begood

bun venit .

in primul rand e begood, nu begod. esti pe aproape, dar incearca tu bruteforce si spune-mi daca e mare diferenta.

MD5 : 1931849FC05B3AB1B40A3F6659D710FA Vrem s? spargem urm?torul hash. ?tim urm?toarele : 1. bruteforcer-ului la viteza de 100mega hashuri pe secund? i-ar lua 73551478260.43585358967501(204972095383054287163876) ani "normali", 365 zile/an.(încercând toate combina?iile posibile de la lungimea 1 la cea a parolei) 2. charset-ul este loweralpha-numeric = abcdefghijklmnopqrstuvwxyz0123456789 3. bruteforcer-ul va încerca parolele în urmatoarea ordine : aa,ba,ca,...,za,0a,1a,...,99,aaa,baa,...,aba,...,999,aaaa ... etc. Sparge?i hash-ul în timp util. -begood LE: adminii si moderatorii sunt invitati sa isi bage coada. LE2: Felicitari lui Lemish @ hackpedia si lui Ryuk @ rst. Challenge closed. Rezolvarea scrisa de Lemish @ hackpedia.info : Hackpedia - View topic - [begood] RST MD5 Math Challenge Un "sub-challenge" : Scrie cel mai eficient program in ce limbaj de programare/scripting doresti, care sa rezolve probleme de genul acesta. evident cu sursa publica. topicul pe rst : http://bit.ly/d6zeQ6

ti-am zis sa ma intrebi detalii de genul asta pe privat. nu, e un hash, trebuie sa descoperi ce tip de hash poate fi, si sa-l spargi.

ar putea face rainbow tables ... m-am gandit acum vreo 2 ani la o chestie foarte asemanatoare dar nu aveam cunostiintele necesare. acum nu am chef

The Pirate Party UK is launching its manifesto tonight, under embargo: but since we don't believe in antiquated and oppressive IP laws - we're setting it free. Move over, Mondeo Man: the Pirates are firmly targeting the bloke in the garden shed, with his trousers around his ankles. The Party plans lots of new laws. Laws on "net neutrality" will regulate the internet for the first time, and additional legislation is proposed on encryption and privacy of data, use of CCTV cameras, use of DNA, by-elections, internet advertising, libel and DRM for disabled people. The Pirates will keep the National Identity Register but vow that it "will be regulated so that it can only contain trivial information". They also promise to "enshrine in law a new right for photographers and filmmakers to go about their business without persecution under anti-terror laws". That shouldn't affect too many people, though, if there are any photographers still left with a business. The Party believes that "in this fast moving world [sic] 10 years of copyright protection is long enough". The creator would need to re-apply after five years, however, or the work would fall into the public domain. "An exception will be made for software, where a 5 year term will apply to closed source software, and a 10 year term to open source, in recognition of the extra rights given to the public by open source licences." All that means Microsoft could take Linux, GNOME and GIMP and sell it as proprietary software - the GPL is unenforceable without the courts' recognition of copyright. But it's all for the best. The Pirate Party is standing in two seats. 18 year-old bookie Graeme Lambert is standing in the Labour marginal of Bury North, and leader Andrew Robinson, a web designer, is standing in Worcester. They missed a trick. In South West Surrey, Conservative culture frontbencher Jeremy Hunt is facing a challenge from Richard Mollett, the BPI's director of public affairs. That would have been the obvious place to fight a copyright election. It's nearer London, too. ® Pirate Party UK launches manifesto ? The Register

March 18 2010 by corelanc0d3r//cel mai bun "profesor" de exploit writing din cati am gasit pe internet. About 2 weeks ago, I published a somewhat detailed explanation about an exploit I wrote for a – what some people would call “lame” - bug which I discovered in quickzip. In case you missed these articles, the articles were posted on the Offensive Security Blog : Part 1 and Part 2. Ok, I agree, there are a lot more impressive bugs than this one, but the process of writing a working exploit was interesting to say the least. I had to deal with all kinds of hurdles, but by blending a little bit of creativity and persistence, I managed to pull it off. Interestingly enough, I found a similar “lame” bug in another unzipper. The author decided to ignore my emails, so today I will disclose the details and explain how to write the exploit for this vulnerability. If you’ve read the articles I wrote on the Offensive Security Blog, then you will discover that this particular exploit is quite similar to the one for quickzip… but this time we will even have to push things a little bit further. I have received quite some feedback about the writing style I applied to those 2 articles. Apparently people like the combination of a detailed explanation, with the concept of making the document look like a some kind of exercise at the same time. Based on that feedback, I decided to apply the same concept on this post. This translates into the fact that I have put a marker on some “strategic” places in this article, indicating that you should stop reading and that you should think about the current issue/situation/… and try to figure out for yourself how you would approach a given problem. DOWNLOAD PDF 2shared - download Ken Ward Zipper Stack BOF 0day ? a not so typical SEH exploit.pdf READ ONLINE : Ken Ward Zipper Stack BOF 0day – a not so typical SEH exploit | Security Researches

