The latest tactics for thwarting digital attacks

“Our new reality is zero-day, APT, and state-sponsored attacks. Today, more than ever, security professionals need to get into the hacker’s mind, methods, and toolbox to successfully deter such relentless assaults. This edition brings readers abreast with the latest attack vectors and arms them for these continually evolving threats.” --Brett Wahlin, CSO, Sony Network Entertainment.

“Stop taking punches--let’s change the game; it’s time for a paradigm shift in the way we secure our networks, and Hacking Exposed 7 is the playbook for bringing pain to our adversaries.” --Shawn Henry, former Executive Assistant Director, FBI

Bolster your system’s security and defeat the tools and tactics of cyber-criminals with expert advice and defense strategies from the world-renowned Hacking Exposed team. Case studies expose the hacker’s latest devious methods and illustrate field-tested remedies. Find out how to block infrastructure hacks, minimize advanced persistent threats, neutralize malicious code, secure web and database applications, and fortify UNIX networks. Hacking Exposed 7: Network Security Secrets & Solutions contains all-new visual maps and a comprehensive “countermeasures cookbook.”

• Obstruct APTs and web-based meta-exploits
• Defend against UNIX-based root access and buffer overflow hacks
• Block SQL injection, spear phishing, and embedded-code attacks
• Detect and terminate rootkits, Trojans, bots, worms, and malware
• Lock down remote access using smartcards and hardware tokens
• Protect 802.11 WLANs with multilayered encryption and gateways
• Plug holes in VoIP, social networking, cloud, and Web 2.0 services
• Learn about the latest iPhone and Android attacks and how to protect yourself

Table of Contents

Part I Casing the Establishment

▼ 1 Footprinting

▼ 2 Scanning

▼ 3 Enumeration

Part II Endpoint and Server Hacking

▼ 4 Hacking Windows

▼ 5 Hacking UNIX

▼ 6 Cybercrime and Advanced Persistent Threats

Part III Infrastructure Hacking

▼ 7 Remote Connectivity and VoIP Hacking

▼ 8 Wireless Hacking

▼ 9 Hacking Hardware

Part IV Application and Data Hacking

▼ 10 Web and Database Hacking

▼ 11 Mobile Hacking

▼ 12 Countermeasures Cookbook

Part V Appendixes

▼ A Ports

▼ B Top 10 Security Vulnerabilities

▼ C Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks

About the Authors

Stuart McClure, CNE, CCSE, Global CTO for McAfee/Intel, is responsible for a nearly $3B consumer and corporate security products business. During his tenure at McAfee, Stuart has also held the General Manager position for the Security Management Business for McAfee/Intel, which enabled all McAfee corporate security products to be operationalized, managed, and measured. Alongside those roles, Stuart has also run an elite team of good guy hackers inside McAfee called TRACE that discovered new vulnerabilities and emerging threats. Previously, Stuart helped run security at the largest healthcare company in the U.S., Kaiser Permanente. In 1999, Stuart was also the original founder of Foundstone, Inc., a global consulting and products company, which was acquired by McAfee in 2004. Stuart is the lead author and original founder of the Hacking Exposed series of books and has been hacking for the good guys for over 25 years. Widely recognized and asked to present his extensive and in-depth knowledge of hacking and exploitation techniques, Stuart is considered one of the industrys leading authorities on information security risk today. A well-published and acclaimed security visionary, McClure brings a wealth of technical and executive leadership with a profound understanding of both the threat landscape and the operational and financial risk requirements to be successful in todays world. Stuart is often quoted in most all mainstream news outlets.

Joel Scambray, CISSP, is Managing Principal with Citigal as well as Co-Founder of Consciere LLC. He was previously chief strategy officer for Leviathan Security Group. He has assisted companies ranging from newly minted startups to members of the Fortune 50 in addressing information security challenges and opportunities for over a dozen years. Joel's background includes roles as an executive, technical consultant, and entrepreneur. He was a senior director at Microsoft Corporation, where he led Microsoft's online services security efforts for three years before joining the Windows platform and services division to focus on security technology architecture. Joel also co-founded security software and services startup Foundstone, Inc. He has also held positions as a Manager for Ernst & Young, Chief Strategy Officer for Leviathan, security columnist for Microsoft TechNet, Editor at Large for InfoWorld Magazine, and director of IT for a major commercial real estate firm. Joel has spoken widely on information security at forums including Black Hat, I-4, and The Asia Europe Meeting (ASEM), as well as organizations including CERT, CSI, ISSA, ISACA, SANS, private corporations, and government agencies such as the Korean Information Security Agency (KISA), FBI, and the RCMP. Joel Scambray is the co-author of all 6 editions of Hacking Exposed. He is also the lead author of Hacking Exposed Windows and Hacking Exposed Web Applications.

George Kurtz is co-founder and CEO of CrowdStrike, a cutting-edge big data security technology company focused on helping enterprises and governments protect their most sensitive intellectual property and national security information. George Kurtz is also an internationally recognized security expert, author, entrepreneur, and speaker. He has almost twenty years of experience in the security space and has helped hundreds of large organizations and government agencies around the world tackle the most demanding security problems. His entrepreneurial background and ability to commercialize nascent technologies has enabled him to drive innovation throughout his career by identifying market trends and correlating them with customer feedback, resulting in rapid growth for the businesses he has run. In 2011 George relinquished his role as McAfees Worldwide Chief Technology Officer to his co-author and raised $26M in venture capital to create CrowdStrike. During his tenure as McAfees CTO, Kurtz was responsible for driving the integrated security architectures and platforms across the entire McAfee portfolio. Kurtz also helped drive the acquisition strategy that allowed McAfee to grow from $1b in revenue in 2007 to over $2.5b in 2011. In one of the largest tech M&A deals in 2011, Intel (INTC) acquired McAfee for nearly $8b. Prior to joining McAfee, Kurtz was Chief Executive Officer and co-founder of Foundstone, Inc., which was acquired by McAfee in October 2004. You can follow George on Twitter @george_kurtz or his blog at http://www.securitybattlefield.com.