Table of Contents
Lead Author and Technical Editor
Chapter 1: The Targets—What I Want to Be When I Grow Up (or at Least Get Older)
Chapter 2: Reconnaissance: Social Engineering for Profit
Chapter 3: Enumerate: Determine What’s Out There
Certifications: Magic or Myth?
Understanding Opportunities and Gaining Experience
Chapter 4: First Strike: Basic Tactics for Successful Exploitation
Chapter 5: The Laws of Security
Client-Side Security Doesn’t Work
You Cannot Securely Exchange Encryption Keys without a Shared Piece of Information
Malicious Code Cannot Be 100 Percent Protected against
Any Malicious Code Can Be Completely Morphed to Bypass Signature Detection
Firewalls Cannot Protect You 100 Percent from Attack
Secret Cryptographic Algorithms Are Not Secure
If a Key Is Not Required, You Do Not Have Encryption—You Have Encoding
Passwords Cannot Be Securely Stored on the Client Unless There Is Another Password to Protect Them
Security through Obscurity Does Not Work
Chapter 6: No Place Like/home—Creating an Attack Lab
Chapter 7: Vulnerability Disclosure
Vulnerability Disclosure and Cyber Adversaries
“Free For All”: Full Disclosure
Unfixed Vulnerability Attack Capability and Attack Inhibition Considerations
Probability of Success Given an Attempt
Probability of Detection Given an Attempt
Responsible Restricted “Need to Know” Disclosure
Responsible, Partial Disclosure and Attack Inhibition Considerations
Responsible, Full Disclosure Capability and Attack Inhibition Considerations
Security Firm “Value Added” Disclosure Model
Value-Add Disclosure Model Capability and Attack Inhibition Considerations
The Vulnerability Disclosure Pyramid Metric
Pyramid Metric Capability and Attack Inhibition
Pyramid Metric and Capability—A Composite Picture Pyramid
Comparison of Mean Inhibitor Object Element Values
Identifying and Understanding the Classes of Attack
Identifying Methods of Testing for Vulnerabilities
Chapter 9: Don’t Trip the Sensors: Integrate and Imitate
Chapter 10: Vulnerability Remediation—Work Within the System
Giving Back to the (Local) Community
Contributing to the INFOSEC Community
Chapter 11: Incident Response – Putting Out Fires Without Getting Burned
Chapter 12: Rooting: Show Me the Money!
Building Jumpstart InfoSec Services