(Part 2) Best comptia certification guides according to redditors
We found 462 Reddit comments discussing the best comptia certification guides. We ranked the 92 resulting products by number of redditors who mentioned them. Here are the products ranked 21-40. You can also go back to the previous section.
And to anyone who wants to learn from the other side, I can recommend Rootkits: Subverting the Windows Kernel.
It really depends on what niche you're looking on covering. It's difficult, I feel, to brush up on "infosec" to any level of practical proficiency without focusing on a few subsets. Based on your interests, I would recommend the following books.
General Hacking:
Hacking Exposed
The Art of Exploitation
The Art of Deception
Intrusion Detection / Incident Response:
Network Flow Analysis
The Tao of Network Security Monitoring
Practical Intrusion Analysis
Real Digital Forensics
Reverse Engineering:
Reversing: Secrets of Reverse Engineering
The Ida Pro Book
Malware Analyst Cookbook
Malware Forensics
Digital Forensics:
File System Forensic Analysis
Windows Forensic Analysis
Real Digital Forensics
The Rootkit Arsenal
Hope this helps. If you're a University student, you might have access to Safari Books Online, which has access to almost all of these books, and more. You can also purchase a personal subscription for like $23 a month. It's a bit pricey, but they have an awesome library of technical books.
Specific to Cryptanalysis (in order):
Good intermediate texts on cryptography/cryptology:
Lastly, a really fantastic all around book on network security (including crypto) would be: Network Security 2nd Ed. by Kaufman and Perlman. It is a little old though but still relevant. Also has great analysis of real world protocols such as IPsec (IKE, ISAKMP), Kerberos, SSL/TLS, S/MIME, etc.
I actually already have a copy of Hacking: The Art of Exploitation. My personal library consists of around 45 books on a range of computing topics from PHP, MySQL, C++, Windows Internals, CCNA, MCSE/MCSA, Unix, Rootkits, AI, Data Structures and the list goes on.
Other relevant titles include Gray Hat Python, Reversing: Secrets of Reverse Engineering and Rootkits: Subverting the Windows Kernel.
I was going to buy the following: Assembly Language Step-by-step, SQL Injection Attacks and Defense and Metasploit: The Penetration Tester's Guide.
I agree that where one starts really depends on what they want to end up doing. "Hacking" is such a general term and SQL-Injections is completely different from finding 0-days. If I'm honest I'm not sure where to start but I'm open to suggestions.
​
With money;
Without money;
https://www.reddit.com/r/hacking/comments/1d9onz/how_do_i_start_getting_into_pentesting/
Being a "techy" isn't really useful with learning and understanding crypto. There's many cryptographers that are mathematicians who barely use computers. Cryptography is a multi-faceted discipline but the typical divide is between mathematicians and computer scientists.
So having a foundation in math & computer science is very useful.
In any case, Simon Singh's book is a good introduction. It is a pleasant read but a bit fluffy.
Although not specifically crypto, I would start with Network Security by Kaufman et al. It primarily discusses network security but gently introduces some cryptography primitives.
Another book from a mathematician perspective is this book.
Then there's joy of cryptography which is a formal treatment using a notion of provable security (a bit of a different take to Katz & Lindell Modern Cryptography), which computer scientists tend to have a boner for.
School, here is a textbook I used.
Part of that "80%" can be a sales tactic to get you to sign up and take the course. Although I am not in the UK so I am not sure if that stat holds true.
As for the equipment: Both the below links are good starting points. The top one is a bit older.
Build Your Own Security Lab: A Field Guide for Network Testing
[The Network Security Test Lab: A Step-by-Step Guide] (https://www.amazon.com/Network-Security-Test-Step-Step/dp/1118987055/ref=asap_bc?ie=UTF8)
Both will give you a good idea and a starting point.
But you never really answered a key question: What is it you want to do? In CyberSecurity, there are roughly 40 different types of emphasis that you can focus on. I know it is daunting, but understand your personality and goals can weigh heavily into that decision. Not everyone is cut out to be a WhiteHat, but that does not mean a blue team member or a purple team member are not for you.
There was a really good topic discussion on Reddit (unable to find it currently) that had quite a few jobs broken down and what they do/mean to the Security Community.
