of these two critical fields, providing a unified view of the relationships between computational number theory and cryptography. The author takes an innovative approach, presenting mathematical ideas first, thereupon treating cryptography as an immediate application of the mathematical concepts. The book also presents topics from number theory, which are relevant for applications in public-key cryptography, as well as modern topics, such as coding and lattice based cryptography for post-quantum cryptography. The author further covers the current research and applications for common cryptographic algorithms, describing the mathematical problems behind these applications in a manner accessible to computer scientists and engineers.

• Makes mathematical problems accessible to computer scientists and engineers by showing their immediate application
• Presents topics from number theory relevant for public-key cryptography applications
• Covers modern topics such as coding and lattice based cryptography for post-quantum cryptography
• Starts with the basics, then goes into applications and areas of active research
• Geared at a global audience; classroom tested in North America, Europe, and Asia
• Incudes exercises in every chapter
• Instructor resources available on the book’s Companion Website

Computational Number Theory and Modern Cryptography is ideal for graduate and advanced undergraduate students in computer science, communications engineering, cryptography and mathematics. Computer scientists, practicing cryptographers, and other professionals involved in various security schemes will also find this book to be a helpful reference.

Table of Contents

Part I Preliminaries
1 Introduction 3
	1.1 What is Number Theory? 3
	1.2 What is Computation Theory? 9
	1.3 What is Computational Number Theory? 15
	1.4 What is Modern Cryptography? 29
	1.5 Bibliographic Notes and Further Reading 32
	References 32
2 Fundamentals 35
	2.1 Basic Algebraic Structures 35
	2.2 Divisibility Theory 46
	2.3 Arithmetic Functions 75
	2.4 Congruence Theory 89
	2.5 Primitive Roots 131
	2.6 Elliptic Curves 141
	2.7 Bibliographic Notes and Further Reading 154
	References 155

Part II Computational Number Theory
3 Primality Testing 159
	3.1 Basic Tests 159
	3.2 Miller–Rabin Test 168
	3.3 Elliptic Curve Tests 173
	3.4 AKS Test 178
	3.5 Bibliographic Notes and Further Reading 187
	References 188
4 Integer Factorization 191
	4.1 Basic Concepts 191
	4.2 Trial Divisions Factoring 194
	4.3 ρ and p − 1 Methods 198
	4.4 Elliptic Curve Method 205
	4.5 Continued Fraction Method 209
	4.6 Quadratic Sieve 214
	4.7 Number Field Sieve 219
	4.8 Bibliographic Notes and Further Reading 231
	References 232
5 Discrete Logarithms 235
	5.1 Basic Concepts 235
	5.2 Baby-Step Giant-Step Method 237
	5.3 Pohlig–Hellman Method 240
	5.4 Index Calculus 246
	5.5 Elliptic Curve Discrete Logarithms 251
	5.6 Bibliographic Notes and Further Reading 260
	References 261

Part III Modern Cryptography
6 Secret-Key Cryptography 265
	6.1 Cryptography and Cryptanalysis 265
	6.2 Classic Secret-Key Cryptography 277
	6.3 Modern Secret-Key Cryptography 285
	6.4 Bibliographic Notes and Further Reading 291
	References 291
7 Integer Factorization Based Cryptography 293
	7.1 RSA Cryptography 293
	7.2 Cryptanalysis of RSA 302
	7.3 Rabin Cryptography 319
	7.4 Residuosity Based Cryptography 326
	7.5 Zero-Knowledge Proof 331
	7.6 Bibliographic Notes and Further Reading 335
	References 335
8 Discrete Logarithm Based Cryptography 337
	8.1 Diffie–Hellman–Merkle Key-Exchange Protocol 337
	8.2 ElGamal Cryptography 342
	8.3 Massey–Omura Cryptography 344
	8.4 DLP-Based Digital Signatures 348
	8.5 Bibliographic Notes and Further Reading 351
	References 351
9 Elliptic Curve Discrete Logarithm Based Cryptography 353
	9.1 Basic Ideas 353
	9.2 Elliptic Curve Diffie–Hellman–Merkle Key Exchange Scheme 356
	9.3 Elliptic Curve Massey–Omura Cryptography 360
	9.4 Elliptic Curve ElGamal Cryptography 365
	9.5 Elliptic Curve RSA Cryptosystem 370
	9.6 Menezes–Vanstone Elliptic Curve Cryptography 371
	9.7 Elliptic Curve DSA 373
	9.8 Bibliographic Notes and Further Reading 374
	References 375

Part IV Quantum Resistant Cryptography
10 Quantum Computational Number Theory 379
	10.1 Quantum Algorithms for Order Finding 379
	10.2 Quantum Algorithms for Integer Factorization 385
	10.3 Quantum Algorithms for Discrete Logarithms 390
	10.4 Quantum Algorithms for Elliptic Curve Discrete Logarithms 393
	10.5 Bibliographic Notes and Further Reading 397
	References 397
11 Quantum Resistant Cryptography 401
	11.1 Coding-Based Cryptography 401
	11.2 Lattice-Based Cryptography 403
	11.3 Quantum Cryptography 404
	11.4 DNA Biological Cryptography 406
	11.5 Bibliographic Notes and Further Reading 409

More information (External)

Description

The ultimate guide to cryptography, updated from an author team of the world's top cryptography experts.

Cryptography is vital to keeping information safe, in an era when the formula to do so becomes more and more challenging. Written by a team of world-renowned cryptography experts, this essential guide is the definitive introduction to all major areas of cryptography: message security, key negotiation, and key management. You'll learn how to think like a cryptographer. You'll discover techniques for building cryptography into products from the start and you'll examine the many technical changes in the field.

After a basic overview of cryptography and what it means today, this indispensable resource covers such topics as block ciphers, block modes, hash functions, encryption modes, message authentication codes, implementation issues, negotiation protocols, and more. Helpful examples and hands-on exercises enhance your understanding of the multi-faceted field of cryptography.

• An author team of internationally recognized cryptography experts updates you on vital topics in the field of cryptography
• Shows you how to build cryptography into products from the start
• Examines updates and changes to cryptography
• Includes coverage on key servers, message security, authentication codes, new standards, block ciphers, message authentication codes, and more

Cryptography Engineering gets you up to speed in the ever-evolving field of cryptography.

Table of Contents

Part I Introduction.
	Chapter 1 The Context of Cryptography.
	Chapter 2 Introduction to Cryptography.
Part II Message Security.
	Chapter 3 Block Ciphers.
	Chapter 4 Block Cipher Modes.
	Chapter 5 Hash Functions.
	Chapter 6 Message Authentication Codes.
	Chapter 7 The Secure Channel.
	Chapter 8 Implementation Issues (I).
Part III Key Negotiation.
	Chapter 9 Generating Randomness.
	Chapter 10 Primes.
	Chapter 11 Diffie-Hellman.
	Chapter 12 RSA.
	Chapter 13 Introduction to Cryptographic Protocols.
	Chapter 14 Key Negotiation.
	Chapter 15 Implementation Issues (II).
Part IV Key Management.
	Chapter 16 The Clock.
	Chapter 17 Key Servers.
	Chapter 18 The Dream of PKI.
	Chapter 19 PKI Reality.
	Chapter 20 PKI Practicalities.
	Chapter 21 Storing Secrets.
Part V Miscellaneous.
	Chapter 22 Standards and Patents.
	Chapter 23 Involving Experts.

More information (External)

Description

Improve your ability to develop, manage, and troubleshoot SQL Server solutions by learning how different components work "under the hood," and how they communicate with each other. The detailed knowledge helps in implementing and maintaining high-throughput databases critical to your business and its customers. You'll learn how to identify the root cause of each problem and understand how different design and implementation decisions affect performance of your systems.

New in this second edition is coverage of SQL Server 2016 Internals, including In-Memory OLTP, columnstore enhancements, Operational Analytics support, Query Store, JSON, temporal tables, stretch databases, security features, and other improvements in the new SQL Server version. The knowledge also can be applied to Microsoft Azure SQL Databases that share the same code with SQL Server 2016.

