Teaching Internet security principles via hands-on activities

Unique among computer security texts, this book, in its third edition, builds

on the author's long tradition of teaching complex subjects through a hands-on

approach. For each security principle, the book uses a series of hands-on

activities to help explain the principle. Readers can touch, play with, and

experiment with the principle, instead of just reading about it. The hands-on

activities are based on the author's widely adopted SEED Labs, which have been

used by over 1000 institutes worldwide. The author has also published online

courses on Udemy based on this book.

Topics covered in the book

- Attacks on TCP/IP and DNS protocols

- Packet sniffing and spoofing

- Firewall and Virtual Private Network (VPN)

- Border Gateway Protocol (BGP) and attacks

- Attacks on web applications, countermeasures

- Cryptography and attacks on algorithms and protocols

- Public Key Infrastructure and Transport Layer Security

- Bitcoin and Blockchain

- Common hacking and defense mechanisms

Over 700 pages of insight into all things cybersecurity

Cybersecurity All-in-One For Dummies covers a lot of ground in the world of keeping computer systems safe from those who want to break in. This book offers a one-stop resource on cybersecurity basics, personal security, business security, cloud security, security testing, and security awareness. Filled with content to help with both personal and business cybersecurity needs, this book shows you how to lock down your computers, devices, and systems--and explains why doing so is more important now than ever. Dig in for info on what kind of risks are out there, how to protect a variety of devices, strategies for testing your security, securing cloud data, and steps for creating an awareness program in an organization.

• Explore the basics of cybersecurity at home and in business
• Learn how to secure your devices, data, and cloud-based assets
• Test your security to find holes and vulnerabilities before hackers do
• Create a culture of cybersecurity throughout an entire organization

This For Dummies All-in-One is a stellar reference for business owners and IT support pros who need a guide to making smart security choices. Any tech user with concerns about privacy and protection will also love this comprehensive guide.

Learn to navigate a world of deepfakes, phishing attacks, and other cybersecurity threats emanating from generative artificial intelligence

In an era where artificial intelligence can create content indistinguishable from reality, how do we separate truth from fiction? In FAIK: A Practical Guide to Living in a World of Deepfakes, Disinformation, and AI-Generated Deceptions, cybersecurity and deception expert Perry Carpenter unveils the hidden dangers of generative artificial intelligence, showing you how to use these technologies safely while protecting yourself and others from cyber scams and threats. This book provides a crucial understanding of the potential risks associated with generative AI, like ChatGPT, Claude, and Gemini, offering effective strategies to avoid falling victim to their more sinister uses.

This isn't just another book about technology - it's your survival guide to the digital jungle. Carpenter takes you on an insightful journey through the Exploitation Zone, where rapid technological advancements outpace our ability to adapt, creating fertile ground for deception. Explore the mechanics behind deepfakes, disinformation, and other cognitive security threats. Discover how cybercriminals can leverage even the most trusted AI systems to create and spread synthetic media and use it for malicious purposes. At its core, FAIK is an empowering exposé in which Carpenter effectively weaves together engaging narratives and practical insights, all aimed to equip you with the knowledge to recognize and counter advanced tactics with practical media literacy skills and a deep understanding of social engineering.

You will:

• Learn to think like a hacker to better defend against digital threats.
• Gain practical skills to identify and defend against AI-driven scams.
• Develop your toolkit to safely navigate the Exploitation Zone.
• See how bad actors exploit fundamental aspects of generative AI to create weapons grade deceptions.
• Develop practical skills to identify and resist emotional manipulation in digital content.

Most importantly, this is ultimately an optimistic book as it predicts a powerful and positive outcome as a period of cooperation, something now inconceivable, develops as it always does during crises and the future is enhanced by amazing new technologies and fabulous opportunities on the near horizon.

Written by an expert, yet accessible to everyone, FAIK is an indispensable resource for anyone who uses technology and wants to stay secure in the evolving digital landscape. This book not only prepares you to face the onslaught of digital deceptions and AI-generated threats, but also teaches you to think like a hacker to better defend against them.

In the hands of the penetration tester, bash scripting becomes a powerful offensive security tool. In Black Hat Bash, you'll learn how to use bash to automate tasks, develop custom tools, uncover vulnerabilities, and execute advanced, living-off-the-land attacks against Linux servers. You'll build a toolbox of bash scripts that will save you hours of manual work. And your only prerequisite is basic familiarity with the Linux operating system.

You'll learn the basics of bash syntax, then set up a Kali Linux lab to apply your skills across each stage of a penetration test--from initial access to data exfiltration. Along the way, you'll learn how to perform OS command injection, access remote machines, gather information stealthily, and navigate restricted networks to find the crown jewels. Hands-on exercises throughout will have you applying your newfound skills.

