سلام
در این تاپیک قراره کتاب های جدیدی رو که به تازگی چاپ شدند یا کتاب هایی که قراره چاپ بشن و به نوعی به
امنیت نرم افزار ، امنیت شبکه ، مهندسی معکوس ، اکسپلویت ، بدافزار ، فارنسیکس و .... مربوط میشن رو معرفی کنیم (برای جلوگیری از ایجاد دو تاپیک ، دیگه در بخش "مهندسی معکوس" تاپیک مشابه ایجاد نکردم)
لطفا از ایجاد پست های نامربوط خودداری کنید و ضمنا کتاب های قدیمی رو هم معرفی نکنید.

برای شروع دو تا کتاب آوردم براتون!
1-
عنوان: Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

نویسندگان: Michael Ligh , Matt Richard , Steven Adair, Blake Hartstein
(این اخریه همون صاحب وبلاگ http://mnin.blogspot.com/ است که آخرین بار تو iDefense مشغول بود)
تعداد صفحات: 744 صفحه
زمان انتشار: 1 نوامبر 2010
انتشارات: Wiley


With our ever-increasing reliance on computers comes an ever-growing risk of malware. Security professionals will find plenty of solutions in this book to the problems posed by viruses, Trojan horses, worms, spyware, rootkits, adware, and other invasive software. Written by well-known malware experts, this guide reveals solutions to numerous problems and includes a DVD of custom programs and tools that illustrate the concepts, enhancing your skills.

* Security professionals face a constant battle against malicious software; this practical manual will improve your analytical capabilities and provide dozens of valuable and innovative solutions
* Covers classifying malware, packing and unpacking, dynamic malware analysis, decoding and decrypting, rootkit detection, memory forensics, open source malware research, and much more
* Includes generous amounts of source code in C, Python, and Perl to extend your favorite tools or build new ones, and custom programs on the DVD to demonstrate the solutions
http://www.amazon.com/Malware-Analysts-Cookbook-DVD-Techniques/dp/0470613033/

2-
عنوان: A Guide to Kernel Exploitation: Attacking the Core
نویسندگان: Enrico Perla , Massimiliano Oldani
تعداد صفحه ها: 448
زمان انتشار: 10 سپتامبر 2010
انتشارات: Syngress


With the increasing number of security countermeasures against user land exploitation, kernel level exploitation is getting more and more popular among attackers and, generically, exploit writers. Playing with the heart of the operating system can be a dangerous game: this book covers the theoretical techniques and approaches needed to develop reliable and effective kernel level exploits and applies them to different operating systems (Unix-derivate, Mac OS X, Windows).
Kernel exploits take both art and science. Every OS has its quirks and so every exploit must be molded to fully exploit its target. This book discusses the four most popular OS familiess-- UNIX-derivates, MAC OS X and Windows --and how to gain complete control over them.
Concepts and tactics ar presented categorically so that even when a specifically detailed exploit has been pathced, the foundational information that you have read will help to write a newer, better attack, if you are a hacker; a more concrete design and defensive structure, if you are a pen tester, auditor, or the like.
* Covers a range of operating system families -- Windows, Mac OS X, UNIX-derivates
* Details common scenarios such as generic memory corruption (stack overflow, heap overflow, etc) issues, logical bugs and race conditions.
* Delivers the reader from user-land exploitation to the world of kernel-land (OS) exploits/attacks, with a particular focus on the steps that bring to the creation of successful techniques, in order to give to the reader something more than a set of tricks: a full methodology.

* Covers a range of operating system families -- Windows, Mac OS X, UNIX-derivates
* Details common scenarios such as generic memory corruption (stack overflow, heap overflow, etc) issues, logical bugs and race conditions.
* Delivers the reader from user-land exploitation to the world of kernel-land (OS) exploits/attacks, with a particular focus on the steps that bring to the creation of successful techniques, in order to give to the reader something more than a set of tricks, a full methodology

http://www.amazon.com/Guide-Kernel-Exploitation-Attacking-Core/dp/1597494860/

Seven Deadliest Web Application Attacks (http://www.amazon.com/Deadliest-Application-Attacks-Syngrass-Deadlest/dp/1597495433/ref=pd_sim_b_3)



