Atjaunināt sīkdatņu piekrišanu

CEH Certified Ethical Hacker Cert Guide 4th edition [Multiple-component retail product]

4.14/5 (28 ratings by Goodreads)
,
  • Formāts: Multiple-component retail product, 752 pages, height x width x depth: 234x192x44 mm, weight: 1500 g, Contains 1 Digital product license key and 1 Hardback
  • Sērija : Certification Guide
  • Izdošanas datums: 20-Jun-2022
  • Izdevniecība: Pearson IT Certification
  • ISBN-10: 0137489986
  • ISBN-13: 9780137489985
Citas grāmatas par šo tēmu:
  • Multiple-component retail product
  • Cena: 61,21 €
  • Grāmatu piegādes laiks ir 3-4 nedēļas, ja grāmata ir uz vietas izdevniecības noliktavā. Ja izdevējam nepieciešams publicēt jaunu tirāžu, grāmatas piegāde var aizkavēties.
  • Daudzums:
  • Ielikt grozā
  • Piegādes laiks - 4-6 nedēļas
  • Pievienot vēlmju sarakstam
CEH Certified Ethical Hacker Cert Guide 4th editionPalielināt
  • Formāts: Multiple-component retail product, 752 pages, height x width x depth: 234x192x44 mm, weight: 1500 g, Contains 1 Digital product license key and 1 Hardback
  • Sērija : Certification Guide
  • Izdošanas datums: 20-Jun-2022
  • Izdevniecība: Pearson IT Certification
  • ISBN-10: 0137489986
  • ISBN-13: 9780137489985
Citas grāmatas par šo tēmu:
Permanent link: https://www.kriso.lv/db/9780137489985.html
Keywords:
In this best-of-breed study guide, leading experts Michael Gregg and Omar Santos help you master all the topics you need to know to succeed on your Certified Ethical Hacker exam and advance your career in IT security. The authors' concise, focused approach explains every exam objective from a real-world perspective, helping you quickly identify weaknesses and retain everything you need to know.


Every feature of this book supports both efficient exam preparation and long-term mastery:

* Opening topics lists identify the topics you need to learn in each chapter and list EC-Council's official exam objectives
* Key Topics figures, tables, and lists call attention to the information that's most crucial for exam success
* Exam Preparation Tasks enable you to review key topics, define key terms, work through scenarios, and answer review questions...going beyond mere facts to master the concepts that are crucial to passing the exam and enhancing your career
* Key Terms are listed in each chapter and defined in a complete glossary, explaining all the field's essential terminology


This study guide helps you master all the topics on the latest CEH exam, including

* Ethical hacking basics
* Technical foundations of hacking
* Footprinting and scanning
* Enumeration and system hacking
* Social engineering, malware threats, and vulnerability analysis
* Sniffers, session hijacking, and denial of service
* Web server hacking, web applications, and database attacks
* Wireless technologies, mobile security, and mobile attacks
* IDS, firewalls, and honeypots
* Cryptographic attacks and defenses
* Cloud computing, IoT, and botnets



Every feature of this book supports both efficient exam preparation and long-term mastery:

  • Opening Topics Lists identify the topics students need to learn in each chapter and list EC-Council’s official exam objectives
  • Key Topics figures, tables, and lists call attention to the information that is most crucial for exam success
  • Exam Preparation Tasks enable students to review key topics, define key terms, work through scenarios, and answer review questions…going beyond mere facts to master the concepts that are crucial to passing the exam and enhancing career credentials
  • Key Terms are listed in each chapter and defined in a complete glossary, explaining essential terminology within the field

This study guide helps students master all the topics on the latest CEH exam, including:

  • Ethical hacking basics
  • Technical foundations of hacking
  • Footprinting and scanning
  • Enumeration and system hacking
  • Social engineering, malware threats, and vulnerability analysis
  • Sniffers, session hijacking, and denial of service
  • Web server hacking, web applications, and database attacks
  • Wireless technologies, mobile security, and mobile attacks
  • IDS, firewalls, and honeypots
  • Cryptographic attacks and defenses
  • Cloud computing, IoT, and botnets
Introduction xxvii
Chapter 1 An Introduction to Ethical Hacking
3(44)
"Do I Know This Already?" Quiz
3(4)
Foundation Topics
7(1)
Security Fundamentals
7(7)
Goals of Security
8(1)
Risk, Assets, Threats, and Vulnerabilities
9(2)
Backing Up Data to Reduce Risk
11(1)
Defining an Exploit
12(1)
Risk Assessment
13(1)
Security Testing
14(4)
No-Knowledge Tests (Black Box)
14(1)
Full-Knowledge Testing (White Box)
15(1)
Partial-Knowledge Testing (Gray Box)
15(1)
Types of Security Tests
15(2)
Incident Response
17(1)
Cyber Kill Chain
18(1)
Hacker and Cracker Descriptions
19(2)
Who Attackers Are
20(1)
Ethical Hackers
21(4)
Required Skills of an Ethical Hacker
22(1)
Modes of Ethical Hacking
23(2)
Test Plans--Keeping It Legal
25(6)
Test Phases
27(1)
Establishing Goals
28(1)
Getting Approval
29(1)
Ethical Hacking Report
29(1)
Vulnerability Research and Bug Bounties--Keeping Up with Changes
30(1)
Ethics and Legality
31(5)
Overview of U.S. Federal Laws
32(2)
Compliance Regulations
34(2)
Payment Card Industry Data Security Standard (PCI-DSS)
36(1)
Summary
36(1)
Exam Preparation Tasks
37(1)
Review All Key Topics
37(1)
Define Key Terms
38(1)
Exercises
38(1)
1-1 Searching for Exposed Passwords
38(1)
1-2 Examining Security Policies
39(1)
Review Questions
39(5)
Suggested Reading and Resources
44(3)
Chapter 2 The Technical Foundations of Hacking
47(42)
"Do I Know This Already?" Quiz
47(3)
Foundation Topics
50(1)
The Hacking Process
50(4)
Performing Reconnaissance and Footprinting
50(1)
Scanning and Enumeration
51(1)
Gaining Access
52(1)
Escalating Privilege
53(1)
Maintaining Access
53(1)
Covering Tracks and Planting Backdoors
54(1)
The Ethical Hacker's Process
54(3)
NISTSP 800-115
56(1)
Operationally Critical Threat, Asset, and Vulnerability Evaluation
56(1)
Open Source Security Testing Methodology Manual
56(1)
Information Security Systems and the Stack
57(21)
The OSI Model
57(3)
Anatomy of TCP/IP Protocols
60(2)
The Application Layer
62(4)
The Transport Layer
66(1)
Transmission Control Protocol
66(2)
User Datagram Protocol
68(1)
The Internet Layer
69(5)
Traceroute
74(3)
The Network Access Layer
77(1)
Summary
78(1)
Exam Preparation Tasks
79(1)
Review All Key Topics
79(1)
Define Key Terms
79(1)
Exercises
80(1)
2-1 Install a Sniffer and Perform Packet Captures
80(1)
2-2 Using Traceroute for Network Troubleshooting
81(1)
Review Questions
81(4)
Suggested Reading and Resources
85(4)
Chapter 3 Footprinting, Reconnaissance, and Scanning
89(72)
"Do I Know This Already?" Quiz
89(4)
Foundation Topics
93(1)
Footprinting
93(29)
Footprinting Methodology
93(2)
Documentation
95(1)
Footprinting Through Search Engines
96(5)
Footprinting Through Social Networking Sites
101(2)
Footprinting Through Web Services and Websites
103(3)
Email Footprinting
106(2)
Who is Footprinting
108(4)
DNS Footprinting
112(6)
Network Footprinting
118(1)
Subnetting's Role in Mapping Networks
119(1)
Traceroute
120(1)
Footprinting Through Social Engineering
121(1)
Footprinting Countermeasures
122(1)
Scanning
122(29)
Host Discovery
123(1)
Port and Service Discovery
124(7)
Nmap
131(8)
SuperScan
139(1)
THC-Amap
139(1)
Hping
140(1)
Port Knocking
140(1)
OS Discovery (Banner Grabbing/OS Fingerprinting) and Scanning Beyond IDS and Firewall
141(2)
Active Fingerprinting Tools
143(2)
Fingerprinting Services
145(1)
Default Ports and Services
145(1)
Finding Open Services
145(3)
Draw Network Diagrams
148(3)
Summary
151(1)
Exam Preparation Tasks
152(1)
Review All Key Topics
152(1)
Define Key Terms
152(1)
Exercises
153(2)
3-1 Performing Passive Reconnaissance
153(1)
3-2 Performing Active Reconnaissance
154(1)
Review Questions
155(4)
Suggested Reading and Resources
159(2)
Chapter 4 Enumeration and System Hacking
161(68)
"Do I Know This Already?" Quiz
161(3)
Foundation Topics
164(1)
Enumeration
164(29)
Windows Enumeration
164(2)
Windows Security
166(1)
NetBIOS and LDAP Enumeration
167(2)
NetBIOS Enumeration Tools
169(8)
SNMP Enumeration
177(6)
Linux/UNTX Enumeration
183(2)
NTP Enumeration
185(1)
SMTP Enumeration
186(5)
Additional Enumeration Techniques
191(1)
DNS Enumeration
191(1)
Enumeration Countermeasures
192(1)
System Hacking
193(26)
Nontechnical Password Attacks
193(1)
Technical Password Attacks
194(1)
Password Guessing
195(2)
Automated Password Guessing
197(1)
Password Sniffing
197(1)
Keylogging
198(1)
Escalating Privilege and Exploiting Vulnerabilities
199(1)
Exploiting an Application
200(1)
Exploiting a Buffer Overflow
201(2)
Owning the Box
203(1)
Windows Authentication Types
203(2)
Cracking Windows Passwords
205(4)
Linux Authentication and Passwords
209(3)
Cracking Linux Passwords
212(1)
Hiding Files and Covering Tracks
213(1)
Rootkits
214(3)
File Hiding
217(2)
Summary
219(1)
Exam Preparation Tasks
220(1)
Review All Key Topics
220(1)
Define Key Terms
220(1)
Exercise
220(1)
4-1 NTFS File Streaming
220(1)
Review Questions
221(5)
Suggested Reading and Resources
226(3)
Chapter 5 Social Engineering, Malware Threats, and Vulnerability Analysis
229(82)
"Do I Know This Already?" Quiz
229(5)
Foundation Topics
234(1)
Social Engineering
234(14)
Phishing
235(1)
Pharming
235(1)
Malvertising
236(1)
Spear Phishing
237(8)
SMS Phishing
245(1)
Voice Phishing
245(1)
Whaling
245(1)
Elicitation, Interrogation, and Impersonation (Pretexting)
246(1)
Social Engineering Motivation Techniques
247(1)
Shoulder Surfing and USB Baiting
248(1)
Malware Threats
248(42)
Viruses and Worms
248(1)
Types and Transmission Methods of Viruses and Malware
249(2)
Virus Payloads
251(1)
History of Viruses
252(1)
Weil-Known Viruses and Worms
253(2)
Virus Creation Tools
255(1)
Trojans
255(1)
Trojan Types
256(1)
Trojan Ports and Communication Methods
257(1)
Trojan Goals
258(1)
Trojan Infection Mechanisms
259(1)
Effects of Trojans
260(1)
Trojan Tools
261(2)
Distributing Trojans
263(1)
Wrappers
264(1)
Packers
265(1)
Droppers
265(1)
Crypters
265(2)
Ransomware
267(1)
Covert Communications
268(1)
Tunneling via the Internet Layer
269(3)
Tunneling via the Transport Layer
272(1)
Tunneling via the Application Layer
273(1)
Port Redirection
274(2)
Keystroke Logging and Spyware
276(1)
Hardware Keyloggers
277(1)
Software Keyloggers
277(1)
Spyware
278(1)
Malware Countermeasures
279(1)
Detecting Malware
280(3)
Antivirus
283(3)
Analyzing Malware
286(1)
Static Analysis
286(2)
Dynamic Analysis
288(2)
Vulnerability Analysis
290(7)
Passive vs. Active Assessments
290(1)
External vs. Internal Assessments
290(1)
Vulnerability Assessment Solutions
291(1)
Tree-Based vs. Inference-Based Assessments
291(1)
Vulnerability Scoring Systems
292(4)
Vulnerability Scanning Tools
296(1)
Summary
297(1)
Exam Preparation Tasks
298(1)
Review All Key Topics
299(1)
Define Key Terms
300(1)
Command Reference to Check Your Memory
300(1)
Exercises
300(3)
5-1 Finding Malicious Programs
300(1)
5-2 Using Process Explorer
301(2)
Review Questions
303(4)
Suggested Reading and Resources
307(4)
Chapter 6 Sniffers, Session Hijacking, and Denial of Service
311(52)
"Do I Know This Already?" Quiz
311(3)
Foundation Topics
314(1)
Sniffers
314(16)
Passive Sniffing
315(1)
Active Sniffing
316(1)
Address Resolution Protocol
316(2)
ARP Poisoning and MAC Flooding
318(6)
Tools for Sniffing and Packet Capturing
324(1)
Wireshark
324(4)
Other Sniffing Tools
328(1)
Sniffing and Spoofing Countermeasures
328(2)
Session Hijacking
330(11)
Transport Layer Hijacking
330(1)
Identify and Find an Active Session
331(1)
Predict the Sequence Number
332(1)
Take One of the Parties Offline
333(1)
Take Control of the Session
333(1)
Application Layer Hijacking
334(1)
Session Sniffing
334(1)
Predictable Session Token ID
334(1)
On-Path Attacks
335(1)
Client-Side Attacks
335(2)
Browser-Based On-Path Attacks
337(1)
Session Replay Attacks
338(1)
Session Fixation Attacks
338(1)
Session Hijacking Tools
338(3)
Preventing Session Hijacking
341(1)
Denial of Service and Distributed Denial of Service
341(12)
DoS Attack Techniques
343(1)
Volumetric Attacks
343(1)
SYN Flood Attacks
344(1)
ICMP Attacks
344(1)
