PoC or GTFO, Volume 3

PoC or GTFO, Volume 3

Author: Manul Laphroaig

Publisher: No Starch Press

Published: 2021-01-29

Total Pages: 804

ISBN-13: 1718500645

DOWNLOAD EBOOK

Volume 3 of the PoC || GTFO collection--read as Proof of Concept or Get the Fuck Out--continues the series of wildly popular collections of this hacker journal. Contributions range from humorous poems to deeply technical essays bound in the form of a bible. The International Journal of Proof-of-Concept or Get The Fuck Out is a celebrated collection of short essays on computer security, reverse engineering and retrocomputing topics by many of the world's most famous hackers. This third volume contains all articles from releases 14 to 18 in the form of an actual, bound bible. Topics include how to dump the ROM from one of the most secure Sega Genesis games ever created; how to create a PDF that is also a Git repository; how to extract the Game Boy Advance BIOS ROM; how to sniff Bluetooth Low Energy communications with the BCC Micro:Bit; how to conceal ZIP Files in NES Cartridges; how to remotely exploit a TetriNET Server; and more. The journal exists to remind us of what a clever engineer can build from a box of parts and a bit of free time. Not to showcase what others have done, but to explain how they did it so that readers can do these and other clever things themselves.


PoC or GTFO, Volume 2

PoC or GTFO, Volume 2

Author: Manul Laphroaig

Publisher: No Starch Press

Published: 2018-08-21

Total Pages: 680

ISBN-13: 1593279353

DOWNLOAD EBOOK

PoC or GTFO, Volume 2 follows-up the wildly popular first volume with issues 9-13 of the eponymous hacker zine. Contributions range from humorous poems to deeply technical essays. The International Journal of Proof-of-Concept or Get The Fuck Out is a celebrated magazine of reverse engineering, retro-computing, and systems internals. This second collected volume holds all of the articles from releases nine to thirteen. Learn how to patch the firmware of a handheld amateur radio, then emulate that radio's proprietary audio code under Linux. How to slow the Windows kernel when exploiting a race condition and how to make a PDF file that is also an Android app, an audio file, or a Gameboy speedrun. How to hack a Wacom pen table with voltage glitching, then hack it again by pure software to read RDID tags from its surface. How to disassemble every last byte of an Atari game and how to bypass every classic form of copy protection on Apple ][. But above all else, beyond the nifty tricks and silly songs, this book exists to remind you what a clever engineer can build from a box of parts with a bit of free time. Not to show you what others have done, but to show you how they did it so that you can do the same.


The Hardware Hacking Handbook

The Hardware Hacking Handbook

Author: Jasper van Woudenberg

Publisher: No Starch Press

Published: 2021-12-21

Total Pages: 514

ISBN-13: 1593278748

DOWNLOAD EBOOK

The Hardware Hacking Handbook takes you deep inside embedded devices to show how different kinds of attacks work, then guides you through each hack on real hardware. Embedded devices are chip-size microcomputers small enough to be included in the structure of the object they control, and they’re everywhere—in phones, cars, credit cards, laptops, medical equipment, even critical infrastructure. This means understanding their security is critical. The Hardware Hacking Handbook takes you deep inside different types of embedded systems, revealing the designs, components, security limits, and reverse-engineering challenges you need to know for executing effective hardware attacks. Written with wit and infused with hands-on lab experiments, this handbook puts you in the role of an attacker interested in breaking security to do good. Starting with a crash course on the architecture of embedded devices, threat modeling, and attack trees, you’ll go on to explore hardware interfaces, ports and communication protocols, electrical signaling, tips for analyzing firmware images, and more. Along the way, you’ll use a home testing lab to perform fault-injection, side-channel (SCA), and simple and differential power analysis (SPA/DPA) attacks on a variety of real devices, such as a crypto wallet. The authors also share insights into real-life attacks on embedded systems, including Sony’s PlayStation 3, the Xbox 360, and Philips Hue lights, and provide an appendix of the equipment needed for your hardware hacking lab – like a multimeter and an oscilloscope – with options for every type of budget. You’ll learn: How to model security threats, using attacker profiles, assets, objectives, and countermeasures Electrical basics that will help you understand communication interfaces, signaling, and measurement How to identify injection points for executing clock, voltage, electromagnetic, laser, and body-biasing fault attacks, as well as practical injection tips How to use timing and power analysis attacks to extract passwords and cryptographic keys Techniques for leveling up both simple and differential power analysis, from practical measurement tips to filtering, processing, and visualization Whether you’re an industry engineer tasked with understanding these attacks, a student starting out in the field, or an electronics hobbyist curious about replicating existing work, The Hardware Hacking Handbook is an indispensable resource – one you’ll always want to have onhand.


