Showing posts with label Syngress. Show all posts
E-book Shop
Stealing the Network - How to Own a Shadow


Johnny Long
Timothy (Thor) Mullen
Ryan Russell
Technical Advisors
SensePost is an independent and objective organisation specialising in  
IT Security consultation, training and assessment services.
The company is situated in South Africa from where it provides services to more
than 70 large and very large clients in Australia, South Africa, Germany, Switzerland, Belgium,The
Netherlands, United Kingdom, Malaysia, United States
of America, and various African countries. 
More than 20 of these clients are in the financial services industry,
where information security is an essential part of their core competency.
SensePost analysts are regular speakers at international conferences including
Black Hat Briefings, DEFCON and Summercon.The analysts also have been
training two different classes at the Black Hat Briefings for the last 2 years. Here
they meet all sorts of interesting people and make good friends. SensePost personnel
typically think different thoughts, have inquisitive minds, never give up
and are generally good looking...
For more information, or just to hang out with us,

Technical EditorSTN: How to Own the Box
Ryan Russell has worked in the IT field for over 13 years, focusing on information
security for the last seven. He was the primary author of Hack Proofing
Your Network: Internet Tradecraft (Syngress Publishing, ISBN: 1-928994-15-6), and
is a frequent technical editor for the Hack Proofing series of books. He is also a
technical advisor to Syngress Publishing’s Snort 2.0 Intrusion Detection (ISBN: 1-
931836-74-4). Ryan founded the vuln-dev mailing list, and moderated it for
three years under the alias “Blue Boar.” He is a frequent lecturer at security
conferences, and can often be found participating in security mailing lists and
Web site discussions. Ryan is the Director of Software Engineering for, where he’s developing the anti-worm product, Enforcer. One of
Ryan’s favorite activities is disassembling worms.


This is the fourth book in the “Stealing the Network Series.”Reading through the first three books, you can see how this series has evolved over the years.A concept that was hatched at Black Hat USA 2002 in Las Vegas became a reality as Stealing the Network: How to Own the Box was released at Black Hat USA 2003 in Las Vegas.This first book brought together some of the most talented and creative minds in the security world, including Ryan Russell,Tim Mullen (Thor), FX,Dan Kaminsky, Joe Grand, Ken Pfeil, Ido Dubrawsky, Mark Burnett, and Paul Craig. In all honesty,“Stealing” was not conceived of as a series, but rather as merely a stand-alone book, an unrelated collection of short stories about hackers. But this first book seemed to strike a chord within the security community, and it also generated a following among non-security professionals as well. Security professionals both enjoyed the stories and maybe more importantly learned to think more creatively about both attack and defense techniques.Non-security professionals were able to enjoy the stories and gain an understanding of the hacker world (from both sides of the law) that was beginning to dominate mainstream media headlines.The general public was being bombarded with stories about “hackers,”“identify theft,”“phishing,” and “spam,” but like many things, these terms were all painted with a very broad brushstroke and received only simplistic analysis. Stealing the Network: How to Own the Box changed that and provided the general public with a real understanding of the true world of hacking; that is, how criminals use hacking techniques to commit crimes and how law enforcement strives to prevent crimes and apprehend those responsible.After Stealing the Network: How to Own the Box was published, readers wanted more “Stealing” books, and the series was born.
For the second book in the series, Stealing the Network: How to Own a Continent, the authors
aspired to write a series of stories that actually formed a single, coherent story line (unlike the unrelated stories in How to Own the Box). How to Own a Continent was released at Black Hat USA 2004 in Las Vegas and featured many authors from the first book, including Ryan Russell,Thor, Joe Grand and Paul Craig.The family of “Stealing” authors expanded on this book to include industry luminaries Russ Rogers, Jay Beale, Fyodor,Tom Parker, 131ah (any guesses?), and featured Kevin Mitnick as a technical reviewer.As the story centered on hacking into a string of financial institutions across Africa, Roelof Temmingh, Haroon Meer, and Charl van der Walt of the South African-based IT Security consulting firm SensePost were brought on as technical advisers. Now, getting 10 hackers to follow the same thread is, in the words of lead author Ryan Russell, like “herding cats.” How to Own a Continent was written in the vein of the film “Usual Suspects.” It featured a criminal hacker group led by the shadowy Bob Knuth. Each member of the group was expert in a particular area of compromise, and each had a varying understanding of the larger hack as well as his role in it. Just as readers latched on to the concept of How to Own the Box, the readers of How to Own a Continent latched on to this
Knuth character, and again, they wanted more.

