||Mastering Metasploit, 3rd Edition|
We start by reminding you about the basic functionalities of Metasploit and its use in the most traditional ways. You'll get to know about the basics of programming Metasploit modules as a refresher and then dive into carrying out exploitation as well building and porting exploits of various kinds in Metasploit.
In the next section, you'll develop the ability to perform testing on various services such as databases, Cloud environment, IoT, mobile, tablets, and similar more services. After this training, we jump into real-world sophisticated scenarios where performing penetration tests are a challenge. With real-life case studies, we take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit framework.
By the end of the book, you will be trained specifically on time-saving techniques using Metasploit. ...
||Microsoft Azure Security Center|
This book presents comprehensive Azure Security Center techniques for safeguarding cloud and hybrid environments. Leading Microsoft security and cloud experts Yuri Diogenes and Dr. Thomas Shinder show how to apply Azure Security Center's full spectrum of features and capabilities to address protection, detection, and response in key operational scenarios. You'll learn how to secure any Azure workload, and optimize virtually all facets of modern security from policies and identity to incident response and risk management. Whatever your role in Azure security you'll learn how to save hours, days, or even weeks by solving problems in most efficient, reliable ways possible.
Two of Microsoft's leading cloud security experts show how to: Assess the impact of cloud and hybrid environments on security compliance, operations, data protection, and risk management; Master a new security paradigm for a world without traditional perimeters; ...
||Principles of Computer Security, 5th Edition|
Learn IT security fundamentals while getting complete coverage of the objectives for the latest release of CompTIA Security+ certification exam SY0-501. This thoroughly revised, full-color textbook discusses communication, infrastructure, operational security attack prevention, disaster recovery, computer forensics, and much more. Written by a pair of highly respected security educators, Principles of Computer Security: CompTIA Security+ and Beyond, Fifth Edition (Exam SY0-501) will help you pass the exam and become a CompTIA certified computer security expert.
Ensure operational, organizational, and physical security; Use cryptography and public key infrastructures (PKIs); Secure remote access, wireless networks, and virtual private networks (VPNs); Authenticate users and lock down mobile devices; Harden network devices, operating systems, and applications; Prevent network attacks, such as denial of service, spoofing, hijacking, and password guessing; Co ...
||Windows Server 2016 Security, Certificates, and Remote Access Cookbook|
Windows Server 2016 is an operating system designed to run on today's highly performant servers, both on-premise and in the cloud. It supports enterprise-level data storage, communications, management, and applications. This book builds off a basic knowledge of the Windows Server operating system, and assists administrators with taking the security of their systems one step further.
You will learn tips for configuring proper networking, especially on multi-homed systems, and tricks for locking down access to your servers.
Then you will move onto one of the hottest security topics of the year - certificates. You will learn how to build your own PKI, or how to better administer one that you already have. You will publish templates, issue certificates, and even configure autoenrollment in your network.
When we say "networking" we don't only mean inside the LAN. To deal safely with mobile devices, you will learn about the capabilities of Windows Server 2016 for conne ...
||Machine Learning and Security|
Can machine learning techniques solve our computer security problems and finally put an end to the cat-and-mouse game between attackers and defenders? Or is this hope merely hype? Now you can dive into the science and answer this question for yourself. With this practical guide, you'll explore ways to apply machine learning to security issues such as intrusion detection, malware classification, and network analysis.
Machine learning and security specialists Clarence Chio and David Freeman provide a framework for discussing the marriage of these two fields, as well as a toolkit of machine-learning algorithms that you can apply to an array of security problems. This book is ideal for security engineers and data scientists alike.
Learn how machine learning has contributed to the success of modern spam filters; Quickly detect anomalies, including breaches, fraud, and impending system failure; Conduct malware analysis by extracting useful information ...
||Enterprise Cybersecurity Study Guide|
Use the methodology in this study guide to design, manage, and operate a balanced enterprise cybersecurity program that is pragmatic and realistic in the face of resource constraints and other real-world limitations. This guide is an instructional companion to the book Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats. The study guide will help you understand the book's ideas and put them to work. The guide can be used for self-study or in the classroom.