Key topics covered include:

• Bash scripting essentials: From control structures, functions, loops, and text manipulation with grep, awk, and sed.
• How to set up your lab: Create a hacking environment with Kali and Docker and install additional tools.
• Reconnaissance and vulnerability scanning: Learn how to perform host discovery, fuzzing, and port scanning using tools like Wfuzz, Nmap, and Nuclei.
• Exploitation and privilege escalation: Establish web and reverse shells, and maintain continuous access.
• Defense evasion and lateral movement: Audit hosts for landmines, avoid detection, and move through networks to uncover additional targets.

In the first edition of this critically acclaimed book, Andrew Hoffman defined the three pillars of application security: reconnaissance, offense, and defense. In this revised and updated second edition, he examines dozens of related topics, from the latest types of attacks and mitigations to threat modeling, the secure software development lifecycle (SSDL/SDLC), and more.

Hoffman, senior staff security engineer at Ripple, also provides information regarding exploits and mitigations for several additional web application technologies such as GraphQL, cloud-based deployments, content delivery networks (CDN) and server-side rendering (SSR). Following the curriculum from the first book, this second edition is split into three distinct pillars comprising three separate skill sets:

• Pillar 1: Recon--Learn techniques for mapping and documenting web applications remotely, including procedures for working with web applications
• Pillar 2: Offense--Explore methods for attacking web applications using a number of highly effective exploits that have been proven by the best hackers in the world. These skills are valuable when used alongside the skills from Pillar 3.
• Pillar 3: Defense--Build on skills acquired in the first two parts to construct effective and long-lived mitigations for each of the attacks described in Pillar 2.

Bulletproof TLS and PKI is a complete guide to using TLS encryption and PKI to deploy secure servers and web applications. Written by Ivan Ristic, author of the popular SSL Labs web site, this book will teach you everything you need to know to protect your systems from eavesdropping and impersonation attacks.

In this book, you'll find just the right mix of theory, protocol detail, vulnerability and weakness information, and deployment advice to get your job done:

• Comprehensive coverage of the ever-changing field of SSL/TLS and Internet PKI, with updates to the digital version
• For IT professionals, help to understand security risks
• For system administrators, help to deploy systems securely
• For developers, help to secure web applications
• Practical and concise, with added depth as needed
• Introduction to cryptography and the Internet threat model
• Coverage of TLS 1.3 as well as earlier protocol versions
• Discussion of weaknesses at every level, covering implementation issues, HTTP and browser problems, and protocol vulnerabilities
• Coverage of the latest attacks, such as BEAST, CRIME, BREACH, Lucky 13, RC4 biases, Triple Handshake Attack, and Heartbleed
• Thorough deployment advice, including advanced technologies, such as Strict Transport Security, Content Security Policy, and pinning
• Guide to using OpenSSL to generate keys and certificates and to create and run a private certification authority
• Guide to using OpenSSL to test servers for vulnerabilities

This book is also available in a variety of digital formats directly from the publisher. Visit us at www.feistyduck.com.

Despite the increase of high-profile hacks, record-breaking data leaks, and ransomware attacks, many organizations don't have the budget for an information security (InfoSec) program. If you're forced to protect yourself by improvising on the job, this pragmatic guide provides a security-101 handbook with steps, tools, processes, and ideas to help you drive maximum-security improvement at little or no cost.

Each chapter in this book provides step-by-step instructions for dealing with issues such as breaches and disasters, compliance, network infrastructure, password management, vulnerability scanning, penetration testing, and more. Network engineers, system administrators, and security professionals will learn how to use frameworks, tools, and techniques to build and improve their cybersecurity programs.

This book will help you:

• Plan and design incident response, disaster recovery, compliance, and physical security
• Learn and apply basic penetration testing concepts through purple teaming
• Conduct vulnerability management using automated processes and tools
• Use IDS, IPS, SOC, logging, and monitoring
• Bolster Microsoft and Unix systems, network infrastructure, and password management
• Use segmentation practices and designs to compartmentalize your network
• Reduce exploitable errors by developing code securely

Trillions of lines of code help us in our lives, companies, and organizations. But just a single software cybersecurity vulnerability can stop entire companies from doing business and cause billions of dollars in revenue loss and business recovery. Securing the creation and deployment of software, also known as software supply chain security, goes well beyond the software development process.

This practical book gives you a comprehensive look at security risks and identifies the practical controls you need to incorporate into your end-to-end software supply chain. Author Cassie Crossley demonstrates how and why everyone involved in the supply chain needs to participate if your organization is to improve the security posture of its software, firmware, and hardware.