Travel Plans
Back In The Saddle
Old Man and A Ghost
The Birth Of Pawn
Dishonorable Discharge
Flashback to Knuth

E-books Shop

Purchase Now !
Just with Paypal

Product details
 File Size
 9,346 KB
 450 p
 File Type
 PDF format
 2007 by Elsevier, Inc   

═════ ═════

Foreword by Jeff Moss

President & CEO, Black Hat, Inc

Ryan Russell Tim Mullen (Thor) FX Dan “Effugas” Kaminsky
Joe Grand Ken Pfeil Ido Durbrawsky
Mark Burnett Paul Craig

e-books shop
Stealing the Network - How to Own the Box


We would like to acknowledge the following people for their kindness and support
in making this book possible.
Karen Cross, Lance Tilford, Meaghan Cunningham, Kim Wylie, Harry Kirchner,
Kevin Votel, Kent Anderson, Frida Yara, Jon Mayes, John Mesjak, Peg O’Donnell,
Sandra Patterson, Betty Redmond, Roy Remer, Ron Shapiro, Patricia Kelly, Kristin
Keith, Jennifer Pascal, Doug Reil, David Dahl, Janis Carpenter, and Susan Fryer of
Publishers Group West for sharing their incredible marketing experience and expertise.
The incredibly hard working team at Elsevier Science, including Jonathan
Bunkell, AnnHelen Lindeholm, Duncan Enright, David Burton, Rosanna
Ramacciotti, Robert Fairbrother, Miguel Sanchez, Klaus Beran, and Rosie Moss for
making certain that our vision remains worldwide in scope.
David Buckland,Wendi Wong, Daniel Loh, Marie Chieng, Lucy Chong, Leslie
Lim, Audrey Gan, and Joseph Chan of STP Distributors for the enthusiasm with
which they receive our books.
Kwon Sung June at Acorn Publishing for his support.
Jackie Gross, Gayle Voycey, Alexia Penny, Anik Robitaille, Craig Siddall, Darlene
Morrow, Iolanda Miller, Jane Mackay, and Marie Skelly at Jackie Gross & Associates
for all their help and enthusiasm representing our product in Canada.
Lois Fraser, Connie McMenemy, Shannon Russell, and the rest of the great folks at
Jaguar Book Group for their help with distribution of Syngress books in Canada.
David Scott,Tricia Wilden, Marilla Burgess, Annette Scott, Geoff Ebbs, Hedley
Partis, Bec Lowe, and Mark Langley of Woodslane for distributing our books
throughout Australia, New Zealand, Papua New Guinea, Fiji Tonga, Solomon Islands,
and the Cook Islands.
Winston Lim of Global Publishing for his help and support with distribution of
Syngress books in the Philippines.
Ping Look and Jeff Moss of Black Hat for their invaluable insight into the world
of computer security and their support of the Syngress publishing program. A special
thanks to Jeff for sharing his thoughts with our readers in the Foreword to this book,
and to Ping for providing design expertise on the cover.
Syngress would like to extend a special thanks to Ryan Russell. Ryan has been
an important part of our publishing program for many years; he is a talented author
and tech editor, and an all-around good guy.Thank you Ryan.

Technical Editor
Ryan Russell has worked in the IT field for over 13 years, focusing on information
security for the last seven. He was the primary author of Hack Proofing Your Network:
Internet Tradecraft (Syngress Publishing, ISBN: 1-928994-15-6), and is a frequent technical
editor for the Hack Proofing series of books. He is also a technical advisor to
Syngress Publishing’s Snort 2.0 Intrusion Detection (ISBN: 1-931836-74-4). Ryan
founded the vuln-dev mailing list, and moderated it for three years under the alias
“Blue Boar.” He is a frequent lecturer at security conferences, and can often be found
participating in security mailing lists and Web site discussions. Ryan is the Director of
Software Engineering for, where he’s developing the anti-worm
product, Enforcer. One of Ryan’s favorite activities is disassembling worms.

