(Part 2) Best computer networks security books according to redditors
We found 200 Reddit comments discussing the best computer networks security books. We ranked the 55 resulting products by number of redditors who mentioned them. Here are the products ranked 21-40. You can also go back to the previous section.
This book is apparently (i haven't read it myself) extremely beginner oriented, and is more like an introduction to nix than an introduction to Kali.
If you're already proficient in nix and want to learn the ins and outs of Kali, might i recommend Advanced Kali Pentesting.
It's a little dated, but i've found it to be an very concise and informative resource myself.
Wow, 24 hours and no replies?!
Fine, you know what? FUCK IT!
Alright, first off - While you can concentrate on physical, understanding the basics of the digital side of things will make you more valuable, and arguably more effective. I'll take this opportunity to point you at Metasploit and tell you to atleast spend an hour or so each week working to understand it. I'm not saying you have to know it backwards or inside-out, just get a basic understanding.
But you said you want to go down the physical path, so fuck all that bullshit I said before, ignore it if you want, I don't care. It's just a suggestion.
Do you pick locks? Why not? Come on over to /r/Lockpicking and read the stickied post at the top. Buy a lockpick set. You're just starting so you can go a little crazy, or be conservative. Get some locks (Don't pick locks you rely on!) at a store, and learn the basics of how to pick.
Your fingers will get sore. Time to put down the picks and start reading:
That reading list right there gives you over 2000 pages to read. Read. Read More.
Tired of Reading? Have you been listening to the Social-Engineer.org Podcasts? 53 quality podcasts right there. Time to catch up!
Tired of listening? Take a break! And by "Take a break" I mean grab your lockpicks, a lock, and start picking while you relax with a Jayson Street video. He's fun to watch, and will hopefully distract you while you try picking a lock. Also, he highlights how you don't have to be a computer-genius to be good at PenTesting. Go watch more of his videos while you pick locks - It's entertaining at least, and informative/educational at best. Now go watch Deviant Ollam's videos if you're done with Jayson Street.
Sounds like a lot? It's not. You'll spend a bit of money getting started with picks, locks, and books. It's the nature of the game, no good way around it. It's time-consuming. You may have to give up playing your favourite games for a while. But the things you learn and skills you develop will pay more than that game did. By the time you're halfway through any one of those books you'll have a much better idea of what questions you want or need to ask in order to progress further and faster every day.
Go to Security Cons. DerbyCon is awesome, and happens in late September, plenty of time to start saving money and making reservations. Talk to people, ask questions, and make connections. You will learn more in those 4 days than some people learn in months or years and you'll have tons of fun.
If you can swing it, attend Deviant Ollam's "Physical Security Skills for Penetration Testers" class. The things you will learn in that class will make it worth every damned penny, and you'll feel like a bad-ass at the end of it.
Is this what you wanted?
The Rational Clinical Examination: Evidence-Based Clinical Diagnosis, edited by David L. Simel, MD, MHS, and Drummond Rennie, MD
https://www.amazon.com/Rational-Clinical-Examination-Evidence-Based-Diagnosis/dp/0071590307
http://blog.cobaltstrike.com/2011/11/04/my-virtualbox-penetration-testing-lab/
Also
https://www.amazon.com/gp/aw/d/1118987055/ref=pd_aw_sim_14_of_11?ie=UTF8&dpID=51fSOCak78L&dpSrc=sims&preST=_SL500_SR100%2C100_&psc=1&refRID=J746RJZD39BK4A8DAPMZ
Hope these links help some!
Read through Sparc Flow's books and then take his 24 hour challenge. I did this a couple weeks ago and it was amazing:
Hack Like A Porn Star : Amazon Link
Hack Like A God : Amazon Link
And here is the PenTest Walk Through Guide for the 24 Hour PenTest he offer's as an added service to the two books above:
Ultimate Hacking Challenge : Amazon Link
The hacking challenge is the really fun part. The book will walk you through the entire thing if you get stuck along the way. It took me about 12 hours to get through the full challenge. Its like an extra $10 with the discount you'll find inside either book. $15 without if I remember correctly.
OSDev - http://wiki.osdev.org/Main_Page
Kernel programming - http://stackoverflow.com/a/12818021
Books:
Hacking the Art of Exploitation - This is a fun book that has a lot to do with programming in C, exploring memory and disassembly.
Practical Reverse Engineering - this is a very informative and short book which is pretty close to the metal in regards to memory and all that but is strongly focused on its namesake so I wouldn't get it if it's not your thing.
LittleOS Book - like 76 pages on building your own OS (also free!).
I'm not the most advanced individual on the sub but I got alot of decent info from this book:
https://www.amazon.com/Tor-Dark-Art-Anonymity-Invisible-ebook/dp/B00XRZW8F0
The author goes into a decent amount of detail on the various methods of protecting privacy and anonymity on the web. He also covers and debunks a lot of the arguments against protecting your anonymity and covers which tools are best for various threat models, and even discusses why he got into this stuff to begin with. If you are just starting, and don't mind reading a literal book on the topic, it is pretty good.
How has the holy trinity not been mentioned?
Incident Response & Computer Forensics, Third Edition
Practical Malware Analysis
Art of memory forensics
Part of that "80%" can be a sales tactic to get you to sign up and take the course. Although I am not in the UK so I am not sure if that stat holds true.