The YouTube Formula

The YouTube Formula

Author: Derral Eves

Publisher: John Wiley & Sons

Published: 2021-02-24

Total Pages: 355

ISBN-13: 1119716020

DOWNLOAD EBOOK

The Wall Street Journal bestseller! Comes with free online companion course Learn the secrets to getting dramatic results on YouTube Derral Eves has generated over 60 billion views on YouTube and helped 24 channels grow to one million subscribers from zero. In The YouTube Formula: How Anyone Can Unlock the Algorithm to Drive Views, Build an Audience, and Grow Revenue, the owner of the largest YouTube how-to channel provides the secrets to getting the results that every YouTube creator and strategist wants. Eves will reveal what readers can't get anywhere else: the inner workings of the YouTube algorithm that's responsible for determining success on the platform, and how creators can use it to their advantage. Full of actionable advice and concrete strategies, this book teaches readers how to: Launch a channel Create life-changing content Drive rapid view and subscriber growth Build a brand and increase engagement Improve searchability Monetize content and audience Replete with case studies and information from successful YouTube creators, The YouTube Formula is perfect for any creator, entrepreneur, social media strategist, and brand manager who hopes to see real commercial results from their work on the platform.


Spam Kings

Spam Kings

Author: Brian S. McWilliams

Publisher: "O'Reilly Media, Inc."

Published: 2005

Total Pages: 370

ISBN-13: 0596804504

DOWNLOAD EBOOK

Looks at a variety of spam entrepreneurs and how anti-spam activists are trying to stop their activities.


The Ghidra Book

The Ghidra Book

Author: Chris Eagle

Publisher: No Starch Press

Published: 2020-09-08

Total Pages: 610

ISBN-13: 171850103X

DOWNLOAD EBOOK

A guide to using the Ghidra software reverse engineering tool suite. The result of more than a decade of research and development within the NSA, the Ghidra platform was developed to address some of the agency's most challenging reverse-engineering problems. With the open-source release of this formerly restricted tool suite, one of the world's most capable disassemblers and intuitive decompilers is now in the hands of cybersecurity defenders everywhere -- and The Ghidra Book is the one and only guide you need to master it. In addition to discussing RE techniques useful in analyzing software and malware of all kinds, the book thoroughly introduces Ghidra's components, features, and unique capacity for group collaboration. You'll learn how to: Navigate a disassembly Use Ghidra's built-in decompiler to expedite analysis Analyze obfuscated binaries Extend Ghidra to recognize new data types Build new Ghidra analyzers and loaders Add support for new processors and instruction sets Script Ghidra tasks to automate workflows Set up and use a collaborative reverse engineering environment Designed for beginner and advanced users alike, The Ghidra Book will effectively prepare you to meet the needs and challenges of RE, so you can analyze files like a pro.


