Bøger udgivet af Syngress Media,U.S.

In the book we will be talking about Deploying Secure Containers for Training and Development. The book covers the technology behind Linux-based containers and what they can be used for. Details on how to use containers in training and development are also provided.

Open source intelligence (OSINT) and web reconnaissance are rich topics for infosec professionals seeking to find the best ways to sift through the abundance of information widely available online. In many cases, the first stage of any security assessment, i.e. Reconnaissance, is not given enough attention by security professionals, hackers and penetration testers. Often, the information present openly is as critical as the confidential data. Hacking Web Intelligence dives deep into the technical aspects of information gathering and assembling it for actionable intelligence. . Hacking Web Intelligence shows you how to dig into the web and uncover the information many don't even know exists. The book takes a holistic approach that is not only about using tools to find information online but also how to link all the information and transform it into presentable and actionable intelligence. You will also learn how to secure your information online to prevent it being discovered by these reconnaissance methods. . Hacking Web Intelligence provides an in-depth technical reference covering the methods and techniques you need to unearth open source information from the Internet and utilize it for the purpose of targeted attack during a security assessment. This book will introduce you to many new and leading edge reconnaissance, information gathering, and open source intelligence methods and techniques, including metadata extraction tools, advanced search engines, advanced browsers, power searching methods, online anonymity tools such as TOR and i2p, OSINT tools such as Maltego, Shodan, Creepy, SearchDiggity, Recon-ng, Social Network Analysis (SNA), Darkweb/Deepweb, data visualization and much more.

The best defense against the increasing threat of social engineering attacks is Security Awareness Training to warn your organization's staff of the risk and educate them on how to protect your organization's data. Social engineering is not a new tactic, but Building an Security Awareness Program is the first book that shows you how to build a successful security awareness training program from the ground up. Building an Security Awareness Program provides you with a sound technical basis for developing a new training program. The book also tells you the best ways to garner management support for implementing the program. Author Bill Gardner is one of the founding members of the Security Awareness Training Framework. Here, he walks you through the process of developing an engaging and successful training program for your organization that will help you and your staff defend your systems, networks, mobile devices, and data. Forewords written by Dave Kennedy and Kevin Mitnick!

How to Defeat Advanced Malware is a concise introduction to the concept of micro-virtualization. The book provides current facts and figures that prove detection- based security products have become ineffective. A simple strategy is then presented that both leverages the opportunities presented by Bring Your Own Device (BYOD) and protects enterprise end users against advanced malware. The book concludes with case studies demonstrating how hardware- isolated micro-VMs are helping Fortune 500 financial service providers defeat advanced malware. This book is primarily designed for infosec professionals, consultants, network administrators, CIO's, CTO's, CISO's and senior executives who work within the financial industry and are responsible for their company's endpoint protection. How to Defeat Advanced Malware: New Tools for Protection and Forensicsis the first book to compare and contrast current endpoint security products, while making a case for encouraging and facilitating the growth of BYOD and social media by adopting micro-virtualization.

Whether you want to break into information security, move from one job to another, or transition into management, Breaking into Information Security will help. No other book surveys all the different jobs available in the industry, frankly discusses the positives and negatives of each, and what you need to learn to get into and out of each role. Unlike books that focus on a specific skill set or on how to gain a certification or get a job, this book encompasses the "big picture," including why certifications, if any, are worthwhile for you. In a profession where new career paths aren't always clear, Breaking into Information Security will teach you how to identify where you are in your career today, understand where you wish to go, and provide proven methods to get there. From entry-level jobs to the extremely specific skills needed to be an InfoSec consultant, this book covers it all, including in-job skill building, working within the community, and building your skills after hours. If you are seeking to advance in the highly competitive field of information security, this book will give you the edge you need to break in.

Network Security Evaluation provides a methodology for conducting technical security evaluations of all the critical components of a target network. This book describes how the methodology evolved and how to define the proper scope of an evaluation, including the consideration of legal issues that may arise during the evaluation.

Social engineering attacks target the weakest link in an organization's security--human beings. Everyone knows these attacks are effective, and everyone knows they are on the rise. Now, Social Engineering Penetration Testing gives you the practical methodology and everything you need to plan and execute a social engineering penetration test and assessment. You will gain fascinating insights into how social engineering techniques--including email phishing, telephone pretexting, and physical vectors-- can be used to elicit information or manipulate individuals into performing actions that may aid in an attack. Using the book's easy-to-understand models and examples, you will have a much better understanding of how best to defend against these attacks. The authors of Social Engineering Penetration Testing show you hands-on techniques they have used at RandomStorm to provide clients with valuable results that make a real difference to the security of their businesses. You will learn about the differences between social engineering pen tests lasting anywhere from a few days to several months. The book shows you how to use widely available open-source tools to conduct your pen tests, then walks you through the practical steps to improve defense measures in response to test results.

Cyber-crime increasingly impacts both the online and offline world, and targeted attacks play a significant role in disrupting services in both. Targeted attacks are those that are aimed at a particular individual, group, or type of site or service. Unlike worms and viruses that usually attack indiscriminately, targeted attacks involve intelligence-gathering and planning to a degree that drastically changes its profile. Individuals, corporations, and even governments are facing new threats from targeted attacks. Targeted Cyber Attacks examines real-world examples of directed attacks and provides insight into what techniques and resources are used to stage these attacks so that you can counter them more effectively. A well-structured introduction into the world of targeted cyber-attacksIncludes analysis of real-world attacksWritten by cyber-security researchers and experts

To reduce the risk of digital forensic evidence being called into question in judicial proceedings, it is important to have a rigorous methodology and set of procedures for conducting digital forensic investigations and examinations. This title presents the evidence-based cloud forensic framework.