Books about Penetration from Amazon.com

A self-respecting Google hacker spends hours trolling the Internet for juicy stuff. Firing off search after search, they thrive on the thrill of finding clean, mean, streamlined queries and get a real rush from sharing those queries and trading screenshots of their findings. I know because I've seen it with my own eyes. As the founder of the Google Hacking Database (GHDB) and the Search engine hacking forums at http://johnny.ihackstuff.com, I am constantly amazed at what the Google hacking community comes up with. It turns out the rumors are true-creative Google searches can reveal medical, financial, proprietary and even classified information. Despite government edicts, regulation and protection acts like HIPPA and the constant barking of security watchdogs, this problem still persists. Stuff still makes it out onto the web, and Google hackers snatch it right up. Protect yourself from Google hackers with this new volume of information.
-Johnny Long

. Learn Google Searching Basics
Explore Google's Web-based Interface, build Google queries, and work with Google URLs.
. Use Advanced Operators to Perform Advanced Queries
Combine advanced operators and learn about colliding operators and bad search-fu.
. Learn the Ways of the Google Hacker
See how to use caches for anonymity and review directory listings and traversal techniques.
. Review Document Grinding and Database Digging
See the ways to use Google to locate documents and then search within the documents to locate information.
. Understand Google's Part in an Information Collection Framework
Learn the principles of automating searches and the applications of data mining.
. Locate Exploits and Finding Targets
Locate exploit code and then vulnerable targets.
. See Ten Simple Security Searches
Learn a few searches that give good results just about every time and are good for a security assessment.
. Track Down Web Servers
Locate and profile web servers, login portals, network hardware and utilities.
. See How Bad Guys Troll for Data
Find ways to search for usernames, passwords, credit card numbers, social security numbers, and other juicy information.
. Hack Google Services
Learn more about the AJAX Search API, Calendar, Blogger, Blog Search, and more..
Price: $28.99 [Notify me when price goes down.]

Penetration testing a network requires a delicate balance of art and science A penetration tester must be creative enough to think outside of the box to determine the best attack vector into his own network, and also be expert in using the literally hundreds of tools required to execute the plan. This second volume adds over 300 new pentesting applications included with BackTrack 2 to the pen tester's toolkit. It includes the latest information on Snort, Nessus, Wireshark, Metasploit, Kismet and all of the other major Open Source platforms.

. Perform Network Reconnaissance
Master the objectives, methodology, and tools of the least understood aspect of a penetration test.
. Demystify Enumeration and Scanning
Identify the purpose and type of the target systems, obtain specific information about the versions of the services that are running on the systems, and list the targets and services.
. Hack Database Services
Understand and identify common database service vulnerabilities, discover database services, attack database authentication mechanisms, analyze the contents of the database, and use the database to obtain access to the host operating system.
. Test Web Servers and Applications
Compromise the Web server due to vulnerabilities on the server daemon itself, its unhardened state, or vulnerabilities within the Web applications.
. Test Wireless Networks and Devices
Understand WLAN vulnerabilities, attack WLAN encryption, master information gathering tools, and deploy exploitation tools.
. Examine Vulnerabilities on Network Routers and Switches
Use Traceroute, Nmap, ike-scan, Cisco Torch, Finger, Nessus, onesixtyone, Hydra, Ettercap, and more to attack your network devices.
. Customize BackTrack 2
Torque BackTrack 2 for your specialized needs through module management, unique hard drive installations, and USB installations.
. Perform Forensic Discovery and Analysis with BackTrack 2
Use BackTrack in the field for forensic analysis, image acquisition, and file carving.
. Build Your Own PenTesting Lab
Everything you need to build your own fully functional attack lab..
Price: $31.99 [Notify me when price goes down.]

To read the mind of your enemy, to turn his psyche to your own purpose, and to claim victory without ever landing a blow, these are the secrets of I-Hsing Masters of I-Hsing's greatest weapon, the Mind-Fist, gain more than an advantage over their foes, they gain control of them.

Dr. Haha Lung adds to his canon of easy-to-understand, relevant martial arts instruction with this indispensable guide to dominating your enemy's mind. In his previous classics, Mind Control and Mind Manipulation, he laid the groundwork for smashing your enemy's mental defenses. In Mind Penetration, Dr. Lung teaches the skills and techniques behind this seemingly supernatural ability to bend anyone to your will.