Designing Secure Software

Designing Secure Software

Author: Loren Kohnfelder

Publisher: No Starch Press

Published: 2021-12-21

Total Pages: 330

ISBN-13: 1718501935

DOWNLOAD EBOOK

What every software professional should know about security. Designing Secure Software consolidates Loren Kohnfelder’s more than twenty years of experience into a concise, elegant guide to improving the security of technology products. Written for a wide range of software professionals, it emphasizes building security into software design early and involving the entire team in the process. The book begins with a discussion of core concepts like trust, threats, mitigation, secure design patterns, and cryptography. The second part, perhaps this book’s most unique and important contribution to the field, covers the process of designing and reviewing a software design with security considerations in mind. The final section details the most common coding flaws that create vulnerabilities, making copious use of code snippets written in C and Python to illustrate implementation vulnerabilities. You’ll learn how to: • Identify important assets, the attack surface, and the trust boundaries in a system • Evaluate the effectiveness of various threat mitigation candidates • Work with well-known secure coding patterns and libraries • Understand and prevent vulnerabilities like XSS and CSRF, memory flaws, and more • Use security testing to proactively identify vulnerabilities introduced into code • Review a software design for security flaws effectively and without judgment Kohnfelder’s career, spanning decades at Microsoft and Google, introduced numerous software security initiatives, including the co-creation of the STRIDE threat modeling framework used widely today. This book is a modern, pragmatic consolidation of his best practices, insights, and ideas about the future of software.


Metasploit

Metasploit

Author: David Kennedy

Publisher: No Starch Press

Published: 2011-07-15

Total Pages: 331

ISBN-13: 159327288X

DOWNLOAD EBOOK

The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors. Once you've built your foundation for penetration testing, you’ll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You’ll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks. Learn how to: –Find and exploit unmaintained, misconfigured, and unpatched systems –Perform reconnaissance and find valuable information about your target –Bypass anti-virus technologies and circumvent security controls –Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery –Use the Meterpreter shell to launch further attacks from inside the network –Harness standalone Metasploit utilities, third-party tools, and plug-ins –Learn how to write your own Meterpreter post exploitation modules and scripts You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else's to the test, Metasploit: The Penetration Tester's Guide will take you there and beyond.


A Bug Hunter's Diary

A Bug Hunter's Diary

Author: Tobias Klein

Publisher: No Starch Press

Published: 2011

Total Pages: 212

ISBN-13: 1593273851

DOWNLOAD EBOOK

Klein tracks down and exploits bugs in some of the world's most popular programs. Whether by browsing source code, poring over disassembly, or fuzzing live programs, readers get an over-the-shoulder glimpse into the world of a bug hunter as Klein unearths security flaws and uses them to take control of affected systems.


Cyberjutsu

Cyberjutsu

Author: Ben McCarty

Publisher: No Starch Press

Published: 2021-04-26

Total Pages: 266

ISBN-13: 1718500548

DOWNLOAD EBOOK

Like Sun Tzu's Art of War for Modern Business, this book uses ancient ninja scrolls as the foundation for teaching readers about cyber-warfare, espionage and security. Cyberjutsu is a practical cybersecurity field guide based on the techniques, tactics, and procedures of the ancient ninja. Cyber warfare specialist Ben McCarty’s analysis of declassified Japanese scrolls will show how you can apply ninja methods to combat today’s security challenges like information warfare, deceptive infiltration, espionage, and zero-day attacks. Learn how to use key ninja techniques to find gaps in a target’s defense, strike where the enemy is negligent, master the art of invisibility, and more. McCarty outlines specific, in-depth security mitigations such as fending off social engineering attacks by being present with “the correct mind,” mapping your network like an adversary to prevent breaches, and leveraging ninja-like traps to protect your systems. You’ll also learn how to: Use threat modeling to reveal network vulnerabilities Identify insider threats in your organization Deploy countermeasures like network sensors, time-based controls, air gaps, and authentication protocols Guard against malware command and-control servers Detect attackers, prevent supply-chain attacks, and counter zero-day exploits Cyberjutsu is the playbook that every modern cybersecurity professional needs to channel their inner ninja. Turn to the old ways to combat the latest cyber threats and stay one step ahead of your adversaries.