{"product_id":"network-attacks-and-exploitation-isbn-9781118987124","title":"Network Attacks and Exploitation","description":"\u003cb\u003eIncorporate offense and defense for a more effective network security strategy\u003c\/b\u003e  \u003cp\u003e\u003ci\u003eNetwork Attacks and Exploitation\u003c\/i\u003e provides a clear, comprehensive roadmap for developing a complete offensive and defensive strategy to engage in or thwart hacking and computer espionage. Written by an expert in both government and corporate vulnerability and security operations, this guide helps you understand the principles of the space and look beyond the individual technologies of the moment to develop durable comprehensive solutions. Numerous real-world examples illustrate the offensive and defensive concepts at work, including Conficker, Stuxnet, the Target compromise, and more. You will find clear guidance toward strategy, tools, and implementation, with practical advice on blocking systematic computer espionage and the theft of information from governments, companies, and individuals.\u003c\/p\u003e \u003cp\u003eAssaults and manipulation of computer networks are rampant around the world. One of the biggest challenges is fitting the ever-increasing amount of information into a whole plan or framework to develop the right strategies to thwart these attacks. This book clears the confusion by outlining the approaches that work, the tools that work, and resources needed to apply them.\u003c\/p\u003e \u003cul\u003e \u003cli\u003eUnderstand the fundamental concepts of computer network exploitation\u003c\/li\u003e \u003cli\u003eLearn the nature and tools of systematic attacks\u003c\/li\u003e \u003cli\u003eExamine offensive strategy and how attackers will seek to maintain their advantage\u003c\/li\u003e \u003cli\u003eUnderstand defensive strategy, and how current approaches fail to change the strategic balance\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eGovernments, criminals, companies, and individuals are all operating in a world without boundaries, where the laws, customs, and norms previously established over centuries are only beginning to take shape. Meanwhile computer espionage continues to grow in both frequency and impact. This book will help you mount a robust offense or a strategically sound defense against attacks and exploitation. For a clear roadmap to better network security, \u003ci\u003eNetwork Attacks and Exploitation\u003c\/i\u003e is your complete and practical guide.\u003c\/p\u003e \u003cp\u003eIntroduction xvii\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 Computer Network Exploitation 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eOperations 4\u003c\/p\u003e \u003cp\u003eOperational Objectives 5\u003c\/p\u003e \u003cp\u003eStrategic Collection 6\u003c\/p\u003e \u003cp\u003eDirected Collection 7\u003c\/p\u003e \u003cp\u003eNon-Kinetic Computer Network Attack (CNA) 7\u003c\/p\u003e \u003cp\u003eStrategic Access 9\u003c\/p\u003e \u003cp\u003ePositional Access 9\u003c\/p\u003e \u003cp\u003eCNE Revisited 11\u003c\/p\u003e \u003cp\u003eA Framework for Computer Network Exploitation 11\u003c\/p\u003e \u003cp\u003eFirst Principles 12\u003c\/p\u003e \u003cp\u003ePrinciples 12\u003c\/p\u003e \u003cp\u003eThemes 14\u003c\/p\u003e \u003cp\u003eSummary 15\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 The Attacker 17\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePrinciple