Home Page Icon
Home Page
Table of Contents for
Part I: Recon/Assessment
Close
Part I: Recon/Assessment
by Ed Brindley, Aaron W Bayles, Johnny Long, Chris Hurley
InfoSec Career Hacking: Sell Your Skillz, Not Your Soul
Cover image
Title page
Table of Contents
Copyright
Acknowledgments
Author Dedication
Lead Author and Technical Editor
Contributing Authors
Technical Reviewer
Foreword Contributor
Foreword
Part I: Recon/Assessment
Chapter 1: The Targets—What I Want to Be When I Grow Up (or at Least Get Older)
Introduction
Understanding INFOSEC
Employment Opportunities
Defining the Jobs
Bringing Together the Skills
Advanced Skills
So Where Do I Match Up?
Checklist
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 2: Reconnaissance: Social Engineering for Profit
Introduction
Narrowing Your Choices
Digging for Information
Researching for Rewards
Making Contact
Checklist
Summary
Solutions Fast Track
Links to Sites
Mailing Lists
Frequently Asked Questions
Chapter 3: Enumerate: Determine What’s Out There
Introduction
What Should I Do First?
Is Education Important?
Certifications: Magic or Myth?
Getting Your Name Out There
Understanding Opportunities and Gaining Experience
Security Clearances
Summary
Solutions Fast Track
Links to Sites
Mailing Lists
Frequently Asked Questions
Chapter 4: First Strike: Basic Tactics for Successful Exploitation
Part II: Technical Skills
Chapter 5: The Laws of Security
Introduction
Knowing the Laws of Security
Client-Side Security Doesn’t Work
You Cannot Securely Exchange Encryption Keys without a Shared Piece of Information
Malicious Code Cannot Be 100 Percent Protected against
Any Malicious Code Can Be Completely Morphed to Bypass Signature Detection
Firewalls Cannot Protect You 100 Percent from Attack
Any IDS Can Be Evaded
Secret Cryptographic Algorithms Are Not Secure
If a Key Is Not Required, You Do Not Have Encryption—You Have Encoding
Passwords Cannot Be Securely Stored on the Client Unless There Is Another Password to Protect Them
In Order for a System to Begin to Be Considered Secure, It Must Undergo an Independent Security Audit
Security through Obscurity Does Not Work
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 6: No Place Like/home—Creating an Attack Lab
Chapter 7: Vulnerability Disclosure
Introduction
Vulnerability Disclosure and Cyber Adversaries
“Free For All”: Full Disclosure
Unfixed Vulnerability Attack Capability and Attack Inhibition Considerations
Probability of Success Given an Attempt
Probability of Detection Given an Attempt
“Symmetric” Full Disclosure
Responsible Restricted “Need to Know” Disclosure
Responsible, Partial Disclosure and Attack Inhibition Considerations
“Responsible” Full Disclosure
Responsible, Full Disclosure Capability and Attack Inhibition Considerations
Security Firm “Value Added” Disclosure Model
Value-Add Disclosure Model Capability and Attack Inhibition Considerations
Non-Disclosure
The Vulnerability Disclosure Pyramid Metric
Pyramid Metric Capability and Attack Inhibition
Pyramid Metric and Capability—A Composite Picture Pyramid
Comparison of Mean Inhibitor Object Element Values
The Disclosure Food Chain
Summary
Frequently Asked Questions
Chapter 8: Classes of Attack
Introduction
Identifying and Understanding the Classes of Attack
Identifying Methods of Testing for Vulnerabilities
Standard Research Techniques
Summary
Solutions Fast Track
Frequently Asked Questions
Part III: On the Job
Chapter 9: Don’t Trip the Sensors: Integrate and Imitate
Introduction
Hacking the System
Hacking the Network
Escalating Your Privileges
Managing Your Time
Checklist
Summary
Solutions Fast Track
Links to Sites
Mailing Lists
Frequently Asked Questions
Chapter 10: Vulnerability Remediation—Work Within the System
Introduction
Giving Back to the (Local) Community
Contributing to the INFOSEC Community
Upgrading Your Skills
Upgrading Your Workplace
Checklist
Summary
Solutions Fast Track
Links to Sites
Frequently Asked Questions
Chapter 11: Incident Response – Putting Out Fires Without Getting Burned
Amanda
Chapter 12: Rooting: Show Me the Money!
Introduction
Building Jumpstart InfoSec Services
Managing Hackers
Planning, Expanding, and Dominating
Summary
Solutions Fast Track
Links to Sites
Frequently Asked Questions
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Foreword
Next
Next Chapter
Chapter 1: The Targets—What I Want to Be When I Grow Up (or at Least Get Older)
Part I
Recon/Assessment
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset