The world's most infamous hacker offers an insider's view of the low-tech threats to high-tech securityKevin Mitnick's exploits as a cyber-desperado and fugitive form one of the most exhaustive FBI manhunts in history and have spawned dozens of articles, books, films, and documentaries. Since his release from federal prison, in 1998, Mitnick has turned his life around and established himself as one of the most sought-after computer security experts worldwide. Now, in The Art of Deception, the world's most notorious hacker gives new meaning to the old adage, "It takes a thief to catch a thief."Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. With the help of many fascinating true stories of successful attacks on business and government, he illustrates just how susceptible even the most locked-down information systems are to a slick con artist impersonating an IRS agent. Narrating from the points of view of both the attacker and the victims, he explains why each attack was so successful and how it could have been prevented in an engaging and highly readable style reminiscent of a true-crime novel. And, perhaps most importantly, Mitnick offers advice for preventing these types of social engineering hacks through security protocols, training programs, and manuals that address the human element of security.

For the first time, Deviant Ollam, one of the security industry's best-known lockpicking teachers, has assembled an instructional manual geared specifically toward penetration testers. Unlike other texts on the subject (which tend to be either massive volumes detailing every conceivable style of lock or brief "spy manuals" that only skim the surface) this book is for INFOSEC professionals that need essential, core knowledge of lockpicking and seek the ability to open most locks with relative ease. Deviant's material is presented with rich, detailed diagrams and is offered in easy-to-follow lessons which allow even beginners to acquire the knowledge very quickly. Everything from straightforward lockpicking to quick-entry techniques like shimming, bumping, and bypassing is explained and shown.Whether you're being hired to penetrate security or simply trying to harden your own defenses, this book is essential.Detailed photos make learning as easy as picking a lockDVD is filled with indispensible lock picking videos and color photosExtensive appendix details tools and toolkits currently available for all your lock picking needs

Nmap(r) Cookbook: The fat-free guide to network scanning provides simplified coverage of network scanning features available in the Nmap suite of utilities. Every Nmap feature is covered with visual examples to help you quickly understand and identify proper usage for practical results. Topics covered include: * Installation on Windows, Mac OS X, Unix/Linux platforms * Basic and advanced scanning techniques * Network inventory and security auditing * Firewall evasion techniques * Zenmap - A graphical front-end for Nmap * NSE - The Nmap Scripting Engine * Ndiff - A Nmap scan comparison utility Simplified coverage of Nmap 5.00 features.

From the author of Black Hawk Down comes the story of the battle between those determined to exploit the internet and those committed to protect it—the ongoing war taking place literally beneath our fingertips.The Conficker worm infected its first computer in November 2008 and within a month had infiltrated 1.5 million computers in 195 countries. Banks, telecommunications companies, and critical government networks (including the British Parliament and the French and German military) were infected. No one had ever seen anything like it. By January 2009 the worm lay hidden in at least eight million computers and the botnet of linked computers that it had created was big enough that an attack might crash the world. This is the gripping tale of the group of hackers, researches, millionaire Internet entrepreneurs, and computer security experts who united to defend the Internet from the Conficker worm: the story of the first digital world war.

Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope. Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker's perspective. The included LiveCD provides a complete Linux programming and debugging environment-all without modifying your current operating system. Use it to follow along with the book's examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to:Program computers using C, assembly language, and shell scripts Corrupt system memory to run arbitrary code using buffer overflows and format strings Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening Outsmart common security measures like nonexecutable stacks and intrusion detection systems Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presenceRedirect network traffic, conceal open ports, and hijack TCP connections Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don't already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity.

Get complete coverage of all the objectives included on the EC-Council's Certified Ethical Hacker exam inside this comprehensive resource. Written by an IT security expert, this authoritative guide covers the vendor-neutral CEH exam in full detail. You'll find learning objectives at the beginning of each chapter, exam tips, practice exam questions, and in-depth explanations. Designed to help you pass the exam with ease, this definitive volume also serves as an essential on-the-job reference. COVERS ALL EXAM TOPICS, INCLUDING: Introduction to ethical hacking Cryptography Reconnaissance and footprinting Network scanning Enumeration System hacking Evasion techniques Social engineering and physical security Hacking web servers and applications SQL injection Viruses, trojans, and other attacks Wireless hacking Penetration testing CD-ROM FEATURES: Two practice exams PDF copy of the book Bonus appendix with author's recommended tools, sites, and references Matt Walker, CEHv7, CPTS, CNDA, CCNA, MCSE, has held a wide variety of IT security teaching, writing, and leadership roles, including director of the Network Training Center on Ramstein AB, Germany, and IT security manager for Lockheed Martin at Kennedy Space Center. He is currently a security engineer for Hewlett-Packard.

