Bücher veröffentlicht von No Starch Press,US

Hacking APIs is a crash course in web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure.Hacking APIs is a crash course on web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure. You’ll learn how REST and GraphQL APIs work in the wild and set up a streamlined API testing lab with Burp Suite and Postman. Then you’ll master tools useful for reconnaissance, endpoint analysis, and fuzzing, such as Kiterunner and OWASP Amass. Next, you’ll learn to perform common attacks, like those targeting an API’s authentication mechanisms and the injection vulnerabilities commonly found in web applications. You’ll also learn techniques for bypassing protections against these attacks. In the book’s nine guided labs, which target intentionally vulnerable APIs, you’ll practice:Enumerating APIs users and endpoints using fuzzing techniquesUsing Postman to discover an excessive data exposure vulnerabilityPerforming a JSON Web Token attack against an API authentication processCombining multiple API attack techniques to perform a NoSQL injectionAttacking a GraphQL API to uncover a broken object level authorization vulnerability By the end of the book, you’ll be prepared to uncover those high-payout API bugs other hackers aren’t finding and improve the security of applications on the web.

An accessible yet rigorous crash course on recursive programming using Python and JavaScript examples.Recursion has an intimidating reputation: it's considered to be an advanced computer science topic frequently brought up in coding interviews. But there's nothing magical about recursion. The Recursive Book of Recursion uses Python and JavaScript examples to teach the basics of recursion, exposing the ways that it's often poorly taught and clarifying the fundamental principles of all recursive algorithms. You'll learn when to use recursive functions (and, most importantly, when not to use them), how to implement the classic recursive algorithms often brought up in job interviews, and how recursive techniques can help solve countless problems involving tree traversal, combinatorics, and other tricky topics. This project-based guide contains complete, runnable programs to help you learn: How recursive functions make use of the call stack, a critical data structure almost never discussed in lessons on recursionHow the head-tail and "leap of faith" techniques can simplify writing recursive functionsHow to use recursion to write custom search scripts for your filesystem, draw fractal art, create mazes, and moreHow optimization and memoization make recursive algorithms more efficient Al Sweigart has built a career explaining programming concepts in a fun, approachable manner. If you've shied away from learning recursion but want to add this technique to your programming toolkit, or if you're racing to prepare for your next job interview, this book is for you.

A comprehensive guide to the threats facing Apple computers and the foundational knowledge needed to become a proficient Mac malware analyst.Defenders must fully understand how malicious software works if they hope to stay ahead of the increasingly sophisticated threats facing Apple products today. The Art of Mac Malware: The Guide to Analyzing Malicious Software is a comprehensive handbook to cracking open these malicious programs and seeing what’s inside. Discover the secrets of nation state backdoors, destructive ransomware, and subversive cryptocurrency miners as you uncover their infection methods, persistence strategies, and insidious capabilities. Then work with and extend foundational reverse-engineering tools to extract and decrypt embedded strings, unpack protected Mach-O malware, and even reconstruct binary code. Next, using a debugger, you’ll execute the malware, instruction by instruction, to discover exactly how it operates. In the book’s final section, you’ll put these lessons into practice by analyzing a complex Mac malware specimen on your own.You’ll learn to:Recognize common infections vectors, persistence mechanisms, and payloads leveraged by Mac malwareTriage unknown samples in order to quickly classify them as benign or maliciousWork with static analysis tools, including disassemblers, in order to study malicious scripts and compiled binariesLeverage dynamical analysis tools, such as monitoring tools and debuggers, to gain further insight into sophisticated threatsQuickly identify and bypass anti-analysis techniques aimed at thwarting your analysis attemptsA former NSA hacker and current leader in the field of macOS threat analysis, Patrick Wardle uses real-world examples pulled from his original research. The Art of Mac Malware: The Guide to Analyzing Malicious Software is the definitive resource to battling these ever more prevalent and insidious Apple-focused threats.

Bug bounty programmes are company-sponsored programmes that invite researchers to search for vulnerabilities on their applications and reward them for their findings. This book is designed to help beginners with little to no security experience learn web hacking, find bugs, and stay competitive in this booming and lucrative industry. You''ll learn how to hack mobile apps, find vulnerabilities in APIs, and automate your hacking process. By the end of the book, you''ll have learned the tools and techniques necessary to be a competent web hacker and find bugs on a bug bounty programme.

