_{Grimoire ensorcele by naiiade}

Any sufficiently advanced technology can be compared with a weapon: when an enemy has a gun, but you don’t, you inevitably want to change the balance of forces in your favor. In the field of IT security, knowledge transmitted in various ways is the very weapon whose use is limited not so much by the norms of the Criminal Code as by ethical choice.

It is impossible to become a professional in the field of information security without understanding the intricacies of penetration and the detection of vulnerabilities. All the books in today's collection are similar to a loaded rifle that you want to have as a defense: they are required for studying both novice security researchers and specialists who want to expand the boundaries of knowledge.

Part 1. General methodological description of penetration tests and vulnerability detection

Penetration testing, a hands-on introduction to hacking
')


In a practical penetration testing guide, security expert Georgia Weidman talks about the basic methods of hack testing, and also conducts a series of practical exercises with tools such as Wireshark, Nmap and Burp Suite. Tests are conducted on the basis of the Kali Linux platform - the main operating system (OS) for penetration tests and security checks.

Georgia Weidman is professionally engaged in testing, is the founder of the security consulting company Bulb Security, speaks at conferences such as Black Hat, ShmooCon and DerbyCon. She also received a FastTrack DARPA Cyber ​​grant to continue working in the field of mobile device security. To create the book, Georgia was attracted by a well-known researcher in narrow circles - Peter Van Eeckhoutteaka (corelanc0d3r), the founder of Corelan Security Team.

The book is suitable for a beginner who wants to understand the principles of the work of hackers and use the same methods and tools to protect their systems from attack. On the 500 pages, you will find good examples and instructions on various topics, including areas of exploit development, carrying out attacks on mobile operating systems, social engineering, and bypassing antivirus systems.

Penetration Tester's Open Source Toolkit



Each chapter of the Open Source Toolkit focuses on a specific area of ​​testing. The book describes the existing opensource-tools that can be used to conduct a penetration test.

Large commercial testing tools can be not only very expensive, but also difficult to use. This book helps to solve both problems. The Open Source Toolkit is dedicated to the techniques and methodologies for testing various kinds of server applications using open source tools (read free), which can be modified by the Pentester for each specific situation.

The author of the book - Jeremy Faircloth has been working in the industry for over 20 years. During this time, he has become an expert in many areas: web development, database administration, corporate security, network design, application development, and project management. He led several technical teams in companies that are in the world ranking of the 50 largest in terms of revenue. Jeremy has written over a dozen technical books covering various IT topics.

The third edition of the Open Source Toolkit (2011) is currently available. The release of the fourth, amended version announced at the end of 2016.

Certified Ethical Hacker Review Guide



The official CEH certification exam preparation guide will help you identify security risks for networks and computers. The manual covers the whole range of hacking issues of modern systems. It doesn’t matter whether you have the goal of becoming an ethical hacker certified or not - the book will be useful to all security professionals.

The manual begins with an explanation of the concept of ethical hacking, then the technical features of real methods of hacking, the introduction of malicious software, social engineering, denial of service, cryptography, etc. are described. The book is suitable for people with a university level of knowledge, having an understanding of the basic network protocols and principles of the network infrastructure.

The quality of leadership is the responsibility of the American organization International Council of E-Commerce Consultants (EC-Council).

Metasploit: The Penetration Tester's Guide



Another useful book for those who want to learn ethical hacking. It is dedicated to the popular hacker framework Metasploit, designed to create and debug exploits. The book is ideal for beginners to learn Metasploit - it describes data collection using NeXpose Community Edition and Ness, playing hide-and-seek with antiviruses through MSFencode, creating fake access points via Karmetasploit and intercepting passwords, encrypting the shell-code to hide the attack from IDS or IPS and others.

If you are wondering how seemingly inexperienced hacker groups seem to make various hacks, this book will provide a comprehensive explanation of the variety of simple attacks.

A necessary skill is knowledge of Ruby, since in 2007 Metasploit was transferred from Perl to Ruby, so all the code in this book is written in Ruby.

A large and very experienced team of authors worked on the book: security specialist David Kennedy (TrustedSec company), president of Offensive Security Jim O'Gorman (created Kali Linux in the same company, and she is also one of the main developers of Metasploit), Devon Kearns specialist (worked on projects Backtrack, Kali Linux and Metasploit), developer Mati Aharoni (Kali Linux, Whoppix).

RTFM: Red Team Field Manual



The Red Team Field Manual (RTFM) is a 100-page handbook for the Pentester - a bit of everything on Windows, Cisco IOS platforms, also covering various scenarios in Powershell, Python, and Scapy, and mentioning several handy Linux commands.