Paperback: 192 pages
Publisher: Syngress (March 31, 2010)
Mike Shema (http://www.amazon.com/Mike-Shema/e/B001IZVC7G/ref=ntt_athr_dp_pel_1) Author
Language: English



this book include:
Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF)
SQL Injection
Server Misconfiguration and Predictable Pages
Breaking Authentication Schemes
Logic Attacks
Malware and Browser Attacks

Seven Deadliest Network Attacks (http://www.amazon.com/Deadliest-Application-Attacks-Syngrass-Deadlest/dp/1597495433/ref=pd_sim_b_3)



Paperback: 176 pages
Publisher: Syngress (April 29, 2010)
Author Stacy Prowell (http://www.amazon.com/s/ref=ntt_athr_dp_sr_1?_encoding=UTF8&sort=relevancerank&search-alias=books&field-author=Stacy%20Prowell) Rob Kraus (http://www.amazon.com/Rob-Kraus/e/B003H9FAFG/ref=ntt_athr_dp_pel_2)
Language: English



this book include:

Denial of Service
War Dialing
Penetration "Testing"
Protocol Tunneling
Spanning Tree Attacks
Man-in-the-Middle
Password Replay

Real Digital Forensics, Volume 2
نویسندگان: Keith J. Jones, Richard Bejtlich
تعداد صفحات: 448
زمان انتشار: ژانویۀ 2011
انتشارات Addison Wesley

http://www.amazon.com/Real-Digital-Forensics-Keith-Jones/dp/032168477X/
جلد اول این کتاب: http://www.amazon.com/Real-Digital-Forensics-Computer-Security/dp/0321240693

Managed Code Rootkits: Hooking into Runtime Environments (http://www.amazon.com/Managed-Code-Rootkits-Hooking-Environments/dp/1597495743/ref=sr_1_8?s=books&ie=UTF8&qid=1278589757&sr=1-8)




Paperback: 324 pages
Publisher: Syngress; 1 edition (October 29, 2010)
Language: English

نویسنده:Erez Metula (http://www.amazon.com/s/ref=ntt_athr_dp_sr_1?_encoding=UTF8&sort=relevancerank&search-alias=books&field-author=Erez%20Metula)

java و .net کارا توجه کنن:



Introduces the reader briefly to managed code environments and rootkits in general
Completely details a new type of rootkit hiding in the application level and demonstrates how a hacker can change language runtime implementation
Focuses on managed code including Java, .Net and reviews malware development scenarios
Introduces the reader briefly to managed code environments and rootkits in general
Completely details a new type of rootkit hiding in the application level and demonstrates how a hacker can change language runtime implementation
Focuses on managed code including Java, .Net and reviews malware development scenarios

Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques (http://www.amazon.com/Ninja-Hacking-Unconventional-Penetration-Techniques/dp/1597495883/ref=sr_1_9?ie=UTF8&s=books&qid=1278838486&sr=1-9)

http://www.amazon.com/Ninja-Hacking-Unconventional-Penetration-Techniques/dp/1597495883/ref=sr_1_9?ie=UTF8&s=books&qid=1278838486&sr=1-9
http://ecx.images-amazon.com/images/I/41T41iAhrRL._SL160_AA115_.jpg


Paperback: 450 pages
Publisher: Syngress (October 8, 2010)
Language: English




Product Description Ever thought of using the time-tested tactics and techniques of a ninja to understand the mind of today's ninja, the hacker? As a penetration tester or security consultant you no doubt perform tests both externally and internally for your clients that include both physical and technical tests. Throw traditional pen testing methods out the window for now and see how thinking and acting like a ninja can actually grant you quicker and more complete access to a company's assets. Get in before the hacker does by thinking outside of the box with these unorthodox techniques. Use all of the tools that the ninja has at his side such as disguise, espionage, stealth, and concealment. Learn how to benefit from these by laying your plans, impersonating employees, infiltrating via alarm system evasion, discovering weak points and timing, spyware and keylogging software, and log manipulation and logic bombs. And, really, don't you want to be a ninja for a day just because they're cool? Let this book be your excuse!

