gogogo
Syndetics cover image
Image from Syndetics

Seven deadliest USB attacks [electronic book] / Brian Anderson, Barbara Anderson ; technical editor, Andrew Rabie.

By: Contributor(s): Material type: TextTextSeries: Syngress seven deadliest attacks seriesPublication details: Burlington, MA : Syngress, c2010.Description: xiv, 222 p. : ill. ; 24 cmISBN:
  • 1597495530
  • 9781597495530
Subject(s): Genre/Form: Additional physical formats: No titleOnline resources:
Contents:
Introduction -- Chapter 1: USB Hacksaw -- Chapter 2: USB Switchblade -- Chapter 3: USB Based Virus / Malicious Code Launch -- Chapter 4: USB Device OverFlow -- Chapter 5: USB Ramdump  -- Chapter 6: Podslurping-A USB Problem -- Chapter 7: Social Engineering and USB Come Together for a Brutal Attack --   --   --  .
Summary: Do you need to keep up with the latest hacks, attacks, and exploits effecting USB technology? Then you need Seven Deadliest USB Attacks. This book pinpoints the most dangerous hacks and exploits specific to USB, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Attacks detailed in this book include: USB Hacksaw USB Switchblade USB Based Virus/Malicous Code Launch USB Device Overflow RAMdump Pod Slurping Social Engineering and USB Technology Knowledge is power, find out about the most dominant attacks currently waging war on computers and networks globally Discover the best ways to defend against these vicious attacks; step-by-step instruction shows you how Institute countermeasures, don't be caught defenseless again, learn techniques to make your computer and network impenetrable.
No physical items for this record

Enhanced descriptions from Syndetics:

Seven Deadliest USB Attacks provides a comprehensive view of the most serious types of Universal Serial Bus (USB) attacks. While the book focuses on Windows systems, Mac, Linux, and UNIX systems are equally susceptible to similar attacks. If you need to keep up with the latest hacks, attacks, and exploits effecting USB technology, then this book is for you. This book pinpoints the most dangerous hacks and exploits specific to USB, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. The attacks outlined in this book are intended for individuals with moderate Microsoft Windows proficiency.

The book provides the tools, tricks, and detailed instructions necessary to reconstruct and mitigate these activities while peering into the risks and future aspects surrounding the respective technologies. There are seven chapters that cover the following: USB Hacksaw; the USB Switchblade; viruses and malicious codes; USB-based heap overflow; the evolution of forensics in computer security; pod slurping; and the human element of security, including the risks, rewards, and controversy surrounding social-engineering engagements.

This book was written to target a vast audience including students, technical staff, business leaders, or anyone seeking to understand fully the removable-media risk for Windows systems. It will be a valuable resource for information security professionals of all levels, as well as web application developers and recreational hackers.

Includes index.

Introduction -- Chapter 1: USB Hacksaw -- Chapter 2: USB Switchblade -- Chapter 3: USB Based Virus / Malicious Code Launch -- Chapter 4: USB Device OverFlow -- Chapter 5: USB Ramdump  -- Chapter 6: Podslurping-A USB Problem -- Chapter 7: Social Engineering and USB Come Together for a Brutal Attack --   --   --  .

Do you need to keep up with the latest hacks, attacks, and exploits effecting USB technology? Then you need Seven Deadliest USB Attacks. This book pinpoints the most dangerous hacks and exploits specific to USB, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Attacks detailed in this book include: USB Hacksaw USB Switchblade USB Based Virus/Malicous Code Launch USB Device Overflow RAMdump Pod Slurping Social Engineering and USB Technology Knowledge is power, find out about the most dominant attacks currently waging war on computers and networks globally Discover the best ways to defend against these vicious attacks; step-by-step instruction shows you how Institute countermeasures, don't be caught defenseless again, learn techniques to make your computer and network impenetrable.

Electronic reproduction. Amsterdam : Elsevier Science & Technology, 2010. Mode of access: World Wide Web. System requirements: Web browser. Title from title screen (viewed on May 12, 2010). Access may be restricted to users at subscribing institutions.