Swiss Army Knife maker Victorinox is asking the best of Britain's hackers to try and beat the biometric security built into its latest USB Flash drive-fitted penknife. If you manage it, you stand to win £100,000. The company will be holding trials at its New Bond Street, London shop this coming Thursday and Friday, 25 and 26 March. To have a bash, you need to download and return an application form by Wednesday. You can get the form here, where you'll also find the contest's Ts&Cs. If you're selected as a participant, you get two hours in which to try and hack the knife. Whether you manage it or not, you get to keep the penknife itself - and take home a shopping voucher and other goodies, Victorinox said. The company's pitch for the penknife itself is the product's ability not only to protect the data stored upon it but to make use of the internet connection of any PC it's connected to. If the device is plugged unto an unknown computer, it emails its owner. If no reply is received, it automatically zaps the Flash chip Victorinox offers hackers £100,000 challenge ? Register Hardware

Undoubtedly you have all seen photographs of people on TV and online who have been blurred to hide faces. For example, here's one of Bill Gates: For the most part this is all fine with peoples' faces as there isn't a convenient way to reverse the blur back into a photo so detailed that you can recognise the photo. So that's good if that is what you intended. However, many people also resort to blurring sensitive numbers and text. I'll illustrate why that is a BAD idea. Suppose someone posted a photo of their check or credit card online for whatever awful reason (proving to Digg that I earned a million dollars, showing something funny about a check, comparing the size of something to a credit card, etc.), blurring out the image with the far-too-common mosaic effect to hide the numbers: Seem secure because nobody can read the numbers anymore? WRONG. Here's a way to attack this scheme: Step 1. Get a blank check image. There are two ways of doing this. You can either Photoshop out the numbers in your existing image, or in the case of credit cards, you can get an account with the same organization and take a photo of your own card from the same angle, and match the white balancing and contrast levels. Then, use your own high resolution photo to photoshop out your numbers. This is easy in these example images, of course: Step 2. Iterate. Use a script to iterate through all the possible account numbers and generate a check for each, blocking out the various sections of digits as sections. For example, for a VISA card, the digits are grouped by 4, so you can do each section individually, thus requiring only 4*10000 = 40000 images to generate, which is easy with a script. Step 3. Blur each image in an identical manner to the original image. Identify the exact size and offset, in pixels, of the mosaic tiles used to blur the original image (easy), and then do the same to each of your blurred images. In this case, we see that the blurred image we have 8x8 pixel mosaic units, and the offset is determined by counting from the top of the image (not shown): Now we iterate through all the images, blurring them in the same way as the original image and obtain something like this: Step 4. Identify the mozaic brightness vector of each blurred image. What does this mean? Well, let's take the mozaic version of 0000001 (zoomed in): ... and identify the brightness level (0-255) of each mozaic region, indexing them in some consistent fashion as a=[a_1,a_2...,a_n]: In this case, the account number 0000001 creates mozaic brightness vector a(0000001)=[213,201,190,...]. We find the mozaic brightness vector for every account number in a similar fashing using a script to blur each image and read off the brightnesses. Let a(x) be the function of the account number x. a(x)_i denotes the ith vector value of the mozaic brightness vector a obtained from account number x. Above, a(0000001)_1 = 213. We now do the same for the original check image we found online or wherever, obtaining a vector we hereby call z=[z_1,z_2,...z_n]: Step 4. Find the one with the closest distance to the original image. Identify the mozaic brigtness of the original image, call it z=[z_1,z_2,...z_n], and then simply compute the distance of each account number's (denote by x) mozaic brightness vector (normalizing each first): d(x)=sqrt((a(x)_0/N(a(x)) - z_0/N(z))^2 + (a(x)_1/N(a(x)) - z_1/N(z))^2 + ...) where N(a(x)) and N(z) are the normalization constants given by N(a(x)) = (a(x)_0^2 + a(x)_1 ^2 + ...)^2 N(z) = (z_0^2 + z_1 ^2 + ...)