Rating:
Author: Andrew Whitaker
ISBN : B001UUJ63G
New from $22.99
Format: PDF, EPUB
Posts about Download The Book Free Chained Exploits: Advanced Hacking Attacks from Start to Finish [Kindle Edition] for everyone book 4shared, mediafire, hotfile, and mirror link
The complete guide to today’s hard-to-defend chained attacks: performing them and preventing them
Nowadays, it’s rare for malicious hackers to rely on just one exploit or tool; instead, they use “chained” exploits that integrate multiple forms of attack to achieve their goals. Chained exploits are far more complex and far more difficult to defend. Few security or hacking books cover them well and most don’t cover them at all. Now there’s a book that brings together start-to-finish information about today’s most widespread chained exploits—both how to perform them and how to prevent them.
Chained Exploits demonstrates this advanced hacking attack technique through detailed examples that reflect real-world attack strategies, use today’s most common attack tools, and focus on actual high-value targets, including credit card and healthcare data. Relentlessly thorough and realistic, this book covers the full spectrum of attack avenues, from wireless networks to physical access and social engineering.
Writing for security, network, and other IT professionals, the authors take you through each attack, one step at a time, and then introduce today’s most effective countermeasures– both technical and human. Coverage includes:
- Constructing convincing new phishing attacks
- Discovering which sites other Web users are visiting
- Wreaking havoc on IT security via wireless networks
- Disrupting competitors’ Web sites
- Performing—and preventing—corporate espionage
- Destroying secure files
- Gaining access to private healthcare records
- Attacking the viewers of social networking pages
- Creating entirely new exploits
- and more
Andrew Whitaker, Director of Enterprise InfoSec and Networking for Training Camp, has been featured in The Wall Street Journal and BusinessWeek. He coauthored Penetration Testing and Network Defense. Andrew was a winner of EC Council’s Instructor of Excellence Award.
Keatron Evans is President and Chief Security Consultant of Blink Digital Security, LLC, a trainer for Training Camp, and winner of EC Council’s Instructor of Excellence Award.
Jack B. Voth specializes in penetration testing, vulnerability assessment, and perimeter security. He co-owns The Client Server, Inc., and teaches for Training Camp throughout the United States and abroad.
informit.com/aw
Cover photograph © Corbis /
Jupiter Images
Direct download links available for Free Chained Exploits: Advanced Hacking Attacks from Start to Finish [Kindle Edition]
- File Size: 5057 KB
- Print Length: 312 pages
- Simultaneous Device Usage: Up to 5 simultaneous devices, per publisher limits
- Publisher: Addison-Wesley Professional; 1 edition (February 27, 2009)
- Sold by: Amazon Digital Services, Inc.
- Language: English
- ASIN: B001UUJ63G
- Text-to-Speech: Enabled
X-Ray:
- Lending: Not Enabled
- Amazon Best Sellers Rank: #613,141 Paid in Kindle Store (See Top 100 Paid in Kindle Store)
Free Chained Exploits: Advanced Hacking Attacks from Start to Finish
I looked forward to Chained Exploits (CE) by Whitaker, Evans and Voth with much anticipation as the concept is a much needed addition to the lexicon on information security. Often academic fields are severely limited by the vocabulary available to discuss issues and the "chained exploit" is sure to become a mainstay in the discourse of information security. Despite my enthusiasm for the concept, however, I was disappointed by the material presented in CE. The genius of the chained exploit is that it upends the traditional threat matrix, typically presented as:
[value of resource] x [likelihood of exploit] = [risk level]
For example, a high value resource that is unlikely to be exploited should be ranked as a low risk, as should a low value resource that is likely to be exploited. Think of this in terms of a temporary database of publically available information used to populate a user demonstration website that is wiped out every 24 hours. If that information is compromised it has no value, so even if the compromise is likely it is a low risk system. Conversely if a system that contains critical financial information is confined to a single workstation that is removed from any networking and housed in a guarded facility it too is a low risk system (since the likelihood of compromise is low).
Unfortunately many auditors make risk assessments based on circumstances in a vacuum. This is where the concept of "chained exploits" becomes so valuable. For instance, if a vulnerability were discovered in a local binary accessible to users that allows privilege escalation, but the local binary exists on a system that has no users (other than administrators who already have root privileges) it is often considered a low risk.
The concept of the book is decent, albeit quite similar to the Stealing the Network series of books, wrapping theoretical hacking attacks into readable stories. Unfortunately, the execution suffers from several problems.
The narratives are all over the place and rarely bear any resemblance to each other. The stories follow the work of "Phoenix", a hacker who alternates from being someone that dresses poorly enough to be mistaken for a homeless person, performing attacks under duress as a shadowy employer threatens his girlfriend, to someone who has quit his job to live in a 3500 square foot house from the income he gets renting out large botnets.
The book suffers from too-many-authoritis, and each author has a very different writing style that makes each story different from the last. One author is very good at working different tools into his story, while one author feels compelled to list every tool that could possibly be used to pick a lock or sniff wireless traffic.
"Although Phoenix will not be using all these tools in his exploit, he could use:
-Tool A: Long description from the tool's website
-Tool B: Long description from the tool's website
-Tool C: Long description from the tool's website"
A few of the attacks are somewhat clever, while the majority are unneccessarily complex, apparently needing to hit a quota of different tools.
-
Download Link 2