In this comprehensive guide to I-Hsing you will:

• Explore the origin and history of mind manipulation

• Discover its practice in the ancient Far East and in the modern West

• Learn how to control the minds of your enemies

• Gain confidence and knowledge through clear descriptions and helpful illustrations

.
Price: $6.47 [Notify me when price goes down.]

The Spy Within is the riveting true story of one of the most significant cases in the history of espionage, the longest-running penetration of an intelligence organization ever discovered
In October 1982, the FBI received notice from the CIA that was as cryptic as it was chilling: China was running a spy inside US intelligence. The CIA did not know, however, his identity, the agency he worked for, how long he had spent inside America’s secret community, or what information he was passing to China. Over the next three years, investigators labored frantically to identify the mole, to discover the secrets he had betrayed and the agents he had endangered, and to collect the evidence that would see him prosecuted for his crimes.
The FBI’s expansive investigation ultimately revealed that for more than thirty years – years encompassing such pivotal events as the Korean War, the Cultural Revolution, the Vietnam War, and President Richard Nixon’s groundbreaking visit to Beijing – Larry Chin, the CIA’s own top Chinese linguist, had been China’s top spy. Chin’s reports were circulated to China’s senior leadership, read by the likes of Mao Zedong, Zhou Enlai, and Deng Xiaoping. The methods employed by the intelligence services of China’s Communist regime – methods still very much in use today even as the two nations have evolved from Cold War enemies to economic rivals – have never before been so clearly and compellingly revealed to a general audience.
Tod Hoffman conducted exclusive interviews with key players in the affair, gained access to previously unreleased documents, and applied his own practical expertise as a spy-catcher to spin a captivating cat-and-mouse tale that is sure to become regarded as a classic of intelligence literature..
Price: $13.00 [Notify me when price goes down.]

There is no such thing as "perfect security" when it comes to keeping all systems intact and functioning properly. Good penetration (pen) testing creates a balance that allows a system to be secure while simultaneously being fully functional. With this book, you'll learn how to become an effective penetrator (i.e., a white hat or ethical hacker) in order to circumvent the security features of a Web application so that those features can be accurately evaluated and adequate security precautions can be put in place.

After a review of the basics of web applications, you'll be introduced to web application hacking concepts and techniques such as vulnerability analysis, attack simulation, results analysis, manuals, source code, and circuit diagrams. These web application hacking concepts and techniques will prove useful information for ultimately securing the resources that need your protection.

What you will learn from this book
* Surveillance techniques that an attacker uses when targeting a system for a strike
* Various types of issues that exist within the modern day web application space
* How to audit web services in order to assess areas of risk and exposure
* How to analyze your results and translate them into documentation that is useful for remediation
* Techniques for pen-testing trials to practice before a live project

Who this book is for

This book is for programmers, developers, and information security professionals who want to become familiar with web application security and how to audit it.

Wrox Professional guides are planned and written by working programmers to meet the real-world needs of programmers, developers, and IT professionals. Focused and relevant, they address the issues technology professionals face every day. They provide examples, practical solutions, and expert education in new technologies, all designed to help programmers do a better job..
Price: $17.99 [Notify me when price goes down.]

WarDriving and Wireless Penetration Testing brings together the premiere wireless penetration testers to outline how successful penetration testing of wireless networks is accomplished, as well as how to defend against these attacks. As wireless networking continues to spread in corporate and government use, security experts need to become familiar with the methodologies, tools, and tactics used by both penetration testers and attackers to compromise wireless networks and what they can do to both accomplish their jobs as penetration testers and how to protect networks from sophisticated attackers. WarDriving and Wireless Penetration Testing brings together the premiere wireless penetration testers to outline how successful penetration testing of wireless networks is accomplished, as well as how to defend against these attacks..
Price: $31.49 [Notify me when price goes down.]

Powerful, provocative, and raw, self-described punany poets take readers on an extraordinary erotic journey, melding poetry, short stories, and prose to explore the essence of black male and female sexuality.

