Kali linux 1.0.7 has just been released, complete with a whole bunch of tool updates, a new kernel, and some cool new features. Check out our changelog for a full list of these items. As usual, you don’t need to re-download or re-install Kali to benefit from these updates – you can update to the latest and greatest using these simple commands:

apt-get update
apt-get dist-upgrade
# If you've just updated your kernel, then:
reboot

Kali Linux Encrypted USB Persistence

One of the new sought out features introduced (which is also partially responsible for the kernel update) is the ability to create Kali Linux Live USB with LUKS Encrypted Persistence. This feature ushers in a new era of secure Kali Linux USB portability, allowing us to either boot to a “clean” Kali image or alternatively, overlay it with the contents of a persistent encrypted partition, all within the same USB drive.

Tool Developers Ahoy!

This release also marks the beginning of some co-ordinated efforts between Kali developers and tool developers to make sure their tools are represented correctly and are fully functional within Kali Linux. We would like to thank the metasploit, w3af, and wpscan dev teams for working with us to perfect their Kali packages and hope that more tool developers join in. Tool developers are welcome to send us an email to and we’ll be happy to work with you to better integrate your tool into Kali.

Kali Linux: Greater Than the Sum of its Parts

For quite some time now, we’ve been preaching that Kali Linux is more than a “Linux distribution with a collection of tools in it”. We invest a significant of time and resources developing and enabling features in the distribution which we think are useful for penetration testers and other security professionals. These features range from things like “live-build“, which allows our end users to easily customize their own Kali ISOs to features like Live USB persistence encryption, which provides paranoid users with an extra layer of security. Many of these features are unique to Kali and can be found nowhere else. We’ve started tallying these features and linking them from our Kali documentation page – check it out, it’s growing to be an impressive list!

[Download]

Tools used for penetration testing are often purchased or downloaded from the Internet. Each tool is based on a programming language such as Perl, Python, or Ruby. If a penetration tester wants to extend, augment, or change the functionality of a tool to perform a test differently than the default configuration, the tester must know the basics of coding for the related programming language. Coding for Penetration Testers provides the reader with an understanding of the scripting languages that are commonly used when developing tools for penetration testing. It also guides the reader through specific examples of custom tool development and the situations where such tools might be used. While developing a better understanding of each language, the reader is guided through real-world scenarios and tool development that can be incorporated into a tester's toolkit.

[Download]

Sybex is now the official publisher for Certified Wireless Network Professional, the certifying vendor for the CWSP program. This guide covers all exam objectives, including WLAN discovery techniques, intrusion and attack techniques, 802.11 protocol analysis. Wireless intrusion-prevention systems implementation, layer 2 and 3 VPNs used over 802.11 networks, and managed endpoint security systems. It also covers enterprise/SMB/SOHO/Public-Network Security design models and security solution implementation, building robust security networks, wireless LAN management systems, and much more.

[Download]

Table of Contents
Preface
Chapter 1: Getting Started with Client-Side Endpoint Protection Tasks
Chapter 2: Planning and Rolling Installation
Chapter 3: SCEP Configuration
Chapter 4: Client Deployment Preparation and Deployment
Chapter 5: Common Tasks
Chapter 6: Management Tasks
Chapter 7: Reporting
Chapter 8: Troubleshooting
Chapter 9: Building an SCCM 2012 Lab
Appendix
Index

[Download]

Table of Contents
Preface
Chapter 1: Getting Started with Firebug
Chapter 2: Firebug Window Overview
Chapter 3: Inspecting and Editing HTML
Chapter 4: CSS Development
Chapter 5: JavaScript Development
Chapter 6: Knowing Your DOM
Chapter 7: Performance Tuning Our Web Application
Chapter 8: AJAX Development
Chapter 9: Tips and Tricks for Firebug
Chapter 10: Necessary Firebug Extensions
Chapter 11: Extending Firebug
Appendix: A Quick Overview of Firebug's Features and Options
Index

[Download]

Many Unix, Linux, and Mac OS X geeks enjoy using the powerful, platform-agnostic text editors vi and Vim, but there are far too many commands for anyone to remember. Author Arnold Robbins has chosen the most valuable commands for vi, Vim, and vi's main clones-vile, elvis, and nvi-and packed them into this easy-to-browse pocket reference. You'll find commands for all kinds of editing tasks, including programming, modifying system files, writing and marking up articles, and more.

