Extreme Exploits Advanced Defenses Against Hardcore Hacks

Published by McGraw-Hill/Osborne
7 3/8 x 9 1/8
ISBN: 0-07-225955-8
448 pages, 50 illustrations
EAN: 9780072259551

Articles in Periodicals

Network Defense Applications using IP Sinkholes

Available in English, Deutsch, Italiano, Espanol, Francais, Czech, Polska.
Published by Hakin9 Magazine
September 2006 Issue, International
Printed in the U.S.A., Germany, France, Italy, Spain, Czech Republic, and Poland.

When "I won't let them in" Fails

Published by SC Magazine
October 2005 Issue, Last Word segment
U.S. Edition

Hacking UNIX 101

Published by Rixstep
March 2006
On-line Edition


SploitCast: Interview with Harrison Holland

Podcast, April 2006
Various topics related to network security
Visit: SploitCast
Download: MP3 Audio (Podcast)

Lets Talk Computers: Interview with Alan Ashendorf

Radio show, August 2005
Various topics discussed in our book
Victor Oppleman and Brett Watson in attendance
Listen: RealAudio or ASF (Windows Media) stream


Network Defense Applications using Stationary and Event-Driven IP Sinkholes

Slideshow, circa 2006
A lengthy slideshow exploring how IP sinkholes may be used for a variety of network defense applications. The specific ideas covered include defeating denial of service attacks using blackholes, decreasing false positives in your existing network monitoring systems, reducing noise and enriching network intelligence, and much more.

Layer Four Traceroute (LFT), WhoB, and Associated Tools

Slideshow, circa 2005
A brief slideshow explaining how "modern" Internet path analysis can be performed. It discusses how the popular traceroute software works, how LFT software improves path analysis and provides additional valuable information, etc. The slideshow provides an overview of LFT, WhoB, and much of the Prefix WhoIs Project.

AUDIO: Download the audio/spoken portion of this presentation in MP3 format. WARNING: The comfort pauses have been removed to speed up the presentation, so parts of it may sound accelerated or compressed. 24.8 MB
Rationalizing Information Security Staffing

Slideshow, circa 2004
A brief slideshow explaining how to staff an information security department based on specific personnel utilization and security tasks/time research


Setting up Peer-to-Peer (p2p) SIP or IAX to use E-mail Addresses as VoIP URIs

Article-format, circa 2006
There's e164 and a dozen proprietary p2p VoIP systems/services/protocols. But why doesn't everyone with a VoIP PBX like Asterisk simply configure DNS SRV records and set up their dialplan correctly so peer-to-peer VoIP works just by typing in the e-mail address of the person you want to call? Barret Lyon and Victor show how to make this work in a simple article that includes sample configurations and even a demo video. In case there is trouble with the link, here's a local copy.

The Lurking Threat of Malware

Article-format, circa 2004
There has been an enormous misunderstanding when it comes to the lurking threat of resident malware in all organizations. This is a short explanation of the nature of the threat written to help information security professionals understand what's really going on. The article covers botnets, Trojan activity, and explains the difference between the delivery mechanisms and the tangible threat payload. It has been edited and published by a number of private organizations internally. Botnets are the basis of many threats that are now reported through the mass media:

Wireless LAN VPN / Jail Vulnerability

Vulnerability brief, circa 2003
An explanation of the layer-2 and layer-3 weaknesses inherent in the wireless LAN security methodology that has become prevalent: using a mixture of a "jail" to segregate the untrusted wireless network and then requiring users to further connect to an enterprise VPN for tangible access. The paper also explains a simple and cost-effective security augmentation solution that isn't vendor-specific. Primarily authored by B. Watson based on V. Oppleman's research.