Dan Kaminsky, also known as Effugas, is a Senior Security Consultant for Avaya’s
Enterprise Security Practice, where he works on large-scale security infrastructure.
Dan’s experience includes two years at Cisco Systems, designing security infrastructure
for cross-organization network monitoring systems, and he is best known for his
work on the ultra-fast port scanner, scanrand, part of the “Paketto Keiretsu,” a collection
of tools that use new and unusual strategies for manipulating TCP/IP networks.
He authored the Spoofing and Tunneling chapters for Hack Proofing Your Network:
Second Edition (Syngress Publishing, ISBN: 1-928994-70-9), and has delivered presentations
at several major industry conferences, including LinuxWorld, DefCon, and
past Black Hat Briefings. Dan was responsible for the Dynamic Forwarding patch to
OpenSSH, integrating the majority of VPN-style functionality into the widely
deployed cryptographic toolkit. Finally, he founded the cross-disciplinary DoxPara
Research in 1997, seeking to integrate psychological and technological theory to
create more effective systems for non-ideal but very real environments in the field.
Dan is based in Silicon Valley, CA.

FX of Phenoelit has spent the better part of the last few years becoming familiar
with the security issues faced by the foundation of the Internet, including protocol
based attacks and exploitation of Cisco routers. He has presented the results of his
work at several conferences, including DefCon, Black Hat Briefings, and the Chaos
Communication Congress. In his professional life, FX is currently employed as a
Security Solutions Consultant at n.runs GmbH, performing various security audits
for major customers in Europe. His specialty lies in security evaluation and testing of
custom applications and black box devices. FX loves to hack and hang out with his
friends in Phenoelit and wouldn’t be able to do the things he does without the continuing
support and understanding of his mother, his friends, and especially his young
lady, Bine, with her infinite patience and love.

Mark Burnett is an independent security consultant, freelance writer, and a specialist
in securing Windows-based IIS Web servers. Mark is co-author of Maximum
Windows Security and is a contributor to Dr.Tom Shinder’s ISA Server and Beyond: Real
World Security Solutions for Microsoft Enterprise Networks (Syngress Publishing, ISBN:
1-931836-66-3). He is a contributor and technical editor for Syngress Publishing’s
Special Ops: Host and Network Security for Microsoft, UNIX, and Oracle (ISBN: 1-
931836-69-8). Mark speaks at various security conferences and has published articles
in Windows & .NET, Information Security, Windows Web Solutions, Security Administrator,
and is a regular contributor at Mark also publishes articles on his
own Web site,

Joe Grand is the President and CEO of Grand Idea Studio, Inc., a product design
and development firm that brings unique inventions to market through intellectual
property licensing. As an electrical engineer, many of his creations including consumer
devices, medical products, video games and toys, are sold worldwide.A recognized
name in computer security and former member of the legendary hacker
think-tank,The L0pht, Joe’s pioneering research on product design and analysis,
mobile devices, and digital forensics is published in various industry journals. He is a
co-author of Hack Proofing Your Network, Second Edition (Syngress Publishing, ISBN 1-
928994-70-9). Joe has testified before the United States Senate Governmental Affairs
Committee on the state of government and homeland computer security. He has
presented his work at the United States Naval Post Graduate School Center for
INFOSEC Studies and Research, the United States Air Force Office of Special
Investigations, the USENIX Security Symposium, and the IBM Thomas J.Watson
Research Center. Joe is a sought after personality who has spoken at numerous universities
and industry forums.

Ido Dubrawsky (CCNA, CCDA, SCSA) is a Network Security Architect working
in the SAFE architecture group of Cisco Systems, Inc. His responsibilities include
research into network security design and implementation. Previously, Ido was a
member of Cisco’s Secure Consulting Services in Austin,TX where he conducted
security posture assessments and penetration tests for clients as well as provided technical
consulting for security design reviews. Ido was one of the co-developers of the
Secure Consulting Services wireless network assessment toolset. His strengths
include Cisco routers and switches, PIX firewalls, the Cisco Intrusion Detection
System, and the Solaris operating system. His specific interests are in freeware intrusion
detection systems. Ido holds a bachelor’s and master’s degree from the University
of Texas at Austin in Aerospace Engineering and is a longtime member of USENIX
and SAGE. He has written numerous articles covering Solaris security and network
security for Sysadmin as well as the online SecurityFocus. He is a contributor to Hack
Proofing Sun Solaris 8 (Syngress Publishing, ISBN: 1-928994-44-X) and Hack Proofing
Your Network, Second Edition (Syngress, ISBN: 1-928994-70-9). He currently resides in
Silver Spring, MD with his family.