Pro SQL Server Internals is a book for developers and database administrators, and it covers multiple SQL Server versions starting with SQL Server 2005 and going all the way up to the recently released SQL Server 2016. The book provides a solid road map for understanding the depth and power of the SQL Server database server and teaches how to get the most from the platform and keep your databases running at the level needed to support your business. The book:

• Provides detailed knowledge of new SQL Server 2016 features and enhancements

• Includes revamped coverage of columnstore indexes and In-Memory OLTP

• Covers indexing and transaction strategies

• Shows how various database objects and technologies are implemented internally, and when they should or should not be used

• Demonstrates how SQL Server executes queries and works with data and transaction log

What You Will Learn

• Design and develop database solutions with SQL Server.

• Troubleshoot design, concurrency, and performance issues.

• Choose the right database objects and technologies for the job.

• Reduce costs and improve availability and manageability.

• Design disaster recovery and high-availability strategies.

• Improve performance of OLTP and data warehouse systems through in-memory OLTP and Columnstore indexes.

Who This Book Is For

Developers and database administrators who want to design, develop, and maintain systems in a way that gets the most from SQL Server. This book is an excellent choice for people who prefer to understand and fix the root cause of a problem rather than applying a 'band aid' to it.

Table of Contents

1. Tables and Indexes
	1. Data Storage Internals
	2. Tables and Indexes: Internal Structure and Access Methods
	3. Statistics
	4. Special Indexing and Storage Features
	5. SQL Server 2016 Features
	6. Index Fragmentation
	7. Designing and Tuning the Indexes
2. Other Things That Matter
	8. Constraints
	9. Triggers
	10. Views
	11. User-Defined Functions
	12. XML and JSON
	13. Temporary Objects and TempDB
	14. CLR
	15. CLR Types
	16. Data Partitioning
3. Locking, Blocking, and Concurrency
	17. Lock Types and Transaction Isolation Levels
	18. Troubleshooting Blocking Issues
	19. Deadlocks
	20. Lock Escalation
	21. Optimistic Isolation Levels
	22. Application Locks
	23. Schema Locks
	24. Designing Transaction Strategies
4. Query Life Cycle
	25. Query Optimization and Execution
	26. Plan Caching
5. Practical Troubleshooting
	27. Extended Events
	28. System Troubleshooting
	29. Query Store
6. Inside the Transaction Log
	30. Transaction Log Internals
	31. Backup and Restore
	32. High Availability Technologies
7. Columnstore Indexes
	33. Column-Based Storage and Batch Mode Execution
	34. Columnstore Indexes
8. In-Memory OLTP Engine
	Part Frontmatter
	35. In-Memory OLTP Internals
	36. Transaction Processing in In-Memory OLTP
	37. In-Memory OLTP Programmability

More information (External)

Description

Dive deep inside the architecture of SQL Server 2012

Explore the core engine of Microsoft SQL Server 2012—and put that practical knowledge to work. Led by a team of SQL Server experts, you’ll learn the skills you need to exploit key architectural features. Go behind the scenes to understand internal operations for creating, expanding, shrinking, and moving databases—whether you’re a database developer, architect, or administrator.

Discover how to:

• Dig into SQL Server 2012 architecture and configuration
• Use the right recovery model and control transaction logging
• Reduce query execution time through proper index design
• Track events, from triggers to the Extended Event Engine
• Examine internal structures with database console commands
• Transcend row-size limitations with special storage capabilities
• Choose the right transaction isolation level and concurrency model
• Take control over query plan caching and reuse

Table of Contents

1: SQL Server 2012 architecture and configuration
2: The SQLOS
3: Databases and database files
4: Special databases
5: Logging and recovery
6: Table storage
7: Indexes: internals and management
8: Special storage
9: Special indexes
10: Query execution
11: The Query Optimizer
12: Plan caching and recompilation
13: Transactions and concurrency
14: DBCC internals

More information (External)

Description

Databases are the nerve center of our economy. Every piece of your personal information is stored there-medical records, bank accounts, employment history, pensions, car registrations, even your children's grades and what groceries you buy. Database attacks are potentially crippling-and relentless.

In this essential follow-up to The Shellcoder's Handbook, four of the world's top security experts teach you to break into and defend the seven most popular database servers. You'll learn how to identify vulnerabilities, how attacks are carried out, and how to stop the carnage. The bad guys already know all this. You need to know it too.
* Identify and plug the new holes in Oracle and Microsoft(r) SQL Server
* Learn the best defenses for IBM's DB2(r), PostgreSQL, Sybase ASE, and MySQL(r) servers
* Discover how buffer overflow exploitation, privilege escalation through SQL, stored procedure or trigger abuse, and SQL injection enable hacker access
* Recognize vulnerabilities peculiar to each database
* Find out what the attackers already know

Go to www.wiley.com/go/dbhackershandbook for code samples, security alerts , and programs available for download.

Table of Contents

Part I: Introduction.
	Chapter 1: Why Care About Database Security?
Part II: Oracle.
	Chapter 2: The Oracle Architecture.
	Chapter 3: Attacking Oracle.
	Chapter 4: Oracle: Moving Further into the Network.
	Chapter 5: Securing Oracle.
Part III: DB2.
	Chapter 6: IBM DB2 Universal Database.
	Chapter 7: DB2: Discovery, Attack, and Defense.
	Chapter 8: Attacking DB2.
	Chapter 9: Securing DB2.
Part IV: Informix.
	Chapter 10: The Informix Architecture.
	Chapter 11: Informix: Discovery, Attack, and Defense.
	Chapter 12: Securing Informix.
Part V: Sybase ASE.
	Chapter 13: Sybase Architecture.
	Chapter 14: Sybase: Discovery, Attack, and Defense.
	Chapter 15: Sybase: Moving Further into the Network.
	Chapter 16: Securing Sybase.
Part VI: MySQL.
	Chapter 17: MySQL Architecture.
	Chapter 18: MySQL: Discovery, Attack, and Defense.
	Chapter 19: MySQL: Moving Further into the Network.
	Chapter 20: Securing MySQL.
Part VII: SQL Server.
	Chapter 21: Microsoft SQL Server Architecture.
	Chapter 22: SQL Server: Exploitation, Attack, and Defense.
	Chapter 23: Securing SQL Server.
Part VIII: PostgreSQL.
	Chapter 24: The PostgreSQL Architecture.
	Chapter 25: PostgreSQL: Discovery and Attack.
	Chapter 26: Securing PostgreSQL.
Appendix A: Example C Code for a Time-Delay SQL Injection Harness.
Appendix B: Dangerous Extended Stored Procedures.
Appendix C: Oracle Default Usernames and Passwords.

More information (External)

Description

A Bug Hunter's Diary follows security expert Tobias Klein as he tracks down and exploits bugs in some of the world's most popular software, like Apple's iOS, the VLC media player, web browsers, and even the Mac OS X kernel. In this one-of-a-kind account, you'll see how the developers responsible for these flaws patched the bugs—or failed to respond at all. As you follow Klein on his journey, you'll gain deep technical knowledge and insight into how hackers approach difficult problems and experience the true joys (and frustrations) of bug hunting.

Along the way you'll learn how to:

• Use field-tested techniques to find bugs, like identifying and tracing user input data and reverse engineering
• Exploit vulnerabilities like NULL pointer dereferences, buffer overflows, and type conversion flaws
• Develop proof of concept code that verifies the security flaw
• Report bugs to vendors or third party brokers

A Bug Hunter's Diary is packed with real-world examples of vulnerable code and the custom programs used to find and test bugs. Whether you're hunting bugs for fun, for profit, or to make the world a safer place, you'll learn valuable new skills by looking over the shoulder of a professional bug hunter in action.

