ManufakturIT GmbH    |  +49 (0)2202 1882273   |  info@manufaktur-it.de

Publications

We gladly provide you with our publications along with whitepapers, reading extracts and interviews. Please take also notice of the regular posts on our Blog!

Deep Dive: The Development of an Exploit

July 2015

Everywhere there's talk about cyber crime; hacker attacks have become ordinary as well as indignation about intelligence services and spy tools. However, there's only a limited number of people who understand the basics of how a digital attack works.

 

The book "Deep Dive: The Development of an Exploit" explains how a hacker thinks, tricks and works. By taking advantage of a vulnerability, the reader is tutored to develop an exploit for controlling a victim remotely in a step-by-step instruction in the tradition of the successful Corelan-Tutorials.  

 

If you want to understand how an exploit is developed, this technically well-ground book will provide you with hands-on experience: it offers you a step-by-step tutorial. Roll up your sleeves, put your fingers on your keyboard, it's workshop time!

 

Paperback: 160 pages

Language: English

ISBN: 978-3738620092

 

Extract

Source Code

 

Available at Amazon and Books on Demand.
Also available as e-Book for Amazon Kindle, Apple iBook, Google Play, and other models.

Kerberos: Web Service Security

December 2014

Even though Kerberos has also been afflicted by critical vulnerabilities, the protocol is most suitable as a secure and transparent authentication tool in an internal corporation network. That's reason enough to take a look at a Kerberos set-up for web services in a complex corporation environment.


As soon as GUI applications process sensitive data, requests to backend ports need to be protected cryptographically. This is especially true for web services. While an automated SOAP communication between two machines can be secured via certificates rather easily, the authentication of users of a GUI application usuallyrequires a different approach. A secure and transparent solution is offered by the Kerberos protocol.

Our whitepaper explains by means of a practical implementation how Kerberos can be used at the interface between GUI and Backend.

Whitepaper “Kerberos: Web Service Security”

Crypto Cheat Sheet

January 2010

Secure programming requires the use of cryptographic algorithms. In order to create a better understanding for the application of cryptographic algorithms, we like to provide you with a comprehensive Best Practice Document here.


The Crypto Cheat Sheet is a Best Practices Document and can be used as a cheat sheet for software engineers, designers, analysts, testers, project managers, and administrators. The document illustrates the operating mode and application area for all popular crypto processes. It describes best practices, worst practices, practical experiences as well as relevant parameters and classes in OpenSSL, .NET, Java, CryptoAPI und CAPICOM.

 

Crypto Cheat Sheet (German, short version)

Crypto Cheat Sheet (German, long version)

Crypto Cheat Sheet (English, short version)

Crypto Cheat Sheet (English, long version)

WDR3 Resonanzen – Femme Fatale Digital

November 2010

Fictional person coaxes secret data out of members of the US army.

 

Pretty, bright and young – 25-year-old Robin Sage quickly found friends on social networks like Facebook, Twitter and LinkedIn. Most of them were male and had notable jobs: at intelligence services, the army or the White House. And you can share secret information with friends. The problem was: the pretty lady does not exist. She was a fictive person created by hacker Thomas Ryan. He wanted to demonstrate with his deed how easily sensitive data can be drawn from internet users through targeted deception. This strategy is called “social engineering”. This and other hacking tactics are used not only to exploit security breaches but also to bridge them. This beneficial hacking is called ”ethical hacking”.

 

Listen to an interview with hacker Manu Carus on WDR3 Resonanzen.

 

Interview

Anonymity is the biggest problem online

September 2008

As Ethical Hacker, Manu Carus breaks into corporation networks – with the operators' permission. For his clients, he searches for security vulnerabilities and advises them on how to protect their company against attacks from cyber space. Carus spoke to PC Professionell about ethical hacking, the internet's shaky structure and the nonsense of the hacker clause.

 

Interview

Ethical Hacking - An AudIT Talk by Manu Carus

May 2008

How hackers break into your system unnoticed...

 

When hackers break into a network, the damage can be enormous, especially financially. That's why not only corporations working with sensitive user data have to protect themselves against attacks. Private users also have to confront spyware, trojans, phishing and spam mails, viruses and worms. Dangers lurk on social network sites as well as online job databases and in online shops. Buying security software may be a necessary and important step to protect oneself but it is far from sufficient. Manu Carus, Certified Ethical Hacker, advices the following, "Learn how hackers think! Hack yourself! You'll be surprised what information interested third parties can gather about you via the internet and how this knowledge can be used against you.”

 

Carus talks from experience. The security expert regularly hacks into the networks of his clients - legally. He has recently published an audio talk about his job as ethical hacker.

 

In "Ethical Hacking - an AudIT talk by Manu Carus", he explains how a professional break-in takes place. The listener receives an insight into the five phases of an attack: exploring, scanning, attacking, backdooring, camouflaging, and of course he also illustrates appropriate countermeasures. This way, users learn to understand the hacker's approach and also how to safeguard against damages.

 

Carus would like the listener to recognize “in which medieval era of security technology the IT industry is currently existing. The internet in its contemporary form is ill fit for public use. It is based on outdated protocols which haven't been adapted to our current need for security for 20 years. Right now we are not able to ensure that the person with whom we are exchanging information is in fact the person for whom we take him or her to be. This is why the internet needs a revolution urgently!”

 

Hence, it is even more important to protect data against unauthorized access.

 

On "Ethical Hacking - an AudIT talk by Manu Carus", the first audio book about an IT topic, Manu Carus talks about dangers and appropriate countermeasures along with other professional speakers.

 

Audio CD
Publisher: entwickler press
Language: German
ISBN: 978-3868020212

      

Audio sample 1

Audio sample 2

Available at Amazon.

Ethical Hacking

Hacker clause, federal trojan, data preservation – three key words which prove that the danger from cyber space has reached the public sphere long ago. And the users themselves are responsible for securing a system.

This book displays the approaches of professional hackers and enables you to take their place. Become a good, an “ethical” hacker, and recognize security breaches in good time before others do.


The presented ideas and processes will help you understand computer and network architecture and comprehend retracing vulnerabilities in protocols. This is a book for administrators and everyone who possesses a net-worked computer and wants to protect it from attacks. It is not necessary in order to understand the book to have special IT know-how (though if present it will be advantageous).

 

An interview with the security specialist may be distributed further by indication of the source.

 

Hardcover: 360 pages
Publisher: entwickler.press
Language: German
ISBN: 978-3939084228

Interview

Available at Amazon.

Please reload