Paul Craig is a network administrator for a major broadcasting company in New
Zealand. He has experience securing a great variety of networks and operating systems.
Paul has also done extensive research and development in digital rights management
(DRM) and copy protection systems.

Ken Pfeil is a Senior Security Consultant with Avaya’s Enterprise Security
Consulting Practice, based in New York. Ken’s IT and security experience spans over
18 years with companies such as Microsoft, Dell, Identix and Merrill Lynch in
strategic positions ranging from Systems Technical Architect to Chief Security
Officer. While at Microsoft, Ken co-authored Microsoft’s Best Practices for Enterprise
Security white paper series, was a technical contributor to the MCSE Exam, Designing
Security for Windows 2000 and official curriculum for the same. Other books Ken has
co-authored or contributed to include Hack Proofing Your Network, Second Edition
(Syngress Publishing, ISBN: 1-928994-70-9), The Definitive Guide to Network Firewalls
and VPN’s,Web Services Security, Security Planning and Disaster Recovery, and The CISSP
Study Guide. Ken holds a number of industry certifications, and participates as a
Subject Matter Expert for CompTIA’s Security+ certification. In 1998 Ken founded
The NT Toolbox Web site, where he oversaw all operations until GFI Software
acquired it in 2002. Ken is a member of ISSA’s International Privacy Advisory Board,
the New York Electronic Crimes Task Force, IEEE, IETF, and CSI.

Timothy Mullen is CIO and Chief Software Architect for AnchorIS.Com, a developer
of secure enterprise-based accounting solutions. Mullen is also a columnist for
Security Focus’ Microsoft Focus section, and a regular contributor of InFocus technical
articles. Also known as Thor, he is the founder of the “Hammer of God” security coop group.

Table of Contents
Foreword—Jeff Moss . . . . . . . . . . . . . . . . . .xix

Chapter 1 . . . . . . . . . . . . . . . . . . . . . . . . . .1
Hide and Sneak—Ido Dubrawsky
If you want to hack into someone else’s network, the week
between Christmas and New Year’s Day is the best time. I love that
time of year. No one is around, and most places are running on a
skeleton crew at best. If you’re good, and you do it right, you
won’t be noticed even by the automated systems. And that was a
perfect time of year to hit these guys with their nice e-commerce
site—plenty of credit card numbers, I figured.
The people who ran this site had ticked me off. I bought some
computer hardware from them, and they took forever to ship it to
me. On top of that, when the stuff finally arrived, it was damaged.
I called their support line and asked for a return or an exchange,
but they said that they wouldn’t take the card back because it was a
closeout.Their site didn’t say that the card was a closeout! I told
the support drones that, but they wouldn’t listen.They said, “policy
is policy,” and “didn’t you read the fine print?”Well, if they’re
going to take that position…. Look, they were okay guys on the
whole.They just needed a bit of a lesson.That’s all.

Chapter 2 . . . . . . . . . . . . . . . . . . . . . . . . . .21
The Worm Turns—Ryan Russell
and Tim Mullen
After a few hours, I’ve got a tool that seems to work. Geeze, 4:30
A.M. I mail it to the list for people to check out and try.
Heh, it’s tempting to use the root.exe and make the infected
boxes TFTP down my tool and fix themselves. Maybe by putting it
out there some idiot will volunteer himself. Otherwise the tool
won’t do much good, the damage is done. I’m showing like 14,000
unique IPs in my logs so far. Based on previous worms, that usually
means there are at least 10 times as many infected. At least. My
little home range is only 5 IP addresses.
I decide to hack up a little script that someone can use to
remotely install my fix program, using the root.exe hole.That way,
if someone wants to fix some of their internal boxes, they won’t
have to run around to the consoles.Then I go ahead and change it
to do a whole range of IP addresses, so admins can use it on their
whole internal network at once. When everyone gets to work
tomorrow, they’re going to need all the help they can get. I do it
in C so I can compile it to a .exe, since most people won’t have
the Windows perl installed.

Chapter 3 . . . . . . . . . . . . . . . . . . . . . . . . . .47
Just Another Day at the Office
—Joe Grand
I can’t disclose much about my location. Let’s just say it’s damp and
cold. But it’s much better to be here than in jail, or dead. I thought
I had it made—simple hacks into insecure systems for tax-free dollars.
And then the ultimate heist: breaking into a sensitive lab to
steal one of the most important weapons the U.S. had been developing.
And now it’s over. I’m in a country I know nothing about,
with a new identity, doing chump work for a guy who’s fresh out
Contents xiii
of school. Each day goes by having to deal with meaningless corporate
policies and watching employees who can’t think for themselves,
just blindly following orders. And now I’m one of them. I
guess it’s just another day at the office.