Table of Contents

Chapter 1: Bug Hunting
Chapter 2: Back to the 90s
Chapter 3: Escape from the WWW Zone
Chapter 4: NULL Pointer FTW
Chapter 5: Browse and You're Owned
Chapter 6: One Kernel to Rule Them All
Chapter 7: A Bug Older Than 4.4BSD
Chapter 8: The Ringtone Massacre
Appendix A: Hints for Hunting
Appendix B: Debugging
Appendix C: Mitigation

More information (External)

Description

A Guide to Kernel Exploitation: Attacking the Core discusses the theoretical techniques and approaches needed to develop reliable and effective kernel-level exploits, and applies them to different operating systems, namely, UNIX derivatives, Mac OS X, and Windows. Concepts and tactics are presented categorically so that even when a specifically detailed vulnerability has been patched, the foundational information provided will help hackers in writing a newer, better attack; or help pen testers, auditors, and the like develop a more concrete design and defensive structure. The book is organized into four parts. Part I introduces the kernel and sets out the theoretical basis on which to build the rest of the book. Part II focuses on different operating systems and describes exploits for them that target various bug classes. Part III on remote kernel exploitation analyzes the effects of the remote scenario and presents new techniques to target remote issues. It includes a step-by-step analysis of the development of a reliable, one-shot, remote exploit for a real vulnerabilitya bug affecting the SCTP subsystem found in the Linux kernel. Finally, Part IV wraps up the analysis on kernel exploitation and looks at what the future may hold.

Table of Contents

Part I A Journey to Kernel Land
Chapter 1 From User-Land to Kernel-Land Attacks
	Introduction
	Introducing the Kernel and the World of Kernel Exploitation
	Why Doesn’t My User-Land Exploit Work Anymore?
	An Exploit Writer’s View of the Kernel
	Open Source versus Closed Source Operating Systems
	Summary
	Related Reading
	Endnote
Chapter 2 A Taxonomy of Kernel Vulnerabilities
	Introduction
	Uninitialized/Nonvalidated/Corrupted Pointer Dereference
	Memory Corruption Vulnerabilities
	Integer Issues
	Race Conditions
	Logic Bugs (a.k.a. the Bug Grab Bag)
	Summary
	Endnotes
Chapter 3 Stairway to Successful Kernel Exploitation
	Introduction
	A Look at the Architecture Level
	The Execution Step
	The Triggering Step
	The Information-Gathering Step
	Summary
	Related Reading

Part II The UNIX Family, Mac OS X, and Windows
Chapter 4 The UNIX Family
	Introduction
	The Members of the UNIX Family
	The Execution Step
	Practical UNIX Exploitation
	Summary
	Endnotes
Chapter 5 Mac OS X
	Introduction
	An Overview of XNU
	Kernel Debugging
	Kernel Extensions (Kext)
	The Execution Step
	Exploitation Notes
	Summary
	Endnotes
Chapter 6 Windows
	Introduction
	Windows Kernel Overview
	The Execution Step
	Practical Windows Exploitation
	Summary
	Endnotes

Part III Remote Kernel Exploitation
Chapter 7 Facing the Challenges of Remote Kernel Exploitation
	Introduction
	Attacking Remote Vulnerabilities
	Executing the First Instruction
	Remote Payloads
	Summary
	Endnote
Chapter 8 Putting It All Together: A Linux Case Study
	Introduction
	SCTP FWD Chunk Heap Memory Corruption
	Remote Exploitation: An Overall Analysis
	Getting the Arbitrary Memory Overwrite Primitive
	Installing the Shellcode
	Executing the Shellcode
	Summary
	Related Reading
	Endnote

Part IV Final Words
Chapter 9 Kernel Evolution: Future Forms of Attack and Defense
	Introduction
	Kernel Attacks
	Kernel Defense
	Beyond Kernel Bugs: Virtualization
	Summary
	Index

More information (External)

Description

Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.

Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker's perspective.

The included LiveCD provides a complete Linux programming and debugging environment—all without modifying your current operating system. Use it to follow along with the book's examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to:
– Program computers using C, assembly language, and shell scripts
– Corrupt system memory to run arbitrary code using buffer overflows and format strings
– Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening
– Outsmart common security measures like nonexecutable stacks and intrusion detection systems
– Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence
– Redirect network traffic, conceal open ports, and hijack TCP connections
– Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix

Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don't already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity.

Table of Contents

0x100. INTRODUCTION
0x200. PROGRAMMING
	0x210. What Is Programming?
	0x220. Pseudo-code
	0x230. Control Structures
	0x231. If-Then-Else
	0x232. While/Until Loops
	0x233. For Loops
	0x240. More Fundamental Programming Concepts
	0x241. Variables
	0x242. Arithmetic Operators
	0x243. Comparison Operators
	0x244. Functions
	0x250. Getting Your Hands Dirty
	0x251. The Bigger Picture
	0x252. The x86 Processor
	0x253. Assembly Language
	0x260. Back to Basics
	0x261. Strings
	0x262. Signed, Unsigned, Long, and Short
	0x263. Pointers
	0x264. Format Strings
	0x265. Typecasting
	0x266. Command-Line Arguments
	0x267. Variable Scoping
	0x270. Memory Segmentation
	0x271. Memory Segments in C
	0x272. Using the Heap
	0x273. Error-Checked malloc()
	0x280. Building on Basics
	0x281. File Access
	0x282. File Permissions
	0x283. User IDs
	0x284. Structs
	0x285. Function Pointers
	0x286. Pseudo-random Numbers
	0x287. A Game of Chance
0x300. EXPLOITATION
	0x310. Generalized Exploit Techniques
	0x320. Buffer Overflows
	0x321. Stack-Based Buffer Overflow Vulnerabilities
	0x330. Experimenting with BASH
	0x331. Using the Environment
	0x340. Overflows in Other Segments
	0x341. A Basic Heap-Based Overflow
	0x342. Overflowing Function Pointers
	0x350. Format Strings
	0x351. Format Parameters
	0x352. The Format String Vulnerability
	0x353. Reading from Arbitrary Memory Addresses
	0x354. Writing to Arbitrary Memory Addresses
	0x355. Direct Parameter Access
	0x356. Using Short Writes
	0x357. Detours with .dtors
	0x358. Another notesearch Vulnerability
	0x359. Overwriting the Global Offset Table
0x400. NETWORKING
	0x410. OSI Model
	0x420. Sockets
	0x421. Socket Functions
	0x422. Socket Addresses
	0x423. Network Byte Order
	0x424. Internet Address Conversion
	0x425. A Simple Server Example
	0x426. A Web Client Example
	0x427. A Tinyweb Server
	0x430. Peeling Back the Lower Layers
	0x431. Data-Link Layer
	0x432. Network Layer
	0x433. Transport Layer
	0x440. Network Sniffing
	0x441. Raw Socket Sniffer
	0x442. libpcap Sniffer
	0x443. Decoding the Layers
	0x444. Active Sniffing
	0x450. Denial of Service
	0x451. SYN Flooding
	0x452. The Ping of Death
	0x453. Teardrop
	0x454. Ping Flooding
	0x455. Amplification Attacks
	0x456. Distributed DoS Flooding
	0x460. TCP/IP Hijacking
	0x461. RST Hijacking
	0x462. Continued Hijacking
	0x470. Port Scanning
	0x471. Stealth SYN Scan
	0x472. FIN, X-mas, and Null Scans
	0x473. Spoofing Decoys
	0x474. Idle Scanning
	0x475. Proactive Defense (shroud)
	0x480. Reach Out and Hack Someone
	0x481. Analysis with GDB
	0x482. Almost Only Counts with Hand Grenades
	0x483. Port-Binding Shellcode
0x500. SHELLCODE
	0x510. Assembly vs. C
	0x511. Linux System Calls in Assembly
	0x520. The Path to Shellcode
	0x521. Assembly Instructions Using the Stack
	0x522. Investigating with GDB
	0x523. Removing Null Bytes
	0x530. Shell-Spawning Shellcode
	0x531. A Matter of Privilege
	0x532. And Smaller Still
	0x540. Port-Binding Shellcode
	0x541. Duplicating Standard File Descriptors
	0x542. Branching Control Structures
	0x550. Connect-Back Shellcode
0x600. COUNTERMEASURES
	0x610. Countermeasures That Detect
	0x620. System Daemons
	0x621. Crash Course in Signals
	0x622. Tinyweb Daemon
	0x630. Tools of the Trade
	0x631. tinywebd Exploit Tool
	0x640. Log Files
	0x641. Blend In with the Crowd
	0x650. Overlooking the Obvious
	0x651. One Step at a Time
	0x652. Putting Things Back Together Again
	0x653. Child Laborers
	0x660. Advanced Camouflage
	0x661. Spoofing the Logged IP Address
	0x662. Logless Exploitation
	0x670. The Whole Infrastructure
	0x671. Socket Reuse
	0x680. Payload Smuggling
	0x681. String Encoding
	0x682. How to Hide a Sled
	0x690. Buffer Restrictions
	0x691. Polymorphic Printable ASCII Shellcode
	0x6a0. Hardening Countermeasures
	0x6b0. Nonexecutable Stack
	0x6b1. ret2libc
	0x6b2. Returning into system()
	0x6c0. Randomized Stack Space
	0x6c1. Investigations with BASH and GDB
	0x6c2. Bouncing Off linux-gate
	0x6c3. Applied Knowledge
	0x6c4. A First Attempt
	0x6c5. Playing the Odds
0x700. CRYPTOLOGY
	0x710. Information Theory
	0x711. Unconditional Security
	0x712. One-Time Pads
	0x713. Quantum Key Distribution
	0x714. Computational Security
	0x720. Algorithmic Run Time
	0x721. Asymptotic Notation
	0x730. Symmetric Encryption
	0x731. Lov Grover's Quantum Search Algorithm
	0x740. Asymmetric Encryption
	0x741. RSA
	0x742. Peter Shor's Quantum Factoring Algorithm
	0x750. Hybrid Ciphers
	0x751. Man-in-the-Middle Attacks
	0x752. Differing SSH Protocol Host Fingerprints
	0x753. Fuzzy Fingerprints
	0x760. Password Cracking
	0x761. Dictionary Attacks
	0x762. Exhaustive Brute-Force Attacks
	0x763. Hash Lookup Table
	0x764. Password Probability Matrix
	0x770. Wireless 802.11b Encryption
	0x771. Wired Equivalent Privacy
	0x772. RC4 Stream Cipher
	0x780. WEP Attacks
	0x781. Offline Brute-Force Attacks
	0x782. Keystream Reuse
	0x783. IV-Based Decryption Dictionary Tables
	0x784. IP Redirection
	0x785. Fluhrer, Mantin, and Shamir Attack
0x800. CONCLUSION
	0x810. References
	0x820. Sources

