(Part 2) Best comptia certification guides according to redditors

And to anyone who wants to learn from the other side, I can recommend Rootkits: Subverting the Windows Kernel.

It really depends on what niche you're looking on covering. It's difficult, I feel, to brush up on "infosec" to any level of practical proficiency without focusing on a few subsets. Based on your interests, I would recommend the following books.

General Hacking:

Hacking Exposed

The Art of Exploitation

The Art of Deception



Intrusion Detection / Incident Response:

Network Flow Analysis

The Tao of Network Security Monitoring

Practical Intrusion Analysis

Real Digital Forensics


Reverse Engineering:

Reversing: Secrets of Reverse Engineering

The Ida Pro Book

Malware Analyst Cookbook

Malware Forensics



Digital Forensics:

File System Forensic Analysis

Windows Forensic Analysis

Real Digital Forensics

The Rootkit Arsenal


Hope this helps. If you're a University student, you might have access to Safari Books Online, which has access to almost all of these books, and more. You can also purchase a personal subscription for like $23 a month. It's a bit pricey, but they have an awesome library of technical books.

Specific to Cryptanalysis (in order):

1. start with this great tutorial on FEAL cryptanalysis
   
   
2. then try the matsano challenges
   
   
3. finally followed by Schneier's self study course on cryptanalysis.
   
   
   Good intermediate texts on cryptography/cryptology:
   
   
4. From a mathematical perspective: An Introduction to Mathematical Cryptography by Silverman et al.
   
   
5. From a provable security perspective (probably the most important to both academia and industry): Introduction to Modern Cryptography (new 2nd ed.) by Katz & Lindell
   
   
6. Serge Vaudenay's A Classical Introduction to Cryptography (it's an in between of the above 2 books).
   
   
7. Christoph Paar's Understanding Cryptography with a video course.
   
   
   Lastly, a really fantastic all around book on network security (including crypto) would be: Network Security 2nd Ed. by Kaufman and Perlman. It is a little old though but still relevant. Also has great analysis of real world protocols such as IPsec (IKE, ISAKMP), Kerberos, SSL/TLS, S/MIME, etc.

I actually already have a copy of Hacking: The Art of Exploitation. My personal library consists of around 45 books on a range of computing topics from PHP, MySQL, C++, Windows Internals, CCNA, MCSE/MCSA, Unix, Rootkits, AI, Data Structures and the list goes on.

Other relevant titles include Gray Hat Python, Reversing: Secrets of Reverse Engineering and Rootkits: Subverting the Windows Kernel.

I was going to buy the following: Assembly Language Step-by-step, SQL Injection Attacks and Defense and Metasploit: The Penetration Tester's Guide.

I agree that where one starts really depends on what they want to end up doing. "Hacking" is such a general term and SQL-Injections is completely different from finding 0-days. If I'm honest I'm not sure where to start but I'm open to suggestions.

​

With money;

• Offensive Security offers some good courses on netsec - Kali.org - they offer Kali Linux (a derivative of Debian - a distribution of Linux) too tbh.
  
  
• College/University is a pretty decent source for info more often than not.
  
  
• Also, start either with code or physical things. Windows has a lot of things to poke at actually. Usually good starter references (the “for dummies” books); https://www.amazon.com/Network-Security-Dummies-Chey-Cobb/dp/0764516795
  
  
  Without money;
  
  
• Start learning python 3. Will significantly help the more serious you get.
  
  
• Start with Wireshark and nmap - both are free applications that support most operating systems.
  
  
• Also, look at penetration testing resources as a good “go-to”. Reddit, Hak5, and DEFCON are good places to look for information. Hak5 & Reddit first though, DEFCON the more you get into things. My Reddit reference:
  https://www.reddit.com/r/hacking/comments/1d9onz/how_do_i_start_getting_into_pentesting/

Being a "techy" isn't really useful with learning and understanding crypto. There's many cryptographers that are mathematicians who barely use computers. Cryptography is a multi-faceted discipline but the typical divide is between mathematicians and computer scientists.

So having a foundation in math & computer science is very useful.

In any case, Simon Singh's book is a good introduction. It is a pleasant read but a bit fluffy.

Although not specifically crypto, I would start with Network Security by Kaufman et al. It primarily discusses network security but gently introduces some cryptography primitives.