^2 Now, we then simply find the lowest d(x). For credit cards, only a small fraction of possible numbers validate to hypothetically possible credit card numbers, so it's an easy check as well. In the above case, we compute, for example, N(z) = sqrt(206^2+211^2+...) = 844.78459 N(a(0000001)) = 907.47837 N(a(0000002)) = 909.20647 ... and then proceed to calculate the distances: d(0000001) = 1.9363 d(0000002) = 1.9373 ... d(1124587) = 0.12566 d(1124588) = 0.00000 ... Might the account number just be 1124588? "But you used your own crafted easy-to-decipher image!" In the real world we have photos, not fictitious checks made in Photoshop. We have distortions of the text because of the camera angle, imperfect alignment, and so on. But that doesn't stop a human from determining exactly what these distortions are and creating a script to apply them! Either way, the lowest few distances determined can be considered as candidates, and especially in the world of credit cards, where numbers are nicely chunked out in groups of 4, and only 1 in 10 numbers is actually a valid number, it makes it easy to select from your top few lowest distances, which the most likely candidates are. One important thing that one would need to do in order to implement this on real photos is to improve the distance algorithm. For example, one can rewrite the distance formula above to normalize the standard deviations in addition to the means to improve performance. One can also do the RGB or HSV values independently for each mozaic region, and one can also use scripting to distort the text by a few pixels in each direction and compare as well (which still leaves you with a feasible number of comparisons on a fast PC). One can also employ algorithms similar to existing nearest-shape algorithms to help improve the reliability of this on real photos. So yes, I used an image against itself and designed it to work here. But the algorithem can surely be improved to work on real stuff. I don't have the time nor desire to improve this any further, though, because I'm not the one after your information. But one thing is for sure: it's a very easy situation to fix. Don't use simple mosaics to blur your image. All you do is reduce the amount of information from an image containing only log(10^N)/log(2) effective bits of account data. When you distribute such images, you want to eliminate personal information, not obscure it by reducing the amount of visual information in the image. Think about creating a 100x100 graphic on the screen. now lets say i just averaged out the entire graphic and replaced every pixel with the whole average (i.e. turn it into a single pixel "mosaic"). You have just created a function that starts with 256^(10000) possibilities and hashes it to 256 possibilities. There is obviously no way with the resulting 8 bits of information you can possibly reverse it to the original image. However, if you know that the original image was one of 10 possibilities, you can easily have success at determining which of the original images was used from just knowing the resulting 8-bit number. Analogy to a dictionary attack Most UNIX/Linux system administrators know that /etc/passwd or /etc/shadow store passwords encrypted using one-way encryption such as Salt or MD5. This is reasonably secure since nobody will ever be able to decrypt the password from looking at its ciphertext. Authentication occurs by performing the same one-way encryption on the password entered by the user logging in, and comparing that result to the stored one-way result. If the two match, the user has successfully authenticated. It is well known that the one-way encryption scheme is easily broken when the user picks a dictionary word as their password. All an attacker would have to then do is encipher the entire English dictionary and compare the ciphertext of each word to the ciphertext stored in /etc/passwd and pick up the correct word as the password. As such, users are commonly advised to pick more complex passwords that are not words. The dictionary attack can be illustrated like this: The similary to the dictionary attack on the blured image attack lies in the fact that blurring an image is a one-way encryption scheme. You are converting the image you have into another image designed to be unreadable. However, since account numbers only typically go up to the millions, we can assemble a "dictionary" of possible account numbers - that is, all the numbers from 0000001 to 9999999, for example, use an automated image processor to photoshop each of those numbers onto a photo of a blank check, and blur each image. At that point, one can simply compare the blurred pixels to see what most closely matches the original blurred photo we have. Solution The solution is simple: Don't blur your images! Instead, just color over them: Remember, you want to leave your visitors with NO information, not blurred information. Why blurring sensitive information is a bad idea - dheera.net - Dheera Venkatraman's web site mirror : 2shared - download Why blurring sensitive information is a bad idea.pdf

doar bruteforce la al doilea challenge. HINTs: mask;loweralpha-numeric;starts with the 8th letter of the us alphabet;length 7 //eu prind 10,000,000 parole pe secunda, tu ? cu viteza asta imi ia 2 ore si 10 minute sa parcurg tot keyspace-ul. evident parola nu e zzzzzzz ca sa ia atat daca iti dai seama de fiecare chestie din hinturile de mai sus iti va lua 437 milisecunde pentru a sparge parola

