Catálogo de publicaciones

Contrary to popular belief, there has never been any shortage of Macintosh-related security issues. OS9 had issues that warranted attention. However, due to both ignorance and a lack of research, many of these issues never saw the light of day. No solid techniques were published for executing arbitrary code on OS9, and there are no notable legacy Macintosh exploits. Due to the combined lack of obvious vulnerabilities and accompanying exploits, Macintosh appeared to be a solid platform. Threats to Macintosh's OS X operating system are increasing in sophistication and number. Whether it is the exploitation of an increasing number of holes, use of rootkits for post-compromise concealment or disturbed denial of service, knowing why the system is vulnerable and understanding how to defend it is critical to computer security.

* Macintosh OS X Boot Process and Forensic Software All the power, all the tools, and all the geekery of Linux is present in Mac OS X. Shell scripts, X11 apps, processes, kernel extensions...it's a UNIX platform....Now, you can master the boot process, and Macintosh forensic software.

* Look Back Before the Flood and Forward Through the 21st Century Threatscape Back in the day, a misunderstanding of Macintosh security was more or less industry-wide. Neither the administrators nor the attackers knew much about the platform. Learn from Kevin Finisterre how and why that has all changed!

* Malicious Macs: Malware and the Mac As OS X moves further from desktops, laptops, and servers into the world of consumer technology (iPhones, iPods, and so on), what are the implications for the further spread of malware and other security breaches? Find out from David Harley.

* Malware Detection and the Mac Understand why the continuing insistence of vociferous Mac zealots that it "can't happen here" is likely to aid OS X exploitationg

* Mac OS X for Pen Testers With its BSD roots, super-slick graphical interface, and near-bulletproof reliability, Apple's Mac OS X provides a great platform for pen testing.

* WarDriving and Wireless Penetration Testing with OS X Configure and utilize the KisMAC WLAN discovery tool to WarDrive. Next, use the information obtained during a WarDrive, to successfully penetrate a customer's wireless network.

* Leopard and Tiger Evasion Follow Larry Hernandez through exploitation techniques, tricks, and features of both OS X Tiger and Leopard, using real-world scenarios for explaining and demonstrating the concepts behind them.

* Encryption Technologies and OS X Apple has come a long way from the bleak days of OS9. THere is now a wide array of encryption choices within Mac OS X. Let Gareth Poreus show you what they are.

* Cuts through the hype with a serious discussion of the security
vulnerabilities of the Mac OS X operating system
* Reveals techniques by which OS X can be "owned"
* Details procedures to defeat these techniques
* Offers a sober look at emerging threats and trends

OS X Incident Response: Scripting and Analysis is written for analysts who are looking to expand their understanding of a lesser-known operating system. By mastering the forensic artifacts of OS X, analysts will set themselves apart by acquiring an up-and-coming skillset.

Digital forensics is a critical art and science. While forensics is commonly thought of as a function of a legal investigation, the same tactics and techniques used for those investigations are also important in a response to an incident. Digital evidence is not only critical in the course of investigating many crimes but businesses are recognizing the importance of having skilled forensic investigators on staff in the case of policy violations.

Perhaps more importantly, though, businesses are seeing enormous impact from malware outbreaks as well as data breaches. The skills of a forensic investigator are critical to determine the source of the attack as well as the impact. While there is a lot of focus on Windows because it is the predominant desktop operating system, there are currently very few resources available for forensic investigators on how to investigate attacks, gather evidence and respond to incidents involving OS X. The number of Macs on enterprise networks is rapidly increasing, especially with the growing prevalence of BYOD, including iPads and iPhones.

Author Jaron Bradley covers a wide variety of topics, including both the collection and analysis of the forensic pieces found on the OS. Instead of using expensive commercial tools that clone the hard drive, you will learn how to write your own Python and bash-based response scripts. These scripts and methodologies can be used to collect and analyze volatile data immediately.

• Focuses exclusively on OS X attacks, incident response, and forensics
• Provides the technical details of OS X so you can find artifacts that might be missed using automated tools
• Describes how to write your own Python and bash-based response scripts, which can be used to collect and analyze volatile data immediately
• Covers OS X incident response in complete technical detail, including file system, system startup and scheduling, password dumping, memory, volatile data, logs, browser history, and exfiltration