Chapter 4 . . . . . . . . . . . . . . . . . . . . . . . . . .79
h3X’s Adventures in Networkland—FX
h3X is a hacker, or to be more precise, she is a hackse (from hexe,
the German word for witch). Currently, h3X is on the lookout for
some printers. Printers are the best places to hide files and share
them with other folks anonymously. And since not too many
people know about that, h3X likes to store exploit codes and other
kinky stuff on printers, and point her buddies to the Web servers
that actually run on these printers. She has done this before.

Chapter 5 . . . . . . . . . . . . . . . . . . . . . . . . .133
The Thief No One Saw—Paul Craig
My eyes slowly open to the shrill sound of my phone and the
blinking LED in my dimly lit room. I answer the phone.
“Hmm … Hello?”
“Yo, Dex, it’s Silver Surfer. Look, I got a title I need you to get
for me.You cool for a bit of work?”
Silver Surfer and I go way back. He was the first person to get
me into hacking for profit. I’ve been working with him for almost
two years. Although I trust him, we don’t know each other’s real
names. My mind slowly engages. I was up till 5:00 A.M., and it’s
only 10:00 A.M. now. I still feel a little mushy.
“Sure, but what’s the target? And when is it due out?”
“Digital Designer v3 by Denizeit. It was announced being final
today and shipping by the end of the week, Mr. Chou asked for
this title personally. It’s good money if you can get it to us before
it’s in the stores.There’s been a fair bit of demand for it on the
street already.”
“Okay, I’ll see what I can do once I get some damn coffee.”
“Thanks dude. I owe you.”There’s a click as he hangs up.

Chapter 6 . . . . . . . . . . . . . . . . . . . . . . . . .155
Flying the Friendly Skies—Joe Grand
Not only am I connected to the private wireless network, I can
also access the Internet. Once I’m on the network, the underlying
wireless protocol is transparent, and I can operate just as I would
on a standard wired network. From a hacker’s point of view, this is
great. Someone could just walk into a Starbucks, hop onto their
wireless network, and attack other systems on the Internet, with
hardly any possibility of detection. Public wireless networks are
perfect for retaining your anonymity.
Thirty minutes later, I’ve finished checking my e-mail using a
secure Web mail client, read up on the news, and placed some bids
on eBay for a couple rare 1950’s baseball cards I’ve been looking
for. I’m bored again, and there is still half an hour before we’ll start
boarding the plane.

Chapter 7 . . . . . . . . . . . . . . . . . . . . . . . . .169
dis-card—Mark Burnett
One of my favorite pastimes is to let unsuspecting people do the
dirty work for me.The key here is the knowledge that you can
obtain through what I call social reverse-engineering, which is
nothing more than the analysis of people. What can you do with
social reverse-engineering? By watching how people deal with
computer technology, you’ll quickly realize how consistent people
really are.You’ll see patterns that you can use as a roadmap for
human behavior.
Humans are incredibly predictable. As a teenager, I used to
watch a late-night TV program featuring a well-known mentalist. I
watched as he consistently guessed social security numbers of audience
members. I wasn’t too impressed at first—how hard would it
be for him to place his own people in the audience to play along?
It was what he did next that intrigued me: He got the TV-viewing
audience involved. He asked everyone at home to think of a vegetable.
I thought to myself, carrot.To my surprise, the word
CARROT suddenly appeared on my TV screen. Still, that could
have been a lucky guess.

Chapter 8 . . . . . . . . . . . . . . . . . . . . . . . . .189
Social (In)Security—Ken Pfeil
While I‘m not normally a guy prone to revenge, I guess some
things just rub me the wrong way. When that happens, I rub
back—only harder. When they told me they were giving me
walking papers, all I could see was red. Just who did they think
they were dealing with anyway? I gave these clowns seven years of
sweat, weekends, and three-in-the-morning handholding. And for
what? A lousy week’s severance? I built that IT organization, and
then they turn around and say I’m no longer needed.They said
they’ve decided to “outsource” all of their IT to ICBM Global Services.
The unemployment checks are about to stop, and after
spending damn near a year trying to find another gig in this
economy, I think it’s payback time.Maybe I’ve lost a step or two
technically over the years, but I still know enough to hurt these
bastards. I’m sure I can get some information that’s worth selling to
a competitor, or maybe to get hired on with them. And can you
imagine the looks on their faces when they find out they were
hacked? If only I could be a fly on the wall.

