White hat

Abstract: "It's imperative that everybody working in the field of cyber-security read this book to understand the growing threat of rootkits." --Mark Russinovich, editor, Windows IT Pro / Windows & .NET Magazine"This material is not only up-to-date, it defines up-to-date. It is truly cutting-edge. As the only book on the subject, Rootkits will be of interest to any Windows security researcher or security programmer. It's detailed, well researched and the technical information is excellent. The level of technical detail, research, and time invested in developing relevant examples is impressive. In one word: Outstanding." --Tony Bautts, Security Consultant; CEO, Xtivix, Inc."This book is an essential read for anyone responsible for Windows security. Security professionals, Windows system administrators, and programmers in general will want to understand the techniques used by rootkit authors. At a time when many IT and security professionals are still worrying about the latest e-mail virus or how to get all of this month's security patches installed, Mr. Hoglund and Mr. Butler open your eyes to some of the most stealthy and significant threats to the Windows operating system. Only by understanding these offensive techniques can you properly defend the networks and systems for which you are responsible." --Jennifer Kolde, Security Consultant, Author, and Instructor"What's worse than being owned? Not knowing it. Find out what it means to be owned by reading Hoglund and Butler's first-of-a-kind book on rootkits. At the apex the malicious hacker toolset--which includes decompilers, disassemblers, fault-injection engines, kernel debuggers, payload collections, coverage tools, and flow analysis tools--is the rootkit. Beginning where Exploiting Software left off, this book shows how attackers hide in plain sight. "Rootkits are extremely powerful and are the next wave of attack technology. Like other types of malicious code, rootkits thrive on stealthiness. They hide away from standard system observers, employing hooks, trampolines, and patches to get their work done. Sophisticated rootkits run in such a way that other programs that usually monitor machine behavior can't easily detect them. A rootkit thus provides insider access only to people who know that it is running and available to accept commands. Kernel rootkits can hide files and running processes to provide a backdoor into the target machine. "Understanding the ultimate attacker's tool provides an important motivator for those of us trying to defend systems. No authors are better suited to give you a detailed hands-on understanding of rootkits than Hoglund and Butler. Better to own this book than to be owned." --Gary McGraw, Ph.D., CTO, Cigital, coauthor of Exploiting Software (2004) and Building Secure Software (2002), both from Addison-Wesley"Greg and Jamie are unquestionably the go-to experts when it comes to subverting the Windows API and creating rootkits. These two masters come together to pierce the veil of mystery surrounding rootkits, bringing this information out of the shadows. Anyone even remotely interested in security for Windows systems, including forensic analysis, should include this book very high on their must-read list." --Harlan Carvey, author of Windows Forensics and Incident Recovery (Addison-Wesley, 2005)Rootkits are the ultimate backdoor, giving hackers ongoing and virtually undetectable access to the systems they exploit. Now, two of the world's leading experts have written the first comprehensive guide to rootkits: what they are, how they work, how to build them, and how to detect them. Rootkit.com's Greg Hoglund and James Butler created and teach Black Hat's legendary course in rootkits. In this book, they reveal never-before-told offensive aspects of rootkit technology--learn how attackers can get in and stay in for years, without detection.Hoglund and Butler show exactly how to subvert the Windows XP and Windows 2000 kernels, teaching concepts that are easily applied to virtually any modern operating system, from Windows Server 2003 to Linux and UNIX. Using extensive downloadable examples, they teach rootkit programming techniques that can be used for a wide range of software, from white hat security tools to operating system drivers and debuggers.After reading this book, readers will be able to Understand the role of rootkits in remote command/control and software eavesdropping Build kernel rootkits that can make processes, files, and directories invisible Master key rootkit programming techniques, including hooking, runtime patching, and directly manipulating kernel objects Work with layered drivers to implement keyboard sniffers and file filters Detect rootkits and build host-based intrusion prevention software that resists rootkit attacksVisit rootkit.com for code and programs from this book. The site also contains enhancements to the book's text, such as up-to-the-minute information on rootkits available nowhere else.