You should be fine use the objectives and professor messer. You can always grab this lab book Mike Meyers Lab book. It helped me when I was prepping for the 901 and 902.
Yes.
Hacking Exposed
Shellcoders Handbook
Reverse Engineering
Malware Analyst's Cookbook
Gray Hat Python
Gray Hat Hacking Second Edition
Writing Security Tools & Exploits
Sockets, Shellcode, Porting and Coding: Reverese Engineering Exploits and Tool Coding for Security Professionals
Professional Penetration Testing
These are definitely some books you could start with. Once you've gone through those, you'll know more then a lot of them out there :)
There's these reddit threads on r/netsec:
http://www.reddit.com/r/netsec/comments/d3hua/how_to_get_started_in_netsec/
http://www.reddit.com/r/netsec/comments/ekyjw/interested_in_learning_about_network_security/
http://www.reddit.com/r/netsec/comments/es4si/what_are_some_good_netsec_books_out_there/
http://www.reddit.com/r/netsec/comments/g6r71/getting_started_in_network_security_a_list_of/
There's also loads of blogs and websites around, if you go hunting or look at some of these netsec threads, you'll find loads more material.
A+ Resources Computing...
Mike Meyers: All In One
Exam Cram
A+ Complete Study Guide
...Popular Books Terminated
Videos Compressing...
Professor Messer's A+ Videos Free
Anthony Harries A+ Series Free
Mike Meyer's A+ Video Series Paid
...Decompressing
A+ Practice Exams Initialized.....
Professer Messer's Pop Quizes Free
Crucial Exams Free
ExamCompass Free
[Exam Cram Practice Questions Paid](https://www.amazon.com/CompTIA-220-901-220-902-Practice-Questions/dp/0789756307/ref=sr_1_2?ie=UTF8&qid=1484881100&sr=8- 2&keywords=a%2B+901+and+902&refinements=p_72%3A2661618011)
....End Transmission
Simmy-Turner activated(sims)....
GTS Labs Paid
Mike Meyers Lab Book Paid
Testout A+ Paid
Prof. Hammonds Free
....End Transmission
Community Driven Content(all free)......
Zac Wilsons A+ Study App
Gemini88mill Advice
Deathrus's Study Habits
DrawMonster's Study Methods
...The Community thanks you!
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.
If you've got a couple of weeks until your start date, buy this book and read it:
CompTIA Network+ Certification All-in-One Exam Guide, Seventh Edition
You can also look up the author's series of videos on Youtube. You don't actually have to take and pass the certification but it wouldn't be the end of the world if you did. Since you say you didn't have a single comp sci class it would actually probably help with your confidence to get certified and to understand the ins and out of networking. If you can break down how computers communicate with each other you can go a long ways towards figuring out potential security problems.
My guess is that their "analyst" training will be much more about NIST Special Publication 800-53 than any actual network or security analysis but that's fine. If you can learn some tech stuff on your own you won't look like a total n00b when they deposit you at a client site and tell you to add value immediately or else.
I used the exam-cram book (link) and viewed some of the "professor messer" videos on parts I didn't feel 100% confident in. Studied for three days, got a 93% on the 701, and 94% on the 702, took them the same day, and said, "dang, that was easy."
Application Security:
Web Security:
Secure Systems
Check this out: https://www.amazon.com/dp/1119137934/ref=cm_sw_r_cp_awdb_t1_I-OYBb5SKZG2M
CompTIA A+ Complete Deluxe Study Guide: Exams 220-901 and 220-902
3rd Edition, Hard Cover, $24
Quoted:
Includes interactive online learning environment and study tools with:
I'm not an expert, but here are some of the resources that I've learned a lot from
http://vulnhub.com - My favorite so far has been Hackademic_RTB1 using g0tm1lk's walkthrough.
BackTrack is now Kali so you'll want to check that out. And in case aren't already using it, you'll probably want to use something like VirtualBox to set up your labs. The #kali and #vulnhub channels on irc.freenode.net are really helpful.
Some other books I've enjoyed are CounterHack by Ed Skoudis and everything by Richard Bejtlich.
Let me know if you have any questions. I probably won't know offhand, but wouldn't mind helping you find out.
I'd have to agree with /u/pint. The Design of Rijndael is basically the handbook on this. It explains the so called Wide Trail Strategy, which deals with exactly what you're after. You might be able to find some of this in Joan Daemen's PhD thesis as well (at the bottom of this page) - a lot of the stuff in The Design of Rijndael is from there.