More information (External)

Description

• This much-anticipated revision, written by the ultimate group of top security experts in the world, features 40 percent new content on how to find security holes in any operating system or application
• New material addresses the many new exploitation techniques that have been discovered since the first edition, including attacking "unbreakable" software packages such as McAfee's Entercept, Mac OS X, XP, Office 2003, and Vista
• Also features the first-ever published information on exploiting Cisco's IOS, with content that has never before been explored
• The companion Web site features downloadable code files

Table of Contents

Part I: Introduction to Exploitation: Linux on x86.
	Chapter 1: Before You Begin.
	Chapter 2: Stack Overflows.
	Chapter 3: Shellcode.
	Chapter 4: Introduction to Format String Bugs.
	Chapter 5: Introduction to Heap Overflows.
Part II: Other Platforms—Windows, Solaris, OS/X, and Cisco.
	Chapter 6: The Wild World of Windows.
	Chapter 7: Windows Shellcode.
	Chapter 8: Windows Overflows.
	Chapter 9: Overcoming Filters.
	Chapter 10: Introduction to Solaris Exploitation.
	Chapter 11: Advanced Solaris Exploitation.
	Chapter 12: OS X Shellcode.
	Chapter 13: Cisco IOS Exploitation.
	Chapter 14: Protection Mechanisms.
Part III: Vulnerability Discovery.
	Chapter 15: Establishing a Working Environment.
	Chapter 16: Fault Injection.
	Chapter 17: The Art of Fuzzing.
	Chapter 18: Source Code Auditing: Finding Vulnerabilities in C-Based Languages.
	Chapter 19: Instrumented Investigation: A Manual Approach.
	Chapter 20: Tracing for Vulnerabilities.
	Chapter 21: Binary Auditing: Hacking Closed Source Software.
Part IV: Advanced Materials.
	Chapter 22: Alternative Payload Strategies.
	Chapter 23: Writing Exploits that Work in the Wild.
	Chapter 24: Attacking Database Software.
	Chapter 25: Unix Kernel Overflows.
	Chapter 26: Exploiting Unix Kernel Vulnerabilities.
	Chapter 27: Hacking the Windows Kernel.

More information (External)

Description

Writing Security Tools and Exploits will be the foremost authority on vulnerability and security code and will serve as the premier educational reference for security professionals and software developers. The book will have over 600 pages of dedicated exploit, vulnerability, and tool code with corresponding instruction. Unlike other security and programming books that dedicate hundreds of pages to architecture and theory based flaws and exploits, this book will dive right into deep code analysis. Previously undisclosed security research in combination with superior programming techniques will be included in both the Local and Remote Code sections of the book.

The book will be accompanied with a companion Web site containing both commented and uncommented versions of the source code examples presented throughout the book. In addition to the book source code, the CD will also contain a copy of the author-developed Hacker Code Library v1.0. The Hacker Code Library will include multiple attack classes and functions that can be utilized to quickly create security programs and scripts. These classes and functions will simplify exploit and vulnerability tool development to an extent never before possible with publicly available software.

Table of Contents

Chapter 1 - Writing Exploits and Security Tools
Chapter 2 - Assembly and Shellcode
Chapter 3 - Exploits: Stack
Chapter 4 - Exploits: Heap
Chapter 5 - Exploits: Format Strings
Chapter 6 - Writing Exploits I
Chapter 7 - Writing Exploits II
Chapter 8 - Coding for Ethereal
Chapter 9 - Coding for Nessus
Chapter 10 - Extending Metasploit I
Chapter 11 - Extending Metasploit II
Chapter 12 - Extending Metasploit III
Appendix A - Data Conversion Reference
Appendix B - Syscall Reference
Appendix C - Taps Currently Embedded Within Ethereal
Appendix D - Glossary

More information (External)

Description

The book is logically divided into 5 main categories with each category representing a major skill set required by most security professionals:

1. Coding – The ability to program and script is quickly becoming a mainstream requirement for just about everyone in the security industry. This section covers the basics in coding complemented with a slue of programming tips and tricks in C/C++, Java, Perl and NASL.

2. Sockets – The technology that allows programs and scripts to communicate over a network is sockets. Even though the theory remains the same – communication over TCP and UDP, sockets are implemented differently in nearly ever language.

3. Shellcode – Shellcode, commonly defined as bytecode converted from Assembly, is utilized to execute commands on remote systems via direct memory access.

4. Porting – Due to the differences between operating platforms and language implementations on those platforms, it is a common practice to modify an original body of code to work on a different platforms. This technique is known as porting and is incredible useful in the real world environments since it allows you to not “recreate the wheel.”

5. Coding Tools – The culmination of the previous four sections, coding tools brings all of the techniques that you have learned to the forefront. With the background technologies and techniques you will now be able to code quick utilities that will not only make you more productive, they will arm you with an extremely valuable skill that will remain with you as long as you make the proper time and effort dedications.

Table of Contents

1 Security Coding 
2 NASL Scripting
3 BSD Sockets
4 Winsock 
5 Java Sockets 
6 Writing Portable Code 
7 Portable Network Programming
8 Writing Shellcode I
9 Writing Shellcode II
10 Writing Exploits I
11 Writing Exploits II
12 Writing Exploits III 
13 Writing Security Components
14 Creating a Web Security Tool
A - Glossary 
B - Security Tool Compendium
C - Exploit Archives
D - Syscall Reference
E - Data Conversion Reference

More information (External)

Description

The SANS Institute maintains a list of the "Top 10 Software Vulnerabilities." At the current time, over half of these vulnerabilities are exploitable by Buffer Overflow attacks, making this class of attack one of the most common and most dangerous weapon used by malicious attackers. This is the first book specifically aimed at detecting, exploiting, and preventing the most common and dangerous attacks.

