No Starch Press
The Art of Cyberwarfare
Cyber attacks are no longer the domain of petty criminals. Today, companies find themselves targeted by sophisticated nation state attackers armed with the resources to craft scarily effective campaigns. This book is a detailed guide to understanding the major players in these cyber wars, the techniques they use, and the process of analyzing their advanced attacks. Whether you're an individual researcher or part of a team within a Security Operations Center (SoC), you'll learn to approach, track, and attribute attacks to these advanced actors. The first part of the book is an overview of actual cyber attacks conducted by nation-state actors and other advanced organizations. It explores the geopolitical context in which the attacks took place, the patterns found in the attackers' techniques, and the supporting evidence analysts used to attribute such attacks. Dive into the mechanisms of: North Korea's series of cyber attacks against financial institutions, which resulted in billio ...
Cyber attacks are no longer the domain of petty criminals. Today, companies find themselves targeted by sophisticated nation state attackers armed with the resources to craft scarily effective campaigns. This book is a detailed guide to understanding the major players in these cyber wars, the techniques they use, and the process of analyzing their advanced attacks. Whether you're an individual researcher or part of a team within a Security Operations Center (SoC), you'll learn to approach, track, and attribute attacks to these advanced actors. The first part of the book is an overview of actual cyber attacks conducted by nation-state actors and other advanced organizations. It explores the geopolitical context in which the attacks took place, the patterns found in the attackers' techniques, and the supporting evidence analysts used to attribute such attacks. Dive into the mechanisms of: North Korea's series of cyber attacks against financial institutions, which resulted in billio ...
The Hardware Hacking Handbook
Embedded devices are chip-size microcomputers small enough to be included in the structure of the object they control, and they're everywhere - in phones, cars, credit cards, laptops, medical equipment, even critical infrastructure. This means understanding their security is critical. The Hardware Hacking Handbook takes you deep inside different types of embedded systems, revealing the designs, components, security limits, and reverse-engineering challenges you need to know for executing effective hardware attacks. Written with wit and infused with hands-on lab experiments, this handbook puts you in the role of an attacker interested in breaking security to do good. Starting with a crash course on the architecture of embedded devices, threat modeling, and attack trees, you'll go on to explore hardware interfaces, ports and communication protocols, electrical signaling, tips for analyzing firmware images, and more. Along the way, you'll use a home testing lab to perform fault-injecti ...
Embedded devices are chip-size microcomputers small enough to be included in the structure of the object they control, and they're everywhere - in phones, cars, credit cards, laptops, medical equipment, even critical infrastructure. This means understanding their security is critical. The Hardware Hacking Handbook takes you deep inside different types of embedded systems, revealing the designs, components, security limits, and reverse-engineering challenges you need to know for executing effective hardware attacks. Written with wit and infused with hands-on lab experiments, this handbook puts you in the role of an attacker interested in breaking security to do good. Starting with a crash course on the architecture of embedded devices, threat modeling, and attack trees, you'll go on to explore hardware interfaces, ports and communication protocols, electrical signaling, tips for analyzing firmware images, and more. Along the way, you'll use a home testing lab to perform fault-injecti ...
Go H*ck Yourself
Go H*ck Yourself is an eye-opening, hands-on introduction to the world of hacking, from an award-winning cybersecurity coach. As you perform common attacks against yourself, you'll be shocked by how easy they are to carry out - and realize just how vulnerable most people really are. You'll be guided through setting up a virtual hacking lab so you can safely try out attacks without putting yourself or others at risk. Then step-by-step instructions will walk you through executing every major type of attack, including physical access hacks, Google hacking and reconnaissance, social engineering and phishing, malware, password cracking, web hacking, and phone hacking. You'll even hack a virtual car! You'll experience each hack from the point of view of both the attacker and the target. Most importantly, every hack is grounded in real-life examples and paired with practical cyber defense tips, so you'll understand how to guard against the hacks you perform. You'll learn: How to practice h ...