Power up your Python with object-oriented programming and learn how to write powerful, efficient, and re-usable code.Object-Oriented Python is an intuitive and thorough guide to mastering object-oriented programming from the ground up. You’ll cover the basics of building classes and creating objects, and put theory into practice using the pygame package with clear examples that help visualize the object-oriented style. You’ll explore the key concepts of object-oriented programming — encapsulation, polymorphism, and inheritance — and learn not just how to code with objects, but the absolute best practices for doing so. Finally, you’ll bring it all together by building a complex video game, complete with full animations and sounds. The book covers two fully functional Python code packages that will speed up development of graphical user interface (GUI)  programs in Python.

A hands-on guide to hacking computer systems from the ground up, from capturing traffic to crafting sneaky, successful trojans.A crash course in modern hacking techniques, Ethical Hacking is already being used to prepare the next generation of offensive security experts. In its many hands-on labs, you’ll explore crucial skills for any aspiring penetration tester, security researcher, or malware analyst. You’ll begin with the basics: capturing a victim’s network traffic with an ARP spoofing attack and then viewing it in Wireshark. From there, you’ll deploy reverse shells that let you remotely run commands on a victim’s computer, encrypt files by writing your own ransomware in Python, and fake emails like the ones used in phishing attacks. In advanced chapters, you’ll learn how to fuzz for new vulnerabilities, craft trojans and rootkits, exploit websites with SQL injection, and escalate your privileges to extract credentials, which you’ll use to traverse a private network. You’ll work with a wide range of professional penetration testing tools—and learn to write your own tools in Python—as you practice tasks like: Deploying the Metasploit framework’s reverse shells and embedding them in innocent-seeming filesCapturing passwords in a corporate Windows network using MimikatzScanning (almost) every device on the internet to find potential victimsInstalling Linux rootkits that modify a victim’s operating systemPerforming advanced Cross-Site Scripting (XSS) attacks that execute sophisticated JavaScript payloads Along the way, you’ll gain a foundation in the relevant computing technologies. Discover how advanced fuzzers work behind the scenes, learn how internet traffic gets encrypted, explore the inner mechanisms of nation-state malware like Drovorub, and much more. Developed with feedback from cybersecurity students, Ethical Hacking addresses contemporary issues in the field not often covered in other books and will prepare you for a career in penetration testing. Most importantly, you’ll be able to think like an ethical hacker⁠: someone who can carefully analyze systems and creatively gain access to them.

28 mad scientist themed projects and experiments to teach STEM topics and coding with the BBC micro:bit.

A master class in malware evolution that will give you the techniques and tools necessary to counter sophisticated, advanced threats.

Learn to program with Python by making and hacking ciphers - no experience required!

Incredible Technic showcases spectacular models built with the LEGO Technic system, complete with diagrams and design notes.

The LEGO MINDSTORMS EV3 Discovery Book is a complete beginner's guide to the EV3 kit from bestselling author and robotics expert Laurens Valk.

R is the world's most popular language for developing statistical software: Archaeologists use it to track the spread of ancient civilizations, drug companies use it to discover which medications are safe and effective, and actuaries use it to assess financial risks and keep economies running smoothly.The Art of R Programming takes you on a guided tour of software development with R, from basic types and data structures to advanced topics like closures, recursion, and anonymous functions. No statistical knowledge is required, and your programming skills can range from hobbyist to pro.Along the way, you'll learn about functional and object-oriented programming, running mathematical simulations, and rearranging complex data into simpler, more useful formats. You'll also learn to:-Create artful graphs to visualize complex data sets and functions-Write more efficient code using parallel R and vectorization-Interface R with C/C++ and Python for increased speed or functionality-Find new R packages for text analysis, image manipulation, and more-Squash annoying bugs with advanced debugging techniquesWhether you're designing aircraft, forecasting the weather, or you just need to tame your data, The Art of R Programming is your guide to harnessing the power of statistical computing.

If you work with embedded systems, you''re bound to encounter the ubiquitous Inter-Integrated Circuit bus (IIC, I2C, or I2C) - a serial protocol for connecting integrated circuits in a computer system. In The Book of I2C, the first comprehensive guide to this bus, bestselling author Randall Hyde draws on 40 years of industry experience to get you started designing and programming I2C systems.

