Hacking Exposed 7 is a great book detailing the latest tactics for thwarting digital attack.
Zero-day attacks, advanced persistent threats, state-sponsored attacks, and the rapidly growing organized cyber-crime industry are the new realities all software engineers must consider when designing secure systems.
If your system is not designed with security requirements in mind, you will be compromised and there may be serious repercussions to your business.
Just consider some of the following news stories from the last few months:
Cybercriminals are overwhelmingly using legitimate compromised websites to launch web/email attacks…85 per cent of malicious links used in web/email attacks were located on compromised legitimate websites…. The global criminal-infrastructure-as-a-service economy is growing due to high-availability of exploit kits and redirection chains. [source]
Attackers are exploiting a newly discovered vulnerability in Microsoft Word that makes it possible to remotely seize control of computers… The in-the-wild attacks work by creating booby-trapped documents in the Rich Text Format that exploit a vulnerability in the 2010 version of Microsoft Word. Similar attacks work against other versions of Word, including 2003, 2007, and 2013 for Windows, Microsoft Office for Mac 2011, and multiple versions of Microsoft SharePoint Server. E-mails that are viewed or previewed using a default setting in Outlook allow the attacker to gain the same system privileges as the user who is currently logged in… [source]
A new Internet Explorer zero-day exploit that targets IE 10 users visiting a compromised website–a classic drive-by download attack. Upon successful exploitation, this zero-day attack will download a XOR encoded payload from a remote server, decode and execute it… Dubbed “Operation SnowMan.” [source]
“Adobe rushed out an unscheduled Flash Player update to counter exploits of a zero-day vulnerability in the software, CVE-2014-0502… The exploit targets Windows XP users, as well as Windows 7 users running an unsupported version of Java (1.6) or out of date versions of Microsoft Office 2007 or 2010. The vulnerability enables someone to remotely overwrite the vftable pointer of a Flash object to redirect code execution. The exploit bypasses ASLR and DEP protections native to Windows. It does so by building or using hard-coded return-oriented programming chains in XP and Windows 7 respectively… The hackers are installing the PlugX/Kaba RAT on infected computers… [source]
Hacking Exposed 7 is an easy reference for anyone. The book provides detailed explanations of different types of attacks and then goes on to explain the countermeasures for each.
Today, more than ever, security professionals need to get into the hacker’s mindset. You can’t defend against something you don’t understand. You need to understand the methods and tools used by the attackers in order to protect your data and infrastructure.
Hacking Exposed Countermeasures Cookbook
Hacking Exposed 7 contains all-new visual maps and a comprehensive countermeasures cookbook.
Here are some topics covered:
- Obstruct APTs and web-based meta-exploits
- Defend against UNIX-based root access and buffer overflow hacks
- Block SQL injection, spear phishing, and embedded-code attacks
- Detect and terminate rootkits, Trojans, bots, worms, and malware
- Lock down remote access using smartcards and hardware tokens
- Protect 802.11 WLANs with multilayered encryption and gateways
- Plug holes in VoIP, social networking, cloud, and Web 2.0 services
- Learn about the latest iPhone and Android attacks and how to protect yourself
The book also covers other topics such as enumeration, foot printing, scanning, operating system detection, embedded hacking, database hacking, and mobile device hacking.
At over 700 pages, Hacking Exposed 7 covers all the core areas of interest for penetration testers and vulnerability assessors.
Find out more
The book contains expert advice and defense strategies from the world-renowned Hacking Exposed team.
Case studies expose the hacker’s latest devious methods and illustrate field-tested remedies.
Learn how to block infrastructure hacks, minimize advanced persistent threats, neutralize malicious code, secure web and database applications, and fortify UNIX networks.
This edition is currently the best book on the topic. You can check-out the reviews on Amazon to see for yourself.
A must-read for all Software Engineers. Don’t leave security to the end of a project.