Go H*ck Yourself is an eye-opening, hands-on introduction to the world of hacking, from an award-winning cybersecurity coach. As you perform common attacks against yourself, you'll be shocked by how easy they are to carry out - and realize just how vulnerable most people really are. You'll be guided through setting up a virtual hacking lab so you can safely try out attacks without putting yourself or others at risk. Then step-by-step instructions will walk you through executing every major type of attack, including physical access hacks, Google hacking and reconnaissance, social engineering and phishing, malware, password cracking, web hacking, and phone hacking. You'll even hack a virtual car! You'll experience each hack from the point of view of both the attacker and the target. Most importantly, every hack is grounded in real-life examples and paired with practical cyber defense tips, so you'll understand how to guard against the hacks you perform. You'll learn: How to practice h ...
Practical Doomsday
As a leading security engineer, Michal Zalewski has spent his career methodically anticipating and planning for cyberattacks. In Practical Doomsday, Zalewski applies the same thoughtful, rational approach to preparing for disasters of all kinds. By sharing his research, advice, and a healthy dose of common sense, he'll help you rest easy knowing you have a plan for the worst - even if the worst never comes. The book outlines a level-headed model for evaluating risks, one that weighs the probability of scenarios against the cost of preparing for them. You'll learn to apply that model to the whole spectrum of potential crises, from personal hardships like job loss or a kitchen fire, to large-scale natural disasters and industrial accidents, to recurring pop-culture fears like all-out nuclear war. You'll then explore how basic lifestyle adjustments, such as maintaining a robust rainy-day fund, protecting yourself online, and fostering good relationships with your neighbors, can boost y ...
As a leading security engineer, Michal Zalewski has spent his career methodically anticipating and planning for cyberattacks. In Practical Doomsday, Zalewski applies the same thoughtful, rational approach to preparing for disasters of all kinds. By sharing his research, advice, and a healthy dose of common sense, he'll help you rest easy knowing you have a plan for the worst - even if the worst never comes. The book outlines a level-headed model for evaluating risks, one that weighs the probability of scenarios against the cost of preparing for them. You'll learn to apply that model to the whole spectrum of potential crises, from personal hardships like job loss or a kitchen fire, to large-scale natural disasters and industrial accidents, to recurring pop-culture fears like all-out nuclear war. You'll then explore how basic lifestyle adjustments, such as maintaining a robust rainy-day fund, protecting yourself online, and fostering good relationships with your neighbors, can boost y ...
Bug Bounty Bootcamp
A comprehensive guide for any web application hacker, Bug Bounty Bootcamp is a detailed exploration of the many vulnerabilities present in modern websites and the hands-on techniques you can use to most successfully exploit them. Bug Bounty Bootcamp prepares you for participation in bug bounty programs, which companies set up to reward hackers for finding and reporting vulnerabilities in their applications. The Bootcamp begins with guidance on writing high-quality bug reports and building lasting relationships with client organizations. You'll then set up a hacking lab and dive into the mechanisms of common web vulnerabilities, like XSS and SQL injection, aided by thorough explanations of what causes them, how you can exploit them, where to find them, and how to bypass protections. You'll also explore recon strategies for gathering intel on a target and automate recon with bash scripting. Finally, you'll wade into advanced techniques, like hacking mobile apps, testing APIs, and revi ...
A comprehensive guide for any web application hacker, Bug Bounty Bootcamp is a detailed exploration of the many vulnerabilities present in modern websites and the hands-on techniques you can use to most successfully exploit them. Bug Bounty Bootcamp prepares you for participation in bug bounty programs, which companies set up to reward hackers for finding and reporting vulnerabilities in their applications. The Bootcamp begins with guidance on writing high-quality bug reports and building lasting relationships with client organizations. You'll then set up a hacking lab and dive into the mechanisms of common web vulnerabilities, like XSS and SQL injection, aided by thorough explanations of what causes them, how you can exploit them, where to find them, and how to bypass protections. You'll also explore recon strategies for gathering intel on a target and automate recon with bash scripting. Finally, you'll wade into advanced techniques, like hacking mobile apps, testing APIs, and revi ...