Ok - Here's a list of books I've read in the last few years
As you can tell, I'm big on the technical books, and even exam prep books. This is just a selection, but I think it's a good starter pack to some different fields.
https://www.amazon.com/Build-Your-Own-Security-Lab/dp/0470179864
https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641
https://pen-testing.sans.org/blog/2014/02/27/building-a-pen-test-infrastructure-hacking-at-home-on-the-cheap
and because I like you:
https://www.cybrary.it/0p3n/tutorial-for-setting-up-a-virtual-penetration-testing-lab-at-your-home/
https://www.pentesterlab.com/
https://community.rapid7.com/docs/DOC-2196
The following books might be old but still way better in writing backdoors and hacking stuff:
https://www.amazon.com/Sockets-Shellcode-Porting-Coding-Professionals/dp/1597490059/ref=sr_1_1?ie=UTF8&qid=1479315418&sr=8-1&keywords=shellcode+c
https://www.amazon.com/gp/product/1597499978/ref=pd_bxgy_14_img_2?ie=UTF8&psc=1&refRID=PH1DKACHVPSSV5Z4R7E9
https://www.amazon.com/gp/product/1932266674/ref=pd_bxgy_14_img_3?ie=UTF8&psc=1&refRID=PH1DKACHVPSSV5Z4R7E9
Best Regards
I have enjoyed the Sybex series, https://smile.amazon.com/CompTIA-Complete-Study-Guide-220-1001/dp/1119515939/ref=sr_1_5?crid=39NGOO1J9JE1G&keywords=comptia+a%2B+1001&qid=1575104128&sprefix=comptia+a%2Caps%2C170&sr=8-5
But I dare say the majority I've seen on this sub forum seem to prefer the all in one series, and Mike Meyers did the one for the A+,
https://smile.amazon.com/CompTIA-Certification-Guide-220-1001-220-1002-ebook-dp-B07PPY7P1T/dp/B07PPY7P1T/ref=mt_kindle?_encoding=UTF8&me=&qid=
But thats just my opinion on books, take it with a huge grain of salt as I have not passed the A+.
Some search terms for how the internet works: Packet switched networking, TCP, IP, SSL.
I don't think I have ever read a book about basic internet workings, the internet is really the best place to read about that stuff (hence the search terms).
Instead I will list some books which look at how we define security and why secure systems fail:
Secrets and Lies is a good primer discussing trust / networks / cryptography and a few other things at a high enough level to be interesting to a lay reader: http://www.amazon.com/Secrets-Lies-Digital-Security-Networked/dp/0471453803/ref=sr_1_4?ie=UTF8&qid=1419753343&sr=8-4
Art of Intrusion is packed full of stories about how systems (computers or otherwise) fail and become insecure: http://www.amazon.com/Art-Intrusion-Exploits-Intruders-Deceivers/dp/0471782661/ref=sr_1_1?ie=UTF8&qid=1419753466&sr=8-1 the sister book Art of Deception (stories about Social Engineering) is also pretty good.
The Code Book, mostly history, but provides a great introduction to cryptographic concepts. http://www.amazon.com/The-Code-Book-Science-Cryptography/dp/0385495323/ref=pd_rhf_se_s_cp_7_RTJS?ie=UTF8&refRID=1RRWWY0RNX7G8HRYPFFS
stormehh has some good points.
I agree, and would argue that you are better off learning the fundamentals at this stage in your life. I understand your urge to get out there and explore different tools and techniques as fast as possible (trust me, I've been there myself), but take my word for it when I say that you will get more out of it when you understand the underlying concepts/technologies/protocols.
This might sound old fashioned, but read these books. It's a lot of material, but well worth the effort. You can get all three of them used for about $75:
"Computer Security: Art and Science" - Matt Bishop
"The TCP/IP Guide: A Comprehensive, Illustrated Internet Protocols Reference" - Charles M. Kozierok
"Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd Edition)" - Edward Skoudis & Tom Liston
Good luck to you, and follow the light side of the force.