Red Team are “white hackers” working for you and conducting attacks on your information system. Ben Clark, the director of the company with the talking title Cyber ​​Security, originally wrote this book as a reference for his red team, and received permission from his employer to publish.

Shellcoder's Handbook



A group of leading experts in the field of information security has written one of the best books on how to find holes in any operating system or application. The book describes methods for writing Windows shellcodes, attacks on stack overflow, as well as violations of the correct functioning of the open systems kernel.

The range of issues raised in the 700-page book is huge! 24 chapters are divided into four parts:

• Part one offers an introduction to exploits and focuses on Linux;
• The second part of the book covers the Windows platform, Solaris, Tru64, and adds information about shell codes;
• The third part is based on the search for vulnerabilities: methods for introducing faults, fuzzing, source code testing, tracing, binary audits, etc .;
• The fourth part of the book covers alternative strategies for writing exploits that will work in the real world, attacks on database software and kernel vulnerabilities.

This book is a must-have musthave for professionals for whom learning hacking techniques and countering hacking is a lifelong pursuit.

About the authors:

• Dave Aitel at the age of 18 got a job as a research assistant at the US National Security Agency, where he worked for six years. In 2002 he founded the company Immunity, engaged in the development of software to protect information. He is the author of the SPIKE project, a universal fuzzer designed to test new and unknown network protocols;
• ChrisAnley is the director of the famous British company NGS Software. He actively participates in the research of vulnerabilities of a number of products, including PGP, Windows, SQL Server and Oracle;
• Jack Koziol is a teacher and security manager for the InfoSec Institute. He also wrote the best tutorial on the Snort lightweight intrusion detection system. In addition, Jack provides networking and application security courses for companies such as Microsoft, HP, Citibank, and even US intelligence services;
• David Litchfield is a distinguished specialist in network security, one of the five founders of NGS Software. Discovered and published over 100 major vulnerabilities in various products, including Apache, Microsoft Internet Information Server, Oracle and Microsoft SQL Server;
• Sinan Eren is a shell code development expert. He did a great job in researching Unix vulnerabilities, developed advanced and reliable methods for exploiting vulnerabilities at the kernel level, revealed a lot of errors in popular open source products;
• Neel Mehta is an application vulnerability researcher for X-Force, one of the world's oldest and most prominent commercial security research groups that analyzes threats and develops technology to evaluate and secure IBM Internet Security Systems products.
• Riley Hassell is a senior scientific engineer at Eeye Digital Security who is responsible for developing and controlling the quality of a set of security solutions for the company. Eeye Digital Security is considered one of the leaders in the development of security software.

Hacking: the Art of Exploitation



Instead of simply demonstrating the use of existing exploits, the author of the book, Jon Erickson, methodically explains how hacking techniques actually work. The first 100 pages are devoted to explaining the basic concepts necessary to understand exploits, then there is a smooth transition to the technical part: how to use the memory system to run arbitrary code using a buffer overflow, how to write your own polymorphic shell code, how to intercept network traffic, etc. . The book also touches upon such topics as password cracking, Man In The Middle attacks on a Wi-Fi network and even the use of software to bypass fingerprint protection.

For a Linux network programmer who wants to learn secure programming, there is no better book. Definitely it will not work for beginners, it will require knowledge of C and assembler from you, but at the same time it has comprehensive background information so that an experienced system administrator can start working with it immediately.

Jon Erickson is a free vulnerability researcher and computer security specialist.

Gray Hat Hacking The Ethical Hackers Handbook



The fourth edition of the book came out last year, and will be useful to anyone who has just embarked on the path of studying information security. A primer for security professionals and pentesters is gradually covering almost all topics of cyber security. In addition to the classic description of exploits and shellcodes, malware, reverse engineering, SQL injections, etc., the updated version of the book contains 12 chapters on Android exploits, on hacking routers and MD5 passwords, on finding vulnerabilities "zero day" and etc. In general, the 700 pages have everything that will help you choose the most interesting area for further research.