Practical Linux Forensics
Practical Linux Forensics dives into the technical details of analyzing postmortem forensic images of Linux systems that have been misused, abused, or the target of malicious attacks. This essential practitioner's guide will show you how to locate and interpret digital evidence found on Linux desktops, servers, and IoT devices, draw logical conclusions, and reconstruct timelines of past activity after a crime or security incident. It's a book written for investigators with varying levels of Linux experience, and the techniques shown are independent of the forensic analysis platform and tools used. Early chapters provide an overview of digital forensics as well as an introduction to the Linux operating system and popular distributions. From there, the book describes the analysis of storage, filesystems, files and directories, installed software packages, and logs. Special focus is given to examining human user activity such as logins, desktop environments and artifacts, home director ...
Practical Linux Forensics dives into the technical details of analyzing postmortem forensic images of Linux systems that have been misused, abused, or the target of malicious attacks. This essential practitioner's guide will show you how to locate and interpret digital evidence found on Linux desktops, servers, and IoT devices, draw logical conclusions, and reconstruct timelines of past activity after a crime or security incident. It's a book written for investigators with varying levels of Linux experience, and the techniques shown are independent of the forensic analysis platform and tools used. Early chapters provide an overview of digital forensics as well as an introduction to the Linux operating system and popular distributions. From there, the book describes the analysis of storage, filesystems, files and directories, installed software packages, and logs. Special focus is given to examining human user activity such as logins, desktop environments and artifacts, home director ...
Practical SQL, 2nd Edition
Practical SQL is an approachable and fast-paced guide to SQL (Structured Query Language), the standard programming language for defining, organizing, and exploring data in relational databases. Anthony DeBarros, a journalist and data analyst, focuses on using SQL to find the story within your data. The examples and code use the open-source database PostgreSQL and its companion pgAdmin interface, and the concepts you learn will apply to most database management systems, including MySQL, Oracle, SQLite, and others. You'll first cover the fundamentals of databases and the SQL language, then build skills by analyzing data from real-world datasets such as US Census demographics, New York City taxi rides, and earthquakes from US Geological Survey. Each chapter includes exercises and examples that teach even those who have never programmed before all the tools necessary to build powerful databases and access information quickly and efficiently. You'll learn how to: Create databases and ...
Practical SQL is an approachable and fast-paced guide to SQL (Structured Query Language), the standard programming language for defining, organizing, and exploring data in relational databases. Anthony DeBarros, a journalist and data analyst, focuses on using SQL to find the story within your data. The examples and code use the open-source database PostgreSQL and its companion pgAdmin interface, and the concepts you learn will apply to most database management systems, including MySQL, Oracle, SQLite, and others. You'll first cover the fundamentals of databases and the SQL language, then build skills by analyzing data from real-world datasets such as US Census demographics, New York City taxi rides, and earthquakes from US Geological Survey. Each chapter includes exercises and examples that teach even those who have never programmed before all the tools necessary to build powerful databases and access information quickly and efficiently. You'll learn how to: Create databases and ...
Math for Deep Learning
Deep learning is everywhere, making this powerful driver of AI something more STEM professionals need to know. Learning which library commands to use is one thing, but to truly understand the discipline, you need to grasp the mathematical concepts that make it tick. This book will give you a working knowledge of topics in probability, statistics, linear algebra, and differential calculus - the essential math needed to make deep learning comprehensible, which is key to practicing it successfully. Each of the four subfields are contextualized with Python code and hands-on, real-world examples that bridge the gap between pure mathematics and its applications in deep learning. Chapters build upon one another, with foundational topics such as Bayes' theorem followed by more advanced concepts, like training neural networks using vectors, matrices, and derivatives of functions. You'll ultimately put all this math to use as you explore and implement deep learning algorithms, including backp ...
Deep learning is everywhere, making this powerful driver of AI something more STEM professionals need to know. Learning which library commands to use is one thing, but to truly understand the discipline, you need to grasp the mathematical concepts that make it tick. This book will give you a working knowledge of topics in probability, statistics, linear algebra, and differential calculus - the essential math needed to make deep learning comprehensible, which is key to practicing it successfully. Each of the four subfields are contextualized with Python code and hands-on, real-world examples that bridge the gap between pure mathematics and its applications in deep learning. Chapters build upon one another, with foundational topics such as Bayes' theorem followed by more advanced concepts, like training neural networks using vectors, matrices, and derivatives of functions. You'll ultimately put all this math to use as you explore and implement deep learning algorithms, including backp ...