Buffer overflows make up one of the largest collections of vulnerabilities in existence; And a large percentage of possible remote exploits are of the overflow variety. Almost all of the most devastating computer attacks to hit the Internet in recent years including SQL Slammer, Blaster, and I Love You attacks. If executed properly, an overflow vulnerability will allow an attacker to run arbitrary code on the victim’s machine with the equivalent rights of whichever process was overflowed. This is often used to provide a remote shell onto the victim machine, which can be used for further exploitation.

A buffer overflow is an unexpected behavior that exists in certain programming languages. This book provides specific, real code examples on exploiting buffer overflow attacks from a hacker's perspective and defending against these attacks for the software developer.

Table of Contents

Part 1 Expanding on Buffer Overflows 
	Chapter 1 Buffer Overflows: The Essentials 
	Chapter 2 Understanding Shellcode
	Chapter 3 Writing Shellcode
	Chapter 4 Win32 Assembly 
	Case Study 1.1 FreeBSD NN Exploit Code
	Case Study 1.2 xlockmore User Supplied Format String
	Case Study 1.3 Frontpage Denial of Service Utilizing
	Case Study 1.4 cURL buffer overflow on FreeBSD 

Part II Exploiting Buffer Overflows
	Chapter 5 Stack Overflows
	Chapter 6 Heap Corruption
	Chapter 7 Format String Attacks
	Chapter 8 Windows Buffer Overflows
	Case Study 2.1 cURL Buffer Overflow on Linux
	Case Study 2.2 SSLv2 Malformed Client Key Remote
	Case Study 2.3 X11R6 4.2 XLOCALEDIR Overflow
	Case Study 2.4 Microsoft MDAC Denial of Service 
	Case Study 2.5 Local UUX Buffer Overflow on HPUX

Part III Finding Buffer Overflows
	Chapter 9 Finding Buffer Overflows in Source
	Case Study 3.1 InlineEgg I 
	Case Study 3.2 InlineEgg II
	Case Study 3.3 Seti@Home Exploit Code 
	Case Study 3.4 Microsoft CodeBlue Exploit Code

Appendix A The Complete Data Conversion Table
Appendix B Useful Syscalls

More information (External)

Description

Investigate crimes involving cryptocurrencies and other blockchain technologies

Bitcoin has traditionally been the payment system of choice for a criminal trading on the Dark Web, and now many other blockchain cryptocurrencies are entering the mainstream as traders are accepting them from low-end investors putting their money into the market. Worse still, the blockchain can even be used to hide information and covert messaging, unknown to most investigators.

Investigating Cryptocurrencies is the first book to help corporate, law enforcement, and other investigators understand the technical concepts and the techniques for investigating crimes utilizing the blockchain and related digital currencies such as Bitcoin and Ethereum.

• Understand blockchain and transaction technologies  
• Set up and run cryptocurrency accounts
• Build information about specific addresses
• Access raw data on blockchain ledgers
• Identify users of cryptocurrencies
• Extracting cryptocurrency data from live and imaged computers
• Following the money

With nearly $150 billion in cryptocurrency circulating and $3 billion changing hands daily, crimes committed with or paid for with digital cash are a serious business. Luckily, Investigating Cryptocurrencies Forensics shows you how to detect it and, more importantly, stop it in its tracks.

Table of Contents

Part I Understanding the Technology 1
Chapter 1 What Is a Cryptocurrency? 3
	A New Concept? 3
	Leading Currencies in the Field 8
	Is Blockchain Technology Just for Cryptocurrencies? 9
	Setting Yourself Up as a Bitcoin User 10
	Summary 14
Chapter 2 The Hard Bit 15
	Hashing 16
	Public/Private Key Encryption 21
	RSA Cryptography 23
	Elliptic Curve Cryptography 28
	Building a Simple Cryptocurrency in the Lab 32
	Summary 36
Chapter 3 Understanding the Blockchain 39
	The Structure of a Block 40
	The Block Header 42
	Deconstructing Raw Blocks from Hex 47
	Applying This to the Downloaded Hex 51
	Number of Transactions 55
	Block Height 57
	Forks 58
	The Ethereum Block 61
	Summary 65
Chapter 4 Transactions 67
	The Concept behind a Transaction 67
	The Mechanics of a Transaction 69
	Understanding the Mempool 76
	Understanding the ScriptSig and ScriptPubKey 77
	Interpreting Raw Transactions 79
	Extracting JSON Data 81
	Analyzing Address History 82
	Creating Vanity Addresses 83
	Interpreting Ethereum Transactions 85
	Summary 86
Chapter 5 Mining 87
	The Proof-of-Work Concept 89
	The Proof-of-Stake Concept 90
	Mining Pools 90
	Mining Fraud 92
	Summary 93
Chapter 6 Wallets 95
	Wallet Types 96
	Software Wallets 96
	Hardware Wallets 97
	Cold Wallets or Cold Storage 98
	Why Is Recognizing Wallets Important? 99
	Software Wallets 100
	Hardware Wallets 100
	Paper Wallets 100
	The Wallet Import Format (WIF) 101
	How Wallets Store Keys 102
	Setting Up a Covert Wallet 105
	Summary 107
Chapter 7 Contracts and Tokens 109
	Contracts 109
	Bitcoin 110
	Ethereum 110
	Tokens and Initial Coin Offerings 112
	Summary 116

Part II Carrying Out Investigations 117
Chapter 8 Detecting the Use of Cryptocurrencies 119
	The Premises Search 120
	A New Category of Search Targets 121
	Questioning 124
	Searching Online 125
	Extracting Private and Public Keys from Seized Computers 130
	Commercial Tools 130
	Extracting the Wallet File 131
	Automating the Search for Bitcoin Addresses 135
	Finding Data in a Memory Dump 136
	Working on a Live Computer 137
	Acquiring the Wallet File 138
	Exporting Data from the Bitcoin Daemon 140
	Extracting Wallet Data from Live Linux and OSX Systems 144
	Summary 145
Chapter 9 Analysis of Recovered Addresses and Wallets 147
	Finding Information on a Recovered Address 147
	Extracting Raw Data from Ethereum 154
	Searching for Information on a Specifi c Address 155
	Analyzing a Recovered Wallet 161
	Setting Up Your Investigation Environment 161
	Importing a Private Key 166
	Dealing with an Encrypted Wallet 167
	Inferring Other Data 172
	Summary 173
Chapter 10 Following the Money 175
	Initial Hints and Tips 175
	Transactions on Blockchain.info 176
	Identifying Change Addresses 177
	Another Simple Method to Identify Clusters 181
	Moving from Transaction to Transaction 182
	Putting the Techniques Together 184
	Other Explorer Sites 186
	Following Ethereum Transactions 189
	Monitoring Addresses 193
	Blockonomics.co 193
	Bitnotify.com 194
	Writing Your Own Monitoring Script 194
	Monitoring Ethereum Addresses 196
	Summary 197
Chapter 11 Visualization Systems 199
	Online Blockchain Viewers 199
	Blockchain.info 200
	Etherscan.io 201
	Commercial Visualization Systems 214
	Summary 215
Chapter 12 Finding Your Suspect 217
	Tracing an IP Address 217
	Bitnodes 219
	Other Areas Where IPs Are Stored 226
	Is the Suspect Using Tor? 228
	Is the Suspect Using a Proxy or a VPN? 229
	Tracking to a Service Provider 231
	Considering Open-Source Methods 235
	Accessing and Searching the Dark Web 237
	Detecting and Reading Micromessages 241
	Summary 244
Chapter 13 Sniffing Cryptocurrency Traffic 245
	What Is Intercept? 246
	Watching a Bitcoin Node 247
	Sniffing Data on the Wire 248
	Summary 254
Chapter 14 Seizing Coins 255
	Asset Seizure 256
	Cashing Out 256
	Setting Up a Storage Wallet 259
	Importing a Suspect’s Private Key 261
	Storage and Security 263
	Seizure from an Online Wallet 265
	Practice, Practice, Practice 265
	Summary 266
Chapter 15 Putting It All Together 267
	Examples of Cryptocurrency Crimes 268
	Buying Illegal Goods 268
	Selling Illegal Goods 268
	Stealing Cryptocurrency 269
	Money Laundering 269
	Kidnap and Extortion 270
	What Have You Learned? 270
	Where Do You Go from Here? 273
Index 275

More information (External)

Description

Forensic image acquisition is an important part of postmortem incident response and evidence collection. Digital forensic investigators acquire, preserve, and manage digital evidence to support civil and criminal cases; examine organizational policy violations; resolve disputes; and analyze cyber attacks.

