InfoSec Career Hacking: Sell Your Skillz, Not Your Soul
- 1st Edition - June 26, 2005
- Latest edition
- Authors: Chris Hurley, Johnny Long, Aaron W Bayles, Ed Brindley
- Language: English
“InfoSec Career Hacking” starts out by describing the many, different InfoSec careers available including Security Engineer, Security Analyst, Penetration Tester, Auditor, Security… Read more
“InfoSec Career Hacking” starts out by describing the many, different InfoSec careers available including Security Engineer, Security Analyst, Penetration Tester, Auditor, Security Administrator, Programmer, and Security Program Manager. The particular skills required by each of these jobs will be described in detail, allowing the reader to identify the most appropriate career choice for them.
Next, the book describes how the reader can build his own test laboratory to further enhance his existing skills and begin to learn new skills and techniques. The authors also provide keen insight on how to develop the requisite soft skills to migrate form the hacker to corporate world.
Next, the book describes how the reader can build his own test laboratory to further enhance his existing skills and begin to learn new skills and techniques. The authors also provide keen insight on how to develop the requisite soft skills to migrate form the hacker to corporate world.
* The InfoSec job market will experience explosive growth over the next five years, and many candidates for these positions will come from thriving, hacker communities
* Teaches these hackers how to build their own test networks to develop their skills to appeal to corporations and government agencies
* Provides specific instructions for developing time, management, and personal skills to build a successful InfoSec career
* Teaches these hackers how to build their own test networks to develop their skills to appeal to corporations and government agencies
* Provides specific instructions for developing time, management, and personal skills to build a successful InfoSec career
Acknowledgments
Author Dedication
Lead Author and Technical Editor
Contributing Authors
Technical Reviewer
Foreword Contributor
Foreword
Part I: Recon/Assessment
Chapter 1: The Targets—What I Want to Be When I Grow Up (or at Least Get Older)
Introduction
Understanding INFOSEC
Employment Opportunities
Defining the Jobs
Bringing Together the Skills
Advanced Skills
So Where Do I Match Up?
Checklist
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 2: Reconnaissance: Social Engineering for Profit
Introduction
Narrowing Your Choices
Digging for Information
Researching for Rewards
Making Contact
Checklist
Summary
Solutions Fast Track
Links to Sites
Mailing Lists
Frequently Asked Questions
Chapter 3: Enumerate: Determine What’s Out There
Introduction
What Should I Do First?
Is Education Important?
Certifications: Magic or Myth?
Getting Your Name Out There
Understanding Opportunities and Gaining Experience
Security Clearances
Summary
Solutions Fast Track
Links to Sites
Mailing Lists
Frequently Asked Questions
Chapter 4: First Strike: Basic Tactics for Successful Exploitation
Part II: Technical Skills
Chapter 5: The Laws of Security
Introduction
Knowing the Laws of Security
Client-Side Security Doesn’t Work
You Cannot Securely Exchange Encryption Keys without a Shared Piece of Information
Malicious Code Cannot Be 100 Percent Protected against
Any Malicious Code Can Be Completely Morphed to Bypass Signature Detection
Firewalls Cannot Protect You 100 Percent from Attack
Any IDS Can Be Evaded
Secret Cryptographic Algorithms Are Not Secure
If a Key Is Not Required, You Do Not Have Encryption—You Have Encoding
Passwords Cannot Be Securely Stored on the Client Unless There Is Another Password to Protect Them
In Order for a System to Begin to Be Considered Secure, It Must Undergo an Independent Security Audit
Security through Obscurity Does Not Work
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 6: No Place Like/home—Creating an Attack Lab
Chapter 7: Vulnerability Disclosure
Introduction
Vulnerability Disclosure and Cyber Adversaries
“Free For All”: Full Disclosure
Unfixed Vulnerability Attack Capability and Attack Inhibition Considerations
Probability of Success Given an Attempt
Probability of Detection Given an Attempt
“Symmetric” Full Disclosure
Responsible Restricted “Need to Know” Disclosure
Responsible, Partial Disclosure and Attack Inhibition Considerations
“Responsible” Full Disclosure
Responsible, Full Disclosure Capability and Attack Inhibition Considerations
Security Firm “Value Added” Disclosure Model
Value-Add Disclosure Model Capability and Attack Inhibition Considerations
Non-Disclosure
The Vulnerability Disclosure Pyramid Metric
Pyramid Metric Capability and Attack Inhibition
Pyramid Metric and Capability—A Composite Picture Pyramid
Comparison of Mean Inhibitor Object Element Values
The Disclosure Food Chain
Summary
Frequently Asked Questions
Chapter 8: Classes of Attack
Introduction
Identifying and Understanding the Classes of Attack
Identifying Methods of Testing for Vulnerabilities
Standard Research Techniques
Summary
Solutions Fast Track
Frequently Asked Questions
Part III: On the Job
Chapter 9: Don’t Trip the Sensors: Integrate and Imitate
Introduction
Hacking the System
Hacking the Network
Escalating Your Privileges
Managing Your Time
Checklist
Summary
Solutions Fast Track
Links to Sites
Mailing Lists
Frequently Asked Questions
Chapter 10: Vulnerability Remediation—Work Within the System
Introduction
Giving Back to the (Local) Community
Contributing to the INFOSEC Community
Upgrading Your Skills
Upgrading Your Workplace
Checklist
Summary
Solutions Fast Track
Links to Sites
Frequently Asked Questions
Chapter 11: Incident Response – Putting Out Fires Without Getting Burned
Amanda
Chapter 12: Rooting: Show Me the Money!
Introduction
Building Jumpstart InfoSec Services
Managing Hackers
Planning, Expanding, and Dominating
Summary
Solutions Fast Track
Links to Sites
Frequently Asked Questions
Index
- Edition: 1
- Latest edition
- Published: June 26, 2005
- Language: English
CH
Chris Hurley
Chris Hurley is a Senior Penetration Tester in the Washington, DC area. He has more than 10 years of experience performing penetration testing, vulnerability assessments, and general INFOSEC grunt work. He is the founder of the WorldWide WarDrive, a four-year project to assess the security posture of wireless networks deployed throughout the world. Chris was also the original organizer of the DEF CON WarDriving contest. He is the lead author of WarDriving: Drive, Detect, Defend (Syngress Publishing, ISBN: 19318360305). He has contributed to several other Syngress publications, including Penetration Tester's Open Source Toolkit (ISBN: 1-5974490210), Stealing the Network: How to Own an Identity (ISBN: 1597490067), InfoSec Career Hacking (ISBN: 1597490113), and OS X for Hackers at Heart (ISBN: 1597490407). He has a BS from Angelo State University in Computer Science and a whole bunch of certifications to make himself feel important.
Affiliations and expertise
Senior Penetration Tester, Washington, DC, USAJL
Johnny Long
Johnny Long is a Christian by grace, a professional hacker by trade, a pirate by blood, a ninja in training, a security researcher and author. He can be found lurking at his website (http://johnny.ihackstuff.com). He is the founder of Hackers For Charity(http://ihackcharities.org), an organization that provides hackers with job experience while leveraging their skills for charities that need those skills.
Affiliations and expertise
Security Researcher, Founder of Hackers For CharityRead InfoSec Career Hacking: Sell Your Skillz, Not Your Soul on ScienceDirect