Grendel-Scan is an open-source web application security testing tool. It has automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests. The only system requirement is Java 5; Windows, Linux and Macintosh builds are available. /java Grendel-Scan -- Downloads

Features of toolza: LFI/Reader/Loade_file() bruter - Scan site for folders & files - FTP checker - FTP bruter - Proxy checker - Proxy grabber Post/Get/Proxy/SOCKS4-5/Cookies/Timeout/Multithread/HTTPS+Authorization supported - Select POST or GET - Support for proxy (file proxy.txt) – avtocheking, working with the first working - Support for SOCKS4-5 (file socks.txt) – avtocheking, auto-sensing type socks (4-5), without authorization, working with the first working - Select a timeout connection - Ability to insert cookies - Ability to change user agent - Ability to change the referrer - Ability to select HTTP-protocol (0 – HTTP/1.0; 1 – HTTP/1.1; Default – 1) Site scanner for folders & files: - Multithreaded - Dictionary of 3455 items - Ability to edit errors in response to a request from the site when no existing URL (file scaner_errors_list.txt) - Ability to replenish Dictionary (file scaner_folder_list.txt, a new position with a new line without slashes at the beginning) LFI / READER / Load_file () bruter: Multi-threaded, supporting GET | POST, proxy (not for all modes) 6 modes of work: [1] LFI / Reader – visual error when wrong query [2] LFI / Reader – unvisual error when wrong query [3] Mysql load_file – visual error when wrong query, magic_quotes = OFF [4] Mysql load_file – unvisual error when wrong query, magic_quotes = OFF [5] Mysql load_file – visual error when wrong query, magic_quotes = ON [6] Mysql load_file – unvisual error when wrong query, magic_quotes = ON SQL injection DB supported: Mysql, Mssql, Sybase, Postgresql, Access, Oracle, Firebird/Interbase Include Blind Mysql injection + alternative methods. This tool is very use for advance users who like to go in deep to find vulnerability and exploit it. For beginners there are nice video tutorials. It is wirtten in perl, so no Operating system dependency. You need to have perl 5 or above. Download Toolza version 1 here Toolza : SQL Injection Tool with Many Options! ? PenTestIT

bun venit. multumim de apreciere.

Here are some of the best hacking tutorials/tools and security tips that I have found including Hardware, Software, web, and other related stuff. Also to protect yourself from Hackers. Digg story ------------------------------- Passwords: Default Password List Googling Up Passwords How to Bypass BIOS Passwords Find-A-Human -- IVR Phone S... - by Type Password Portal - Password Recovery, Password Cracking Wardriving: Wardriving Tools, Wardriving Software, Wardriving Utilities (Wireless LAN Security & Wardriving - 802.11) Computer security: Tutorials - Rexploit Computer security tutorials The Six Dumbest Ideas in Computer Security NewOrder - computer security and networking portal Hacking Illustrated: Hacking and Computer security videos Contributing To Open Source Community: Sniffing in a Switched Network Hardware Hacks: Car Wisperer RFIDAnalysis.org Guide to Lock Picking Hacking Elevators 101! OS X x86 (Intel) - Downloads MAKE: Blog: HOW TO - iPod nano hacking totse.com | A How To On Vending Machines i-hacked - Taking Advantage Of Technology Press Your Luck: The Michael Larsen Incident The Hidden Boot Code of the Xbox - Xbox-Linux TechFreaks v2 - modding the xbox in 10 minutes HOW TO CVS Video Camera Hacking for PC & Macs Build Your Own PVR :: Why Tivo When you can Freevo? trifinite.blog: Introducing the Car Whisperer at What The Hack I-Hacked.com Taking Advantage Of Technology - Hacking Hotel PPV I-Hacked.com Taking Advantage Of Technology - Hacking the CVS Disposable Camcorder Hacking Network Printers (Mostly HP JetDirects, but a little info on the Ricoh Savins) CellPhoneHacks.com Cell phone Mod Ringtone Logo Mobile Cellular Hackers - Index Software Hacks/Cracks: www.phrack.org totse.com | Cracking the Universal Product Code Boing Boing: Microsoft "Genuine Advantage" cracked in 24h 360hacker.net :: View topic - How-to: Install OS X x86 natively on your PC! .: UNEASYsilence :. » OS X PROVEN hacked and running on an ordinary PC Web: PWNtcha - captcha decoder GHH - The "Google Hack" Honeypot Cheat Sheet Roundup - Over 30 Cheatsheets for developers jollyblog.com - security for insecure times... - RECENT ARTICLES - Google Hacking Explained Tools: oxid.it Pickupline Top 75 Network Security Tools GData: An Online MD5 Hash Database Hacking, Herramientas y Programas Hack - www.elhacker.net Magical Jelly Bean Software - Magical Jelly Bean Keyfinder v1.41 remote-exploit.org, home of good auditor tool and other security, especially wifi, info Blogs, Videos and Podcasts: systm Hak.5 List of Tech Shows Main Page - What The Wiki?! hack a day - www.hackaday.com Blog, Projects, And Links - John Resig johnny.ihackstuff.com :: I'm j0hnny. I hack stuff. Others: Kevin Mitnick's Forbidden Chapter Progenic.com - Top 100 underground computer technology websites source : Best Hacking Tools and Tutorials - -= Krypt0ni4n =-