Practical Forensic Imaging takes a detailed look at how to secure and manage digital evidence using Linux-based command line tools. This essential guide walks you through the entire forensic acquisition process and covers a wide range of practical scenarios and situations ­related to the imaging of storage media.

You’ll learn how to:

• Perform forensic imaging of magnetic hard disks, SSDs and flash drives, opti­cal discs, magnetic tapes, and legacy technologies
• Protect attached evidence media from accidental modification
• Manage large forensic image files, storage capacity, image format conversion, compression, splitting, duplication, secure transfer and storage, and secure ­disposal
• Preserve and verify evidence integrity with cryptographic and piecewise hashing, public key signatures, and RFC-3161 ­timestamping
• Work with newer drive and interface tech­nologies like NVME, SATA Express, 4K-native sector drives, SSHDs, SAS, UASP/USB3x, and Thunderbolt
• Manage drive security such as ATA pass­words; encrypted thumb drives; Opal self-encrypting drives; OS-encrypted drives using BitLocker, FileVault, and TrueCrypt; and others
• Acquire usable images from more complex or challenging situations such as RAID systems, virtual machine images, and damaged media

With its unique focus on digital forensic acquisition and evidence preservation, ­Practical Forensic Imaging is a valuable resource for experienced digital forensic investigators wanting to advance their Linux skills and experienced Linux administrators wanting to learn digital forensics. This is a must-have reference for every digital forensics lab.

Table of Contents

Chapter 0: Digital Forensics Overview
Chapter 1: Storage Media Overview<
Chapter 2: Linux as a Forensic Acquisition Platform
Chapter 3: Forensic Image Formats
Chapter 4: Planning and Preparation
Chapter 5: Attaching Subject Media to an Acquisition Host
Chapter 6: Forensic Image Acquisition
Chapter 7: Forensic Image Management
Chapter 8: Special Image Access Topics
Chapter 9: Extracting Subsets of Forensic Images

More information (External)

Description

Memory forensics provides cutting edge technology to help investigate digital attacks

Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes. As a follow-up to the best seller Malware Analyst's Cookbook, experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics—now the most sought after skill in the digital forensics and incident response fields.

Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory is based on a five day training course that the authors have presented to hundreds of students. It is the only book on the market that focuses exclusively on memory forensics and how to deploy such techniques properly. Discover memory forensics techniques:

• How volatile memory analysis improves digital investigations
• Proper investigative steps for detecting stealth malware and advanced threats
• How to use free, open source tools for conducting thorough memory forensics
• Ways to acquire memory from suspect systems in a forensically sound manner

The next era of malware and security breaches are more sophisticated and targeted, and the volatile memory of a computer is often overlooked or destroyed as part of the incident response process. The Art of Memory Forensics explains the latest technological innovations in digital forensics to help bridge this gap. It covers the most popular and recently released versions of Windows, Linux, and Mac, including both the 32 and 64-bit editions.

Table of Contents

I An Introduction to Memory Forensics 1
1 Systems Overview 3
	Digital Environment 3
	PC Architecture 4
	Operating Systems  17
	Process Management 18
	Memory Management   20
	File System 24
	I/O Subsystem 25
	Summary 26
2 Data Structures  27
	Basic Data Types   27
	Summary 43
3 The Volatility Framework  45
	Why Volatility? 45
	What Volatility Is Not   46
	Installation 47
	The Framework 51
	Using Volatility 59
	Summary 67
4 Memory Acquisition 69
	Preserving the Digital Environment 69
	Software Tools 79
	Memory Dump Formats 95
	Converting Memory Dumps 106
	Volatile Memory on Disk 107
	Summary 114

II Windows Memory Forensics 115
5 Windows Objects and Pool Allocations 117
	Windows Executive Objects  117
	Pool-Tag Scanning 129
	Limitations of Pool Scanning 140
	Big Page Pool 142
	Pool-Scanning Alternatives  146
	Summary 148
6 Processes, Handles, and Tokens 149
	Processes  149
	Process Tokens 164
	Privileges 170
	Process Handles 176
	Enumerating Handles in Memory 181
	Summary 187
7 Process Memory Internals  189
	What’s in Process Memory? 189
	Enumerating Process Memory 193
	Summary 217
8 Hunting Malware in Process Memory 219
	Process Environment Block  219
	PE Files in Memory 238
	Packing and Compression   245
	Code Injection 251
	Summary 263
9 Event Logs 265
	Event Logs in Memory  265
	Real Case Examples 275
	Summary 279
10 Registry in Memory  281
	Windows Registry Analysis  281
	Volatility’s Registry API 292
	Parsing Userassist Keys 295
	Detecting Malware with the Shimcache 297
	Reconstructing Activities with Shellbags   298
	Dumping Password Hashes  304
	Obtaining LSA Secrets  305
	Summary 307
11 Networking 309
	Network Artifacts  309
	Hidden Connections 323
	Raw Sockets and Sniffers 325
	Next Generation TCP/IP Stack   327
	Internet History   333
	DNS Cache Recovery   339
	Summary 341
12 Windows Services 343
	Service Architecture 343
	Installing Services 345
	Tricks and Stealth 346
	Investigating Service Activity 347
	Summary 366
13 Kernel Forensics and Rootkits 367
	Kernel Modules   367
	Modules in Memory Dumps 372
	Threads in Kernel Mode  378
	Driver Objects and IRPs 381
	Device Trees  386
	Auditing the SSDT 390
	Kernel Callbacks   396
	Kernel Timers 399
	Putting It All Together  402
	Summary 406
14 Windows GUI Subsystem, Part I 407
	The GUI Landscape 407
	GUI Memory Forensics 410
	The Session Space  410
	Window Stations   416
	Desktops 422
	Atoms and Atom Tables 429
	Windows 435
	Summary 452
15 Windows GUI Subsystem, Part II 453
	Window Message Hooks 453
	User Handles 459
	Event Hooks  466
	Windows Clipboard 468
	Case Study: ACCDFISA Ransomware 472
	Summary 476
16 Disk Artifacts in Memory  477
	Master File Table  477
	Extracting Files   493
	Defeating TrueCrypt Disk Encryption  503
	Summary 510
17 Event Reconstruction 511
	Strings  511
	Command History 523
	Summary 536
18 Timelining 537
	Finding Time in Memory 537
	Generating Timelines   539
	Gh0st in the Enterprise 543
	Summary 573

III Linux Memory Forensics 575
19 Linux Memory Acquisition 577
	Historical Methods of Acquisition 577
	Modern Acquisition 579
	Volatility Linux Profiles 583
	Summary 589
20 Linux Operating System 591
	ELF Files 591
	Linux Data Structures  603
	Linux Address Translation   607
	procfs and sysfs   609
	Compressed Swap   610
	Summary 610
21 Processes and Process Memory 611
	Processes in Memory   611
	Enumerating Processes 613
	Process Address Space   616
	Process Environment Variables   625
	Open File Handles 626
	Saved Context State 630
	Bash Memory Analysis 630
	Summary 635
22 Networking Artifacts 637
	Network Socket File Descriptors  637
	Network Connections   640
	Queued Network Packets 643
	Network Interfaces 646
	The Route Cache   650
	ARP Cache   652
	Summary655
23 Kernel Memory Artifacts 657
	Physical Memory Maps 657
	Virtual Memory Maps  661
	Kernel Debug Buffer   663
	Loaded Kernel Modules 667
	Summary 673
24 File Systems in Memory  675
	Mounted File Systems  675
	Listing Files and Directories 681
	Extracting File Metadata 684
	Recovering File Contents 691
	Summary 695
25 Userland Rootkits  697
	Shellcode Injection 698
	Process Hollowing 703
	Shared Library Injection 705
	LD_PRELOAD Rootkits 712
	GOT/PLT Overwrites  716
	Inline Hooking 718
	Summary 719
26 Kernel Mode Rootkits 721
	Accessing Kernel Mode 721
	Hidden Kernel Modules 722
	Hidden Processes  728
	Elevating Privileges 730
	System Call Handler Hooks  734
	Keyboard Notifiers 735
	TTY Handlers 739
	Network Protocol Structures 742
	Netfilter Hooks 745
	File Operations 748
	Inline Code Hooks 752
	Summary754
27 Case Study: Phalanx2 755
	Phalanx2 755
	Phalanx2 Memory Analysis  757
	Reverse Engineering Phalanx2   763
	Final Thoughts on Phalanx2 772
	Summary 772

