Cyber Secuity Essentials, CRC Press

Edited by James Graham, Richard Howard, Ryan Olson

Auerbach PublicationsTaylor & Francis Group
6000 Broken Sound Parkway NW, Suite 300
Boca Raton, FL 33487-2742

E-books Shop
Cyber Secuity Essentials

About the Authors
This book is the direct result of the outstanding efforts of a talented pool of security analysts, editors, business leaders, and security professionals, all of whom work for iDefense® Security Intelligence Services; a business unit of VeriSign, Inc.
iDefense is an open-source, cyber security intelligence operation that maintains expertise in vulnerability research and alerting, exploit development, malicious code analysis, underground monitoring, and international actor attribution. iDefense provides intelligence products to Fortune 1,000 companies and “three-letter agencies” in various world governments. iDefense also maintains the Security Operations
Center for the Financial Sector Information Sharing and Analysis
Center (FS-ISAC), one of 17 ISACs mandated by the US government to facilitate information sharing throughout the country’s business sectors.
iDefense has the industry-unique capability of determining not only the technical details of cyber security threats and events (the “what,” the “when,” and the “where”), but because of their international presence,
iDefense personnel can ascertain the most likely actors and motivations behind these attacks (the “who” and the “why”). For more information, please contact customerservice@idefense.com.

© 2011 by Taylor and Francis Group, LLC
Auerbach Publications is an imprint of Taylor & Francis Group, an Informa business
No claim to original U.S. Government works
Printed in the United States of America on acid-free paper 10 9 8 7 6 5 4 3 2 1
International Standard Book Number-13: 978-1-4398-5126-5 (Ebook-PDF)

Trademark Notice: 
Product or corporate names may be trademarks or registered trademarks, and are
used only for identification and explanation without intent to infringe.
Visit the Taylor & Francis Web site at
and the Auerbach Web site at

