Hacking the Hacker
Реклама. ООО «ЛитРес», ИНН: 7719571260.
Оглавление
Grimes Roger A.. Hacking the Hacker
Foreword
Introduction
1. What Type of Hacker Are You?
Most Hackers Aren’t Geniuses
Defenders Are Hackers Plus
Hackers Are Special
Hackers Are Persistent
Hacker Hats
2. How Hackers Hack
The Secret to Hacking
Hacking Ethically
3. Profile: Bruce Schneier
For More Information on Bruce Schneier
4. Social Engineering
Social Engineering Methods
Social Engineering Defenses
5. Profile: Kevin Mitnick
For More Information on Kevin Mitnick
6. Software Vulnerabilities
Number of Software Vulnerabilities
Why Are Software Vulnerabilities Still a Big Problem?
Defenses Against Software Vulnerabilities
Perfect Software Won’t Cure All Ills
7. Profile: Michael Howard
For More Information on Michael Howard
8. Profile: Gary McGraw
For More Information on Gary McGraw
9. Malware
Malware Types
Number of Malware Programs
Mostly Criminal in Origin
Defenses Against Malware
10. Profile: Susan Bradley
For More Information on Susan Bradley
11. Profile: Mark Russinovich
For More on Mark Russinovich
12. Cryptography
What Is Cryptography?
Why Can’t Attackers Just Guess All the Possible Keys?
Symmetric Versus Asymmetric Keys
Popular Cryptography
Hashes
Cryptographic Uses
Cryptographic Attacks
13. Profile: Martin Hellman
For More Information on Martin Hellman
14. Intrusion Detection/APTs
Traits of a Good Security Event Message
Advanced Persistent Threats (APTs)
Types of Intrusion Detection
Intrusion Detection Tools and Services
15. Profile: Dr. Dorothy E. Denning
For More Information on Dr. Dorothy E. Denning
16. Profile: Michael Dubinsky
For More Information on Michael Dubinsky
17. Firewalls
What Is a Firewall?
18. Profile: William Cheswick
For More Information on William Cheswick
19. Honeypots
What Is a Honeypot?
Interaction
Why Use a Honeypot?
Catching My Own Russian Spy
Honeypot Resources to Explore
20. Profile: Lance Spitzner
For More Information on Lance Spitzner
21. Password Hacking
Authentication Components
Hacking Passwords
Password Defenses
22. Profile: Dr. Cormac Herley
For More Information on Dr. Cormac Herley
23. Wireless Hacking
The Wireless World
Types of Wireless Hacking
Some Wireless Hacking Tools
Wireless Hacking Defenses
24. Profile: Thomas d’Otreppe de Bouvette
For More Information on Thomas d’Otreppe de Bouvette
25. Penetration Testing
My Penetration Testing Highlights
How to Be a Pen Tester
26. Profile: Aaron Higbee
For More Information on Aaron Higbee
27. Profile: Benild Joseph
For More Information on Benild Joseph
28. DDoS Attacks
Types of DDoS Attacks
DDoS Tools and Providers
DDoS Defenses
29. Profile: Brian Krebs
For More Information on Brian Krebs
30. Secure OS
How to Secure an Operating System
Security Consortiums
31. Profile: Joanna Rutkowska
For More Information on Joanna Rutkowska
32. Profile: Aaron Margosis
For More Information on Aaron Margosis
33. Network Attacks
Types of Network Attacks
Network Attack Defenses
34. Profile: Laura Chappell
For More Information on Laura Chappell
35. IoT Hacking
How Do Hackers Hack IoT?
IoT Defenses
36. Profile: Dr. Charlie Miller
For More Information on Dr. Charlie Miller
37. Policy and Strategy
Standards
Policies
Procedures
Frameworks
Regulatory Laws
Global Concerns
Systems Support
38. Profile: Jing de Jong‐Chen
For More Information on Jing de Jong‐Chen
39. Threat Modeling
Why Threat Model?
Threat Modeling Models
Threat Actors
40. Profile: Adam Shostack
For More Information on Adam Shostack
41. Computer Security Education
Computer Security Training Topics
Training Methods
42. Profile: Stephen Northcutt
For More Information on Stephen Northcutt
43. Privacy
Privacy Organizations
Privacy‐Protecting Applications
44. Profile: Eva Galperin
For More Information on Eva Galperin
45. Patching
Patching Facts
Common Patching Problems
46. Profile: Window Snyder
For More Information on Window Snyder
47. Writing as a Career
Computer Security Writing Outlets
Professional Writing Tips
48. Profile: Fahmida Y. Rashid
For More Information on Fahmida Y. Rashid
49. Guide for Parents with Young Hackers
Signs Your Kid Is Hacking
Not All Hacking Is Bad
How to Turn Around Your Malicious Hacker
50. Hacker Code of Ethics
Hacker Code of Ethics
(ISC)2®
About the Author
Credits
Acknowledgments
Отрывок из книги
Roger Grimes has worked in the computer security industry for nearly three decades, and I’ve had the pleasure of knowing him for roughly half that time. He’s one of a select few professionals I’ve met who clearly has security in his bones – an intuitive grasp of the subject that, coupled with his deep experience catching bad guys and rooting out weaknesses in security defenses, makes him uniquely qualified to write this book.
Roger first began writing for InfoWorld in 2005 when he sent an email criticizing the work of a security writer, a critique that carried so much weight we immediately asked him to contribute to the publication. Since then he has written hundreds of articles for InfoWorld, all of which exhibit a love of the subject as well as a psychological understanding of both malicious hackers and the people who defend against them. In his weekly “Security Adviser” column for InfoWorld, Roger shows a unique talent for focusing on issues that matter rather than chasing ephemeral threats or overhyped new technologies. His passion for convincing security defenders and their C‐suite bosses to do the right thing has been steadfast, despite the unfortunate inclination of so many organizations to neglect the basics and flock to the latest shiny new solution.
.....
Both zero‐days and regular software vulnerabilities come down to insecure software coding practices. Software vulnerabilities will be covered in Chapter 6.
Malicious programs are known as malware, and the traditional types are known as viruses, Trojan horse programs, and worms, but today’s malware is often a hybrid mixture of multiple types. Malware allows a hacker to use an exploit method to more easily attack victims or to reach a greater number of victims more quickly. When a new exploit method is discovered, defenders know that malware writers will use automated malware to spread the exploit faster in a process known as “weaponization.” While any exploit is something to be avoided, it is often the weaponization of the exploit that creates the most risk to end‐users and society. Without malware, an attacker is forced to implement an attack one victim at a time. With malware, millions of victims can be exploited in minutes. Malware will be covered in more detail in Chapter 9.
.....