If a stranger came up to you on the street, would you give him your name, Social Security number and e-mail address? Probably not. Yet people often dole out all kinds of personal information on the Internet that allows such identifying data to be deduced. Services like Facebook, Twitter and Flickr are oceans of personal minutiae — birthday greetings sent and received, school and work gossip, photos of family vacations, and movies watched. Computer scientists and policy experts say that such seemingly innocuous bits of self-revelation can increasingly be collected and reassembled by computers to help create a picture of a person’s identity, sometimes down to the Social Security number. “Technology has rendered the conventional definition of personally identifiable information obsolete,” said Maneesha Mithal, associate director of the Federal Trade Commission’s privacy division. “You can find out who an individual is without it.” In a class project at the Massachusetts Institute of Technology that received some attention last year, Carter Jernigan and Behram Mistree analyzed more than 4,000 Facebook profiles of students, including links to friends who said they were gay. The pair was able to predict, with 78 percent accuracy, whether a profile belonged to a gay male. So far, this type of powerful data mining, which relies on sophisticated statistical correlations, is mostly in the realm of university researchers, not identity thieves and marketers. But the F.T.C. is worried that rules to protect privacy have not kept up with technology. The agency is convening on Wednesday the third of three workshops on the issue. Its concerns are hardly far-fetched. Last fall, Netflix awarded $1 million to a team of statisticians and computer scientists who won a three-year contest to analyze the movie rental history of 500,000 subscribers and improve the predictive accuracy of Netflix’s recommendation software by at least 10 percent. On Friday, Netflix said that it was shelving plans for a second contest — bowing to privacy concerns raised by the F.T.C. and a private litigant. In 2008, a pair of researchers at the University of Texas showed that the customer data released for that first contest, despite being stripped of names and other direct identifying information, could often be “de-anonymized” by statistically analyzing an individual’s distinctive pattern of movie ratings and recommendations. In social networks, people can increase their defenses against identification by adopting tight privacy controls on information in personal profiles. Yet an individual’s actions, researchers say, are rarely enough to protect privacy in the interconnected world of the Internet. You may not disclose personal information, but your online friends and colleagues may do it for you, referring to your school or employer, gender, location and interests. Patterns of social communication, researchers say, are revealing. “Personal privacy is no longer an individual thing,” said Harold Abelson, the computer science professor at M.I.T. “In today’s online world, what your mother told you is true, only more so: people really can judge you by your friends.” Collected together, the pool of information about each individual can form a distinctive “social signature,” researchers say. The power of computers to identify people from social patterns alone was demonstrated last year in a study by the same pair of researchers that cracked Netflix’s anonymous database: Vitaly Shmatikov, an associate professor of computer science at the University of Texas, and Arvind Narayanan, now a researcher at Stanford University. By examining correlations between various online accounts, the scientists showed that they could identify more than 30 percent of the users of both Twitter, the microblogging service, and Flickr, an online photo-sharing service, even though the accounts had been stripped of identifying information like account names and e-mail addresses. “When you link these large data sets together, a small slice of our behavior and the structure of our social networks can be identifying,” Mr. Shmatikov said. Even more unnerving to privacy advocates is the work of two researchers from Carnegie Mellon University. In a paper published last year, Alessandro Acquisti and Ralph Gross reported that they could accurately predict the full, nine-digit Social Security numbers for 8.5 percent of the people born in the United States between 1989 and 2003 — nearly five million individuals. Social Security numbers are prized by identity thieves because they are used both as identifiers and to authenticate banking, credit card and other transactions. The Carnegie Mellon researchers used publicly available information from many sources, including profiles on social networks, to narrow their search for two pieces of data crucial to identifying people — birthdates and city or state of birth. That helped them figure out the first three digits of each Social Security number, which the government had assigned by location. The remaining six digits had been assigned through methods the government didn’t disclose, although they were related to when the person applied for the number. The researchers used projections about those applications as well as other public data, like the Social Security numbers of dead people, and then ran repeated cycles of statistical correlation and inference to partly re-engineer the government’s number-assignment system. To be sure, the work by Mr. Acquisti and Mr. Gross suggests a potential, not actual, risk. But unpublished research by them explores how criminals could use similar techniques for large-scale identity-theft schemes. More generally, privacy advocates worry that the new frontiers of data collection, brokering and mining, are largely unregulated. They fear “online redlining,” where products and services are offered to some consumers and not others based on statistical inferences and predictions about individuals and their behavior. The F.T.C. and Congress are weighing steps like tighter industry requirements and the creation of a “do not track” list, similar to the federal “do not call” list, to stop online monitoring. But Jon Kleinberg, a professor of computer science at Cornell University who studies social networks, is skeptical that rules will have much impact. His advice: “When you’re doing stuff online, you should behave as if you’re doing it in public — because increasingly, it is.” more info : How Privacy Vanishes Online, a Bit at a Time - NYTimes.com