Peer-to-Peer Attacks
345(1)
Application-Level Attacks
345(1)
Permanent DoS Attacks
346(1)
Distributed Denial of Service
347(1)
DDoS Tools
348(2)
DoS and DDoS Countermeasures
350(3)
Summary
353(1)
Exam Preparation Tasks
354(1)
Review All Key Topics
354(1)
Define Key Terms
354(1)
Exercises
355(1)
6-1 Scanning for DDoS Programs
355(1)
6-2 Spoofing Your MAC Address in Linux
355(1)
6-3 Using the KnowBe4 SMAC to Spoof Your MAC Address
356(1)
Review Questions
356(4)
Suggested Reading and Resources
360(3)
Chapter 7 Web Server Hacking, Web Applications, and Database Attacks
363(82)
"Do I Know This Already?" Quiz
363(3)
Foundation Topics
366(1)
Web Server Hacking
366(32)
The HTTP Protocol
366(8)
Scanning Web Servers
374(1)
Banner Grabbing and Enumeration
374(5)
Web Server Vulnerability Identification
379(1)
Attacking the Web Server
380(1)
DoS/DDoS Attacks
380(1)
DNS Server Hijacking and DNS Amplification Attacks
380(2)
Directory Traversal
382(2)
On-Path Attacks
384(1)
Website Defacement
384(1)
Web Server Misconfiguration
384(1)
HTTP Response Splitting
385(1)
Understanding Cookie Manipulation Attacks
385(1)
Web Server Password Cracking
386(1)
Web Server-Specific Vulnerabilities
386(2)
Comments in Source Code
388(1)
Lack of Error Handling and Overly Verbose Error Handling
389(1)
Hard-Coded Credentials
389(1)
Race Conditions
389(1)
Unprotected APIs
390(3)
Hidden Elements
393(1)
Lack of Code Signing
393(1)
Automated Exploit Tools
393(2)
Securing Web Servers
395(1)
Harden Before Deploying
395(1)
Patch Management
395(1)
Disable Unneeded Services
396(1)
Lock Down the File System
396(1)
Log and Audit
396(1)
Provide Ongoing Vulnerability Scans
397(1)
Web Application Hacking
398(23)
Unvalidated Input
398(1)
Parameter/Form Tampering
399(1)
Injection Flaws
399(1)
Cross-Site Scripting (XSS) Vulnerabilities
400(1)
Reflected XSS Attacks
401(1)
Stored XSS Attacks
402(2)
DOM-Based XSS Attacks
404(1)
XSS Evasion Techniques
405(1)
XSS Mitigations
406(2)
Understanding Cross-Site Request Forgery Vulnerabilities and Related Attacks
408(1)
Understanding Clickjacking
409(1)
Other Web Application Attacks
410(1)
Exploiting Web-Based Cryptographic Vulnerabilities and Insecure Configurations
411(1)
Web-Based Password Cracking and Authentication Attacks
412(2)
Understanding What Cookies Are and Their Use
414(1)
URL Obfuscation
415(2)
Intercepting Web Traffic
417(2)
Securing Web Applications
419(2)
Lack of Code Signing
421(1)
Database Hacking
421(15)
A Brief Introduction to SQL and SQL Injection
422(5)
SQL Injection Categories
427(2)
Fingerprinting the Database
429(1)
Surveying the UNION Exploitation Technique
430(1)
Using Boolean in SQL Injection Attacks
431(1)
Understanding Out-of-Band Exploitation
432(1)
Exploring the Time-Delay SQL Injection Technique
433(1)
Surveying Stored Procedure SQL Injection
434(1)
Understanding SQL Injection Mitigations
434(1)
SQL Injection Hacking Tools
435(1)
Summary
436(1)
Exam Preparation Tasks
437(1)
Review All Key Topics
437(1)
Exercise
438(1)
7-1 Complete the Exercises in WebGoat
438(1)
Review Questions
438(5)
Suggested Reading and Resources
443(2)
Chapter 8 Wireless Technologies, Mobile Security, and Attacks
445(46)
"Do I Know This Already?" Quiz
445(4)
Foundation Topics
449(1)
Wireless and Mobile Device Technologies
449(12)
Mobile Device Concerns
451(1)
Mobile Device Platforms
452(1)
Android
453(2)
Ios
455(1)
Windows Mobile Operating System
456(1)
BlackBerry
457(1)
Mobile Device Management and Protection
457(1)
Bluetooth
458(3)
Radio Frequency Identification (RFID) Attacks
461(1)
Wi-Fi
461(26)
Wireless LAN Basics
462(1)
Wireless LAN Frequencies and Signaling
463(1)
Wireless LAN Security
464(3)
Installing Rogue Access Points
467(1)
Evil Twin Attacks
468(1)
Deauthentication Attacks
468(4)
Attacking the Preferred Network Lists
472(1)
Jamming Wireless Signals and Causing Interference
472(1)
War Driving
472(1)
Attacking WEP
472(2)
Attacking WPA
474(4)
Wreless Networks Configured with Open Authentication
478(1)
KRACKAttacks
479(1)
Attacks Against WPA3
479(1)
Attacking Wi-Fi Protected Setup (WPS)
480(1)
KARMA Attack
481(1)
Fragmentation Attacks
481(1)
Additional Wreless Hacking Tools
482(1)
Performing GPS Mapping
483(1)
Wireless Traffic Analysis
