Hack eBooks
Hacking Kubernetes
Want to run your Kubernetes workloads safely and securely? This practical book provides a threat-based guide to Kubernetes security. Each chapter examines a particular component's architecture and potential default settings and then reviews existing high-profile attacks and historical Common Vulnerabilities and Exposures (CVEs). Authors Andrew Martin and Michael Hausenblas share best-practice configuration to help you harden clusters from possible angles of attack. This book begins with a vanilla Kubernetes installation with built-in defaults. You'll examine an abstract threat model of a distributed system running arbitrary workloads, and then progress to a detailed assessment of each component of a secure Kubernetes system. Understand where your Kubernetes system is vulnerable with threat modelling techniques; Focus on pods, from configurations to attacks and defenses; Secure your cluster and workload traffic; Define and enforce policy with RBAC, OPA, and Kyverno; Dive deep into ...
Want to run your Kubernetes workloads safely and securely? This practical book provides a threat-based guide to Kubernetes security. Each chapter examines a particular component's architecture and potential default settings and then reviews existing high-profile attacks and historical Common Vulnerabilities and Exposures (CVEs). Authors Andrew Martin and Michael Hausenblas share best-practice configuration to help you harden clusters from possible angles of attack. This book begins with a vanilla Kubernetes installation with built-in defaults. You'll examine an abstract threat model of a distributed system running arbitrary workloads, and then progress to a detailed assessment of each component of a secure Kubernetes system. Understand where your Kubernetes system is vulnerable with threat modelling techniques; Focus on pods, from configurations to attacks and defenses; Secure your cluster and workload traffic; Define and enforce policy with RBAC, OPA, and Kyverno; Dive deep into ...
HackSpace Magazine: Issue 45
This issue we're paying homage to some of our favourite projects built on the Raspberry Pi. We're living in a golden age for experimentation, accessible making and digital discovery - and a large part of that is thanks to this teeny tiny computer. Just add imagination! - How one maker achieved perfection (yes, really!) by embracing failure; - Our pick of the best walking robot kits; - A deceptively simple hack for printing large objects (hint - you make the printer bigger); - Homebrew improvements to a cheap CNC machine; - How to put an oak handle on an old kitchen knife; - ... and loads more. ...
This issue we're paying homage to some of our favourite projects built on the Raspberry Pi. We're living in a golden age for experimentation, accessible making and digital discovery - and a large part of that is thanks to this teeny tiny computer. Just add imagination! - How one maker achieved perfection (yes, really!) by embracing failure; - Our pick of the best walking robot kits; - A deceptively simple hack for printing large objects (hint - you make the printer bigger); - Homebrew improvements to a cheap CNC machine; - How to put an oak handle on an old kitchen knife; - ... and loads more. ...
Advanced ASP.NET Core 3 Security
Incorporate security best practices into ASP.NET Core. This book covers security-related features available within the framework, explains where these feature may fall short, and delves into security topics rarely covered elsewhere. Get ready to dive deep into ASP.NET Core 3.1 source code, clarifying how particular features work and addressing how to fix problems. For straightforward use cases, the ASP.NET Core framework does a good job in preventing certain types of attacks from happening. But for some types of attacks, or situations that are not straightforward, there is very little guidance available on how to safely implement solutions. And worse, there is a lot of bad advice online on how to implement functionality, be it encrypting unsafely hard-coded parameters that need to be generated at runtime, or articles which advocate for certain solutions that are vulnerable to obvious injection attacks. Even more concerning is the functions in ASP.NET Core that are not as secure as t ...
Incorporate security best practices into ASP.NET Core. This book covers security-related features available within the framework, explains where these feature may fall short, and delves into security topics rarely covered elsewhere. Get ready to dive deep into ASP.NET Core 3.1 source code, clarifying how particular features work and addressing how to fix problems. For straightforward use cases, the ASP.NET Core framework does a good job in preventing certain types of attacks from happening. But for some types of attacks, or situations that are not straightforward, there is very little guidance available on how to safely implement solutions. And worse, there is a lot of bad advice online on how to implement functionality, be it encrypting unsafely hard-coded parameters that need to be generated at runtime, or articles which advocate for certain solutions that are vulnerable to obvious injection attacks. Even more concerning is the functions in ASP.NET Core that are not as secure as t ...