Enterprise cybersecurity is about implementing a cyberdefense program that will succeed in defending against real-world attacks. While we often know what should be done, the resources to do it often are not sufficient. The reality is that the Cybersecurity Conundrum - what the defenders request, what the frameworks specify, and what the budget allows versus what the attackers exploit - gets in the way of what needs to be done. Cyberattacks in the headlines affectin ...
||Agile Application Security|
Agile continues to be the most adopted software development methodology among organizations worldwide, but it generally hasn't integrated well with traditional security management techniques. And most security professionals aren't up to speed in their understanding and experience of agile development. To help bridge the divide between these two worlds, this practical guide introduces several security tools and techniques adapted specifically to integrate with agile development.
Written by security experts and agile veterans, this book begins by introducing security principles to agile practitioners, and agile principles to security practitioners. The authors also reveal problems they encountered in their own experiences with agile security and how they worked to solve them.
Add security practices to each stage of your existing development lifecycle; Integrate security with planning, requirements, design, and at the co ...
||Network Security Through Data Analysis, 2nd Edition|
Traditional intrusion detection and logfile analysis are no longer enough to protect today's complex networks. In the updated second edition of this practical guide, security researcher Michael Collins shows InfoSec personnel the latest techniques and tools for collecting and analyzing network traffic datasets. You'll understand how your network is used, and what actions are necessary to harden and defend the systems within it.
In three sections, this book examines the process of collecting and organizing data, various tools for analysis, and several different analytic scenarios and techniques. New chapters focus on active monitoring and traffic manipulation, insider threat detection, data mining, regression and machine learning, and other topics.
Use sensors to collect network, service, host, and active domain data; Work with the SiLK toolset, Python, and other tools and techniques for manipulating data you collect; Detect unusual phenomena through exploratory data analys ...
||Gray Hat C#|
Learn to use C#'s powerful set of core libraries to automate tedious yet important tasks like fuzzing, performing vulnerability scans, and analyzing malware. With some help from Mono, you'll write your own practical security tools that will run on Windows, OS X, Linux, and even mobile devices.
After a crash course in C# and some of its advanced features, you'll learn how to: Generate shellcode in Metasploit to create cross-platform and cross-architecture payloads; Automate Nessus, OpenVAS, and sqlmap to scan for vulnerabilities and exploit SQL injections; Write a .NET decompiler for OS X and Linux; Parse and read offline registry hives to dump system information; Automate the security tools Arachni and Metasploit using their MSGPACK RPCs.
Streamline and simplify your workday by making the most of C#'s extensive repertoire of powerful tools and libraries with Gray Hat C#. ...
||CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide (CS0-001)|
This highly effective self-study system provides complete coverage of every objective for the challenging CompTIA CySA+ Cybersecurity Analyst exam. You'll find learning objectives at the beginning of each chapter, exam tips, in-depth explanations, and practice exam questions. All questions closely mirror those on the live test in content, format, and tone. Designed to help you pass exam CS0-001 with ease, this definitive guide also serves as an essential on-the-job reference. ...
||Hacking Exposed Malware & Rootkits, 2nd Edition|
Thwart debilitating cyber-attacks and dramatically improve your organization's security posture using the proven defense strategies in this thoroughly updated guide. Hacking Exposed Malware and Rootkits: Security Secrets & Solutions, Second Edition fully explains the hacker's latest methods alongside ready-to-deploy countermeasures. Discover how to block pop-up and phishing exploits, terminate embedded code, and identify and eliminate rootkits. You will get up-to-date coverage of intrusion detection, firewall, honeynet, antivirus, and anti-rootkit technology.
Learn how malware infects, survives, and propagates across an enterprise; See how hackers develop malicious code and target vulnerable systems; Detect, neutralize, and remove user-mode and kernel-mode rootkits; Use hypervisors and honeypots to uncover and kill virtual rootkits; Defend against keylogging, redirect, click fraud, and identity theft; Block spear phishing, client-side, and embedded-code exploits; Effec ...