Use the tactics of a ninja such as disguise, espionage, stealth, and concealment to protect your company's assets

Details unorthodox penetration testing techniques by thinking outside of the box and inside the mind of a ninja
Expands upon current penetration testing methodologies including new tactics for hardware and physical attacks

Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software

http://ecx.images-amazon.com/images/I/51zWk0r4THL._SL500_AA300_.jpg

http://www.amazon.com/gp/product/1593272901/ref=s9_simh_gw_p14_d22_g14_i3?pf_rd_m=ATVPDKIKX0DE R&pf_rd_s=center-3&pf_rd_r=1H3A9KT4AYKY4WQJ4CZN&pf_rd_t=101&pf_rd_p=470938811&pf_rd_i=507846

Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious SoftwareMalware Forensics Field Guide for Windows Systems: Digital Forensics Field Guides
http://ecx.images-amazon.com/images/I/51zkBsXShhL._SL500_AA300_.jpg


http://www.amazon.com/gp/product/1597494720/ref=s9_simh_gw_p14_d22_g14_i2?pf_rd_m=ATVPDKIKX0DE R&pf_rd_s=center-3&pf_rd_r=1H3A9KT4AYKY4WQJ4CZN&pf_rd_t=101&pf_rd_p=470938811&pf_rd_i=507846

Practical Reverse Engineering x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscationhttp://www.amazon.com/Practical-Reverse-Engineering-Reversing-Obfuscation/dp/1118787315

Advanced Malware Analysishttp://www.amazon.com/Advanced-Malware-Analysis-Christopher-Elisan/dp/0071819746/ref=sr_1_5?s=books&ie=UTF8&qid=1413400112&sr=1-5&keywords=reverse+engineering
124562

قلم خوبی داره. "کتاب مرجع کامل تست نفوذ و مهندسی معکوس نرم‌افزارها با OllyDbg (http://www.pendarepars.com/book/%D9%85%D8%B1%D8%AC%D8%B9-%DA%A9%D8%A7%D9%85%D9%84-%D8%AA%D8%B3%D8%AA-%D9%86%D9%81%D9%88%D8%B0-%D9%88-%D9%85%D9%87%D9%86%D8%AF%D8%B3%D9%8A-%D9%85%D8%B9%DA%A9%D9%88%D8%B3-%D8%A8%D8%A7-ollydbg/)"
136224 (http://www.pendarepars.com/book/%D9%85%D8%B1%D8%AC%D8%B9-%DA%A9%D8%A7%D9%85%D9%84-%D8%AA%D8%B3%D8%AA-%D9%86%D9%81%D9%88%D8%B0-%D9%88-%D9%85%D9%87%D9%86%D8%AF%D8%B3%D9%8A-%D9%85%D8%B9%DA%A9%D9%88%D8%B3-%D8%A8%D8%A7-ollydbg/)
ظهور و جولان بدافزارهاي رايانه‌اي، كشف آسيب‌پذيري‌هاي جديد و به طور كلي امنیت نرم‌افزار، از جمله مواردی است که همواره باید مورد توجه کارشناسان امنیت، تولیدکنندگان نرم‌افزار و شرکت‌های امنیتی قرار گیرد. امری که شاید در بیشتر مواقع کمتر به آن توجه شده و یا در برخی از مواقع هم اصلا مورد توجه قرار نمی‌گیرد. متاسفانه این مقوله در کشور ما نیز چندان جایگاهی ندارد و این امر را می‌توان در محصولات نرم‌افزاری تولید شده و ارائه شده مشاهده نمود. این درحالی است که متخصصان بسياری در این زمینه وجود دارند که تنها نام آنها را می‌توان در وب‌سایت‌ها و برخی مقاله ها مشاهده نمود. چه بسا افراد دیگری نیز هستند اما، ناشناس. کسانی که تنها برای خود و پاسخ به حس کنجکاوی درونی این مباحث را مورد مطالعه قرار داده و در آنها نظریه پردازی می‌کنند. آنانکه دنیایشان 0 و 1، زندگیشان گره خورده با تار و پود وب، خانه‌ی دومشان اینترنت و سرانگشتانشان آشنای کلیدهاست. باشد که ما را نیز در میان خود پذیرا باشند... .