Another book from a mathematician perspective is this book.

Then there's joy of cryptography which is a formal treatment using a notion of provable security (a bit of a different take to Katz & Lindell Modern Cryptography), which computer scientists tend to have a boner for.

School, here is a textbook I used.

Part of that "80%" can be a sales tactic to get you to sign up and take the course. Although I am not in the UK so I am not sure if that stat holds true.

As for the equipment: Both the below links are good starting points. The top one is a bit older.

Build Your Own Security Lab: A Field Guide for Network Testing

[The Network Security Test Lab: A Step-by-Step Guide] (https://www.amazon.com/Network-Security-Test-Step-Step/dp/1118987055/ref=asap_bc?ie=UTF8)

Both will give you a good idea and a starting point.

But you never really answered a key question: What is it you want to do? In CyberSecurity, there are roughly 40 different types of emphasis that you can focus on. I know it is daunting, but understand your personality and goals can weigh heavily into that decision. Not everyone is cut out to be a WhiteHat, but that does not mean a blue team member or a purple team member are not for you.

There was a really good topic discussion on Reddit (unable to find it currently) that had quite a few jobs broken down and what they do/mean to the Security Community.

You should be fine use the objectives and professor messer. You can always grab this lab book Mike Meyers Lab book. It helped me when I was prepping for the 901 and 902.

Yes.

Hacking Exposed

Shellcoders Handbook

Reverse Engineering

Malware Analyst's Cookbook

Gray Hat Python

Gray Hat Hacking Second Edition

Writing Security Tools & Exploits

Sockets, Shellcode, Porting and Coding: Reverese Engineering Exploits and Tool Coding for Security Professionals

Professional Penetration Testing

These are definitely some books you could start with. Once you've gone through those, you'll know more then a lot of them out there :)

There's these reddit threads on r/netsec:
http://www.reddit.com/r/netsec/comments/d3hua/how_to_get_started_in_netsec/
http://www.reddit.com/r/netsec/comments/ekyjw/interested_in_learning_about_network_security/

http://www.reddit.com/r/netsec/comments/es4si/what_are_some_good_netsec_books_out_there/
http://www.reddit.com/r/netsec/comments/g6r71/getting_started_in_network_security_a_list_of/

There's also loads of blogs and websites around, if you go hunting or look at some of these netsec threads, you'll find loads more material.

A+ Resources Computing...


Mike Meyers: All In One


Exam Cram


A+ Complete Study Guide


...Popular Books Terminated




Videos Compressing...

Professor Messer's A+ Videos Free


Anthony Harries A+ Series Free


Mike Meyer's A+ Video Series Paid


...Decompressing




A+ Practice Exams Initialized.....


Professer Messer's Pop Quizes Free


Crucial Exams Free


ExamCompass Free


[Exam Cram Practice Questions Paid](https://www.amazon.com/CompTIA-220-901-220-902-Practice-Questions/dp/0789756307/ref=sr_1_2?ie=UTF8&qid=1484881100&sr=8- 2&keywords=a%2B+901+and+902&refinements=p_72%3A2661618011)



....End Transmission



Simmy-Turner activated(sims)....


GTS Labs Paid


Mike Meyers Lab Book Paid


Testout A+ Paid


Prof. Hammonds Free


....End Transmission



Community Driven Content(all free)......

Zac Wilsons A+ Study App


Gemini88mill Advice


Deathrus's Study Habits


DrawMonster's Study Methods

...The Community thanks you!

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

If you've got a couple of weeks until your start date, buy this book and read it:

CompTIA Network+ Certification All-in-One Exam Guide, Seventh Edition

You can also look up the author's series of videos on Youtube. You don't actually have to take and pass the certification but it wouldn't be the end of the world if you did. Since you say you didn't have a single comp sci class it would actually probably help with your confidence to get certified and to understand the ins and out of networking. If you can break down how computers communicate with each other you can go a long ways towards figuring out potential security problems.

My guess is that their "analyst" training will be much more about NIST Special Publication 800-53 than any actual network or security analysis but that's fine. If you can learn some tech stuff on your own you won't look like a total n00b when they deposit you at a client site and tell you to add value immediately or else.