IV Mac Memory Forensics 773
28 Mac Acquisition and Internals 775
	Mac Design  775
	Memory Acquisition   780
	Mac Volatility Profiles  784
	Mach-O Executable Format 787
	Summary 791
29 Mac Memory Overview 793
	Mac versus Linux Analysis  793
	Process Analysis   794
	Address Space Mappings 799
	Networking Artifacts   804
	SLAB Allocator   808
	Recovering File Systems from Memory 811
	Loaded Kernel Extensions   815
	Other Mac Plugins 818
	Mac Live Forensics 819
	Summary 821
30 Malicious Code and Rootkits 823
	Userland Rootkit Analysis   823
	Kernel Rootkit Analysis 828
	Common Mac Malware in Memory   838
	Summary 844
31 Tracking User Activity  845
	Keychain Recovery 845
	Mac Application Analysis   849
	Summary 858

More information (External)

Description

Digital Forensics with Open Source Tools is the definitive book on investigating and analyzing computer systems and media using open source tools. The book is a technical procedural guide, and explains the use of open source tools on Mac, Linux and Windows systems as a platform for performing computer forensics. Both well-known and novel forensic methods are demonstrated using command-line and graphical open source computer forensic tools for examining a wide range of target systems and artifacts.

Written by world-renowned forensic practitioners, this book uses the most current examination and analysis techniques in the field. It consists of 9 chapters that cover a range of topics such as the open source examination platform; disk and file system analysis; Windows systems and artifacts; Linux systems and artifacts; Mac OS X systems and artifacts; Internet artifacts; and automating analysis and extending capabilities. The book lends itself to use by students and those entering the field who do not have means to purchase new tools for different investigations.

This book will appeal to forensic practitioners from areas including incident response teams and computer forensic investigators; forensic technicians from legal, audit, and consulting firms; and law enforcement agencies.

Table of Contents

CHAPTER 1 Digital Forensics with Open Source Tools
	 Welcome to “Digital Forensics with Open Source Tools” 
	 What Is “Digital Forensics?” 
	    Goals of Forensic Analysis
	    The Digital Forensics Process
	 What Is “Open Source?” 
	    “Free” vs. “Open”
	    Open Source Licenses
	 Benefits of Open Source Tools
	    Education
	    Portability and Flexibility
	    Price
	    Ground Truth
	 Summary 
	 References
CHAPTER 2 Open Source Examination Platform
	 Preparing the Examination System
	    Building Software
	    Installing Interpreters 
	    Working with Image Files
	    Working with File Systems 
	 Using Linux as the Host
	    Extracting Software
	    GNU Build System
	    Version Control Systems
	    Installing Interpreters 
	    Working with Images 
	 Using Windows as the Host 
	    Building Software
	    Installing Interpreters 
	    Working with Images 
	    Working with File Systems 
	 Summary 
	 References
CHAPTER 3 Disk and File System Analysis 
	 Media Analysis Concepts
	    File System Abstraction Model
	 The Sleuth Kit 
	    Installing the Sleuth Kit
	    Sleuth Kit Tools
	 Partitioning and Disk Layouts
	    Partition Identification and Recovery
	    Redundant Array of Inexpensive Disks
	 Special Containers
	    Virtual Machine Disk Images
	    Forensic Containers
	 Hashing 
	 Carving
	    Foremost
	 Forensic Imaging
	    Deleted Data
	    File Slack
	    dd
	    dcfldd
	    dc3dd 
	 Summary 
	 References
CHAPTER 4 Windows Systems and Artifacts 
	 Introduction
	 Windows File Systems
	    File Allocation Table 
	    New Technology File System
	    File System Summary 
	 Registry 
	 Event Logs 
	 Prefetch Files
	 Shortcut Files 
	 Windows Executables 
	 Summary 
	 References
CHAPTER 5 Linux Systems and Artifacts
	 Introduction
	 Linux File Systems
	    Contents vii
	    File System Layer
	    File Name Layer
	    Metadata Layer
	    Data Unit Layer
	    Journal Tools 
	    Deleted Data
	    Linux Logical Volume Manager
	 Linux Boot Process and Services
	    System V 
	    BSD 
	 Linux System Organization and Artifacts
	    Partitioning 
	    Filesystem Hierarchy
	    Ownership and Permissions
	    File Attributes
	    Hidden Files 
	    /tmp
	 User Accounts
	 Home Directories
	    Shell History
	    ssh
	    GNOME Windows Manager Artifacts
	 Logs
	    User Activity Logs 
	    Syslog 
	    Command Line Log Processing 
	 Scheduling Tasks
	 Summary 
	 References
CHAPTER 6 Mac OS X Systems and Artifacts
	 Introduction
	 OS X File System Artifacts
	    HFS+ Structures
	 OS X System Artifacts
	    Property Lists 
	    Bundles
	    System Startup and Services
	    Kexts
	    Network Configuration
	    Hidden Directories 
	    viii Contents
	    Installed Applications
	    Swap and Hibernation dataData 
	    System Logs
	 User Artifacts
	    Home Directories 
	 Summary 
	 References
CHAPTER 7 Internet Artifacts
	 Introduction
	 Browser Artifacts 
	    Internet Explorer
	    Firefox 
	    Chrome 
	    Safari 
	 Mail Artifacts
	    Personal Storage Table 
	    mbox and maildir 
	 Summary 
	 References
CHAPTER 8 File Analysis
	 File Analysis Concepts
	    Content Identification
	    Content Examination
	    Metadata Extraction 
	 Images
	    JPEG
	    GIF 
	    PNG
	    TIFF
	 Audio
	    WAV 
	    MPEG-3/MP3
	    MPEG-4 Audio (AAC/M4A)
	    ASF/WMA 
	 Video 
	    MPEG-1 and MPEG-2 
	    MPEG-4 Video (MP4)
	    AVI 
	    ASF/WMV 
	    Contents ix
	    MOV (Quicktime) 
	    MKV
	 Archives 
	    ZIP
	    RAR
	    7-zip
	    TAR, GZIP, and BZIP2 
	 Documents
	    OLE Compound Files (Office Documents)
	    Office Open XML 
	    OpenDocument Format 
	    Rich Text Format
	    PDF
	 Summary 
	 References
CHAPTER 9 Automating Analysis and Extending Capabilities
	 Introduction
	 Graphical Investigation Environments
	    PyFLAG 
	    Digital Forensics Framework 
	 Automating Artifact Extraction
	    Fiwalk
	 Timelines
	    Relative Times
	    Inferred Times
	    Embedded Times
	    Periodicity 
	    Frequency Patterns and Outliers (Least Frequency of Occurrence)
	 Summary 
	 References
Appendix A Free, Non-open Tools of Note
	 Introduction
	 Chapter 3: Disk and File System Analysis
	    FTK Imager
	    ProDiscover Free
	 Chapter 4: Windows Systems and Artifacts
	    Windows File Analysis
	    Event Log Explorer 
	    Log Parser
	    x Contents
	 Chapter 7: Internet Artifacts
	    NirSoft Tools
	    Woanware Tools
	 Chapter 8: File Analysis
	    Mitec.cz: Structured Storage Viewer
	    OffVis
	    FileInsight
	 Chapter 9: Automating Analysis and Extending Capabilities
	    Mandiant: Highlighter
	    CaseNotes
	 Validation and Testing Resources 
	    Digital Corpora
	    Digital Forensics Tool Testing Images
	    Electronic Discovery Reference Model
	    Digital Forensics Research Workshop Challenges
	    Additional Images
	 References

More information (External)

Description

The Definitive Guide to File System Analysis: Key Concepts and Hands-on Techniques

Most digital evidence is stored within the computer's file system, but understanding how file systems work is one of the most technically challenging concepts for a digital investigator because there exists little documentation. Now, security expert Brian Carrier has written the definitive reference for everyone who wants to understand and be able to testify about how file system analysis is performed.