A hands-on, beginner-friendly guide to building and programming LEGO® robots.You're the new owner of a LEGO® robotics kit. Now what? Getting Started with LEGO® MINDSTORMS teaches you the basics of robotics engineering, using examples compatible with the LEGO® MINDSTORMS Robot Inventor and SPIKE Prime sets. You'll be making remote-control vehicles, motorized grabbers, automatic ball launchers, and other exciting robots in no time.Rather than feature step-by-step instructions for building a handful of models, you'll find essential information and expert tips and tricks for designing, building, and programming your own robotic creations. The book features a comprehensive introduction to coding with Word Blocks, an intuitive visual programming language based on Scratch, and explores topics such as using motors and sensors, building sturdy structures, and troubleshooting problems when things go wrong. As you learn, loads of challenges and open-ended projects will inspire you to try out ideas. Your journey to becoming a confident robot designer begins here.

Strengthen your coding skills by exploring the weird world of esoteric programming languages.Explore the wonderful, wild, and often weird world of esoteric programming languages. The book begins with the history and theory of programming languages, addressing concepts like Turing machines and Turing completeness. You're then treated to a tour of three "atypical" programming languages, real languages that are unusual and require out of the box thinking. Following that are five chapters on existing esoteric languages (esolangs), some of which are easy to use, others quite difficult, and others novel because of their approach (programming with pictures, for example). Finally, the remaining chapters detail the development and use of two entirely new programming languages. The main point of the book is to encourage readers to think differently about what it means to express thought using a programming language, and to explore the limits and boundaries of what a programming language might be. Though readers aren't likely to use any of these languages in their day jobs, learning to think in these languages will make them better, more confident programmers.

A swift and practical introduction to building interactive data visualization apps in Python, known as dashboards. You''ve seen dashboards before; think election result visualizations you can update in real time, or population maps you can filter by demographic. With the Python Dash library you''ll create analytic dashboards that present data in effective, usable, elegant ways in just a few lines of code. A swift and practical introduction to building interactive data visualization apps in Python, known as dashboards

DevOps for the Desperate is a hands-on, no-nonsense guide for those who land in a DevOps environment and need to get up and running quickly.This book introduces fundamental concepts software developers need to know to flourish in a modern DevOps environment including infrastructure as code, configuration management, security, containerization and orchestration, monitoring and alerting, and troubleshooting. Readers will follow along with hands-on examples to learn how to tackle common DevOps tasks. The book begins with an exploration of DevOps concepts using Vagrant and Ansible to build systems with repeatable and predictable states, including configuring a host with user-based security. Next up is a crash course on containerization, orchestration, and delivery using Docker, Kubernetes, and a CI/CDpipeline. The book concludes with a primer in monitoring and alerting with tips for troubleshootingcommon host and application issues. You'll learn how to: • Use Ansible to manage users and groups, and enforce complex passwords • Create a security policy for administrative permissions, and automate a host-based firewall • Get started with Docker to containerize applications, use Kubernetes for orchestration, and deploycode using a CI/CD pipeline • Build a monitoring stack, investigate common metric patterns, and trigger alerts • Troubleshoot and analyze common issues and errors found on hosts

A hands-on, real-world introduction to data analysis with the Python programming language, loaded with wide-ranging examples.Python is an ideal choice for accessing, manipulating, and gaining insights from data of all kinds. Python for Data Science introduces you to the Pythonic world of data analysis with a learn-by-doing approach rooted in practical examples and hands-on activities. You’ll learn how to write Python code to obtain, transform, and analyze data, practicing state-of-the-art data processing techniques for use cases in business management, marketing, and decision support.You will discover Python’s rich set of built-in data structures for basic operations, as well as its robust ecosystem of open-source libraries for data science, including NumPy, pandas, scikit-learn, matplotlib, and more. Examples show how to load data in various formats, how to streamline, group, and aggregate data sets, and how to create charts, maps, and other visualizations. Later chapters go in-depth with demonstrations of real-world data applications, including using location data to power a taxi service, market basket analysis to identify items commonly purchased together, and machine learning to predict stock prices.

Learn to expertly apply a range of machine learning methods to real data with this practical guide.Machine learning without advanced math! This book presents a serious, practical look at machine learning, preparing you for valuable insights on your own data. The Art of Machine Learning is packed with real dataset examples and sophisticated advice on how to make full use of powerful machine learning methods. Readers will need only an intuitive grasp of charts, graphs, and the slope of a line, as well as familiarity with the R programming language.You'll become skilled in a range of machine learning methods, starting with the simple k-Nearest Neighbors method (k-NN), then on to random forests, gradient boosting, linear/logistic models, support vector machines, the LASSO, and neural networks. Final chapters introduce text and image classification, as well as time series. You'll learn not only how to use machine learning methods, but also why these methods work, providing the strong foundational background you'll need in practice. Additional features: • How to avoid common problems, such as dealing with "dirty" data and factor variables with large numbers of levels • A look at typical misconceptions, such as dealing with unbalanced data • Exploration of the famous Bias-Variance Tradeoff, central to machine learning, and how it plays out in practice for each machine learning method • Dozens of illustrative examples involving real datasets of varying size and field of application • Standard R packages are used throughout, with a simple wrapper interface to provide convenient access. After finishing this book, you will be well equipped to start applying machine learning techniques to your own datasets.