of Humanity 17\u003c\/p\u003e \u003cp\u003eLife Cycle of an Operation 18\u003c\/p\u003e \u003cp\u003eStage 1: Targeting 19\u003c\/p\u003e \u003cp\u003eStage 2: Initial Access 22\u003c\/p\u003e \u003cp\u003eStage 3: Persistence 24\u003c\/p\u003e \u003cp\u003eStage 4: Expansion 25\u003c\/p\u003e \u003cp\u003eStage 5: Exfiltration 26\u003c\/p\u003e \u003cp\u003eStage 6: Detection 26\u003c\/p\u003e \u003cp\u003ePrinciple of Access 27\u003c\/p\u003e \u003cp\u003eInbound Access 27\u003c\/p\u003e \u003cp\u003eOutbound Access 29\u003c\/p\u003e \u003cp\u003eBidirectional Access 35\u003c\/p\u003e \u003cp\u003eNo Outside Access 35\u003c\/p\u003e \u003cp\u003eAccess Summary 36\u003c\/p\u003e \u003cp\u003ePrinciple of Economy 37\u003c\/p\u003e \u003cp\u003eTime 37\u003c\/p\u003e \u003cp\u003eTargeting Capabilities 37\u003c\/p\u003e \u003cp\u003eExploitation Expertise 38\u003c\/p\u003e \u003cp\u003eNetworking Expertise 38\u003c\/p\u003e \u003cp\u003eSoftware Development Expertise 39\u003c\/p\u003e \u003cp\u003eOperational Expertise 40\u003c\/p\u003e \u003cp\u003eOperational Analysis Expertise 40\u003c\/p\u003e \u003cp\u003eTechnical Resources 41\u003c\/p\u003e \u003cp\u003eEconomy Summary 41\u003c\/p\u003e \u003cp\u003eAttacker Structure 41\u003c\/p\u003e \u003cp\u003eSummary 43\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 The Defender 45\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePrinciple of Humanity 45\u003c\/p\u003e \u003cp\u003eHumanity and Network Layout 46\u003c\/p\u003e \u003cp\u003eHumanity and Security Policy 47\u003c\/p\u003e \u003cp\u003ePrinciple of Access 48\u003c\/p\u003e \u003cp\u003eThe Defensive Life Cycle 49\u003c\/p\u003e \u003cp\u003ePrinciple of Economy 51\u003c\/p\u003e \u003cp\u003eThe Helpful Defender 53\u003c\/p\u003e \u003cp\u003eSummary 54\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 Asymmetries 55\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eFalse Asymmetries 56\u003c\/p\u003e \u003cp\u003eAdvantage Attacker 59\u003c\/p\u003e \u003cp\u003eMotivation 60\u003c\/p\u003e \u003cp\u003eInitiative 61\u003c\/p\u003e \u003cp\u003eFocus 62\u003c\/p\u003e \u003cp\u003eEffect of Failure 62\u003c\/p\u003e \u003cp\u003eKnowledge of Technology 64\u003c\/p\u003e \u003cp\u003eAnalysis of Opponent 64\u003c\/p\u003e \u003cp\u003eTailored Software 65\u003c\/p\u003e \u003cp\u003eRate of Change 66\u003c\/p\u003e \u003cp\u003eAdvantage Defender 67\u003c\/p\u003e \u003cp\u003eNetwork Awareness 68\u003c\/p\u003e \u003cp\u003eNetwork Posture 68\u003c\/p\u003e \u003cp\u003eAdvantage Indeterminate 69\u003c\/p\u003e \u003cp\u003eTime 69\u003c\/p\u003e \u003cp\u003eEfficiency 70\u003c\/p\u003e \u003cp\u003eSummary 71\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 Attacker Frictions 73\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eMistakes 74\u003c\/p\u003e \u003cp\u003eComplexity 74\u003c\/p\u003e \u003cp\u003eFlawed Attack Tools 75\u003c\/p\u003e \u003cp\u003eUpgrades and Updates 77\u003c\/p\u003e \u003cp\u003eOther Attackers 78\u003c\/p\u003e \u003cp\u003eThe Security Community 80\u003c\/p\u003e \u003cp\u003eBad Luck 81\u003c\/p\u003e \u003cp\u003eSummary 81\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 Defender Frictions 83\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eMistakes 83\u003c\/p\u003e \u003cp\u003eFlawed Software 84\u003c\/p\u003e \u003cp\u003eInertia 86\u003c\/p\u003e \u003cp\u003eThe