483(1)
Launch Wreless Attacks
483(1)
Crack and Compromise the Wi-Fi Network
484(1)
Securing Wreless Networks
485(1)
Site Survey
485(1)
Robust Wireless Authentication
485(1)
Misuse Detection
486(1)
Summary
487(1)
Exam Preparation Tasks
488(1)
Review All Key Topics
488(1)
Define Key Terms
488(1)
Review Questions
488(1)
Suggested Reading and Resources
489(2)
Chapter 9 Evading IDS, Firewalls, and Honeypots
491(48)
"Do I Know This Already?" Quiz
491(4)
Foundation Topics
495(1)
Intrusion Detection and Prevention Systems
495(16)
IDS Types and Components
495(2)
Pattern Matching
497(3)
Protocol Analysis
500(1)
Heuristic-Based Analysis
500(1)
Anomaly-Based Analysis
500(2)
Global Threat Correlation Capabilities
502(1)
Snort
502(4)
IDS Evasion
506(1)
Flooding
507(1)
Insertion and Evasion
507(1)
Session Splicing
508(1)
Shellcode Attacks
508(1)
Other IDS Evasion Techniques
509(1)
IDS Evasion Tools
510(1)
Firewalls
511(15)
Firewall Types
512(1)
Network Address Translation
512(1)
Packet Filters
513(2)
Application and Circuit-Level Gateways
515(1)
Stateful Inspection
515(1)
Identifying Firewalls
516(4)
Bypassing Firewalls
520(6)
Honeypots
526(4)
Types of Honeypots
528(1)
Detecting Honeypots
529(1)
Summary
530(1)
Exam Preparation Tasks
530(1)
Review All Key Topics
530(1)
Define Key Terms
531(1)
Review Questions
531(5)
Suggested Reading and Resources
536(3)
Chapter 10 Cryptographic Attacks and Defenses
539(46)
"Do I Know This Already?" Quiz
539(4)
Foundation Topics
543(1)
Cryptography History and Concepts
543(2)
Encryption Algorithms
545(9)
Symmetric Encryption
546(2)
Data Encryption Standard (DES)
548(2)
Advanced Encryption Standard (AES)
550(1)
Rivest Cipher
551(1)
Asymmetric Encryption (Public Key Encryption)
551(1)
RSA
552(1)
Diffie-Hellman
552(1)
ElGamal
553(1)
Elliptic-Curve Cryptography (ECC)
553(1)
Digital Certificates
553(1)
Public Key Infrastructure
554(3)
Trust Models
555(1)
Single-Authority Trust
556(1)
Hierarchical Trust
556(1)
Web of Trust
557(1)
Email and Disk Encryption
557(1)
Cryptoanalysis and Attacks
558(5)
Weak Encryption
561(2)
Encryption-Cracking Tools
563(1)
Security Protocols and Countermeasures
563(3)
Steganography
566(1)
Steganography Operation
567(1)
Steganographic Tools
568(3)
Digital Watermark
571(1)
Hashing
571(2)
Digital Signature
573(1)
Summary
574(1)
Exam Preparation Tasks
574(1)
Review All Key Topics
574(1)
Define Key Terms
575(1)
Exercises
575(2)
10-1 Examining an SSL Certificate
575(1)
10-2 Using PGP
576(1)
10-3 Using a Steganographic Tool to Hide a Message
577(1)
Review Questions
577(5)
Suggested Reading and Resources
582(3)
Chapter 11 Cloud Computing, IoT, and Botnets
585(34)
"Do I Know This Already?" Quiz
585(3)
Foundation Topics
588(1)
Cloud Computing
588(13)
Cloud Computing Issues and Concerns
590(2)
Cloud Computing Attacks
592(1)
Cloud Computing Security
593(1)
DevOps, Continuous Integration (CI), Continuous Delivery (CD), and DevSecOps
593(3)
CI/CD Pipelines
596(2)
Serverless Computing
598(1)
Containers and Container Orchestration
598(2)
How to Scan Containers to Find Security Vulnerabilities
600(1)
IoT
601(5)
IoT Protocols
604(2)
IoT Implementation Hacking
606(1)
Botnets
606(6)
Botnet Countermeasures
609(3)
Summary
612(1)
Exam Preparation Tasks
612(1)
Review All Key Topics
612(1)
Define Key Terms
613(1)
Review Questions
613(2)
Suggested Reading and Resources
615(4)
Chapter 12 Final Preparation
619(4)
Hands-on Activities
619(1)
Suggested Plan for Final Review and Study
620(1)
Summary
621(2)
Glossary of Key Terms 623(26)
Appendix A Answers to the "Do I Know This Already?" Quizzes and Review Questions 649(36)
Appendix B CEH Certified Ethical Hacker Cert Guide Exam Updates 685(2)
Index 687
Online Elements: Appendix C Study Planner
Glossary of Key Terms
Michael Gregg (CISSP, SSCP, CISA, MCSE, MCT, CTT+, A+, N+, Security+, CCNA, CASP, CISA, CISM, CEH, CHFI, and GSEC) directs the cybersecurity operations for a multinational organization that operates facilities worldwide. As the CISO, Michael is responsible for securing the organization's assets on a global scale. Michael is responsible for developing cost-effective and innovative technology solutions for security issues and for evaluating emerging technologies.