I used the exam-cram book (link) and viewed some of the "professor messer" videos on parts I didn't feel 100% confident in. Studied for three days, got a 93% on the 701, and 94% on the 702, took them the same day, and said, "dang, that was easy."

Application Security:

• The Art of Software Security Assessment
  
• A Bug Hunter's Diary
  
  Web Security:
  
  
• The Tangled Web
  
  Secure Systems
  
  
• A Guide to Kernel Exploitation
  
• Rootkits
  

Check this out: https://www.amazon.com/dp/1119137934/ref=cm_sw_r_cp_awdb_t1_I-OYBb5SKZG2M

CompTIA A+ Complete Deluxe Study Guide: Exams 220-901 and 220-902

3rd Edition, Hard Cover, $24

Quoted:

Includes interactive online learning environment and study tools with:

• 8 custom practice exams
  
  
• More than 300 Electronic flashcards
  
  
• Over 1 hour of How-To videos from the authors
  
  
• Free eBook versions of this Deluxe Study Guide available in multiple file formats
  
  
• Free 30 days of video training from the subject-matter experts at ITProTV
  
  
  

I'm not an expert, but here are some of the resources that I've learned a lot from

http://vulnhub.com - My favorite so far has been Hackademic_RTB1 using g0tm1lk's walkthrough.

BackTrack is now Kali so you'll want to check that out. And in case aren't already using it, you'll probably want to use something like VirtualBox to set up your labs. The #kali and #vulnhub channels on irc.freenode.net are really helpful.

Some other books I've enjoyed are CounterHack by Ed Skoudis and everything by Richard Bejtlich.

Let me know if you have any questions. I probably won't know offhand, but wouldn't mind helping you find out.

I'd have to agree with /u/pint. The Design of Rijndael is basically the handbook on this. It explains the so called Wide Trail Strategy, which deals with exactly what you're after. You might be able to find some of this in Joan Daemen's PhD thesis as well (at the bottom of this page) - a lot of the stuff in The Design of Rijndael is from there.

Ok - Here's a list of books I've read in the last few years

• Gray Hat Hacking - The Ethical Hacker's Handbook - Really good intro to Software Sec / Reverse Enginering / Disclosure
  
• Counter Hack Reloaded - A 'bible' of phased attacks - classic book.
  
• Guide to Network Defense and Countermeasures - Technically designed as a 'prep' book for the SCNP, it's still a great read about IPS, IDS, NetSec Policies, Proxies, firewalls, packet filtering, etc
  
• Hacking Wireless Exposed - Great intro read on 802.11 sec.
  
• CWNA/CWSP Exam Guide - Assumes 0 knowledge about RF. More intense than Hacking Wireless Exposed, but also easier to learn from. I went into this book knowing very little about RF, left it feeling confident. Well written.
  
• Snort 2.1 - Self explanatory, but a book about the IDS system Snort. Not perfect, but again, great starter book.
  
• The Web Application Hacker's Handbook - The best for last. The holy grail of web hacking. Second edition SHOULD be coming very soon, depending on the drop date may be worth it to wait.
  
  As you can tell, I'm big on the technical books, and even exam prep books. This is just a selection, but I think it's a good starter pack to some different fields.
  

https://www.amazon.com/Build-Your-Own-Security-Lab/dp/0470179864

https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641

https://pen-testing.sans.org/blog/2014/02/27/building-a-pen-test-infrastructure-hacking-at-home-on-the-cheap

and because I like you:

https://www.cybrary.it/0p3n/tutorial-for-setting-up-a-virtual-penetration-testing-lab-at-your-home/

https://www.pentesterlab.com/

https://community.rapid7.com/docs/DOC-2196

The following books might be old but still way better in writing backdoors and hacking stuff:
https://www.amazon.com/Sockets-Shellcode-Porting-Coding-Professionals/dp/1597490059/ref=sr_1_1?ie=UTF8&qid=1479315418&sr=8-1&keywords=shellcode+c

https://www.amazon.com/gp/product/1597499978/ref=pd_bxgy_14_img_2?ie=UTF8&psc=1&refRID=PH1DKACHVPSSV5Z4R7E9

https://www.amazon.com/gp/product/1932266674/ref=pd_bxgy_14_img_3?ie=UTF8&psc=1&refRID=PH1DKACHVPSSV5Z4R7E9