The team of authors has become a subject, and it is huge:

• Daniel Regalado - reverse engineer, malware and vulnerability researcher, studied in detail the emergence of Ploutus malware, which allows attackers to remotely control an ATM using a phone connected to it;
• Shon Harris is the founder of Logical Security LLC, author of several international bestsellers in information security, with over 1 million copies sold and translated into six languages. Shon Harris ranked in the top 25 best women in the field of information security according to the Information Security magazine;
• Allen Harper - Executive Vice President and Chief Hacker Tangible Security;
• Chris Eagle is a senior postgraduate professor at the US Navy in Monterey, California. He has spoken at numerous security conferences, including Blackhat, Defcon, Toorcon and Shmoocon;
• Jonathan Ness - Information Security Manager Trustworthy Computing (one of Microsoft divisions);
• Branko Spasojevic - security engineer at Google;
• Ryan Linn is a specialist with more than 15 years of experience: he worked as a team leader, technical database administrator, Windows and UNIX system administrator, network engineer, web application developer, system programmer, and information security engineer. Conducted several studies in terms of ATM security, network protocol attacks, and penetration testing methods. Contributes to open source projects - Metasploit, Ettercap and Browser Exploitation Framework;
• Stephen Sims is an industry expert, has a master's degree in information security, and the author of training courses at SANS Institute (carries out research and educational programs in the field of information security, system administration, auditing).

Part 2. Analysis of the security of wireless networks

BackTrack 5 Wireless Penetration Testing Beginner's Guide



A simple guide to the classic methods of wireless attacks: wardriving, WLAN packet interception, network scanning, MAC filter and authentication bypass, WEP and WPA / WPA2 hacking, spoofing, Man-In-The-Middle attack, evil twin attacks, DoS attacks , virus SSIDs, "honey traps" and a dozen others.

The book is suitable for beginners who have at least a basic knowledge of Linux or Backtrack 5 and Wi-Fi.

The author of the book is Vivek Ramachandran - one of the winners of the Microsoft Security contest. He worked as a security engineer at Cisco, founded SecurityTube.net, discovered the CaffeLatte wireless attack method, and spoke at numerous security conferences, including Blackhat, Defcon, and Toorcon.

Part 3. Web application security analysis

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws



The book with a long title (for convenience we will call it WAHH) on 900 pages (in the second edition) deals with remote control methods, HTML5, cross-domain communications, clickjacking, framebusting (checking open pages of iframe using Javascript), attack on the web HTTP Parameter Pollution applications, hybrid dictionary attack and more.

WAHH will be useful to readers who already have experience with security features in any web application. It can be considered a reference book for any pentest-team, QA, or software audit team.

The authors of WAHH are professional web application security testers for more than ten years:

• Dafydd Stuttard is a developer specializing in web application penetration testing. Created the popular hacker utility Burp Suite;
• Marcus Pinto, co-author, provides security consulting services and conducts training on how to attack and protect web applications.

The authors jointly founded the security consulting company MDSec.

OWASP TestingGuide v4



The most unusual book in the collection. Unusual because it is free. The English version is available by reference in the title, and the translation into Russian is here .

OWASP (The Open Web Application Security Project) is an open project that brings together dozens of companies and professionals who are seeking to make application security more transparent so that any developer is aware of potential vulnerabilities or weaknesses in his application.

The OWASP Testing Guide is a collection of articles from many authors, including “best practices” for pentest and a description of testing techniques in web applications and web services.

Part 4. Analysis of the security of mobile platforms (Android, iOS)

Mobile Application Hacker's Handbook



Mobile Application Hacker's Handbook - 800-page manual for exploiting vulnerabilities on iOS, Android, Blackberry and Windows platforms. It describes the methodology for assessing mobile application vulnerabilities, as well as the methods used to prevent various types of attacks. The book covers topics such as data storage, cryptography, transport security, information leakage, Runtime Manipulation, security monitoring, and more.

First, a general overview of security in mobile applications is published, then the narration “breaks up” into different parts, each of which is directed to a specific mobile platform.

In a chapter devoted to analyzing IOS applications, the authors describe concepts such as data protection APIs and keychain. Also in the book there is a section on creating a test environment in which you can test IOS applications. The next chapter discusses the methods of attacking applications: SQL and XML injection, as well as the unreliability of inter-process communication used to transfer data between applications on the same device.

The book describes how to protect iOS applications with strong encryption, remove excess data (for example, geolocation data), and implement additional security systems.

The remaining chapters on other platforms are structured in a similar way: application analysis, analysis of attack methods, ways of creating secure applications for a specific platform.

And briefly about the authors:

• Dominic Chell is a mobile security expert working for UK-based MDSec. In recent years, the company has conducted hundreds of security checks for iOS applications and their supporting architecture;
• Tyrone Erasmus - founder of Drozer, expert in testing Android applications;
• Shaun Colley is a security consultant at IOActive, specializing in mobile security and reverse engineering;
• Ollie Whitehouse - Technical Director of the NCC Group, previously worked for BlackBerry and Symantec.