[Download]

What if you could sit down with some of the most talented security engineers in the world and ask any network security question you wanted? Security Power Tools lets you do exactly that! Members of Juniper Networks' Security Engineering team and a few guest experts reveal how to use, tweak, and push the most popular network security applications, utilities, and tools available using Windows, Linux, Mac OS X, and Unix platforms.

Designed to be browsed, Security Power Tools offers you multiple approaches to network security via 23 cross-referenced chapters that review the best security tools on the planet for both black hat techniques and white hat defense tactics. It's a must-have reference for network administrators, engineers and consultants with tips, tricks, and how-to advice for an assortment of freeware and commercial tools, ranging from intermediate level command-line operations to advanced programming of self-hiding exploits.

[Download]

[Amazon review]
Google's Android is shaking up the mobile market in a big way. With Android, you can write programs that run on any compatible cell phone or tablet in the world. It's a mobile platform you can't afford not to learn, and this book gets you started. Hello, Android has been updated to Android 2.3.3, with revised code throughout to reflect this updated version. That means that the book is now up-to-date for tablets such as the Kindle Fire. All examples were tested for forwards and backwards compatibility on a variety of devices and versions of Android from 1.5 to 4.0. (Note: the Kindle Fire does not support home screen widgets or wallpaper, so those samples couldn't be tested on the Fire.)

Android is an operating system for mobile phones and tablets. It's inside millions of cell phones and other devices, including the hugely popular Amazon Kindle Fire, making Android the foremost platform for mobile application developers. That could be your own program running on all those devices.

Within minutes, Hello, Android will get you started creating your first working application: Android's version of "Hello, World." From there, you'll build up a more substantial example: an Android Sudoku game. By gradually adding features to the game, you'll learn the basics of Android programming. You'll also see how to build in audio and video support, add graphics using 2D and 3D OpenGL, network with web pages and web services, and store data with SQLite. You'll also learn how to publish your applications to the Android Market.

The #1 book for learning Android is now in its third edition. Every page and example was reviewed and updated for compatibility with the latest versions. Freshly added material covers installing applications to the SD card, supporting multi-touch, and creating live wallpaper. You'll also find plenty of real-world advice on how to support all major Android versions in use today.

[Download]

This book is written for beginner analysts and includes 46 step-by-step labs to walk you through many of the essential skills contained herein. This book provides an ideal starting point whether you are interested in analyzing traffic to learn how an application works, you need to troubleshoot slow network performance, or determine whether a machine is infected with malware.

[Download]

Table of Contents

Preface
Chapter 1: Getting Started with Vim
Chapter 2: Personalizing Vim
Chapter 3: Better Navigation
Chapter 4: Production Boosters
Chapter 5: Advanced Formatting
Chapter 6: Basic Vim Scripting
Chapter 7: Extended Vim Scripting
Appendix A: Vim Can Do Everything
Appendix B: Vim Configuration Alternatives
Index

[Download]

The Handbook of Digital Forensics and Investigation builds on the success of the Handbook of Computer Crime Investigation, bringing together renowned experts in all areas of digital forensics and investigation to provide the consummate resource for practitioners in the field.
This unique collection details how to conduct digital investigations in both criminal and civil contexts, and how to locate and utilize digital evidence on computers, networks, and embedded systems. Specifically, the Investigative Methodology section of the Handbook provides expert guidance in the three main areas of practice: Forensic Analysis, Electronic Discovery and Intrusion Investigation. The Technology section is extended and updated to reflect the state of the art in each area of specialization. The main areas of focus in the Technology section are forensic analysis of Windows, Unix, Macintosh, and embedded systems (including cellular telephones and other mobile devices), and investigations involving networks (including enterprise environments and mobile telecommunications technology).
[Download]

If you've asked someone the secret to writing efficient, well-written software, the answer that you've probably gotten is "learn assembly language programming." By learning assembly language programming, you learn how the machine really operates and that knowledge will help you write better high-level language code. A dirty little secret assembly language programmers rarely admit to, however, is that what you really need to learn is machine organization, not assembly language programming. Write Great Code Vol I, the first in a series from assembly language expert Randall Hyde, dives right into machine organization without the extra overhead of learning assembly language programming at the same time. And since Write Great Code Vol I concentrates on the machine organization, not assembly language, the reader will learn in greater depth those subjects that are language-independent and of concern to a high level language programmer. Write Great Code Vol I will help programmers make wiser choices with respect to programming statements and data types when writing software, no matter which language they use.