 

Carrier begins with an overview of investigation and computer foundations and then gives an authoritative, comprehensive, and illustrated overview of contemporary volume and file systems: Crucial information for discovering hidden evidence, recovering deleted data, and validating your tools. Along the way, he describes data structures, analyzes example disk images, provides advanced investigation scenarios, and uses today's most valuable open source file system analysis tools—including tools he personally developed. Coverage includes

• Preserving the digital crime scene and duplicating hard disks for "dead analysis"
• Identifying hidden data on a disk's Host Protected Area (HPA)
• Reading source data: Direct versus BIOS access, dead versus live acquisition, error handling, and more
• Analyzing DOS, Apple, and GPT partitions; BSD disk labels; and Sun Volume Table of Contents using key concepts, data structures, and specific techniques
• Analyzing the contents of multiple disk volumes, such as RAID and disk spanning
• Analyzing FAT, NTFS, Ext2, Ext3, UFS1, and UFS2 file systems using key concepts, data structures, and specific techniques
• Finding evidence: File metadata, recovery of deleted files, data hiding locations, and more
• Using The Sleuth Kit (TSK), Autopsy Forensic Browser, and related open source tools

When it comes to file system analysis, no other book offers this much detail or expertise. Whether you're a digital forensics specialist, incident response team member, law enforcement officer, corporate security specialist, or auditor, this book will become an indispensable resource for forensic investigations, no matter what analysis tools you use.

Table of Contents

Part I: Foundations
1. Digital Investigation Foundations
2. Computer Foundations
3. Hard Disk Data Acquisition

Part II: Volume Analysis
4. Volume Analysis
5. PC-based Partitions
6. Server-based Partitions
7. Multiple Disk Volumes

Part III: File System Analysis
8. File System Analysis
9. FAT Concepts and Analysis
10. FAT Data Structures
11. NTFS Concepts
12. NTFS Analysis
13. NTFS Data Structures
14. Ext2 and Ext3 Concepts and Analysis
15. Ext2 and Ext3 Data Structures
16. UFS1 and UFS2 Concepts and Analysis
17. UFS1 and UFS2 Data Structures
A. The Sleuth Kit and Autopsy

More information (External)

Description

The Definitive Guide to Computer Forensics: Theory and Hands-On Practice

Computer forensics--the art and science of gathering and analyzing digital evidence, reconstructing data and attacks, and tracking perpetrators--is becoming ever more important as IT and law enforcement professionals face an epidemic in computer crime. In Forensic Discovery, two internationally recognized experts present a thorough and realistic guide to the subject.

Dan Farmer and Wietse Venema cover both theory and hands-on practice, introducing a powerful approach that can often recover evidence considered lost forever.

The authors draw on their extensive firsthand experience to cover everything from file systems, to memory and kernel hacks, to malware. They expose a wide variety of computer forensics myths that often stand in the way of success. Readers will find extensive examples from Solaris, FreeBSD, Linux, and Microsoft Windows, as well as practical guidance for writing one's own forensic tools. The authors are singularly well-qualified to write this book: They personally created some of the most popular security tools ever written, from the legendary SATAN network scanner to the powerful Coroner's Toolkit for analyzing UNIX break-ins.

After reading this book you will be able to

• Understand essential forensics concepts: volatility, layering, and trust
• Gather the maximum amount of reliable evidence from a running system
• Recover partially destroyed information--and make sense of it
• Timeline your system: understand what really happened when
• Uncover secret changes to everything from system utilities to kernel modules
• Avoid cover-ups and evidence traps set by intruders
• Identify the digital footprints associated with suspicious activity
• Understand file systems from a forensic analyst's point of view
• Analyze malware--without giving it a chance to escape
• Capture and examine the contents of main memory on running systems
• Walk through the unraveling of an intrusion, one step at a time

The book's companion Web site contains complete source and binary code for open source software discussed in the book, plus additional computer forensics case studies and resource links.

Table of Contents

Preface
Introduction to Part 1
Chapter 1 - The spirit of forensic discovery
Chapter 2 - Time Machines
Introduction to Part 2
Chapter 3 - File sytem basics
Chapter 4 - File system analysis
Chapter 5 - Systems and subversion
Chapter 6 - Malware analysis basics
Introduction to Part 3
Chapter 7 - Persistence of deleted file information
Chapter 8 - Beyond Processes
Appendix A
Appendix B

More information (External)

Description

An interactive book-and-DVD package designed to help readers master the tools and techniques of forensic analysis offers a hands-on approach to identifying and solving problems related to computer security issues; introduces the tools, methods, techniques, and applications of computer forensic investigation; and allows readers to test skills by working with real data with the help of five scenarios. Original. (Intermediate)

Table of Contents

I. LIVE INCIDENT RESPONSE.
 1. Windows Live Response.
 2. Unix Live Response.

II. NETWORK-BASED FORENSICS.
 3. Collecting Network-Based Evidence.
 4. Analyzing Network-Based Evidence for a Windows Intrusion.
 5. Analyzing Network-Based Evidence for a Unix Intrusion.

III. ACQUIRING A FORENSIC DUPLICATION.
 6. Before You Jump Right In…
 7. Commercial-Based Forensic Duplications.
 8. Noncommercial-Based Forensic Duplications.

IV. FORENSIC ANALYSIS TECHNIQUES.
 9. Common Forensic Analysis Techniques.
10. Web Browsing Activity Reconstruction.
11. E-Mail Activity Reconstruction.
12. Microsoft Windows Registry Reconstruction.
13. Forensic Tool Analysis: An Introduction to Using Linux for Analyzing Files of Unknown Origin.
14. Forensic Tool Analysis: A Hands-On Analysis of the Linux File aio.
15. Forensic Tool Analysis: Analyzing Files of Unknown Origin (Windows).

V. CREATING A COMPLETE FORENSIC TOOL KIT.
16. Building the Ultimate Response CD.
17. Making Your CD-ROM a Bootable Environment.

VI. MOBILE DEVICE FORENSICS.
18. Forensic Duplication and Analysis of Personal Digital Assistants.
19. Forensic Duplication of USB and Compact Flash Memory Devices.
20. Forensic Analysis of USB and Compact Flash Memory Devices.

VII. ONELINE-BASED FORENSCIS.
21. Tracing E-Mail.
22. Domain Name Ownership.

Appendix: An Introduction to Perl.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

Modern C introduces you to modern day C programming, emphasizing the unique and new features of this powerful language. For new C coders, it starts with fundamentals like structure, grammar, compilation, and execution. From there, you’ll advance to control structures, data types, operators, and functions, as you gain a deeper understanding of what’s happening under the hood. In the final chapters, you’ll explore performance considerations, reentrancy, atomicity, threads, and type-generic programming. You’ll code as you go with concept-reinforcing exercises and skill-honing challenges along the way.

Table of Contents

Part 0. Encounter
	Ch 1. Getting startedfree
	Ch 2. The principal structure of a program
Part 1. Acquaintance
	Ch 3. Everything is about control
	Ch 4. Expressing computations
	Ch 5. Basic values and data
	Ch 6. Derived data types
	Ch 7. Functions
	Ch 8. C library functions
Part 2. Cognition
	Ch 9. Style
	Ch 10. Organization and documentation
	Ch 11. Pointers
	Ch 12. The C memory model
	Ch 13. Storage
	Ch 14. More involved processing and IO
Part 3. Experience
	Ch 15. Performance
	Ch 16. Function-like macros
	Ch 17. Variations in control flow
	Ch 18. Threads
	Ch 19. Atomic access and memory consistency

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.

More information (External)

Description

No description available, please check the external site for more information.

Table of Contents

No table of contents available, please check the external site for more information.