Security Community 87\u003c\/p\u003e \u003cp\u003eComplexity 89\u003c\/p\u003e \u003cp\u003eUsers 91\u003c\/p\u003e \u003cp\u003eBad Luck 92\u003c\/p\u003e \u003cp\u003eSummary 92\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7 Offensive Strategy 93\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePrinciple 1: Knowledge 95\u003c\/p\u003e \u003cp\u003eMeasuring Knowledge 96\u003c\/p\u003e \u003cp\u003ePrinciple 2: Awareness 97\u003c\/p\u003e \u003cp\u003eMeasuring Awareness 98\u003c\/p\u003e \u003cp\u003ePrinciple 3: Innovation 98\u003c\/p\u003e \u003cp\u003eMeasuring Innovation 99\u003c\/p\u003e \u003cp\u003eDefensive Innovation 100\u003c\/p\u003e \u003cp\u003ePrinciple 4: Precaution 101\u003c\/p\u003e \u003cp\u003eMeasuring Precaution 103\u003c\/p\u003e \u003cp\u003ePrinciple 5: Operational Security 105\u003c\/p\u003e \u003cp\u003eMinimizing Exposure 106\u003c\/p\u003e \u003cp\u003eMinimizing Recognition 107\u003c\/p\u003e \u003cp\u003eControlling Reaction 108\u003c\/p\u003e \u003cp\u003eMeasuring Operational Security 109\u003c\/p\u003e \u003cp\u003ePrinciple 6: Program Security 110\u003c\/p\u003e \u003cp\u003eAttacker Liabilities 110\u003c\/p\u003e \u003cp\u003eProgram Security Costs 112\u003c\/p\u003e \u003cp\u003eMeasuring Program Security 120\u003c\/p\u003e \u003cp\u003eCrafting an Offensive Strategy 121\u003c\/p\u003e \u003cp\u003eModular Frameworks 124\u003c\/p\u003e \u003cp\u003eA Note on Tactical Decisions 126\u003c\/p\u003e \u003cp\u003eSummary 127\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8 Defensive Strategy 129\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eFailed Tactics 130\u003c\/p\u003e \u003cp\u003eAntivirus and Signature-Based Detection 130\u003c\/p\u003e \u003cp\u003ePassword Policies 132\u003c\/p\u003e \u003cp\u003eUser Training 134\u003c\/p\u003e \u003cp\u003eCrafting a Defensive Strategy 135\u003c\/p\u003e \u003cp\u003eCloud-Based Security 143\u003c\/p\u003e \u003cp\u003eSummary 145\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9 Offensive Case Studies 147\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eStuxnet 148\u003c\/p\u003e \u003cp\u003eAccess 148\u003c\/p\u003e \u003cp\u003eEconomy 149\u003c\/p\u003e \u003cp\u003eHumanity 149\u003c\/p\u003e \u003cp\u003eKnowledge 149\u003c\/p\u003e \u003cp\u003eAwareness 149\u003c\/p\u003e \u003cp\u003ePrecaution 150\u003c\/p\u003e \u003cp\u003eInnovation 151\u003c\/p\u003e \u003cp\u003eOperational Security 151\u003c\/p\u003e \u003cp\u003eProgram Security 153\u003c\/p\u003e \u003cp\u003eStuxnet Summary 154\u003c\/p\u003e \u003cp\u003eFlame 154\u003c\/p\u003e \u003cp\u003eGauss 157\u003c\/p\u003e \u003cp\u003eDragonfly 159\u003c\/p\u003e \u003cp\u003eRed October 160\u003c\/p\u003e \u003cp\u003eAPT 1 162\u003c\/p\u003e \u003cp\u003eAxiom 164\u003c\/p\u003e \u003cp\u003eSummary 165\u003c\/p\u003e \u003cp\u003eEpilogue 167\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix Attack Tools 169\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAntivirus Defeats 169\u003c\/p\u003e \u003cp\u003eAudio\/Webcam Recording 170\u003c\/p\u003e \u003cp\u003eBackdoor 170\u003c\/p\u003e \u003cp\u003eBootkit 171\u003c\/p\u003e \u003cp\u003eCollection Tools 171\u003c\/p\u003e \u003cp\u003eExploits 171\u003c\/p\u003e \u003cp\u003eFuzzer 172\u003c\/p\u003e \u003cp\u003eHardware-based Trojan 172\u003c\/p\u003e \u003cp\u003eImplant 173\u003c\/p\u003e \u003cp\u003eKeystroke Logger 