Real-World Python
With its emphasis on project-based practice, Real World Python will take you from playing with syntax to writing complete programs in no time. You'll conduct experiments, explore statistical concepts, and solve novel problems that have frustrated geniuses throughout history, like detecting distant exoplanets, as you continue to build your Python skills. Chapters begin with a clearly defined project goal and a discussion of ways to attack the problem, followed by a mission designed to make you think like a programmer. You'll direct a Coast Guard search-and-rescue effort, plot and execute a NASA flight to the moon, protect access to a secure lab using facial recognition, and more. Along the way you'll learn how to: Use libraries like matplotlib, NumPy, Bokeh, pandas, Requests, Beautiful Soup, and turtle; Work with Natural Language Processing and computer vision modules like NLTK and OpenCV; Write a program to detect and track objects moving across a starfield; Scrape speeches from the ...
With its emphasis on project-based practice, Real World Python will take you from playing with syntax to writing complete programs in no time. You'll conduct experiments, explore statistical concepts, and solve novel problems that have frustrated geniuses throughout history, like detecting distant exoplanets, as you continue to build your Python skills. Chapters begin with a clearly defined project goal and a discussion of ways to attack the problem, followed by a mission designed to make you think like a programmer. You'll direct a Coast Guard search-and-rescue effort, plot and execute a NASA flight to the moon, protect access to a secure lab using facial recognition, and more. Along the way you'll learn how to: Use libraries like matplotlib, NumPy, Bokeh, pandas, Requests, Beautiful Soup, and turtle; Work with Natural Language Processing and computer vision modules like NLTK and OpenCV; Write a program to detect and track objects moving across a starfield; Scrape speeches from the ...
The Customer-Driven Culture: A Microsoft Story
If you're striving to make products and services that your customers will love, then you'll need a customer-driven organization. As companies transform their businesses to meet the demands of the digital age, they find themselves grappling with uniquely human challenges. Organizational knowledge becomes siloed, employees move to safeguard their expertise, and customer data creates polarization and infighting between teams. All of these challenges widen the distance between the people who make your products and the customers who use them. To meet today's challenges, companies need to do more than build processes for customer-driven products. They need to create a customer-driven culture. With the help of his friend and mentor Monty Hammontree, Travis Lowdermilk takes readers through the cultural transformation of the Developer Division at Microsoft. This book shows readers how to "hack" their culture and reduce the distance between them and their customers' needs. It's a uniquely ...
If you're striving to make products and services that your customers will love, then you'll need a customer-driven organization. As companies transform their businesses to meet the demands of the digital age, they find themselves grappling with uniquely human challenges. Organizational knowledge becomes siloed, employees move to safeguard their expertise, and customer data creates polarization and infighting between teams. All of these challenges widen the distance between the people who make your products and the customers who use them. To meet today's challenges, companies need to do more than build processes for customer-driven products. They need to create a customer-driven culture. With the help of his friend and mentor Monty Hammontree, Travis Lowdermilk takes readers through the cultural transformation of the Developer Division at Microsoft. This book shows readers how to "hack" their culture and reduce the distance between them and their customers' needs. It's a uniquely ...
Black Hat Go
Black Hat Go explores the darker side of Go, the popular programming language revered by hackers for its simplicity, efficiency, and reliability. It provides an arsenal of practical tactics from the perspective of security practitioners and hackers to help you test your systems, build and automate tools to fit your needs, and improve your offensive security skillset, all using the power of Go. You'll begin your journey with a basic overview of Go's syntax and philosophy and then start to explore examples that you can leverage for tool development, including common network protocols like HTTP, DNS, and SMB. You'll then dig into various tactics and problems that penetration testers encounter, addressing things like data pilfering, packet sniffing, and exploit development. You'll create dynamic, pluggable tools before diving into cryptography, attacking Microsoft Windows, and implementing steganography. You'll Learn how to: Make performant tools that can be used for your own securit ...
