RE: Penetration Whitepapers

From: Erik Birkholz (erik_at_foundstone.com)
Date: 02/18/04

  • Next message: xterrabart_at_comcast.net: "Retraction of statement...OPST vs. CEH thread" 
    Date: Tue, 17 Feb 2004 19:02:23 -0800
To: "Technoboy" <technoboy@packetswar.org>, <pen-test@securityfocus.com>

    <Blatant_Bias_Warning> I am the lead author on the Special Ops book. </Blatant_Bias_Warning>

            In Special Ops (www.SpecialOpsSecurity.com) we have a minimum of one case study per chapter. That should help you along. Additionally, the Incident Response books by Osborne are a great read if you are focused on the response part.

            The problem I see with your post is that it is VERY broad. Give us some more specifics and I think you will get a better response. For example, who is your audience? Then move into, what is your goal for this data given the audience you selected. Then we should be able to chime in effectively. Otherwise, you can probably expect emails that plug this or that book... Wait! Ummm. Err. Too late. ;)

    -----Original Message-----
    From: Technoboy [mailto:technoboy@packetswar.org]
    Sent: Monday, February 16, 2004 9:56 AM
    To: pen-test@securityfocus.com
    Subject: RE: Penetration Whitepapers

    For 'real life example' I would also recommand the following books:

    Addison Wesley - Web Hacking Attacks and Defence [ISBM:0201761769] Prentice Hall PTR - IT Security: Risking the Corporation [ISBN:013101112]

    The Prentice book might be exactly what you are looking for.

    Hope it help,

    -
    Anon

    -----Original Message-----
    From: Ricardo AbrahamAréchiga Cervantes [mailto:raac@academ01.gda.itesm.mx]
    Sent: Friday, February 13, 2004 6:21 PM
    To: pen-test@securityfocus.com
    Cc: Rob Havelt
    Subject: Re: Penetration Whitepapers

    Hi,

    Too much fiction, but this books can help you:

    - Hacker's Challenge 2: Test Your Network Security & Forensic Skills
    - Stealing the Network: How to Own the Box

    Ricardo Abraham

    Rob Havelt wrote:
    > I'm looking for either white papers or case studies or some such
    > detailing actual real world attacks (more like real-world computer
    > crime, computer fraud, internal attacks, etc. and less on the damage
    > from worms or virus, DDoS, or the like) on companies who either didn't
    > know that they had a bad security posture, couldn't keep on top of
    > infosec issues, or ones who knew (either as the result of a pen test,
    > health check, or some other VA) and simply didn't take any steps
    > toward remediation.

    ---------------------------------------------------------------------------
    Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

    Protect your network with the comprehensive security solution that
    integrates six applications for ease of use and lower TCO.

    Firewall - Virus protection - Spam protection - URL blocking - VPN
    - Wireless security.

    Download 30-day evaluation at:
    http://www.astaro.com/php/contact/securityfocus.php
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

    Protect your network with the comprehensive security solution that
    integrates six applications for ease of use and lower TCO.

    Firewall - Virus protection - Spam protection - URL blocking - VPN
    - Wireless security.

    Download 30-day evaluation at:
    http://www.astaro.com/php/contact/securityfocus.php
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

    Protect your network with the comprehensive security solution that
    integrates six applications for ease of use and lower TCO.

    Firewall - Virus protection - Spam protection - URL blocking - VPN
    - Wireless security.

    Download 30-day evaluation at:
    http://www.astaro.com/php/contact/securityfocus.php
    ----------------------------------------------------------------------------

  • Next message: xterrabart_at_comcast.net: "Retraction of statement...OPST vs. CEH thread"

    Relevant Pages

    • Re: learning ethical hacking
      ... On Tue, 2004-08-31 at 09:13, linux user wrote: ... > operatings system through a deep exopsure to security. ... > of books, mailing lists, and training courses, i also stumbled once on ... > the main objective is secure a career in network security. ...
      (Security-Basics)
    • Re: Keen to test out root kits
      ... I am keen to test out root kits on my lap-top. ... lap-top / home network? ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
      (Security-Basics)
    • Re: learning ethical hacking
      ... lu> operatings system through a deep exopsure to security. ... lu> the main objective is secure a career in network security. ... Richard Steven (he wrote nice books about UNIX's procedures) - look in google. ... Computer Forensics Training at the InfoSec Institute. ...
      (Security-Basics)
    • Re: Cyber Law book recommendation?
      ... >> Can someone suggest a GOOD Cyber Law book? ... > He's written two books so far ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
      (Security-Basics)
    • Re: Re: Web Application Hackers Handbook
      ... I think there are a handful of books that should be of course ... security and this is one of them. ... measure to protect your network. ... Francesco Vaj ...
      (Pen-Test)