Products
On this page you will find descriptions of various products – from books to tools and technical devices. Whether you’re looking for a new non-fiction book, a practical tool or an innovative gadget, you’ll find an overview here. Browse through the different categories and discover exciting products.
Rubber Ducky
A rubber ducky, sometimes called a bad USB, is a special USB stick that pretends to be a keyboard rather than a storage device for the target system. This allows it to automatically simulate keystrokes and execute predefined commands in seconds – for example, to open backdoors, exfiltrate passwords or download malware. This technique is also known as “Bad USB” and is one of the most effective methods of physical access for an attacker.
The use of a Rubber Ducky does not require complex programming – even simple payloads can cause great damage if the stick is inserted into an unprotected computer. Especially in Red Teaming, the Rubber Ducky is a popular tool for demonstrating real risks through social engineering and physical attacks.
If you want to buy a Rubber Ducky, you can find suitable devices from specialized providers of penetration testing equipment. However, it is important to use these tools only for legal and ethical purposes – for example, in security audits with explicit authorization.
Flipper Zero
The Flipper Zero is a portable multi-tool for security researchers and pentesters designed specifically for testing and analyzing wireless protocols. It can read, emulate and clone RFID, NFC and infrared signals, allowing it to copy access cards or replicate remote controls. With the sub-GHz transceiver, radio signals can be intercepted and reproduced, enabling tests on garage doors, smart home systems or car keys. Thanks to the GPIO interface, the Flipper Zero can be used as a pentesting tool for hardware hacks and debugging. Although it is intended for security analysis, it can also be used for legal gimmicks such as Tamagotchi-like features or DIY projects.
Books
|
Title
|
Topic
|
Link
|
|---|---|---|
|
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
|
This book is the standard work for anyone who wants to specialize in the pentesting of web applications. It explains in detail how web applications are built and how typical vulnerabilities arise.Note: As an Amazon partner, I earn from qualified sales. The following links are affiliate links - if you buy through them, you support me at no extra cost to you.Note: As an Amazon affiliate, I earn from qualifying sales. The link above is an affiliate link - if you buy through it, you support me at no extra cost to you.
|
|
|
Hacking: The Art of Exploitation, 2nd Edition
|
This book is aimed at technically minded readers who want to delve deeper into the world of exploit development. It covers topics such as buffer overflows, format string attacks, shellcode and assembly language programming.This book is the standard work for anyone who wants to specialize in web application pentesting. It explains in detail how web applications are built and how typical vulnerabilities arise.Note: As an Amazon affiliate, I earn from qualifying sales. The following links are affiliate links - if you buy through them, you support me at no additional cost to you.note: As an Amazon affiliate, I earn from qualifying sales. The link above is an affiliate link - if you buy through it, you support me at no extra cost to you.
|
|
|
Penetration Testing: A Hands-On Introduction to Hacking
|
This book is the perfect introduction to technical pentesting. Covering a wide range of topics from information gathering to exploiting and post-exploitation, this book is aimed at technically minded readers who want to delve deeper into the world of exploit development. It covers topics such as buffer overflows, format string attacks, shellcode and assembly language programming.This book is the standard reference for anyone who wants to specialize in web application pentesting. It explains in detail how web applications are built and how typical vulnerabilities arise.Note: As an Amazon affiliate, I earn from qualifying sales. The following links are affiliate links - if you buy through them, you support me at no extra cost to you.Note: As an Amazon affiliate, I earn from qualifying sales. The link above is an affiliate link - if you buy through it, you support me at no extra cost to you.
|
|
|
Metasploit, 2nd Edition: The Penetration Tester's Guide
|
Metasploit is one of the most important tools in a technical pentester's toolbox. This book shows how to use it effectively.
|
|
|
The Hacker Playbook 3
|
A practical guide to technical attacks on networks, servers and applications. It is strongly oriented towards real attack chains (kill chain).
|
|
|
Advanced Penetration Testing: Hacking the World's Most Secure Networks
|
This book is dedicated to the art of undetected intrusion into corporate networks. It is less about exploits and more about tactics, techniques and procedures (TTPs).
|
|
|
Real-World Bug Hunting: A Field Guide to Web Hacking
|
The book describes real vulnerabilities that have been discovered in bug bounty programs. You will learn both the methodology and mindset of successful bug hunters.
|
|
|
Linux® Hardening in Hostile Networks: Server Security from TLS to Tor
|
Not a pentesting book in the strict sense, but a must-read if you want to understand how systems are hardened - and how you can circumvent this hardening.
|
|
|
Operating System Concepts
|
A very theoretical but fundamental book: How do operating systems work? Memory management, scheduling, processes, file systems...
|
|
|
Cybersecurity Ops with Bash: Attack, Defend, and Analyze from the Command Line
|
A practical book that shows how to use Bash to create scripts for reconnaissance, log analysis, network scanning and exploitation.
|