Black Hat Go explores the darker side of Go, the popular programming language revered by hackers for its simplicity, efficiency, and reliability. It provides an arsenal of practical tactics from the perspective of security practitioners and hackers to help you test your systems, build and automate tools to fit your needs, and improve your offensive security skillset, all using the power of Go. You'll begin your journey with a basic overview of Go's syntax and philosophy and then start to explore examples that you can leverage for tool development, including common network protocols like HTTP, DNS, and SMB. You'll then dig into various tactics and problems that penetration testers encounter, addressing things like data pilfering, packet sniffing, and exploit development. You'll create dynamic, pluggable tools before diving into cryptography, attacking Microsoft Windows, and implementing steganography. You'll Learn how to: Make performant tools that can be used for your own securit ...
Raspberry Pi Projects for Kids
The Raspberry Pi is an inexpensive, pocket-sized computer that will help you build and code your own hardware projects. Raspberry Pi Projects for Kids will show you how to harness the power of the Raspberry Pi to create 12 cool projects using simple code and common materials like a webcam, microphone, and LED lights. Step-by-step instructions and detailed diagrams guide you through each project. After a brief introduction to the Python programming language, you'll learn how to: Create an LED night-light that turns itself on and off; Set up a Raspberry Pi camera to take selfies and videos; Set up a webcam to stream video to your cell phone; Manipulate environments in Minecraft; Hijack local radio waves to play your own songs and recordings; Configure Raspberry Pi to send texts to a cell phone; Track your family members locations via wi-fi and Bluetooth; Create an MP3 player; Set up a camera to take motion-triggered photos of wildlife; Control the electronics in your home with your ...
The Raspberry Pi is an inexpensive, pocket-sized computer that will help you build and code your own hardware projects. Raspberry Pi Projects for Kids will show you how to harness the power of the Raspberry Pi to create 12 cool projects using simple code and common materials like a webcam, microphone, and LED lights. Step-by-step instructions and detailed diagrams guide you through each project. After a brief introduction to the Python programming language, you'll learn how to: Create an LED night-light that turns itself on and off; Set up a Raspberry Pi camera to take selfies and videos; Set up a webcam to stream video to your cell phone; Manipulate environments in Minecraft; Hijack local radio waves to play your own songs and recordings; Configure Raspberry Pi to send texts to a cell phone; Track your family members locations via wi-fi and Bluetooth; Create an MP3 player; Set up a camera to take motion-triggered photos of wildlife; Control the electronics in your home with your ...
Becoming the Hacker
Becoming the Hacker will teach you how to approach web penetration testing with an attacker's mindset. While testing web applications for performance is common, the ever-changing threat landscape makes security testing much more difficult for the defender. There are many web application tools that claim to provide a complete survey and defense against potential threats, but they must be analyzed in line with the security needs of each web application or service. We must understand how an attacker approaches a web application and the implications of breaching its defenses. Through the first part of the book, Adrian Pruteanu walks you through commonly encountered vulnerabilities and how to take advantage of them to achieve your goal. The latter part of the book shifts gears and puts the newly learned techniques into practice, going over scenarios where the target may be a popular content management system or a containerized application and its network. Becoming the Hacker is a c ...
Becoming the Hacker will teach you how to approach web penetration testing with an attacker's mindset. While testing web applications for performance is common, the ever-changing threat landscape makes security testing much more difficult for the defender. There are many web application tools that claim to provide a complete survey and defense against potential threats, but they must be analyzed in line with the security needs of each web application or service. We must understand how an attacker approaches a web application and the implications of breaching its defenses. Through the first part of the book, Adrian Pruteanu walks you through commonly encountered vulnerabilities and how to take advantage of them to achieve your goal. The latter part of the book shifts gears and puts the newly learned techniques into practice, going over scenarios where the target may be a popular content management system or a containerized application and its network. Becoming the Hacker is a c ...