In this video, Jeremy Brown talks about how to find vulnerabilities starting from static analysis of the code. This video is part of Dojosec Sessions. You can visit Jeremy Brown's blog for interesting articles on security and hacking. From Static Analysis to 0day Exploit Tutorial

frumos !! acu sa te vad. //a reusit sa gaseasca ce inseamna acel string din partea a doua @Cosmin. next

hint nr. 4 partea a doua : Free the net !

felicitari !

Cu mentiunea : doar carti sau reviste noi, publicate din 2009 in colo. Daca gasiti gasiti carti noi si ati postat deja, dar postul e vechi de cel mult 2 saptamani, atunci EDITATI pentru a evita postul dublu, in caz contrar aveti voie la post dublu pentru a invia topicul. *aceasta regula se aplica doar la acest thread. Cum as recomanda sa postati : Imagine coperta, ISBN-10 sau ISBN-13. Exemplu : Attack Simulation and Threat Modeling PREFACE “The purpose of computing is insight not numbers” I wrote this book as a direct consequence of Security Analysis and Data Visualization1. A lot of ground rules were laid there - we simply follow up here. Attack Simulation and Threat Modeling explores the abundant resources available in advanced security data collection, processing and mining. It is often the case that the essential value inherent in any data collection method is only as good as the processing and mining technique used. Therefore, this book attempts to give insight into a number of alternative security and attack analysis methods that leverage techniques adopted from such subject areas as statistics, AI, data mining, graphics design, pattern recognition and to some extent psychology and economics. As security design and implementation become major components of the overall enterprise architecture and data collection tools improve and evolve, the ability to collect data will no doubt increase dramatically. This then brings us to the value of the data which is often only as useful as what the analysis can shape it into. Whilst the security process itself is key, the collection, processing and mining techniques used to analyze the data are even more important. As much as information security is a unique and evolving field with particular needs, analysis techniques typically span the boundaries of different disciplines. Analysts that limit themselves to the boundaries imposed by one field may unnecessarily miss out all the possibilities that may exist in the multitude of disciplines that exists outside of it. This is by no means different with information security: by aligning it with different disciplines, we expand the possibilities exponentially. This book examines various tools and techniques from these other disciplines in extracting valuable findings to support security research and decision making. The objective of Attack Simulation and Threat Modeling is essentially to serve as an eye opener for security analysts and practitioners that there are many more techniques, tools and options beyond the security research field that can be used and are fit-for-purpose. Hopefully, this will lay the foundation for a cross-discipline concerted and collaborative effort that will help identify more techniques for security research and modeling. 1http://inverse.com.ng/sadv/Security_Analysis_and_Data_Visualization.pdf iii On a final note, this book is also heavy on the use of free and open source tools (both on Microsoft Windows and Linux platforms). Part of the rationale for this is to bring the analyst up to speed with the concepts and techniques of computer (security) simulation and modeling without having a recourse to proprietary tools and applications. I think in my humble estimation, it bridges the knowledge gap quicker whilst bringing the core subject matter to the fore. http://inverse.com.ng/book2/Attack_Simulation_and_Threat_Modeling.pdf //nu are ISBN.

ce ma? astea sunt cuvintele din dictionar. cu astea ataci "imaginea"

BRAVO. acum citeste readme-ul !

nope .