With this book, you'll learn how to:

• Pinpoint the cybersecurity risks in each part of your organization's software supply chain
• Identify the roles that participate in the supply chain--including IT, development, operations, manufacturing, and procurement
• Design initiatives and controls for each part of the supply chain using existing frameworks and references
• Implement secure development lifecycle, source code security, software build management, and software transparency practices
• Evaluate third-party risk in your supply chain

Learn to think like a hacker to secure your own systems and data

Your smartphone, laptop, and desktop computer are more important to your life and business than ever before. On top of making your life easier and more productive, they hold sensitive information that should remain private. Luckily for all of us, anyone can learn powerful data privacy and security techniques to keep the bad guys on the outside where they belong.

Hacking For Dummies takes you on an easy-to-follow cybersecurity voyage that will teach you the essentials of vulnerability and penetration testing so that you can find the holes in your network before the bad guys exploit them. You will learn to secure your Wi-Fi networks, lock down your latest Windows 11 installation, understand the security implications of remote work, and much more.

You'll find out how to:

• Stay on top of the latest security weaknesses that could affect your business's security setup
• Use freely available testing tools to penetration test your network's security
• Use ongoing security checkups to continually ensure that your data is safe from hackers

Perfect for small business owners, IT and security professionals, and employees who work remotely, Hacking For Dummies is a must-have resource for anyone who wants to keep their data safe.

Cybersecurity is broken. Year after year, attackers remain unchallenged and undeterred, while engineering teams feel pressure to design, build, and operate secure systems. Failure can't be prevented, mental models of systems are incomplete, and our digital world constantly evolves. How can we verify that our systems behave the way we expect? What can we do to improve our systems' resilience?

In this comprehensive guide, authors Kelly Shortridge and Aaron Rinehart help you navigate the challenges of sustaining resilience in complex software systems by using the principles and practices of security chaos engineering. By preparing for adverse events, you can ensure they don't disrupt your ability to innovate, move quickly, and achieve your engineering and business goals.

• Learn how to design a modern security program
• Make informed decisions at each phase of software delivery to nurture resilience and adaptive capacity
• Understand the complex systems dynamics upon which resilience outcomes depend
• Navigate technical and organizational trade-offs that distort decision making in systems
• Explore chaos experimentation to verify critical assumptions about software quality and security
• Learn how major enterprises leverage security chaos engineering

Get a fascinating and disturbing look into how state and nonstate actors throughout the world use cyber attacks to gain military, political, and economic advantages. In the third edition of this book, cyber intelligence expert Jeffrey Caruso explores the latest developments in cyber espionage and warfare, including the growing role of civilian hackers, the use of social media for nefarious purposes, and the targeting of nonmilitary infrastructure.

Geopolitical cyber attacks increased by 440% between 2009 and 2018, demonstrating how this aspect of modern warfare will likely escalate in the future. Inside Cyber Warfare features an exclusive deep dive into the wartime operations of an offensive cyber unit of Ukraine's Ministry of Defense as it works to defend the nation against Russian forces, particularly since the 2022 invasion.

• Explore the legal status of cyber warfare
• Identify information manipulation on social media
• Learn why you should think like an offensive operator when defending, and like a defensive operator when attacking
• Distinguish reality from fiction regarding a cyber armageddon
• Learn what nations can do to defend themselves

This fully updated study guide covers every topic on the current version of the CompTIA Security+ exam

Get complete coverage of all objectives included on the CompTIA Security+ exam SY0-601 from this comprehensive resource. Written by a team of leading information security experts, this authoritative guide fully addresses the skills required to perform essential security functions and to secure hardware, systems, and software. You'll find learning objectives at the beginning of each chapter, exam tips, practice exam questions, and in-depth explanations. Designed to help you pass the exam with ease, this definitive volume also serves as an essential on-the-job reference.

Covers all exam domains, including:

• Threats, Attacks, and Vulnerabilities
• Architecture and Design
• Implementation
• Operations and Incident Response
• Governance, Risk, and Compliance

Online content includes:

• 250 practice exam questions
• Test engine that provides full-length practice exams and customizable quizzes by chapter or by exam domain

Metasploit: The Penetration Tester's Guide has been the definitive security assessment resource for over a decade. The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless, but using it can be challenging for newcomers.

Written by renowned ethical hackers and industry experts, this fully updated second edition includes:

• Advanced Active Directory and cloud penetration testing
• Modern evasion techniques and payload encoding
• Malicious document generation for client-side exploitation
• Coverage of recently added modules and commands

• Conduct network reconnaissance and analyze vulnerabilities
• Execute wireless network and social engineering attacks
• Perform post-exploitation techniques, including privilege escalation
• Develop custom modules in Ruby and port existing exploits
• Use MSFvenom to evade detection
• Integrate with Nmap, Nessus, and the Social-Engineer Toolkit

With rapidly changing architecture and API-driven automation, cloud platforms come with unique security challenges and opportunities. In this updated second edition, you'll examine security best practices for multivendor cloud environments, whether your company plans to move legacy on-premises projects to the cloud or build a new infrastructure from the ground up.