A practical guide to understanding and analyzing cyber attacks by advanced attackers, such as nation states.Cyber attacks are no longer the domain of petty criminals. Today, companies find themselves targeted by sophisticated nation state attackers armed with the resources to craft scarily effective campaigns. This book is a detailed guide to understanding the major players in these cyber wars, the techniques they use, and the process of analyzing their advanced attacks. Whether you’re an individual researcher or part of a team within a Security Operations Center (SoC), you’ll learn to approach, track, and attribute attacks to these advanced actors. The first part of the book is an overview of actual cyber attacks conducted by nation-state actors and other advanced organizations. It explores the geopolitical context in which the attacks took place, the patterns found in the attackers’ techniques, and the supporting evidence analysts used to attribute such attacks. Dive into the mechanisms of: North Korea’s series of cyber attacks against financial institutions, which resulted in billions of dollars stolenThe world of targeted ransomware attacks, which have leveraged nation state tactics to cripple entire corporate enterprises with ransomwareRecent cyber attacks aimed at disrupting or influencing national elections globallyThe book’s second part walks through how defenders can track and attribute future attacks. You’ll be provided with the tools, methods, and analytical guidance required to dissect and research each stage of an attack campaign. Here, Jon DiMaggio demonstrates some of the real techniques he has employed to uncover crucial information about the 2021 Colonial Pipeline attacks, among many other advanced threats. He now offers his experience to train the next generation of expert analysts.

A resource to help forensic investigators locate, analyze, and understand digital evidence found on modern Linux systems after a crime, security incident or cyber attack.Practical Linux Forensics dives into the technical details of analyzing postmortem forensic images of Linux systems which have been misused, abused, or the target of malicious attacks. It helps forensic investigators locate and analyze digital evidence found on Linux desktops, servers, and IoT devices. Throughout the book, you learn how to identify digital artifacts which may be of interest to an investigation, draw logical conclusions, and reconstruct past activity from incidents. You’ll learn how Linux works from a digital forensics and investigation perspective, and how to interpret evidence from Linux environments. The techniques shown are intended to be independent of the forensic analysis platforms and tools used.Learn how to:Extract evidence from storage devices and analyze partition tables, volume managers, popular Linux filesystems (Ext4, Btrfs, and Xfs), and encryptionInvestigate evidence from Linux logs, including traditional syslog, the systemd journal, kernel and audit logs, and logs from daemons and applicationsReconstruct the Linux startup process, from boot loaders (UEFI and Grub) and kernel initialization, to systemd unit files and targets leading up to a graphical loginPerform analysis of power, temperature, and the physical environment of a Linux machine, and find evidence of sleep, hibernation, shutdowns, reboots, and crashesExamine installed software, including distro installers, package formats, and package management systems from Debian, Fedora, SUSE, Arch, and other distrosPerform analysis of time and Locale settings, internationalization including language and keyboard settings, and geolocation on a Linux systemReconstruct user login sessions (shell, X11 and Wayland), desktops (Gnome, KDE, and others) and analyze keyrings, wallets, trash cans, clipboards, thumbnails, recent files and other desktop artifactsAnalyze network configuration, including interfaces, addresses, network managers, DNS, wireless artifacts (Wi-Fi, Bluetooth, WWAN), VPNs (including WireGuard), firewalls, and proxy settingsIdentify traces of attached peripheral devices (PCI, USB, Thunderbolt, Bluetooth) including external storage, cameras, and mobiles, and reconstruct printing and scanning activity