This book is the definitive guide on the OSSEC Host-based Intrusion Detection system and frankly, to really use OSSEC you are going to need a definitive guide. Documentation has been available since the start of the OSSEC project but, due to time constraints, no formal book has been created to outline the various features and functions of the OSSEC product. This has left very important and powerful features of the product undocumented...until now! The book you are holding will show you how to install and configure OSSEC on the operating system of your choice and provide detailed examples to help prevent and mitigate attacks on your systems. -- Stephen Northcutt OSSEC determines if a host has been compromised in this manner by taking the equivalent of a picture of the host machine in its original, unaltered state. This "picture" captures the most relevant information about that machine's configuration. OSSEC saves this "picture" and then constantly compares it to the current state of that machine to identify anything that may have changed from the original configuration. Now, many of these changes are necessary, harmless, and authorized, such as a system administrator installing a new software upgrade, patch, or application. But, then there are the not-so-harmless changes, like the installation of a rootkit, trojan horse, or virus. Differentiating between the harmless and the not-so-harmless changes determines whether the system administrator or security professional is managing a secure, efficient network or a compromised network which might be funneling credit card numbers out to phishing gangs or storing massive amounts of pornography creating significant liability for that organization. Separating the wheat from the chaff is by no means an easy task. Hence the need for this book. The book is co-authored by Daniel Cid, who is the founder and lead developer of the freely available OSSEC host-based IDS. As such, readers can be certain they are reading the most accurate, timely, and insightful information on OSSEC.

All disc-based content for this title is now available on the Web.

* Nominee for Best Book Bejtlich read in 2008!
* http://taosecurity.blogspot.com/2008/12/best-book-bejtlich-read-in-2008.html


• Get Started with OSSEC
Get an overview of the features of OSSEC including commonly used terminology, pre-install preparation, and deployment considerations.
• Follow Steb-by-Step Installation Instructions
Walk through the installation process for the "local”, “agent”, and "server" install types on some of the most popular operating systems available.
• Master Configuration
Learn the basic configuration options for your install type and learn how to monitor log files, receive remote messages, configure email notification, and configure alert levels.
• Work With Rules
Extract key information from logs using decoders and how you can leverage rules to alert you of strange occurrences on your network.
• Understand System Integrity Check and Rootkit Detection
Monitor binary executable files, system configuration files, and the Microsoft Windows registry.
• Configure Active Response
Configure the active response actions you want and bind the actions to specific rules and sequence of events.
• Use the OSSEC Web User Interface
Install, configure, and use the community-developed, open source web interface available for OSSEC.
• Play in the OSSEC VMware Environment Sandbox
• Dig Deep into Data Log Mining
Take the “high art” of log analysis to the next level by breaking the dependence on the lists of strings or patterns to look for in the logs.

Osteogenesis Imperfecta is the first translational reference professionals can turn to for a source of comprehensive information on this disorder. Although several reviews of the field have been published in various journals, there is no other single source for a compendium of current information. Separate chapters discuss each of the several clinical features of OI. Ethical issues related to OI are discussed, as is the importance of nutrition in managing the OI child and the OI adult. The role of physical medicine and rehabilitation for OI patients is also presented, along with the current status of OI medical treatment and the prospects for genetic engineering in the future. The text also provides the orthopedic surgeon with an advanced discussion of surgical techniques applicable to OI.

• Incorporates chapters and information on the ethical issues related to osteogenesis imperfecta (OI) as will the importance of nutrition in managing the OI child and the OI adult
• Offers new insights into the underlying mechanisms of collagen biochemistry as related to OI as well as a presentation of intracellular collagen processing and the expanded role of protein chaperones in OI
• Discusses the role of physical medicine and rehabilitation for OI patients and the current status of OI medical treatment as well as prospects for genetic engineering in the future
• Provides a unique overview for the orthopedic surgeon with an advanced discussion of surgical techniques applicable to OI

Osteoimmunology: Interactions of the Immune and Skeletal Systems, Second Edition, explores the advancements that have been made in the field during the last 40 years, including valuable information on our understanding of the interactions between hematopoietic, immune, and bone cells, now known as the field of osteoimmunology.

This comprehensive work offers the most extensive summaries of research trends in the field and their translation into new therapeutics.

Early chapters deal with the development of osteoblasts, osteoclasts, hematopoietic stem cells, T and B-lymphocytes, and communications between these cellular elements, while later sections contain discussions of the signaling pathways by which RANKL influences osteoclast development and function. Subsequent chapters explore the effects that estrogen has on bone and the immune system, the development of pathologic conditions, and the growing research around osteoporosis, Paget’s disease, the genetics of bone disease, and bone cancer metastasis.

• Explains the intricate interaction between the immune system and bone
• Features detailed discussions of the key cellular and molecular mechanisms governing the homeostasis of the individual systems
• Facilitates greater understanding of osteoimmunologic networks, their environments, and how this understanding leads to better treatments for human diseases involving both systems