Chapter 9 . . . . . . . . . . . . . . . . . . . . . . . . .211
BabelNet—Dan Kaminsky
Black Hat Defense: Know Your Network Better Than
The Enemy Can Afford To…
SMB—short for Server Message Block, was ultimately the protocol
behind NBT(NetBIOS over TCP/IP), the prehistoric IBM LAN
Manager, and its modern n-th generation clone,Windows File
Sharing. Elena laughed as chunkage like ECFDEECACACACACACACACACACACACACA
spewed across the display. Once upon a
time, a particularly twisted IBM engineer decided that “First Level
Encoding” might be a rational way to write the name “BSD”.
Humanly readable? Not unless you were the good Luke Kenneth
Casson Leighton, whose ability to fully grok raw SMB from hexdumps
was famed across the land, a postmodern incarnation of
sword swallowing.

Chapter 10 . . . . . . . . . . . . . . . . . . . . . . . .235
The Art of Tracking—Mark Burnett
It’s strange how hackers think.You’d think that white hat hackers
would be on one end of the spectrum and black hat hackers on
the other. On the contrary, they are both at the same end of the
spectrum, the rest of the world on the other end.There really is no
difference between responsible hacking and evil hacking. Either
way it’s hacking.The only difference is the content. Perhaps that is
why it is so natural for a black hat to go legit, and why it is so easy
for a white hat to go black.The line between the two is fine,
mostly defined by ethics and law.To the hacker, ethics and laws
have holes just like anything else.
Many security companies like to hire reformed hackers.The
truth is that there is no such thing as a reformed hacker.They may
have their focus redirected and their rewards changed, but they are
never reformed. Getting paid to hack doesn’t make them any less
of a hacker.
Hackers are kind of like artists. An artist will learn to paint by
painting whatever they want.They could paint mountains, animals,
or perhaps nudes.They can use any medium, any canvas, and any
colors they wish. If the artist some day gets a job doing art, he
becomes a commercial artist.The only difference is that they now
paint what other people want.

Appendix . . . . . . . . . . . . . . . . . . . . . . . . .269
The Laws of Security—Ryan Russell
This book contains a series of fictional short stories demonstrating
criminal hacking techniques that are used every day. While these
stories are fictional, the dangers are obviously real. As such, we’ve
included this appendix, which discusses how to mitigate many of
the attacks detailed in this book. While not a complete reference,
these security laws can provide you with a foundation of knowledge
prevent criminal hackers from stealing your network.


e-books shop

Purchase Now !
Just with Paypal

Product details
 3.00 USD
 329 p
 File Size
 4,699 KB
 File Type
 PDF format
 2003 by Syngress Publishing, Inc 

═════ ═════

A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers

TJ O’Connor

e-books shop
e-books shop
Purchase Now !
Just with Paypal

Book Details
 377 p
 File Size 
 1,529 KB
 File Type
 PDF format
 2013 Elsevier, Inc 

Lead Author – TJ O’Connor
TJ O’Connor is a Department of Defense expert on information security
and a US Army paratrooper. While assigned as an assistant professor at
the US Military Academy, TJ taught undergraduate courses on forensics,
exploitation and information assurance. He twice co-coached the
winning team at the National Security Agency’s annual Cyber Defense
Exercise and won the National Defense University’s first annual Cyber
Challenge. He has served on multiple red teams, including twice on the
Northeast Regional Team for the National Collegiate Cyber Defense Competition.

TJ holds a Master of Science degree in Computer Science from
North Carolina State, a Master of Science degree in Information Security
Engineering from the SANS Technical Institute, and a Bachelor of
Science degree in Computer Science from the US Military Academy. He
has published technical research at USENIX workshops, ACM
conferences, security conferences, the SANS Reading Room, the Internet
Storm Center, the Army Magazine, and the Armed Forces Journal. He
holds expert cyber security credentials, including the prestigious GIAC
Security Expert (GSE) and Offensive Security Certified Expert (OSCE). TJ
is a member of the elite SANS Red and Blue Team Cyber Guardians.