Android Hacker'sHandbook



The first complete guide to identifying and preventing attacks on Android. This is one of those books that simply must be in the library of every Android application developer. After a detailed explanation of the operating principles of the OS and its general security architecture, the authors explore the vulnerabilities that can be discovered for various components of the system.

It is difficult to find a book that would be compared with this in the detailed study of the security of Android applications. Each chapter is self-sufficient, so that you can receive information on specific topics without re-reading the entire manual. At the same time, this publication cannot be recommended to beginners in the field of IT security: to understand what is written, you need to know the basics of security of network systems, as well as the experience of Android development. In some places, knowledge of assembler is also useful to you.

About the authors:

• Joshua J. Drake - director of research for Accuvant LABS;
• Pau Oliva Fora - viaForensics Mobile Security Engineer;
• Zach Lanier - Duo Security Chief Security Specialist;
• Collin Mulliner - Post-docResearcher (PhD in research) at Northeastern University of Boston;
• Stephen A. Ridley - Principal Investigator at Xipiter;
• Georg Wicherski is a senior security researcher at Crowd Strike.

Part 5. "Fighting" programming

Black Hat Python: Python Programming for Hackers and Pentesters



In the "combat programming" can not do without the ability to create powerful hacking tools "on the fly." If you're wondering how to create truly effective hacking tools, pay attention to Python.

In Black Hat Python, you will learn how to write sniffers, manipulate packages, infect virtual machines, create Trojans using Git Hub, do custom keyloggers, write an extension to Burp Suite (a set of utilities for pentesting), most secretly display data from the network another.

The book takes you through the creation of classic networking tools in Python before writing your own malicious software ... to show how hackers get into your computer, steal data secretly and for a long time retain anonymous access to your resources. In addition, you will learn how to independently create software for detecting and neutralizing enemy attacks.

The volume of the book is small - 161 pages, most of which are screenshots and code samples. But it can not be recommended to beginners, because you need a good experience with Python, besides it can not be used as a reference. Instead, you need to set yourself Linux Kali and go through all the proposed tasks step by step.

The author of the book is Justin Seitz, a senior security officer at Immunity. He is also the author of another popular book on this topic - Gray Hat Python - Python Programming for Hackers and Reverse Engineers . Gray Hat Python appeared earlier, in 2009, and covers topics such as creating debuggers, trojans, fuzzers, and emulators. There is also no pure theory, all examples are accompanied by code that really needs to be worked with, and besides it, you can explore an extensive set of open source tools, including PyDbg, Debugger Sulley, IDA Python, PyEMU.

Violent Python a Cookbook for Hackers



Another book that will suit the Pythonists. It reveals the theme of the transition from understanding the theoretical foundations of "combat programming" to practical implementation. Instead of relying on the tools of another attacker, the book will teach you how to create your own weapon using Python. Violent Python a Cookbook for Hackers describes how to automate large-scale network attacks using scripts, how to extract metadata, write code to intercept and analyze network traffic, and how to attack wireless networks and how to hide its activity from antivirus attention.

About the author: TJ O'Connor is an information security expert for the US Department of Defense. He twice coached the winning team at the annual cyber defense championship of the US National Security Agency and won the first annual championship of the National University of Defense.

TJ holds a master’s degree in computer science from the University of North Carolina, a master’s degree in information security from the SANS Institute and a bachelor’s degree in computer science from the United States Military Academy.

Coding for Penetration Testers: Building Better Tools



Each tool used for penetration testing is based on some programming language — Perl, Python, or Ruby. If the tester wants to expand, supplement or change the functionality of the tool to perform tests, this book is useful to him. Coding for Penetration Testers gives the reader an understanding of the scenarios used in the development of testing tools, and also offers specific code examples for developing similar tools using Perl, Ruby, Python.

About the authors:

• Jason Andress is an experienced security professional who provides expertise to companies around the world. Wrote several books and publications on data security, network security, penetration testing and digital forensics;
• Ryan Linn is the previously mentioned co-author of the book Gray Hat Hacking The Ethical Hackers Handbook .

Conclusion

In Technopark Mail.Ru there is a course "Protecting information from malicious software." In Mail.Ru Group itself there is an information security department, where we do our favorite business - penetration tests. All the books mentioned in this review are somehow related to our work, and without them it is difficult to imagine the training of highly qualified specialists.

You can always continue this list, guided by several criteria. Virtually every author from the review writes regularly, publishing new textbooks or updating old ones, relating the material to the demands of the times. So watch out for their new publications. In addition, there is a good rating system on the same Amazon and often adequate comments appear on new security books, which should also be noted.