Best Regards

I have enjoyed the Sybex series, https://smile.amazon.com/CompTIA-Complete-Study-Guide-220-1001/dp/1119515939/ref=sr_1_5?crid=39NGOO1J9JE1G&keywords=comptia+a%2B+1001&qid=1575104128&sprefix=comptia+a%2Caps%2C170&sr=8-5

But I dare say the majority I've seen on this sub forum seem to prefer the all in one series, and Mike Meyers did the one for the A+,

https://smile.amazon.com/CompTIA-Certification-Guide-220-1001-220-1002-ebook-dp-B07PPY7P1T/dp/B07PPY7P1T/ref=mt_kindle?_encoding=UTF8&me=&qid=

But thats just my opinion on books, take it with a huge grain of salt as I have not passed the A+.

Some search terms for how the internet works: Packet switched networking, TCP, IP, SSL.

I don't think I have ever read a book about basic internet workings, the internet is really the best place to read about that stuff (hence the search terms).

Instead I will list some books which look at how we define security and why secure systems fail:

Secrets and Lies is a good primer discussing trust / networks / cryptography and a few other things at a high enough level to be interesting to a lay reader: http://www.amazon.com/Secrets-Lies-Digital-Security-Networked/dp/0471453803/ref=sr_1_4?ie=UTF8&qid=1419753343&sr=8-4

Art of Intrusion is packed full of stories about how systems (computers or otherwise) fail and become insecure: http://www.amazon.com/Art-Intrusion-Exploits-Intruders-Deceivers/dp/0471782661/ref=sr_1_1?ie=UTF8&qid=1419753466&sr=8-1 the sister book Art of Deception (stories about Social Engineering) is also pretty good.

The Code Book, mostly history, but provides a great introduction to cryptographic concepts. http://www.amazon.com/The-Code-Book-Science-Cryptography/dp/0385495323/ref=pd_rhf_se_s_cp_7_RTJS?ie=UTF8&refRID=1RRWWY0RNX7G8HRYPFFS

stormehh has some good points.

I agree, and would argue that you are better off learning the fundamentals at this stage in your life. I understand your urge to get out there and explore different tools and techniques as fast as possible (trust me, I've been there myself), but take my word for it when I say that you will get more out of it when you understand the underlying concepts/technologies/protocols.

This might sound old fashioned, but read these books. It's a lot of material, but well worth the effort. You can get all three of them used for about $75:

"Computer Security: Art and Science" - Matt Bishop

"The TCP/IP Guide: A Comprehensive, Illustrated Internet Protocols Reference" - Charles M. Kozierok

"Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd Edition)" - Edward Skoudis & Tom Liston

Good luck to you, and follow the light side of the force.

Few books for you to consider - I got these for my course and are hugely useful. I've also included the Encase book as I know our forensics guys go back to it all the time:

Computer forensics using open source tools

The essential Brian Carrier - file system forensics

Real Digital Forensics

Encase training book

Digital Forensics Investigation

Forensic Discovery

Mind sharing the links? There's a few "Hack this site" websites ranging from user uploaded files and I've seen one which is more based on javascript and SQL injection.

Have you thought about looking at crackme? There's also the Microsoft Blue Hat Challenge. Forensic Focus also provide a list of resources to practice with.

There's always books as well. I'm currently working through Real Digital Forensics that comes with files used in the book and explain how it was gathered and how to view it.

There's plenty of resources out there, but you've got to be a bit more specific on what challenge you're looking for, as there's a range of subjects.

Check out this. Notice how Windows replaces the first letter of a deleted file with sigma. This hides it from Windows Explorer, but you can still use something like WinUndelete to retrieve it. A sigma file's cluster will be overwritten by the OS as if it were blank, so you'd have to retrieve it before you save anything else that would use that cluster.

Do you think Linux would do something similar?

Maybe understanding File Allocation Tables data structure will help you get that file. Also it might not, but it's still cool to know.

In case this is the right path, I'm learning this from page 110 -118 of this useful book that my step bro gave me :)

Definitely get this. It's helping me a ton right now.

WHY DO YOU ASK MAINTAINS THE PROPER ATTITUDE OF A DECENT THING?