Object-Oriented Python
Object-Oriented Programming (OOP) is a paradigm that combines data and code into cohesive units, allowing you to think differently about computational problems and solve them in a highly reusable way. Aimed at intermediate-level programmers, Object-Oriented Python is a hands-on tutorial that goes deep into the core tenets of OOP, showing you how to use encapsulation, polymorphism, and inheritance to write games and apps using Python. The book begins by demonstrating key problems inherent in procedural programming, then guides you through the basics of creating classes and objects in Python. You'll build on this groundwork by developing buttons, text fields, and other GUI elements that are standard in event-driven environments. You'll also use many real-world code examples and two pygame-based packages to help turn theory into practice, enabling you to easily write interactive games and applications complete with GUI widgets, animations, multiple scenes, and reusable game logic. In t ...
Object-Oriented Programming (OOP) is a paradigm that combines data and code into cohesive units, allowing you to think differently about computational problems and solve them in a highly reusable way. Aimed at intermediate-level programmers, Object-Oriented Python is a hands-on tutorial that goes deep into the core tenets of OOP, showing you how to use encapsulation, polymorphism, and inheritance to write games and apps using Python. The book begins by demonstrating key problems inherent in procedural programming, then guides you through the basics of creating classes and objects in Python. You'll build on this groundwork by developing buttons, text fields, and other GUI elements that are standard in event-driven environments. You'll also use many real-world code examples and two pygame-based packages to help turn theory into practice, enabling you to easily write interactive games and applications complete with GUI widgets, animations, multiple scenes, and reusable game logic. In t ...
Rust for Rustaceans
For developers who've mastered the basics, this book is the next step on your way to professional-level programming in Rust. It covers everything you need to build and maintain larger code bases, write powerful and flexible applications and libraries, and confidently expand the scope and complexity of your projects. Author Jon Gjengset takes you deep into the Rust programming language, dissecting core topics like ownership, traits, concurrency, and unsafe code. You'll explore key concepts like type layout and trait coherence, delve into the inner workings of concurrent programming and asynchrony with async/await, and take a tour of the world of no_std programming. Gjengset also provides expert guidance on API design, testing strategies, and error handling, and will help develop your understanding of foreign function interfaces, object safety, procedural macros, and much more. You'll Learn: How to design reliable, idiomatic, and ergonomic Rust programs based on best principles; Ef ...
For developers who've mastered the basics, this book is the next step on your way to professional-level programming in Rust. It covers everything you need to build and maintain larger code bases, write powerful and flexible applications and libraries, and confidently expand the scope and complexity of your projects. Author Jon Gjengset takes you deep into the Rust programming language, dissecting core topics like ownership, traits, concurrency, and unsafe code. You'll explore key concepts like type layout and trait coherence, delve into the inner workings of concurrent programming and asynchrony with async/await, and take a tour of the world of no_std programming. Gjengset also provides expert guidance on API design, testing strategies, and error handling, and will help develop your understanding of foreign function interfaces, object safety, procedural macros, and much more. You'll Learn: How to design reliable, idiomatic, and ergonomic Rust programs based on best principles; Ef ...
The Book of Inkscape, 2nd Edition
Dmitry Kirsanov, a former core Inkscape developer, shares his knowledge of Inkscape's inner workings as he shows how to use Inkscape to draw with various tools, work with objects, apply realistic and artistic effects, and more. Step-by-step task-based tutorials show you how to create business cards, animations, technical and artistic drawings, and graphic assets for games. This 2nd edition covers the new tools, improved text features, advanced new path effects and filters, as well as many new UI conveniences in Inkscape 1.0. A new chapter describes Inkscape's extensions for both users and developers. ...
Dmitry Kirsanov, a former core Inkscape developer, shares his knowledge of Inkscape's inner workings as he shows how to use Inkscape to draw with various tools, work with objects, apply realistic and artistic effects, and more. Step-by-step task-based tutorials show you how to create business cards, animations, technical and artistic drawings, and graphic assets for games. This 2nd edition covers the new tools, improved text features, advanced new path effects and filters, as well as many new UI conveniences in Inkscape 1.0. A new chapter describes Inkscape's extensions for both users and developers. ...