Skip to main content

You are here

Security

PGP & GPG

It takes a special writer to make technical books enjoyable to read and not be dull technical documentation like most tech books. Michael W. Lucas is one of them. This is not the first book I read of his (I’ve read about half of Absolute FreeBSD second edition; haven’t written a review because I didn’t finished the entire book) and there were plenty of times I found myself laughing out loud while reading his humorous technical writing.

OpenPGP has historically mistakenly been labeled as complicated and hard to use for a regular user. This book does an excellent job eliminating that problem. By reading this book, a normal user will have a solid understanding and basic knowledge of how public key encryption functions and how it’s vital in OpenPGP. This book covers the commercial PGP application as well as it’s open source GnuPG counterpart. The examples are done using Windows for PGP and the command line for GnuPG. The examples are relatively easy to follow along. By the time anyone finish reading this book, they should be able to use OpenPGP with any their favorite email clients (assuming it supports OpenPGP), and have that relief of knowing how to send or receive fully encrypted email messages knowing that the message hasn’t been altered and it came from the actual person it was intended from.

The last time I used OpenPGP was roughly about 10 years in college, which is about the same time when this book was published. Fortunately not much has changed in the OpenPGP world. The only portion that standout the most in this book is the content regarding the now deprecated tool WinPT. Also I opted to use the GnuPGP 2.1 (modern) while reading this book, instead of the old 1.x version, from which I didn’t encounter any compatibility issues.

As of the time of this writing we’re in late 2016, and perhaps user email privacy is one of main challenges in today’s technological world. Email security is extremely important and it’s become essential for many non tech people nowadays to protect their communications, most noticeably journalists. Another example of how vital email privacy is the compromised of the DNC’s email leak. To think that thanks to a comprised email account the outcome of our 2016 presidential election might have been different. That shows how extremely import email privacy is!

If you care about email privacy, then this is an absolute must read.

Rating: 4/5

PGP & GPG: Email for the Practical Paranoid

Chapter 1: Cryptography Kindergarten
Chapter 2: Understanding OpenPGP
Chapter 3: Installing PGP
Chapter 4: Installing GnuPG
Chapter 5: The Web of Trust
Chapter 6: PGP Key Management
Chapter 7: Managing GnuPG Keys
Chapter 8: OpenPGP and Email
Chapter 9: PGP and Email
Chapter 10: GnuPG and Email
Chapter 11: Other OpenPGP Considerations

Book: 

Book Category: 

Locking Down WordPress

WordPress powers a shitload of websites. WordPress is an easy to use and powerful web application, yet it is wrongfully infamous for it’s security (or to many lack their off). This free e-book is a short Question/Answer paper from three different professional WordPress developers. Although the e-book was published in 2012, practically all of the content is still relevant. This book goes through a handful of common WordPress security questions. Some example questions include:

What’s the one, overriding security essential that goes into every project you work on?
If you had one piece of WordPress security advice to share, what would it be?

All of which are uniquely answered by all three WordPress professionals based on their experience. One thing that I noticed is that most of the answers were mainly concerning WordPress in a shared hosting environment. I would’ve like to see tips regarding securing WordPress in a complex environment, and large high traffic/availability environment. As well as securing WordPress using third party tools like web application firewalls, though I can foresee this being somewhat out of scope.

I have a solid understanding of locking down a WordPress application. Even, as seasoned as user, administrator, and up to a certain point a; a developer. I actually learned something really important on securing WordPress that I completely oversee. That is removing world/all readable access to wp-config.php, this is something that I completely never thought of, yet without this change anyone can easily grab your database credentials. Another good tip I got by reading this free e-book was on dealing with hosting providers.

WordPress is like any other web application, yet idiots like to scrutinize it in a negative way. Almost as like if their shit doesn’t smell, but I digress. Like any other web application, it’s just a matter of keeping up with updates, restricting access, and having common sense of what third party code to integrate onto your application; will help you keep a your website secure and running without hiccups.

Although much of the content is mentioned on the official WordPress security guides (https://codex.wordpress.org/Hardening_WordPress and https://codex.wordpress.org/FAQ_My_site_was_hacked) I'd highly recommend anyone using WordPress to read this free e-book.

Rating: 3/5

Locking Down WordPress

Book: 

Book Category: 

Penetration Testing with the Bash Shell

This short book is an excellent introductory resource for anyone wanting to start using Kali Linux's security command line utilities. Although the first chapter details essential Bash features such as file system navigation, pipes, I/O redirections, and regular expressions, I personally think anyone reading this book should already have intermediate or advance knowledge in Bash. Thus said, considering myself an advance Bash user, thanks to this book I learned how create customized auto-complete prompts. This feature in Bash which I wasn't aware of can be a time saver, as it helps you list additional command line options without essentially having to canceling out the current command in session, to open up a man page or re-run a help menu for the particular tool you're using.

The main focal point of the book is demonstration clever Bash tricks with a handful of security command line utilities included in Kali Linux. The nifty usage of Bash to further enhance the usage of the command line utilities are made via regular expressions, looping, backtick/$() shell integration techniques to just named a few. The book describes the usage of such security tools, just enough were any reader can easily understand its use and if they want to learn more, they should already learned the absolute basics on how to use such utility. The book even goes as far as providing links to every tool that it demonstrates in case the reader wants to learn the tool more in depth.

Overall, I would definitely recommend this book to anyone wanting to get their feet wet using Kali Linux for the first time. The book is excellently written, as I was able to read it in its entirely on a Sunday afternoon.

Chapter 1: Getting to Know Bash
Chapter 2: Customizing Your Shell
Chapter 3: Networking Reconnaissance
Chapter 4: Exploitation and Reverse Engineering
Chapter 5: Network Exploitation and Monitoring

Rating: 4/5

Penetration Testing with the Bash Shell - Make the most of Bash shell and Kali Linux’s command line based security assessment tools.

Book: 

Book Category: 

Instant Metasploit Starter

Packt Publishing's Instant Starter book serious are a lot like O'Reilly pocket reference/guides book series. Instant Metasploit Starter is a really short introduction guide to the Metasploit Framework. As expected, this book mostly describes using Metasploit via msfconsole over any other interfaces to the Metasploit Framework. This book does an excellent job describing the absolute basics of the core essential parts of Metasploit; Msfconsole, Exploits/Payloads, Meterpreter and Auxiliary Modules.

This book is short, with a total of 60 pages (epub Ebook), this book covers a basic (yet deadly) Microsoft Windows RPC DCOM exploit, and the cool things we can do once we have a Meterpreter session with the compromised system as well as a browser based client-side attacks using auxiliary modules. This book teaches you enough material, were you should be able to easily play around with other different exploits and their respective payloads.

I'm not an InfoSec professional (not yet at least) nor am I an Metasploit Framework expert by any means, thus said, I was surprised how such a short book can well describe the basics of Metasploit, and thus would recommend it to anyone interested in learning the MSF. This book gives you the good solid grounds were you can then later read other books that cover the MSF more in detailed, as well as the awesome documentation that the wonderful team at Offensive Security provides, http://www.offensive-security.com/metasploit-unleashed/Main_Page .

Rating: 4/5
Instant Metasploit Starter

Book: 

Book Category: 

Premium Drupal Themes by Adaptivethemes