Few books for you to consider - I got these for my course and are hugely useful. I've also included the Encase book as I know our forensics guys go back to it all the time:
Computer forensics using open source tools
The essential Brian Carrier - file system forensics
Real Digital Forensics
Encase training book
Digital Forensics Investigation
Forensic Discovery
Mind sharing the links? There's a few "Hack this site" websites ranging from user uploaded files and I've seen one which is more based on javascript and SQL injection.
Have you thought about looking at crackme? There's also the Microsoft Blue Hat Challenge. Forensic Focus also provide a list of resources to practice with.
There's always books as well. I'm currently working through Real Digital Forensics that comes with files used in the book and explain how it was gathered and how to view it.
There's plenty of resources out there, but you've got to be a bit more specific on what challenge you're looking for, as there's a range of subjects.
Check out this. Notice how Windows replaces the first letter of a deleted file with sigma. This hides it from Windows Explorer, but you can still use something like WinUndelete to retrieve it. A sigma file's cluster will be overwritten by the OS as if it were blank, so you'd have to retrieve it before you save anything else that would use that cluster.
Do you think Linux would do something similar?
Maybe understanding File Allocation Tables data structure will help you get that file. Also it might not, but it's still cool to know.
In case this is the right path, I'm learning this from page 110 -118 of this useful book that my step bro gave me :)
Definitely get this. It's helping me a ton right now.
WHY DO YOU ASK MAINTAINS THE PROPER ATTITUDE OF A DECENT THING?
:)
> From experience, one book is barely enough to get your feet wet
Ha! Definitely. I keep getting ideas for other books I should write.
I'd recommend the following as good general books to read. They're all good no matter what type of programming you do:
That should keep you busy. :)
EDIT: Oh, also, you can read my other two Python books. One is on graphical games with Pygame and the other is on classical ciphers and how to crack them. http://inventwithpython.com
I recommend any beginner type book. The Head First series are good. You also have a decent one online for free Practical PHP Programming. Just keep on reading. One you get familiar with the language and programming(if you are new to this) you should start reading about writing secure code, Essential PHP Security would be a good pick. Have fun.
I used this. It would be good to find a machine and build it up with XP and Vista, and get it running stable. Also remember data rates and system requirements for the various OS. (unfortunately Win 7 still not a topic that's covered)
Not sure if this is relevant to your particular sites, but I found this book really helpful in understanding what the risks are.
It does a good job of explaining XSS, Injection Attacks, and other forms of attack, and how to avoid them.
The book is quite old now, so I'm not sure if it's still as relevant as it was. Perhaps someone here will be able to suggest a better option, or books catered towards other languages?
http://www.amazon.com/Secrets-Lies-Digital-Security-Networked/dp/0471453803
This book gives a really good overview of core Information Assurance concepts. Bruce Schneier is smart dude to follow.
Mike Meyers All in One
CompTIA A+ Study Guide
CompTIA A+ Deluxe Study Guide
These are the first three hits I get when I searched Amazon with the following: comptia a 220-901 and 220-902.
Results can be found here
Go to this link and buy this book it has helped me so much. I started off not knowing anything about IT or software development. I started using quizlets and professor messer but was having trouble retaining info. This has practice tests as well as performance based questions in the book to help you out. https://www.amazon.com/CompTIA-Complete-Study-Guide-220-1001/dp/1119515939
I also recommend getting a new computer with enough RAM to use virtual box to fool around with the other OS that will be on the exam. That way you have hands on experience with them.
Is this the book your talking about?
https://www.amazon.ca/gp/product/1259589544/ref=ox_sc_act_title_1?smid=A3DWYIK6Y9EEQB&psc=1
Planning to get one, I'm starting to review for A+.I have no background on IT thought.
There are a lot of cool resources out there, but there are a few things I did:
I bought a book (I had the 4th edition, which was a complete overhaul, but it was an excellent resource).
I set up a TiddlyWiki, and using the CompTIA A+ objectives sheet I basically recreated the entire list and all the bullet points, and made each line a link to an entry that gave details of the subject (very useful both as a reference and a means of memorization).
I watched Professor Messer's videos.
Not bad. I used this book and it wasn't that bad, 802 tripped me up a little, a lot of open ended questions imo
Wow I didn't know it was that hard. I'm taking a class at CSCC that the textbook is this:
http://www.amazon.com/CompTIA-Managing-Troubleshooting-Edition-220-801/dp/007179591X/ref=sr_1_1?ie=UTF8&qid=1376520999&sr=8-1&keywords=9780071795913
Is there any reason why you want to take a 7xx series vs a 8xx series one?