Former hacker Kevin Poulsen has, over the past decade, built a reputation as one of the top investigative reporters on the cybercrime beat. In Kingpin, he pours his unmatched access and expertise into book form for the first time, delivering a gripping cat-and-mouse narrative—and an unprecedented view into the twenty-first century’s signature form of organized crime.  The word spread through the hacking underground like some unstoppable new virus: Someone—some brilliant, audacious crook—had just staged a hostile takeover of an online criminal network that siphoned billions of dollars from the US economy.  The FBI rushed to launch an ambitious undercover operation aimed at tracking down this new kingpin; other agencies around the world deployed dozens of moles and double agents. Together, the cybercops lured numerous unsuspecting hackers into their clutches. . . . Yet at every turn, their main quarry displayed an uncanny ability to sniff out their snitches and see through their plots.  The culprit they sought was the most unlikely of criminals: a brilliant programmer with a hippie ethic and a supervillain’s double identity. As prominent “white-hat” hacker Max “Vision” Butler, he was a celebrity throughout the programming world, even serving as a consultant to the FBI. But as the black-hat “Iceman,” he found in the world of data theft an irresistible opportunity to test his outsized abilities. He infiltrated thousands of computers around the country, sucking down millions of credit card numbers at will. He effortlessly hacked his fellow hackers, stealing their ill-gotten gains from under their noses. Together with a smooth-talking con artist, he ran a massive real-world crime ring.  And for years, he did it all with seeming impunity, even as countless rivals ran afoul of police.  Yet as he watched the fraudsters around him squabble, their ranks riddled with infiltrators, their methods inefficient, he began to see in their dysfunction the ultimate challenge: He would stage his coup and fix what was broken, run things as they should be run—even if it meant painting a bull’s-eye on his forehead.  Through the story of this criminal’s remarkable rise, and of law enforcement’s quest to track him down, Kingpin lays bare the workings of a silent crime wave still affecting millions of Americans. In these pages, we are ushered into vast online-fraud supermarkets stocked with credit card numbers, counterfeit checks, hacked bank accounts, dead drops, and fake passports. We learn the workings of the numerous hacks—browser exploits, phishing attacks, Trojan horses, and much more—these fraudsters use to ply their trade, and trace the complex routes by which they turn stolen data into millions of dollars. And thanks to Poulsen’s remarkable access to both cops and criminals, we step inside the quiet, desperate arms race that law enforcement continues to fight with these scammers today.   Ultimately, Kingpin is a journey into an underworld of startling scope and power, one in which ordinary American teenagers work hand in hand with murderous Russian mobsters and where a simple Wi-Fi connection can unleash a torrent of gold worth millions.

A money-saving CISSP boxed set from the #1 name in IT security certification and training CISSP Boxed Set bundles Shon Harris’ bestselling CISSP All-in-One Exam Guide, Fifth Edition and CISSP Practice Exams with a bonus, second CD-ROM featuring all-new training material—all at a discount of 12% off MSRP. CISSP All-in-One Exam Guide, Fifth Edition provides a comprehensive and in-depth exam review and self-study system covering all ten CISSP domains. The book includes exam tips that highlight actual exam topics, technical discussion sidebars, and hands-on examples and exercises that support practical learning for real-world situations. The CD-ROM contains practice exam questions, a video training excerpt, and an e-book. CISSP Practice Exams reinforces what is taught in the Exam Guide with questions for review organized by exam domain and more than 1000 additional questions available online. A bonus CD-ROM available only with this Boxed Set features two additional practice exams as well as all-new audio and video training led by Shon Harris. Covers all 10 CISSP domains: Information security and risk management; Access control; Security architecture and design; Physical and environmental security; Telecommunications and network security; Cryptography; Business continuity and disaster recovery planning; Legal regulations, compliance, and investigations; Application security; Operations security Total CD-ROM content for the boxed set includes: 1200+ practice exam questions covering all 10 CISSP domains Practice exam questions hosted in practice testing engines complete with in-depth answer explanations 3+ hours of audio and video training Audio training features Shon Harris reviewing access control concepts Video training features Shon Harris teaching core cryptography concepts E-book version of CISSP All-in-One Exam Guide, Fifth Edition Additional training content! 1000+ practice exam questions and 30+ hours of audio training available online!

Use Windows debuggers throughout the development cycle—and build better softwareRethink your use of Windows debugging and tracing tools—and learn how to make them a key part of test-driven software development. Led by a member of the Windows Fundamentals Team at Microsoft, you’ll apply expert debugging and tracing techniques—and sharpen your C++ and C# code analysis skills—through practical examples and common scenarios. Learn why experienced developers use debuggers in every step of the development process, and not just when bugs appear. Discover how to:Go behind the scenes to examine how powerful Windows debuggers work Catch bugs early in the development cycle with static and runtime analysis tools Gain practical strategies to tackle the most common code defects Apply expert tricks to handle user-mode and kernel-mode debugging tasks Implement postmortem techniques such as JIT and dump debugging Debug the concurrency and security aspects of your software Use debuggers to analyze interactions between your code and the operating system Analyze software behavior with Xperf and the Event Tracing for Windows (ETW) framework

The fourth edition of Principles of Information Security explores the field of information security and assurance with updated content including new innovations in technology and methodologies. Readers will revel in the comprehensive coverage that includes a historical overview of information security, discussions on risk management and security technology, current certification information, and more. The text builds on internationally recognized standards and bodies of knowledge to provide the knowledge and skills students need for their future roles as business decision-makers. Information security in the modern organization is a management issue which technology alone cannot answer; it is a problem that has important economic consequences for which management will be held accountable. Readers can feel confident that they are using a standards-based, content-driven resource to prepare for their work in the field.