RE: Penetration Whitepapers

["Erik Birkholz" <erik () foundstone com>]

<Blatant_Bias_Warning>  I am the lead author on the Special Ops book. </Blatant_Bias_Warning>

        In Special Ops (www.SpecialOpsSecurity.com) we have a minimum of one case study per chapter. That should help 
you along. Additionally, the Incident Response books by Osborne are a great read if you are focused on the response 
part.

        The problem I see with your post is that it is VERY broad.  Give us some more specifics and I think you will 
get a better response. For example, who is your audience? Then move into, what is your goal for this data given the 
audience you selected. Then we should be able to chime in effectively.  Otherwise, you can probably expect emails that 
plug this or that book... Wait! Ummm. Err. Too late.  ;)





-----Original Message-----
From: Technoboy [mailto:technoboy () packetswar org] 
Sent: Monday, February 16, 2004 9:56 AM
To: pen-test () securityfocus com
Subject: RE: Penetration Whitepapers


For 'real life example' I would also recommand the following books:

Addison Wesley - Web Hacking Attacks and Defence [ISBM:0201761769] Prentice Hall PTR - IT Security: Risking the 
Corporation [ISBN:013101112]

The Prentice book might be exactly what you are looking for.

Hope it help,

-
Anon


-----Original Message-----
From: Ricardo AbrahamAréchiga Cervantes [mailto:raac () academ01 gda itesm mx] 
Sent: Friday, February 13, 2004 6:21 PM
To: pen-test () securityfocus com
Cc: Rob Havelt
Subject: Re: Penetration Whitepapers

Hi,

Too much fiction, but this books can help you:

- Hacker's Challenge 2: Test Your Network Security & Forensic Skills
- Stealing the Network: How to Own the Box

Ricardo Abraham


Rob Havelt wrote:
> I'm looking for either white papers or case studies or some such
> detailing actual real world attacks (more like real-world computer 
> crime, computer fraud, internal attacks, etc. and less on the damage 
> from worms or virus, DDoS, or the like) on companies who either didn't 
> know that they had a bad security posture, couldn't keep on top of 
> infosec issues, or ones who knew (either as the result of a pen test, 
> health check, or some other VA) and simply didn't take any steps 
> toward remediation.



---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------