Developers, IT architects, and security professionals will learn cloud-specific techniques for securing popular cloud platforms such as Amazon Web Services, Microsoft Azure, and IBM Cloud. IBM Distinguished Engineer Chris Dotson shows you how to establish data asset management, identity and access management (IAM), vulnerability management, network security, and incident response in your cloud environment.

• Learn the latest threats and challenges in the cloud security space
• Manage cloud providers that store or process data or deliver administrative control
• Learn how standard principles and concepts--such as least privilege and defense in depth--apply in the cloud
• Understand the critical role played by IAM in the cloud
• Use best tactics for detecting, responding, and recovering from the most common security incidents
• Manage various types of vulnerabilities, especially those common in multicloud or hybrid cloud architectures
• Examine privileged access management in cloud environments

Your ultimate guide to pentesting with Kali Linux

Kali is a popular and powerful Linux distribution used by cybersecurity professionals around the world. Penetration testers must master Kali's varied library of tools to be effective at their work. The Kali Linux Penetration Testing Bible is the hands-on and methodology guide for pentesting with Kali.

You'll discover everything you need to know about the tools and techniques hackers use to gain access to systems like yours so you can erect reliable defenses for your virtual assets. Whether you're new to the field or an established pentester, you'll find what you need in this comprehensive guide.

• Build a modern dockerized environment
• Discover the fundamentals of the bash language in Linux
• Use a variety of effective techniques to find vulnerabilities (OSINT, Network Scan, and more)
• Analyze your findings and identify false positives and uncover advanced subjects, like buffer overflow, lateral movement, and privilege escalation
• Apply practical and efficient pentesting workflows
• Learn about Modern Web Application Security Secure SDLC
• Automate your penetration testing with Python

Beyond Firewalls: Security at Scale addresses the urgent need to evolve beyond traditional security measures in the face of increasingly sophisticated cyber threats. This book offers essential insights into building proactive security tools beyond passive defenses.

With a focus on advanced tools for endpoint Protections, Beyond Firewalls provides a perspective on scalability and reliability. It highlights how these tools must handle growing business demands, manage unexpected traffic spikes, and resist evolving attacks to prevent fail-open situations that leave systems vulnerable.

The book offers a step-by-step guide to integrating modern security solutions, ensuring they are robust, adaptable, and seamlessly integrated into your cybersecurity framework. Whether enhancing existing defenses or exploring AI-powered tools, Beyond Firewalls delivers the insights needed to build resilient, scalable systems that keep pace with today's digital threats.

Cybersecurity Essentials provides a comprehensive introduction to the field, with expert coverage of essential topics required for entry-level cybersecurity certifications. An effective defense consists of four distinct challenges: securing the infrastructure, securing devices, securing local networks, and securing the perimeter. Overcoming these challenges requires a detailed understanding of the concepts and practices within each realm. This book covers each challenge individually for greater depth of information, with real-world scenarios that show what vulnerabilities look like in everyday computing scenarios. Each part concludes with a summary of key concepts, review questions, and hands-on exercises, allowing you to test your understanding while exercising your new critical skills.

Cybersecurity jobs range from basic configuration to advanced systems analysis and defense assessment. This book provides the foundational information you need to understand the basics of the field, identify your place within it, and start down the security certification path.

• Learn security and surveillance fundamentals
• Secure and protect remote access and devices
• Understand network topologies, protocols, and strategies
• Identify threats and mount an effective defense

Cybersecurity Essentials gives you the building blocks for an entry level security certification and provides a foundation of cybersecurity knowledge

In Penetration Testing, security expert, researcher, and trainer Georgia Weidman introduces you to the core skills and techniques that every pentester needs. Using a virtual machine-based lab that includes Kali Linux and vulnerable operating systems, you'll run through a series of practical lessons with tools like Wireshark, Nmap, and Burp Suite. As you follow along with the labs and launch attacks, you'll experience the key stages of an actual assessment--including information gathering, finding exploitable vulnerabilities, gaining access to systems, post exploitation, and more.

Learn how to:
-Crack passwords and wireless network keys with brute-forcing and wordlists
-Test web applications for vulnerabilities
-Use the Metasploit Framework to launch exploits and write your own Metasploit modules
-Automate social-engineering attacks
-Bypass antivirus software
-Turn access to one machine into total control of the enterprise in the post exploitation phase

You'll even explore writing your own exploits. Then it's on to mobile hacking--Weidman's particular area of research--with her tool, the Smartphone Pentest Framework.

With its collection of hands-on lessons that cover key tools and strategies, Penetration Testing is the introduction that every aspiring hacker needs.