173\u003c\/p\u003e \u003cp\u003eNetwork Capture 173\u003c\/p\u003e \u003cp\u003eNetwork Survey 173\u003c\/p\u003e \u003cp\u003eNetwork Tunnel 174\u003c\/p\u003e \u003cp\u003ePassword Dumpers and Crackers 174\u003c\/p\u003e \u003cp\u003ePacker 175\u003c\/p\u003e \u003cp\u003ePersistence Mechanism 175\u003c\/p\u003e \u003cp\u003ePolymorphic Code Generator 177\u003c\/p\u003e \u003cp\u003eRootkit 178\u003c\/p\u003e \u003cp\u003eScreen Scraper 178\u003c\/p\u003e \u003cp\u003eSystem Survey 178\u003c\/p\u003e \u003cp\u003eVulnerability Scanner 178\u003c\/p\u003e \u003cp\u003eReferences 179\u003c\/p\u003e \u003cp\u003eBibliography 189\u003c\/p\u003e \u003cp\u003eIndex 193\u003c\/p\u003e   \u003cp\u003e\u003cb\u003eMATTHEW MONTE\u003c\/b\u003e is a security expert with 15 years experience developing computer security tools and strategies for corporations and the U.S. government. His career includes technical and leadership positions in industry and the U.S. intelligence community. He holds a Master of Engineering in Computer Science degree from Cornell University.      \u003c\/p\u003e\u003cp\u003e\u003cb\u003eEnhance network security with both offensive and defensive strategies\u003c\/b\u003e  \u003c\/p\u003e\u003cp\u003eIt's not enough just to defend your network against attack. For truly effective security, you need both defensive and offensive strategies in a unified framework. This book provides a clear, comprehensive roadmap for developing a complete offensive and defensive strategy to engage in or thwart hacking and computer espionage.  \u003c\/p\u003e\u003cp\u003eWritten by an expert in both government and corporate vulnerability and security operations, this guide takes you beyond the individual technologies to help you develop durable, far-reaching solutions. More than introducing tools and how to use them, it provides an essential understanding of the inherent properties of computer operations and the principles of network attack and exploitation. Supported by real-world examples, this book outlines the approaches that work, the tools that work, and the resources needed to apply them. You will:  \u003c\/p\u003e\u003cul\u003e \u003cli\u003eUnderstand the fundamental concepts of computer exploitation\u003c\/li\u003e \u003cli\u003eLearn the nature of systematic attacks and the tools that are used\u003c\/li\u003e \u003cli\u003eExamine offensive strategies and how hackers will attempt to maintain their advantage\u003c\/li\u003e \u003cli\u003eGain a better understanding of defensive strategy\u003c\/li\u003e \u003cli\u003eSee how current approaches fail to change the strategic balance\u003c\/li\u003e \u003cli\u003eBe able to mount a robust offense or a strategically sound defense against attacks and exploitation\u003c\/li\u003e \u003c\/ul\u003e  \u003cp\u003eWhere network security is concerned, we operate in a world where laws and customs are still evolving. In this book, you will find clear guidance toward strategy, tools, and implementation, with practical advice on blocking systematic computer espionage and the theft of information.\u003c\/p\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47989680865509,"sku":"NP9781118987124","price":47.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781118987124.jpg?v=1761785080","url":"https:\/\/k12savings.com\/products\/network-attacks-and-exploitation-isbn-9781118987124","provider":"K12savings","version":"1.0","type":"link"}