Abstract: Praise for Virtual Honeypots"A power-packed resource of technical, insightful information that unveils the world of honeypots in front of the reader's eyes"-Lenny Zeltser, Information Security Practice Leader at Gemini Systems"This is one of the must-read security books of the year"-Cyrus Peikari, CEO, Airscanner Mobile Security, author, security warrior"This book clearly ranks as one of the most authoritative in the field of honeypots It is comprehensive and well written The authors provide us with an insider's look at virtual honeypots and even help us in setting up and understanding an otherwise very complex technology"-Stefan Kelm, Secorvo Security Consulting"Virtual Honeypots is the best reference for honeypots today Security experts Niels Provos and Thorsten Holz cover a large breadth of cutting-edge topics, from low-interaction honeypots to botnets and malware If you want to learn about the latest types of honeypots, how they work, and what they can do for you, this is the resource you need"-Lance Spitzner, Founder, Honeynet Project"Whether gathering intelligence for research and defense, quarantining malware outbreaks within the enterprise, or tending hacker ant farms at home for fun, you'll find many practical techniques in the black art of deception detailed in this book Honeypot magic revealed!"-Doug Song, Chief Security Architect, Arbor Networks"Seeking the safest paths through the unknown sunny islands called honeypots? Trying to avoid greedy pirates catching treasures deeper and deeper beyond your ports? With this book, any reader will definitely get the right map to handle current cyber-threatsDesigned by two famous white hats, Niels Provos and Thorsten Holz, it carefully teaches everything from the concepts to practical real-life examples with virtual honeypots The main strength of this book relies in how it covers so many uses of honeypots: improving intrusion detection systems, slowing down and following incoming attackers, catching and analyzing 0-days or malwares or botnets, and so onSailing the high seas of our cyber-society or surfing the Net, from students to experts, it's a must-read for people really aware of computer security, who would like to fight against black-hats flags with advanced modern tools like honeypots"-Laurent Oudot, Computer Security Expert, CEA"Provos and Holz have written the book that the bad guys don't want you to read This detailed and comprehensive look at honeypots provides step-by-step instructions on tripping up attackers and learning their tricks while lulling them into a false sense of security Whether you are a practitioner, an educator, or a student, this book has a tremendous amount to offer The underlying theory of honeypots is covered, but the majority of the text is a 'how-to' guide on setting up honeypots, configuring them, and getting the most out of these traps, while keeping actual systems safe Not since the invention of the firewall has a tool as useful as this provided security specialists with an edge in the never-ending arms race to secure computer systems Virtual Honeypots is a must-read and belongs on the bookshelf of anyone who is serious about security"-Aviel D Rubin, PhD, Computer Science Professor and Technical Director of the Information Security Institute at Johns Hopkins University, and President and Founder, Independent Security Evaluators"An awesome coverage of modern honeypot technologies, both conceptual and practical"-Anton Chuvakin"Honeypots have grown from simple geek tools to key components in research and threat monitoring at major entreprises and security vendors Thorsten and Niels comprehensive coverage of tools and techniques takes you behind the scene with real-world examples of deployment, data acquisition, and analysis"-Nicolas Fischbach, Senior Manager, Network Engineering Security, COLT Telecom, and Founder of SecuriteOrgHoneypots have demonstrated immense value in Internet security, but physical honeypot deployment can be prohibitively complex, time-consuming, and expensive Now, there's a breakthrough solution Virtual honeypots share many attributes of traditional honeypots, but you can run thousands of them on a single system-making them easier and cheaper to build, deploy, and maintainIn this hands-on, highly accessible book, two leading honeypot pioneers systematically introduce virtual honeypot technology One step at a time, you'll learn exactly how to implement, configure, use, and maintain virtual honeypots in your own environment, even if you've never deployed a honeypot beforeYou'll learn through examples, including Honeyd, the acclaimed virtual honeypot created by coauthor Niels Provos The authors also present multiple real-world applications for virtual honeypots, including network decoy, worm detection, spam prevention, and network simulationAfter reading this book, you will be able to Compare high-interaction honeypots that provide real systems and services and the low-interaction honeypots that emulate them Install and configure Honeyd to simulate multiple operating systems, services, and network environments Use virtual honeypots to capture worms, bots, and other malware Create high-performance "hybrid" honeypots that draw on technologies from both low- and high-interaction honeypots Implement client honeypots that actively seek out dangerous Internet locations Understand how attackers identify and circumvent honeypots Analyze the botnets your honeypot identifies, and the malware it captures Preview the future evolution of both virtual and physical honeypots

Abstract: Students generally learn red teaming, sometimes called penetration testing or ethical hacking, as "breaking into your own system to see how hard it is to do so". Contrary to this simplistic view, a penetration test requires a detailed analysis of the threats and potential attackers in order to be most valuable. Using the results of penetration testing requires proper interpretation. Neither testers nor sponsors should assert that the penetration test has found all possible flaws, or that the failure to find flaws means that the system is secure. All types of testing can show only the presence of flaws and never the absence of them. The best that testers can say is that the specific flaws they looked for and failed to find aren't present: this can give some idea of the overall security of the system's design and implementation.

Abstract: Identifying security vulnerabilities in software is a critical task that requires significant human effort. Currently, vulnerability discovery is often the responsibility of software testers before release and white-hat hackers (often within bug bounty programs) afterward. This arrangement can be ad-hoc and far from ideal; for example, if testers could identify more vulnerabilities, software would be more secure at release time. Thus far, however, the processes used by each group — and how they compare to and interact with each other — have not been well studied. This paper takes a first step toward better understanding, and eventually improving, this ecosystem: we report on a semi-structured interview study (n=25) with both testers and hackers, focusing on how each group finds vulnerabilities, how they develop their skills, and the challenges they face. The results suggest that hackers and testers follow similar processes, but get different results due largely to differing experiences and therefore different underlying knowledge of security concepts. Based on these results, we provide recommendations to support improved security training for testers, better communication between hackers and developers, and smarter bug bounty policies to motivate hacker participation.