Contributing Author Bio – Rob Frost
Robert Frost graduated from the United States Military Academy in
2011, commissioning into the Army Signal Corps. He holds a Bachelor of
Science degree in Computer Science with honors, with his thesis work
focusing on open-source information-gathering. Rob was individually
recognized as one of the top two members of the national championship
team for the 2011 Cyber Defense Exercise due to his ability to circumvent rules. 
Rob has participated in and won several cyber security competitions.

Technical Editor Bio – Mark Baggett
Mark Baggett is a Certified SANS Instructor, where he teaches several
courses in SANS penetration-testing curriculum. Mark is the primary
consultant and founder of In Depth Defense, Inc., which provides
incident-response and penetration-testing services. Today, in his role as
the technical advisor to the Department of Defense for SANS, Mark is
focused on the practical application of SANS resources in the
development of military capabilities.

Mark has held a variety of positions in information security for large
international and Fortune 1000 companies. He has been a software
developer, a network and systems engineer, a security manager, and a
CISO. As a CISO, Mark was responsible for policy, compliance, incident
response, and all other aspects of information security operations. Mark
knows firsthand the challenges that information security professionals
face today in selling, implementing, and supporting information security.
Mark is an active member of the information security community and
the founding president of the Greater Augusta ISSA. He holds several
certifications, including SANS’ prestigious GSE. Mark blogs about various
security topics at

Python is a hacker’s language. With its decreased complexity, increased
efficiency, limitless third-party libraries, and low bar to entry, Python
provides an excellent development platform to build your own offensive
tools. If you are running Mac OS X or Linux, odds are it is already
installed on your system. While a wealth of offensive tools already exist,
learning Python can help you with the difficult cases where those tools fail.

Table of Contents
Cover image
Title page
Trade marks
Lead Author – TJ O’Connor
Contributing Author Bio – Rob Frost
Technical Editor Bio – Mark Baggett
Chapter 1. Introduction
Introduction: A Penetration Test with Python
Setting Up Your Development Environment
The Python Language
Your First Python Programs
Chapter Wrap-Up
Chapter 2. Penetration Testing with Python
Introduction: The Morris Worm—Would it Work Today?
Building a Port Scanner
Building an SSH BotNet with Python
Mass Compromise by Bridging FTP and Web
Conficker, Why Trying Hard is Always Good Enough
Writing Your Own Zero-Day Proof of Concept Code
Chapter Wrap Up
Chapter 3. Forensic Investigations with Python
Introduction: How Forensics Solved the BTK Murders
Where Have You Been?—Analysis of Wireless Access Points in
the Registry
Using Python to Recover Deleted Items in the Recycle Bin
Investigating Application Artifacts with Python
Investigating iTunes Mobile Backups with Python
Chapter Wrap-Up
Chapter 4. Network Traffic Analysis with Python
Introduction: Operation Aurora and How the Obvious was
Where is that IP Traffic Headed?—A Python Answer
Is Anonymous Really Anonymous? Analyzing LOIC Traffic
How H D Moore Solved the Pentagon’s Dilemma
Storm’s Fast-Flux and Conficker’s Domain-Flux
Kevin Mitnick and TCP Sequence Prediction
Foiling Intrusion Detection Systems with Scapy
Chapter Wrap Up
Chapter 5. Wireless Mayhem with Python
Introduction: Wireless (IN)Security and the Iceman
Setting up Your Wireless Attack Environment
The Wall of Sheep—Passively Listening to Wireless Secrets
Where Has Your Laptop Been? Python Answers
Intercepting and Spying on UAVs with Python
Detecting FireSheep
Stalking with Bluetooth and Python
Chapter Wrap Up
Chapter 6. Web Recon with Python
Introduction: Social Engineering Today
Using the Mechanize Library to Browse the Internet
Scraping Web Pages with AnonBrowser
Research, Investigate, Discovery
Anonymous Email
Mass Social Engineering
Chapter Wrap-Up
Chapter 7. Antivirus Evasion with Python
Introduction: Flame On!
Evading Antivirus Programs
Verifying Evasion
Wrap Up

e-books shop

Everyone learns differently. However, whether you are a beginner who
wants to learn how to write Python, or an advanced programmer who
wants to learn how to apply your skills in penetration testing, this book is for you.
Loading... Protection Status