[Volume 1]  [Volume 2]

Passionately democratic in its advocacy of networking for the masses, this is the first book on Linux networking written especially for the novice user. Because the free, open-source Linux operating system is winning so many converts today, the number of Linux-based networks will grow exponentially over the next few years. Taking up where Linux Clearly Explained left off, Linux Networking Clearly Explained walks the reader through the creation of a TCP/IP-based, Linux-driven local area network, beginning with a "sandbox" installation involving just two or three computers. Readers master the fundamentals of system and network administration-including handling user accounts and setting up security-in this less complex environment. The author then helps them along to the more sophisticated techniques associated with connecting this network to the Internet.
* Focuses on the 20% of Linux networking knowledge that satisfies 80% of network needs-including the needs of small businesses, workgroups within enterprises and high-tech homes.
* Teaches novices to implement DNS servers, network information services

[Download]

What can you do with the Raspberry Pi, a $35 computer the size of a credit card? All sorts of things! If you’re learning how to program, or looking to build new electronic projects, this hands-on guide will show you just how valuable this flexible little platform can be.
This book takes you step-by-step through many fun and educational possibilities. Take advantage of several preloaded programming languages. Use the Raspberry Pi with Arduino. Create Internet-connected projects. Play with multimedia. With Raspberry Pi, you can do all of this and more.

• Get acquainted with hardware features on the Pi’s board
• Learn enough Linux to move around the operating system
• Pick up the basics of Python and Scratch—and start programming
• Draw graphics, play sounds, and handle mouse events with the Pygame framework
• Use the Pi’s input and output pins to do some hardware hacking
• Discover how Arduino and the Raspberry Pi complement each other
• Integrate USB webcams and other peripherals into your projects
• Create your own Pi-based web server with Python.

[Download]

The real challenge of programming isn't learning a language's syntax—it's learning to creatively solve problems so you can build something great. In this one-of-a-kind text, author V. Anton Spraul breaks down the ways that programmers solve problems and teaches you what other introductory books often ignore: how to Think Like a Programmer. Each chapter tackles a single programming concept, like classes, pointers, and recursion, and open-ended exercises throughout challenge you to apply your knowledge. You'll also learn how to:

• Split problems into discrete components to make them easier to solve
• Make the most of code reuse with functions, classes, and libraries
• Pick the perfect data structure for a particular job
• Master more advanced programming tools like recursion and dynamic memory
• Organize your thoughts and develop strategies to tackle particular types of problems

Although the book's examples are written in C++, the creative problem-solving concepts they illustrate go beyond any particular language; in fact, they often reach outside the realm of computer science. As the most skillful programmers know, writing great code is a creative art—and the first step in creating your masterpiece is learning to Think Like a Programmer.

[Download]

Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.

This week the latest version was released, Acunetix Vulnerability Scanner 9.5.

Features

• AcuSensor Technology
• Industry’s most advanced and in-depth SQL injection and Cross site scripting testing
• Advanced penetration testing tools, such as the HTTP Editor and the HTTP Fuzzer
• Visual macro recorder makes testing web forms and password protected areas easy
• Support for pages with CAPTCHA, single sign-on and Two Factor authentication mechanisms
• Extensive reporting facilities including PCI compliance reports
• Multi-threaded and lightning fast scanner – processes thousands of pages with ease
• Intelligent crawler detects web server type, application language and smartphone-optimized sites.
• Acunetix crawls and analyzes different types of websites including HTML5, SOAP and AJAX
• Port scans a web server and runs security checks against network services running on the server

This new release adds the ability to run security scans on applications built with Google Web Toolkit (GWT). It can also automatically test JSON and XML data objects for vulnerabilities. In addition, vulnerabilities are now also classified using CVE, CWE and CVSS, and AcuSensor has been updated for .NET 4.5 web applications.

Download Acunetix Vulnerability Scanner 9.5

Protect your business. Protect your customers. Here's how: websites built on open source Content Management Systems (CMSs) are uniquely vulnerable. If you are responsible for maintaining one, or if you are the executive or business owner in charge of approving IT budgets, you need to know what's in this book. Here's the lowdown on very real security threats, how attacks are carried out, what security measures you need to take, and how to compile a disaster recovery plan. Don't wait. Your business may depend on the action you take.

2011 | 432 Pages | ISBN: 0470916214 | EPUB | 14 MB

[Download]