:)

> From experience, one book is barely enough to get your feet wet

Ha! Definitely. I keep getting ideas for other books I should write.

I'd recommend the following as good general books to read. They're all good no matter what type of programming you do:

• Code: The Hidden Language of Computer Hardware and Software
  
• Code Complete: A Practical Handbook of Software Construction, Second Edition
  
• The Pragmatic Programmer: From Journeyman to Master
  
• The Mythical Man-Month
  
• In the Beginning...was the Command Line
  
• Secrets and Lies: Digital Security in a Networked World
  
• User Interface Design for Programmers
  
• Don't Make Me Think
  
  That should keep you busy. :)
  
  EDIT: Oh, also, you can read my other two Python books. One is on graphical games with Pygame and the other is on classical ciphers and how to crack them. http://inventwithpython.com

I recommend any beginner type book. The Head First series are good. You also have a decent one online for free Practical PHP Programming. Just keep on reading. One you get familiar with the language and programming(if you are new to this) you should start reading about writing secure code, Essential PHP Security would be a good pick. Have fun.

I used this. It would be good to find a machine and build it up with XP and Vista, and get it running stable. Also remember data rates and system requirements for the various OS. (unfortunately Win 7 still not a topic that's covered)

Not sure if this is relevant to your particular sites, but I found this book really helpful in understanding what the risks are.

It does a good job of explaining XSS, Injection Attacks, and other forms of attack, and how to avoid them.

The book is quite old now, so I'm not sure if it's still as relevant as it was. Perhaps someone here will be able to suggest a better option, or books catered towards other languages?

http://www.amazon.com/Secrets-Lies-Digital-Security-Networked/dp/0471453803

This book gives a really good overview of core Information Assurance concepts. Bruce Schneier is smart dude to follow.

Mike Meyers All in One

CompTIA A+ Study Guide

CompTIA A+ Deluxe Study Guide

These are the first three hits I get when I searched Amazon with the following: comptia a 220-901 and 220-902.

Results can be found here

Go to this link and buy this book it has helped me so much. I started off not knowing anything about IT or software development. I started using quizlets and professor messer but was having trouble retaining info. This has practice tests as well as performance based questions in the book to help you out. https://www.amazon.com/CompTIA-Complete-Study-Guide-220-1001/dp/1119515939

I also recommend getting a new computer with enough RAM to use virtual box to fool around with the other OS that will be on the exam. That way you have hands on experience with them.

Is this the book your talking about?
https://www.amazon.ca/gp/product/1259589544/ref=ox_sc_act_title_1?smid=A3DWYIK6Y9EEQB&psc=1

Planning to get one, I'm starting to review for A+.I have no background on IT thought.

There are a lot of cool resources out there, but there are a few things I did:

I bought a book (I had the 4th edition, which was a complete overhaul, but it was an excellent resource).

I set up a TiddlyWiki, and using the CompTIA A+ objectives sheet I basically recreated the entire list and all the bullet points, and made each line a link to an entry that gave details of the subject (very useful both as a reference and a means of memorization).

I watched Professor Messer's videos.

Not bad. I used this book and it wasn't that bad, 802 tripped me up a little, a lot of open ended questions imo

Wow I didn't know it was that hard. I'm taking a class at CSCC that the textbook is this:

http://www.amazon.com/CompTIA-Managing-Troubleshooting-Edition-220-801/dp/007179591X/ref=sr_1_1?ie=UTF8&qid=1376520999&sr=8-1&keywords=9780071795913

Is there any reason why you want to take a 7xx series vs a 8xx series one?

There are some pretty neat courses on coursera for security, not sure if there are network security specific ones. I know Stanford offers some free security classes once in a while.

In terms of books, I think my netsec course used this one - http://www.amazon.com/Network-Security-Private-Communication-Edition/dp/0130460192. (which is pretty outdated but the basics are the same).

My eldest is just over 2 years old, so I've got a while to go, but I plan on using software to block things on our linux-based router. And giving him a network admin guide soon after.

If he can't figure it out, that's his problem. If he can, at least he's learning something useful.

We'll see how that goes in a few years.

I used this book to review last minute, it's very thorough.
I did not use flashcards, but listening to Professor Messer and cybrary.it videos really helped in my preparation as well.