Contents
A Note from the Executive Editors
About the Authors
Contributors
Chapter 1 C yber Security Fundamentals
1.1 Network and Security Concepts
1.1.1 Information Assurance Fundamentals
1.1.1.1 Authentication
1.1.1.2 Authorization
1.1.1.3 Nonrepudiation
1.1.1.4 Confidentiality 
1.1.1.5 Integrity 
1.1.1.6 Availability 
1.1.2 Basic Cryptography 
1.1.3 Symmetric Encryption 
1.1.3.1 Example of Simple Symmetric Encryption with Exclusive OR (XOR)
1.1.3.2 Improving upon Stream Ciphers with Block Ciphers
1.1.4 Public Key Encryption
1.1.5 The Domain Name System (DNS)
1.1.6 Firewalls
1.1.6.1 History Lesson 
1.1.6.2 What’s in a Name? 
1.1.6.3 Packet-Filtering Firewalls
1.1.6.4 Stateful Firewalls 
1.1.6.5 Application Gateway Firewalls
1.1.6.6 Conclusions 
1.1.7 Virtualization 
1.1.7.1 In the Beginning, There Was Blue … 
1.1.7.2 The Virtualization Menu
1.1.7.3 Full Virtualization
1.1.7.4 Getting a Helping Hand from the Processor
1.1.7.5 If All Else Fails, Break It to Fix It
1.1.7.6 Use What You Have
1.1.7.7 Doing It the Hard Way
1.1.7.8 Biting the Hand That Feeds
1.1.7.9 Conclusion 
1.1.8 Radio-Frequency Identification
1.1.8.1 Identify What? 
1.1.8.2 Security and Privacy Concerns
1.2 Microsoft Windows Security Principles 
1.2.1 Windows Tokens
1.2.1.1 Introduction
1.2.1.2 Concepts behind Windows Tokens 
1.2.1.3 Access Control Lists
1.2.1.4 Conclusions 
1.2.2 Window Messaging 
1.2.2.1 Malicious Uses of Window Messages
1.2.2.2 Solving Problems with Window Messages 
1.2.3 Windows Program Execution
1.2.3.1 Validation of Parameters
1.2.3.2 Load Image, Make Decisions
1.2.3.3 Creating the Process Object
1.2.3.4 Context Initialization 
1.2.3.5 Windows Subsystem Post Initialization 
1.2.3.6 Initial Thread … Go! 
1.2.3.7 Down to the Final Steps 
1.2.3.8 Exploiting Windows Execution for Fun and Profit
1.2.4 The Windows Firewall 
References 
Chapter 2 Attacker Techniques an d Motivations
2.1 How Hackers Cover Their Tracks (Antiforensics)
2.1.1 How and Why Attackers Use Proxies
3.1.6.2 Creating Malicious PDF Files
3.1.6.3 Reducing the Risks of Malicious PDF Files
3.1.6.4 Concluding Comments
3.1.7 Race Conditions
3.1.7.1 Examples of Race Conditions
3.1.7.2 Detecting and Preventing Race Conditions 
3.1.7.3 Conclusion 
3.1.8.1 Features for Hiding
3.1.8.2 Commercial Web Exploit Tools and Services
3.1.8.3 Updates, Statistics, and Administration
3.1.8.4 Proliferation of Web Exploit Tools Despite Protections 
3.1.9 DoS Conditions
3.1.10 Brute Force and Dictionary Attacks
3.1.10.1 Attack 
3.2 Misdirection, Reconnaissance, and Disruption Methods
3.2.1 Cross-Site Scripting (XSS)
3.2.2 Social Engineering 
3.2.3 WarXing 
3.2.4 DNS Amplification Attacks 
3.2.4.1 Defeating Amplification
References 
Chapter 4 M alicious Code
4.1 Self-Replicating Malicious Code
4.1.1 Worms 
4.1.2 Viruses 
4.2 Evading Detection and Elevating Privileges 
4.2.1 Obfuscation 
4.2.2 Virtual Machine Obfuscation
4.2.3 Persistent Software Techniques 
4.2.3.1 Basic Input–Output System (BIOS)/Complementary Metal-Oxide Semiconductor (CMOS) and Master Boot Record (MBR) Malicious Code
4.2.3.2 Hypervisors
4.2.3.3 Legacy Text Files
4.2.3.4 Autostart Registry Entries
4.2.3.5 Start Menu “Startup” Folder 
4.2.3.6 Detecting Autostart Entries 
4.2.4 Rootkits 
4.2.4.1 User Mode Rootkits 
4.2.4.2 Kernel Mode Rootkits
4.2.4.3 Conclusion 
4.2.5 Spyware
4.2.6 Attacks against Privileged User Accounts and Escalation of Privileges
4.2.6.1 Many Users Already Have Administrator Permissions
4.2.6.2 Getting Administrator Permissions
4.2.6.3 Conclusion
4.2.7 Token Kidnapping
4.2.8 Virtual Machine Detection
4.2.8.1 Fingerprints Everywhere!
4.2.8.2 Understanding the Rules of the Neighborhood
4.2.8.3 Detecting Communication with the Outside World
4.2.8.4 Putting It All Together
4.2.8.5 The New Hope 
4.2.8.6 Conclusion
4.3 Stealing Information and Exploitation
4.3.2 Man-in-the-Middle Attacks
4.3.2.1 Detecting and Preventing MITM Attacks
4.3.3 DLL Injection 
4.3.3.1 Windows Registry DLL Injection 
4.3.3.2 Injecting Applications
4.3.3.3 Reflective DLL Injections 
4.3.3.4 Conclusion
4.3.4 Browser Helper Objects
4.3.4.1 Security Implications
References
Chapter 5 D efense an d Ana lysis Techniques
5.1 Memory Forensics
5.1.1 Why Memory Forensics Is Important
5.1.2 Capabilities of Memory Forensics 
5.1.3 Memory Analysis Frameworks 
5.1.4 Dumping Physical Memory
5.1.5 Installing and Using Volatility 
5.1.6 Finding Hidden Processes 
5.1.7 Volatility Analyst Pack 
5.1.8 Conclusion
5.2 Honeypots
5.3 Malicious Code Naming
5.3.1 Concluding Comments
5.4 Automated Malicious Code Analysis Systems
5.4.1 Passive Analysis 
5.4.2 Active Analysis 
5.4.3 Physical or Virtual Machines
5.5 Intrusion Detection Systems
References 


 Screenshot 
E-books Shop

Purchase Now !
Just with Paypal



Product details
 Price
 File Size
 5,814 KB
 Pages
 331 p
 File Type
 PDF format
 ISBN-13
 978-1-4398-5126-5
 Copyright
 2011 by Taylor and Francis Group, LLC 
●▬▬▬▬▬❂❂❂▬▬▬▬▬●
●▬▬❂❂▬▬●
●▬❂▬●


═════ ═════

Previous Post Next Post