The Punany Poets are pioneers of erotic entertainment, creating lush literary works that also encourage self-empowerment and safer sex. Punany Poets' founder Jessica Holter, whose urban classic Punany: The Hip Hop Psalms was featured on HBO's Real Sex, has adapted the Poets' compositions into a groundbreaking anthology created to rouse the senses and inspire the imagination. Vivid, compelling poems and prose pieces deal with every facet of modern love and lust, and blend tantalizing sensual imagery with an underlying message of urban-rooted AIDS awareness. Never preachy, always original, and guaranteed to stimulate the individual and the couple, Verbal Penetration is unique among poetry anthologies -- a riveting, multi-dimensional erotic experience with heart, soul, and message.

.
Price: $4.99 [Notify me when price goes down.]

This is the first fully integrated Penetration Testing book and bootable Linux CD containing the Auditor Security Collection which includes over 300 of the most effective and commonly used open source attack and penetration testing tools. This powerful tool kit and authoritative reference is written by the security industry's foremost penetration testers including HD Moore, Jay Beale, and SensePost. This unique package provides you with a completely portable and bootable Linux attack distribution and authoritative reference to the toolset included and the required methodology.

Penetration testing a network requires a delicate balance of art and science. A penetration tester must be creative enough to think outside of the box to determine all possible attack vector into his own network, and also be expert in using the literally hundreds of tools required to execute the plan and meticulously document their results. This book provides both the art and the science. The authors of the book are expert penetration testers who have developed many of the leading pen testing tools; such as the Metasploit framework. The authors allow the reader inside their heads to unravel the mysteries of thins like identifying targets, enumerating hosts, application fingerprinting, cracking passwords, and attacking exposed vulnerabilities. Along the way, the authors provide an invaluable reference to the hundreds of hijacking tools; sniffers; scanners; Web application; and vulnerability assessment tools from the bootable-Linux CD including the Metasploit Framework; ettercap, dsniff, Ethereal, Nmap, Paketto, Scanrand, Hydra, Paros, Nessus, and many more.

.
Price: $38.91 [Notify me when price goes down.]

This is the first book available for the Metasploit Framework (MSF), which is the attack platform of choice for one of the fastest growing careers in IT security: Penetration Testing. The book and companion Web site will provide professional penetration testers and security researchers with a fully integrated suite of tools for discovering, running, and testing exploit code. This book discusses how to use the Metasploit Framework (MSF) as an exploitation platform.

The book begins with a detailed discussion of the three MSF interfaces: msfweb, msfconsole, and msfcli .This chapter demonstrates all of the features offered by the MSF as an exploitation platform. With a solid understanding of MSF's capabilities, the book then details techniques for dramatically reducing the amount of time required for developing functional exploits. By working through a real-world vulnerabilities against a popular closed source applications, the reader will learn how to use the tools and MSF to quickly build reliable attacks as standalone exploits. The section will also explain how to integrate an exploit directly into the Metasploit Framework by providing a line-by-line analysis of an integrated exploit module. Details as to how the Metasploit engine drives the behind-the-scenes exploitation process will be covered, and along the way the reader will come to understand the advantages of exploitation frameworks. The final section of the book examines the Meterpreter payload system and teaches readers to develop completely new extensions that will integrate fluidly with the Metasploit Framework.

.
Price: $37.44 [Notify me when price goes down.]

What forces were behind Japan's emergence as the first non-Western colonial power at the turn of the twentieth century? Peter Duus brings a new perspective to Meiji expansionism in this pathbreaking study of Japan's acquisition of Korea, the largest of its colonial possessions. He shows how Japan's drive for empire was part of a larger goal to become the economic, diplomatic, and strategic equal of the Western countries who had imposed a humiliating treaty settlement on the country in the 1850s.
Duus maintains that two separate but interlinked processes, one political/military and the other economic, propelled Japan's imperialism. Every attempt at increasing Japanese political influence licensed new opportunities for trade, and each new push for Japanese economic interests buttressed, and sometimes justified, further political advances. The sword was the servant of the abacus, the abacus the agent of the sword.
While suggesting that Meiji imperialism shared much with the Western colonial expansion that provided both model and context, Duus also argues that it was "backward imperialism" shaped by a sense of inferiority vis-à-vis the West. Along with his detailed diplomatic and economic history, Duus offers a unique social history that illuminates the motivations and lifestyles of the overseas Japanese of the time, as well as the views that contemporary Japanese had of themselves and their fellow Asians..
Price: $26.05 [Notify me when price goes down.]