There are some pretty neat courses on coursera for security, not sure if there are network security specific ones. I know Stanford offers some free security classes once in a while.
In terms of books, I think my netsec course used this one - http://www.amazon.com/Network-Security-Private-Communication-Edition/dp/0130460192. (which is pretty outdated but the basics are the same).
My eldest is just over 2 years old, so I've got a while to go, but I plan on using software to block things on our linux-based router. And giving him a network admin guide soon after.
If he can't figure it out, that's his problem. If he can, at least he's learning something useful.
We'll see how that goes in a few years.
I used this book to review last minute, it's very thorough.
I did not use flashcards, but listening to Professor Messer and cybrary.it videos really helped in my preparation as well.
Here is a link to the textbook
https://www.amazon.com/CompTIA-Managing-Troubleshooting-220-901-220-902/dp/1259589544/ref=pd_bxgy_14_2?_encoding=UTF8&pd_rd_i=1259589544&pd_rd_r=BGNGJ7C40BP1PDCYV3WE&pd_rd_w=tRWZG&pd_rd_wg=3FljF&psc=1&refRID=BGNGJ7C40BP1PDCYV3WE
I am currently reading the [CompTIA A+ Complete Deluxe Study Guide] (http://www.amazon.co.uk/CompTIA-Complete-Deluxe-Study-Guide/dp/1119137934/ref=pd_cp_14_2?ie=UTF8&refRID=0HV752EMYP82DNXV92P7)
 
Pros:
 
 
Cons:
 
 
Overall, I think it's a good book. I extras you get from the Deluxe package are great. I would still suggest watching some professor messer videos and maybe evening writing up your own personal study guide for subjects that challenge you.
I think Bender(Bending)Rodriguez was referring to this one:
https://www.amazon.com/Rootkits-Subverting-Windows-Greg-Hoglund/dp/0321294319/
I would also offer my recommendation for that book as well. It's definitely dated, but an excellent starting point on how to build your own rootkit.
That said, I'm not sure that really answers your "where do I get rootkits?" question. In answer to that, I'll offer a few tools that are heavier on the "post-exploitation agent", but still worth checking out:
Check out these boooks:
--Build Your Own Security Lab: A Field Guide for Network Testing
--Professional Penetration Testing, Second Edition: Creating and Learning in a Hacking Lab
--Building Virtual Pentesting Labs for Advanced Penetration Testing
If you are looking to get into security I also recommend learning how networks and servers work before trying to hack them. A basic knowledge of networking hardware, networking models, servers, protocols etc will do a lot to further your knowledge. Also look into scripting languages such as powershell, bash, and python. There are even books specifically about hacking with python.
I have a similar workstation as you have and run Ubuntu with VMware workstation (will also work with windows 7/8.1). Vmware workstation might be the best thing to run right now as you can isolate networks and setup / take down as you go. Also there are direct VM's from Kali linux that you can download to run in your lab.
I definitely recommend books as a means of delving deeper into the subject of Network security. There is a For Dummies book selling on Amazon as well as several other books about the subject. Along with reading up on Network Security, I'd also recommend that you read up on hacking to better understand the threats to Networks.
Also, internationally there are hundreds of information security conventions, a quick google search should bring up a few results on upcoming events in your area. Some of them are about new technologies released and are typically aimed at companies wanting to upgrade their security, however there are seminars and panels at these events which are interesting.
Chris Shifflett's book is very good: http://www.amazon.com/Essential-PHP-Security-Chris-Shiflett/dp/059600656X
>The official study guide
Is it this one?
​
https://www.amazon.co.uk/CompTIA-Complete-Study-Guide-220-1001/dp/1119515939/ref=asc_df_1119515939/?tag=googshopuk-21&linkCode=df0&hvadid=241430810118&hvpos=1o2&hvnetw=g&hvrand=12533844040823489630&hvpone=&hvptwo=&hvqmt=&hvdev=c&hvdvcmdl=&hvlocint=&hvlocphy=1006567&hvtargid=pla-696500029900&psc=1&th=1&psc=1
Hacking Exposed