Real-World Bug Hunting
Learn how people break websites and how you can, too. Real-World Bug Hunting is the premier field guide to finding software bugs. Whether you're a cyber-security beginner who wants to make the internet safer or a seasoned developer who wants to write secure code, ethical hacker Peter Yaworski will show you how it's done. You'll learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery. Using real-life case studies of rewarded vulnerabilities from applications like Twitter, Facebook, Google, and Uber, you'll see how hackers manage to invoke race conditions while transferring money, use URL parameter to cause users to like unintended tweets, and more. Each chapter introduces a vulnerability type accompanied by a series of actual reported bug bounties. The book's collection of tales from the field will teach you how attackers trick users into giving away their sensitive information and how sites may reveal ...
Learn how people break websites and how you can, too. Real-World Bug Hunting is the premier field guide to finding software bugs. Whether you're a cyber-security beginner who wants to make the internet safer or a seasoned developer who wants to write secure code, ethical hacker Peter Yaworski will show you how it's done. You'll learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery. Using real-life case studies of rewarded vulnerabilities from applications like Twitter, Facebook, Google, and Uber, you'll see how hackers manage to invoke race conditions while transferring money, use URL parameter to cause users to like unintended tweets, and more. Each chapter introduces a vulnerability type accompanied by a series of actual reported bug bounties. The book's collection of tales from the field will teach you how attackers trick users into giving away their sensitive information and how sites may reveal ...
The IoT Hacker's Handbook
Take a practioner's approach in analyzing the Internet of Things (IoT) devices and the security issues facing an IoT architecture. You'll review the architecture's central components, from hardware communication interfaces, such as UARTand SPI, to radio protocols, such as BLE or ZigBee. You'll also learn to assess a device physically by opening it, looking at the PCB, and identifying the chipsets and interfaces. You'll then use that information to gain entry to the device or to perform other actions, such as dumping encryption keys and firmware. As the IoT rises to one of the most popular tech trends, manufactures need to take necessary steps to secure devices and protect them from attackers. The IoT Hacker's Handbook breaks down the Internet of Things, exploits it, and reveals how these devices can be built securely. Perform a threat model of a real-world IoT device and locate all possible attacker entry points; Use reverse engineering of firmware binaries to identify securi ...
Take a practioner's approach in analyzing the Internet of Things (IoT) devices and the security issues facing an IoT architecture. You'll review the architecture's central components, from hardware communication interfaces, such as UARTand SPI, to radio protocols, such as BLE or ZigBee. You'll also learn to assess a device physically by opening it, looking at the PCB, and identifying the chipsets and interfaces. You'll then use that information to gain entry to the device or to perform other actions, such as dumping encryption keys and firmware. As the IoT rises to one of the most popular tech trends, manufactures need to take necessary steps to secure devices and protect them from attackers. The IoT Hacker's Handbook breaks down the Internet of Things, exploits it, and reveals how these devices can be built securely. Perform a threat model of a real-world IoT device and locate all possible attacker entry points; Use reverse engineering of firmware binaries to identify securi ...
Bug Bounty Hunting Essentials
Bug bounty programs are the deals offered by prominent companies where-in any white-hat hacker can find bugs in the applications and they will have a recognition for the same. The number of prominent organizations having this program has increased gradually leading to a lot of opportunity for Ethical Hackers. This book will initially start with introducing you to the concept of Bug Bounty hunting. Then we will dig deeper into concepts of vulnerabilities and analysis such as HTML injection, CRLF injection and so on. Towards the end of the book, we will get hands-on experience working with different tools used for bug hunting and various blogs and communities to be followed. This book will get you started with bug bounty hunting and its fundamentals. ...
Bug bounty programs are the deals offered by prominent companies where-in any white-hat hacker can find bugs in the applications and they will have a recognition for the same. The number of prominent organizations having this program has increased gradually leading to a lot of opportunity for Ethical Hackers. This book will initially start with introducing you to the concept of Bug Bounty hunting. Then we will dig deeper into concepts of vulnerabilities and analysis such as HTML injection, CRLF injection and so on. Towards the end of the book, we will get hands-on experience working with different tools used for bug hunting and various blogs and communities to be followed. This book will get you started with bug bounty hunting and its fundamentals. ...