He has more than 20 years of experience in the IT field and holds two associate's degrees, a bachelor's degree, and a master's degree. In addition to coauthoring the first, second, and third editions of Security Administrator Street Smarts, Michael has written or coauthored more than 20 other books.

Michael has testified before a U.S. congressional committee, has been quoted in newspapers such as the New York Times, and was featured on various television and radio shows, including NPR, ABC, CBS, Fox News, and others, discussing cybersecurity and ethical hacking. He has created more than a dozen IT security training classes. He has created and performed video instruction on many security topics, such as cybersecurity, CISSP, CISA, Security+, and others.

When not working, speaking at security events, or writing, Michael enjoys 1960s muscle cars and has a slot in his garage for a new project car.

Omar Santos is an active member of the cybersecurity community. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants that are dedicated to increasing the security of their critical infrastructure. Omar is the lead of the DEF CON Red Team Village, the chair of the OASIS Common Security Advisory Framework (CSAF), and has been the leader of several working groups in the Industry Consortium for Advancement of Security on the Internet (ICASI) and the Forum of Incident Response and Security Teams (FIRST).

Omar is the author of more than 20 books and video courses and numerous white papers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of security vulnerabilities. Omar has been quoted by numerous media outlets, such as The Register, Wired, ZDNet, ThreatPost, CyberScoop, TechCrunch, Fortune, Ars Technica, and more. Additional information about Omar can be obtained from h4cker.org and omarsantos.io. You can follow Omar on Twitter at @santosomar.