Here is a link to the textbook
https://www.amazon.com/CompTIA-Managing-Troubleshooting-220-901-220-902/dp/1259589544/ref=pd_bxgy_14_2?_encoding=UTF8&pd_rd_i=1259589544&pd_rd_r=BGNGJ7C40BP1PDCYV3WE&pd_rd_w=tRWZG&pd_rd_wg=3FljF&psc=1&refRID=BGNGJ7C40BP1PDCYV3WE

I am currently reading the [CompTIA A+ Complete Deluxe Study Guide] (http://www.amazon.co.uk/CompTIA-Complete-Deluxe-Study-Guide/dp/1119137934/ref=pd_cp_14_2?ie=UTF8&refRID=0HV752EMYP82DNXV92P7)

 

Pros:

 

• Covers everything in depth
  
  
• The practice exams at the end of each chapter do a good job of covering the chapter
  
  
• PDF copies of Book (most have this now)
  
  
• online tests you can configure to include questions from different chapters
  
  
• "Performance Based Questions" - Essay like questions at the end of each chapter.
  
  
• extra tests for the 901 section and 902 sections
  
  
• 30 day subscription to online video lectures (ITProTV)
  
   
  
  Cons:
  
   
  
  
• Style of writing is a little fluffy. Sometimes it seems like they added content that wasn't necessary.
  
  
• Pictures in the book are not in color (PDF copy of book is though). This makes it difficult to recognize color coded hardware
  
  
• I wish they had more charts.
  
  
• Some figures included don't provide extra insight
  
   
  
  Overall, I think it's a good book. I extras you get from the Deluxe package are great. I would still suggest watching some professor messer videos and maybe evening writing up your own personal study guide for subjects that challenge you.

I think Bender(Bending)Rodriguez was referring to this one:

https://www.amazon.com/Rootkits-Subverting-Windows-Greg-Hoglund/dp/0321294319/

I would also offer my recommendation for that book as well. It's definitely dated, but an excellent starting point on how to build your own rootkit.

That said, I'm not sure that really answers your "where do I get rootkits?" question. In answer to that, I'll offer a few tools that are heavier on the "post-exploitation agent", but still worth checking out:

• ThrowbackLP has user-land persistence via Windows services
  
• PowerShell Empire has user-land persistence via the registry and scheduled tasks

Check out these boooks:

--Build Your Own Security Lab: A Field Guide for Network Testing

--Professional Penetration Testing, Second Edition: Creating and Learning in a Hacking Lab

--Building Virtual Pentesting Labs for Advanced Penetration Testing

If you are looking to get into security I also recommend learning how networks and servers work before trying to hack them. A basic knowledge of networking hardware, networking models, servers, protocols etc will do a lot to further your knowledge. Also look into scripting languages such as powershell, bash, and python. There are even books specifically about hacking with python.

I have a similar workstation as you have and run Ubuntu with VMware workstation (will also work with windows 7/8.1). Vmware workstation might be the best thing to run right now as you can isolate networks and setup / take down as you go. Also there are direct VM's from Kali linux that you can download to run in your lab.

I definitely recommend books as a means of delving deeper into the subject of Network security. There is a For Dummies book selling on Amazon as well as several other books about the subject. Along with reading up on Network Security, I'd also recommend that you read up on hacking to better understand the threats to Networks.

Also, internationally there are hundreds of information security conventions, a quick google search should bring up a few results on upcoming events in your area. Some of them are about new technologies released and are typically aimed at companies wanting to upgrade their security, however there are seminars and panels at these events which are interesting.

Chris Shifflett's book is very good: http://www.amazon.com/Essential-PHP-Security-Chris-Shiflett/dp/059600656X

>The official study guide



Is it this one?

​

https://www.amazon.co.uk/CompTIA-Complete-Study-Guide-220-1001/dp/1119515939/ref=asc_df_1119515939/?tag=googshopuk-21&linkCode=df0&hvadid=241430810118&hvpos=1o2&hvnetw=g&hvrand=12533844040823489630&hvpone=&hvptwo=&hvqmt=&hvdev=c&hvdvcmdl=&hvlocint=&hvlocphy=1006567&hvtargid=pla-696500029900&psc=1&th=1&psc=1

Hacking Exposed