Table of contents provided by Syndetics

  • About the Authors (p. ix)
  • Introduction (p. xi)
  • Chapter 1 USB Hacksaw (p. 1)
  • Sharing Away your Future (p. 2)
  • Anatomy of the Attack (p. 5)
  • Universal Serial Bus (p. 5)
  • U3 and Flash Drive CD-ROM Emulation (p. 5)
  • Inside the Hacksaw Attack (p. 6)
  • Hacksaw Removal (p. 17)
  • What is the Big Deal? (p. 17)
  • Regulators, Mount Up (p. 18)
  • Evolution of the Portable Platform (p. 20)
  • Portable Platforms (p. 20)
  • Hacksaw Development (p. 22)
  • Defending against This Attack (p. 23)
  • Summary (p. 26)
  • Endnotes (p. 26)
  • Chapter 2 USB Switchblade (p. 27)
  • Passing Grades (p. 28)
  • Inside the Switchblade (p. 31)
  • Switchblade Tool Summaries (p. 32)
  • Switchblade Assembly (p. 38)
  • Why Should I Care? (p. 51)
  • Evolving Aspects (p. 52)
  • Privilege Elevation (p. 54)
  • Defensive Techniques (p. 54)
  • System Execution Prevention and USB Antidote (p. 55)
  • Biometrics and Token Security (p. 57)
  • Password Protection Practices (p. 57)
  • Windows Group Policy Options (p. 60)
  • Browser Settings and Screen Savers (p. 61)
  • Summary (p. 63)
  • Chapter 3 USB-Based Virus/Malicious Code Launch (p. 65)
  • Invasive Species among Us (p. 66)
  • An Uncomfortable Presentation (p. 67)
  • Anatomy of the Attack (p. 69)
  • Malicious Code Methodologies (p. 69)
  • Autorun (p. 74)
  • How to Recreate the Attack (p. 79)
  • Evolution of the Attack (p. 85)
  • Why all the Fuss? (p. 88)
  • Botnets (p. 88)
  • Distributed Denial-of-Service Attacks (p. 88)
  • E-mail Spamming (p. 88)
  • Infecting New Hosts (p. 89)
  • Identity Theft (p. 89)
  • Transporting Illegal Software (p. 89)
  • Google AdSense and Advertisement Add-On Abuse (p. 89)
  • Defending against this Attack (p. 90)
  • Antimalware (p. 92)
  • Summary (p. 96)
  • Endnotes (p. 96)
  • Chapter 4 USB Device Overflow (p. 97)
  • Overflow Overview (p. 97)
  • Analyzing this Attack (p. 99)
  • Device Drivers (p. 99)
  • Going with the Overflow (p. 100)
  • USB Development and the Hole in the Heap (p. 103)
  • Ever-Present Exposures (p. 105)
  • Overflow Outlook (p. 106)
  • Defensive Strategies (p. 107)
  • Drivers (p. 107)
  • Physical Protection Mechanisms (p. 114)
  • Summary (p. 115)
  • Endnote (p. 116)
  • Chapter 5 RAM dump (p. 117)
  • Gadgets Gone Astray (p. 118)
  • Digital Forensic Acquisition Examination (p. 118)
  • Computer Online Forensic Evidence Extractor or Detect and Eliminate Computer-Assisted Forensics? (p. 119)
  • Memory Gatherings (p. 120)
  • Reconstructing the Attack (p. 122)
  • Mind your Memory (p. 133)
  • Advancements in Memory Analysis (p. 136)
  • ManTech DD (p. 136)
  • Additional Analysis Tools (p. 140)
  • Future Memories (p. 141)
  • The Room with an Evil View (p. 141)
  • Hindering the Gatherers (p. 143)
  • Security Framework, Programs, and Governance (p. 143)
  • Trackers and Remote Management (p. 145)
  • BIOS Features (p. 147)
  • Trustless Execution Technology and Module Platform (p. 148)
  • Enhancing the Encryption Experience (p. 149)
  • BitLocker and TrueCrypt (p. 150)
  • Summary (p. 151)
  • Endnotes (p. 151)
  • Chapter 6 Pod Slurping (p. 153)
  • Attack of the Data Snatchers (p. 154)
  • Anatomy of a Slurp (p. 155)
  • How to Recreate the Attack (p. 156)
  • Risky Business (p. 157)
  • Pod Proliferation (p. 158)
  • Advancements in This Attack (p. 159)
  • Breaking Out of Jobs' Jail (p. 160)
  • Mitigating Measures (p. 170)
  • Put your Clients on a Data Diet (p. 170)
  • Hijacking an iPhone (p. 173)
  • Summary (p. 175)
  • Endnotes (p. 176)
  • Chapter 7 Social Engineering and USB come Together for a Brutal Attack (p. 177)
  • Brain Games (p. 178)
  • Hacking the Wetware (p. 179)
  • Reverse Social Engineering (p. 179)
  • Penetration of a Vulnerable Kind (p. 180)
  • Elevated Hazards (p. 204)
  • Legitimate Social Engineering Concerns (p. 205)
  • Generations of Influences (p. 206)
  • USB Multipass (p. 208)
  • Thwarting These Behaviors (p. 208)
  • Security Awareness and Training (p. 208)
  • Behavioral Biometrics (p. 210)
  • Windows Enhancements (p. 211)
  • Summary (p. 216)
  • Overview (p. 216)
  • Endnotes (p. 217)
  • Index (p. 219)

Author notes provided by Syndetics

Brian Anderson started his security career as a USMC Military Police officer. During his tour in the USMC Brian also served as an instructor for weapons marksmanship, urban combat, building entry techniques and less than lethal munitions. He also took part in the Somalia humanitarian efforts and several training engagements in the Middle East.

Brian's technical experience began when he joined EDS where he became part of a leveraged team and specialized in infrastructure problem resolution, disaster recovery and design and security. His career progression was swift carrying him through security engineering and into architecture where he earned a lead role. Brian was a key participant in many high level security projects driven by HIPAA, PCI, SOX, FIPS and other regulatory compliance which included infrastructure dependent services, multi-tenant directories, IdM, RBAC, SSO, WLAN, full disk and removable media encryption, leveraged perimeter design and strategy. He has earned multiple certifications for client, server and network technologies. Brian has written numerous viewpoint and whitepapers for current and emerging technologies and is a sought out expert on matters of security, privacy and penetration testing. Brian is an avid security researcher with expertise in reverse engineering focusing on vulnerabilities and exploits and advising clients on proper remediation.

Barbara Anderson has worked in the information technology industry as a network and server security professional for over eleven years. During that time, she has been acting as a senior network security engineer who provides consulting and support for all aspects of network and security design. Barbara comes from a strong network security background and has extensive experience in enterprise design, implementation and life-cycle management.

Barbara proudly served her country for over four years in the United States Air force and has enjoyed successful positions at EDS, SMU, Fujitsu, ACS and Fishnet Security. These experiences and interactions have allowed her to become an expert in enterprise security, product deployment and training.

Powered by Koha