Book of Month: May May 5, 2009
Posted by y2h4ck in security books.Tags: Book of Month, security book, Web Hacking
add a comment

| Web Hacking from the Inside Out |
| Author: Michael Flenov |
| Publisher: A-List Publishing |
| Year: 2007 |
| Pages: 300 |
| Amazon’s book description: Covering new technologies used to search for vulnerabilities on websites from a hacker’s point of view, this book on Web security and optimization provides illustrated, practical examples such as attacks on click counters, flooding, forged parameters passed to the server, password attacks, and DoS and DDoS attacks. Including an investigation of the most secure and reliable solutions to Web security and optimization, this book considers the many utilities used by hackers, explains how to write secure applications, and offers numerous interesting algorithms for developers. The CD included contains programs intended for testing sites for vulnerabilities as well as useful utilities for Web security. |
Book of Month: April April 13, 2009
Posted by y2h4ck in security books.Tags: Books, disassembling, security
add a comment

| Disassembling Code: IDA Pro and SoftICE |
| Author: Vlad Pirogov |
| Publisher: A-List Publishing |
| Year: 2005 |
| Pages: 600 |
| Amazon’s book description: This book describes how software code analysis tools such as IDA Pro are used to disassemble programs written in high-level languages and recognize different elements of disassembled code in order to debug applications in less time. Also described are the basics of Assembly language programming (MASM) and the system and format of commands for the Intel microprocessor. Aspects of disassembling, analyzing, and debugging software code are considered in detail, and an overview of contemporary disassemblers and debuggers used when analyzing executable code is provided. The basics of working with these tools and their operating principles are also included, and emphasis is placed on analyzing software code and identifying the main structure of those languages in which they were written. |
Book of Month: March March 3, 2009
Posted by y2h4ck in security books.Tags: Book of Month, Rootkits, security book
add a comment

| Professional Rootkits |
| Author: Ric Vieler |
| Publisher: Wrox |
| Year: 2007 |
| Pages: 360 |
| Amazon’s book description: This book provides the detailed, step-by-step instructions and examples required to produce full-featured, robust rootkits. Presented in modular sections, source code from each chapter can be used separately or together to produce highlyspecific functionality. In addition, Vieler details the loading, configuration, and control techniques used to deploy rootkits. All ancillary software is fully detailed with supporting source code and links to the compilers, utilities, and scripts necessary to build and run every example provided. |
Book of Month: February February 2, 2009
Posted by y2h4ck in General Hacking, security books.Tags: Book of Month, hacking book, security book, wireless hacking
add a comment

| Hacking Exposed Wireless |
| Author: Johnny Cache, Vincent Liu |
| Publisher: McGraw-Hill Osborne Media |
| Year: 2007 |
| Pages: 386 |
| Amazon’s book description: Defend against the latest pervasive and devastating wireless attacks using the tactical security information contained in this comprehensive volume. Hacking Exposed Wireless reveals how hackers zero in on susceptible networks and peripherals, gain access, and execute debilitating attacks. Find out how to plug security holes in Wi-Fi/802.11 and Bluetooth systems and devices. You’ll also learn how to launch wireless exploits from Metasploit, employ bulletproof authentication and encryption, and sidestep insecure wireless hotspots. The book includes vital details on new, previously unpublished attacks alongside real-world countermeasures. |
Book of Month: December December 1, 2008
Posted by y2h4ck in security books.Tags: Book of Month, fuzzing, Gadi Evron, Noam Rathaus, Open source, security books
add a comment
| Open Source Fuzzing Tools |
| Author: Noam Rathaus, Gadi Evron |
| Publisher: Syngress |
| Year: 2007 |
| Pages: 448 |
| Amazon’s book description: Open Source Fuzzing Tools is the first book to market that covers the subject of black box testing using fuzzing techniques. Fuzzing has been around fow a while, but is making a transition from hacker home-grown tool to commercial-grade quality assurance product. Using fuzzing, developers can find and eliminate buffer overflows and other software vulnerabilities during the development process and before release. |
Book of Month: November November 1, 2008
Posted by y2h4ck in General Hacking, security books.Tags: Book of Month, disassembling, Ethical Hacking, exploit, hacker disassembling, Hacking, securtiy book
add a comment
| Hacker Disassembling Uncovered |
| Author: Kris Kaspersky |
| Publisher: A-List Publishing |
| Year: 2007 |
| Pages: 550 |
| Amazon’s book description: Going beyond the issues of analyzing and optimizing programs as well as creating the means of protecting information, this guide takes on the programming problem of how to go about disassembling a program with holes without its source code. Detailing hacking methods used to analyze programs using a debugger and disassembler such as virtual functions, local and global variables, branching, loops, objects and their hierarchy, and mathematical operators, this guide covers methods of fighting disassemblers, self-modifying code in operating systems, and executing code in the stack. Advanced disassembler topics such as optimizing compilers and movable code are discussed as well, and a CD-ROM that contains illustrations and the source codes for the programs is also included. |
Book of Month: September September 1, 2008
Posted by y2h4ck in General Hacking, General Security, security books.Tags: amazon, Book of Month, ida pro, security books
add a comment

| Reverse Engineering Code with IDA Pro |
| Author: Chris Paget, Walter Pearce, Damon Cortesi |
| Publisher: Syngress |
| Year: 2007 |
| Pages: 448 |
| Amazon’s book description: If you want to master the art and science of reverse engineering code with IDA Pro for security R&D or software debugging, this is the book for you. Highly organized and sophisticated criminal entities are constantly developing more complex, obfuscated, and armored viruses, worms, Trojans, and botnets. IDA Pros interactive interface and programmable development language provide you with complete control over code disassembly and debugging. This is the only book which focuses exclusively on the worlds most powerful and popular tool for reverse engineering code. |
Book of Month: July July 1, 2008
Posted by y2h4ck in security books.Tags: Ethical Hacking, Hacking, hacking books, Pentest, security books, security docs, y2h4ck
add a comment

| Network Security Assessment: Know Your Network |
| Author: Chris McNab |
| Publisher: O’Reilly Media |
| Year: 2007 |
| Pages: 504 |
| Amazon’s book description: How secure is your network? The best way to find out is to attack it. Network Security Assessment provides you with the tricks and tools professional security consultants use to identify and assess risks in Internet-based networks-the same penetration testing model they use to secure government, military, and commercial networks. With this book, you can adopt, refine, and reuse this testing model to design and deploy networks that are hardened and immune from attack. |
Book of Month: June June 2, 2008
Posted by y2h4ck in security books.Tags: Book of Month, Hacking, hacking book, pentest book, Pentesting, security, security book
add a comment

| The Web Application Hacker’s Handbook: Discovering and Exploiting Security Flaws |
| Author: Dafydd Stuttard, Marcus Pinto |
| Publisher: Wiley |
| Year: 2007 |
| Pages: 736 |
| Amazon’s book description: This book is a practical guide to discovering and exploiting security flaws in web applications. The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications. The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results. |





