Learn firsthand just how easy a cyberattack can be.Go Hack Yourself is an eye-opening, hands-on introduction to the world of hacking, from an award-winning cybersecurity coach. As you perform common attacks against yourself, you’ll be shocked by how easy they are to carry out—and realize just how vulnerable most people really are.You’ll be guided through setting up a virtual hacking lab so you can safely try out attacks without putting yourself or others at risk. Then step-by-step instructions will walk you through executing every major type of attack, including physical access hacks, Google hacking and reconnaissance, social engineering and phishing, malware, password cracking, web hacking, and phone hacking. You’ll even hack a virtual car! You’ll experience each hack from the point of view of both the attacker and the target. Most importantly, every hack is grounded in real-life examples and paired with practical cyber defense tips, so you’ll understand how to guard against the hacks you perform.You’ll learn:How to practice hacking within a safe, virtual environmentHow to use popular hacking tools the way real hackers do, like Kali Linux, Metasploit, and John the RipperHow to infect devices with malware, steal and crack passwords, phish for sensitive information, and moreHow to use hacking skills for good, such as to access files on an old laptop when you can’t remember the passwordValuable strategies for protecting yourself from cyber attacksYou can’t truly understand cyber threats or defend against them until you’ve experienced them firsthand. By hacking yourself before the bad guys do, you’ll gain the knowledge you need to keep you and your loved ones safe.

Disasters happen. Be prepared. Here’s how.As a leading security engineer, Michal Zalewski has spent his career methodically anticipating and planning for cyberattacks. In Practical Doomsday, Zalewski applies the same thoughtful, rational approach to preparing for disasters of all kinds. By sharing his research, advice, and a healthy dose of common sense, he’ll help you rest easy knowing you have a plan for the worst—even if the worst never comes.The book outlines a level-headed model for evaluating risks, one that weighs the probability of scenarios against the cost of preparing for them. You’ll learn to apply that model to the whole spectrum of potential crises, from personal hardships like job loss or a kitchen fire, to large-scale natural disasters and industrial accidents, to recurring pop-culture fears like all-out nuclear war. You’ll then explore how basic lifestyle adjustments, such as maintaining a robust rainy-day fund, protecting yourself online, and fostering good relationships with your neighbors, can boost your readiness for a wide range of situations. You’ll also take a no-nonsense look at the supplies and equipment essential to surviving sudden catastrophes, like prolonged power outages or devastating storms, and examine the merits and legal implications of different self-defense strategies.You’ll learn:How to identify and meaningfully assess risks in your life, then develop strategies for managing themWays to build up and diversify a robust financial safety net—a key component of nearly all effective preparedness strategiesHow to adapt your prep plans to a variety of situations, from shelter-in-place scenarios to evacuations by car or on footSensible approaches to stockpiling food, water, and other essentials, along with recommendations on what supplies are actually worth having Disasters happen, but they don’t have to dominate your life. Practical Doomsday will help you plan ahead, so you can stop worrying about what tomorrow may bring and start enjoying your life today.

What every software professional should know about security.Designing Secure Software consolidates Loren Kohnfelder’s more than twenty years of experience into a concise, elegant guide to improving the security of technology products. Written for a wide range of software professionals, it emphasizes building security into software design early and involving the entire team in the process. The book begins with a discussion of core concepts like trust, threats, mitigation, secure design patterns, and cryptography. The second part, perhaps this book’s most unique and important contribution to the field, covers the process of designing and reviewing a software design with security considerations in mind. The final section details the most common coding flaws that create vulnerabilities, making copious use of code snippets written in C and Python to illustrate implementation vulnerabilities. You’ll learn how to:   • Identify important assets, the attack surface, and the trust boundaries in a system   • Evaluate the effectiveness of various threat mitigation candidates   • Work with well-known secure coding patterns and libraries   • Understand and prevent vulnerabilities like XSS and CSRF, memory flaws, and more   • Use security testing to proactively identify vulnerabilities introduced into code   • Review a software design for security flaws effectively and without judgment  Kohnfelder’s career, spanning decades at Microsoft and Google, introduced numerous software security initiatives, including the co-creation of the STRIDE threat modeling framework used widely today. This book is a modern, pragmatic consolidation of his best practices, insights, and ideas about the future of software.

A guide to implementing DIY security solutions and readily available technologies to protect home and small-office networks from attack.This book is an easy-to-follow series of tutorials that will lead readers through different facets of protecting household or small-business networks from cyber attacks. You’ll learn how to use pfSense to build a firewall, lock down wireless, segment a network into protected zones, configure a VPN (virtual private network) to hide and encrypt network traffic and communications, set up proxies to speed up network performance and hide the source of traffic, block ads, install and configure an antivirus, back up your data securely, and even how to monitor your network for unauthorized activity and alert you to intrusion.