As for the equipment: Both the below links are good starting points. The top one is a bit older.
Build Your Own Security Lab: A Field Guide for Network Testing
[The Network Security Test Lab: A Step-by-Step Guide] (https://www.amazon.com/Network-Security-Test-Step-Step/dp/1118987055/ref=asap_bc?ie=UTF8)
Both will give you a good idea and a starting point.
But you never really answered a key question: What is it you want to do? In CyberSecurity, there are roughly 40 different types of emphasis that you can focus on. I know it is daunting, but understand your personality and goals can weigh heavily into that decision. Not everyone is cut out to be a WhiteHat, but that does not mean a blue team member or a purple team member are not for you.
There was a really good topic discussion on Reddit (unable to find it currently) that had quite a few jobs broken down and what they do/mean to the Security Community.
Reversing: Secrets of Reverse Engineering - Is probably the most common book recommendation. Its an older book (2005) but its about as gentle as it gets in terms of the core concepts but its missing a bit due to its age (32bit RE only). I'd liken it to something like Hacking: The Art of Exploitation for exploit developers. Its a solid book, it covers the fundamentals but it'll take a bit more work to get up to speed.
Practical Reverse Engineering - This one is a newer book (2014) while it doesn't cover as many topics as the above book, its less dated in what it does cover, and it does cast a wider net covering things you'll see today like ARM and x64 instead of just x86. I tend to recommend starting with this book, using Reversing and the next book as a reference if there is a chapter of interest.
Practical Malware Analysis - While this one has more traditional RE introduction, where it excels is in dynamic analysis and dealing with software that doesn't want to be analyzed. Now, its from 2012 and malware has changed since then, so its age certainly shows, but again fundamentals remain even if technical details change or are expanded upon.
Practical Binary Analysis - This is the newest book of the list (December 2018). It wouldn't use it alone, but after you've gone through any of the above books, consider this an add-on. Its focus is on dynamic analysis and its modern. I'll admit I haven't read the entire thing yet, but I've been pleased with what I have read.
Edit: s/.ca/.com/g
If you want to learn more this book will be helpful!
http://www.amazon.com/The-Rational-Clinical-Examination-Evidence-Based/dp/0071590307
1 - DHCP - IMO a really bad idea. The appliance's interfaces should be static IP's. You have to be able to manage it and it needs the same IP. You could do a DHCP reservation, but at that point, why not go ahead and leave it static? It has to be reachable to be managed, and if it's a gateway device, those interfaces have to be reachable.
2 - Not at work right now, but I seem to remember the Device > Interfaces page has a field to set the MAC. Never done the virtual though so YMMV.
3 - In the FMC ACP page there's a search box in the upper right. It searches for whatever you type in any field in the ACP. Up and down arrows to scroll through all the matches. Same in the Objects pages.
4 - I haven't really looked, but it would be nece to get more than 25 at a time.
5 - Todd Lammle writes a really good book that you can get on Amazon.
https://www.amazon.com/Cisco-Firepower-6-x-Threat-Defense-ebook/dp/B06XYXCVQ8/ref=sr_1_8?ie=UTF8&qid=1497956555&sr=8-8&keywords=todd+lammle
His class is also excellent. Better than Cisco's by a mile. Did both last summer. Cisco's spends more time on the non-ASA devices, but that's probably not an issue for 90% of people. The concepts are the same across the ASA and Sourcefire devices. The execution is a little different. If I had 5X the budget, I'd love to have one of the Sourcefire-designed devices.
best advice i can give is to start reading anything and everything you can get your hands on related to programming, operating systems, networking, security, etc......
a few books i'm reading/have read/on my list to read and all are excellent starting points:
BackTrack 4: Assuring Security by Penetration Testing (this book was just released and still relevant when using BackTrack5)
Metasploit: The Penetration Tester's Guide
Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition
plenty of links to keep you busy for awhile:
Open Penetration Testing Bookmarks Collection
Here are all the local Amazon links I could find:
amazon.co.uk
amazon.ca
amazon.com.au
amazon.in
amazon.com.mx
amazon.de
amazon.it
amazon.es
amazon.com.br
amazon.nl
amazon.co.jp
amazon.fr
Beep bloop. I'm a bot to convert Amazon ebook links to local Amazon sites.
I currently look here: amazon.com, amazon.co.uk, amazon.ca, amazon.com.au, amazon.in, amazon.com.mx, amazon.de, amazon.it, amazon.es, amazon.com.br, amazon.nl, amazon.co.jp, amazon.fr, if you would like your local version of Amazon adding please contact my creator.
You could check out my book. :-)
This? https://www.amazon.com/Invisibility-Toolkit-Oppressive-Governments-Internationally/dp/1517160081/ref=pd_sim_14_31?_encoding=UTF8&psc=1&refRID=MHJEGG3VXKBQCNQJ2VXQ
NIST 800-66 and NIST 800-52 are your friends when it comes to HIPAA. I also like these two books:
http://www.amazon.com/HIPAA-Privacy-Security-Compliance-ebook/dp/B00BD3RVTQ/ref=sr_1_1?ie=UTF8&qid=1370245710&sr=8-1&keywords=hipaa
http://www.amazon.com/Definitive-Complying-Privacy-Security-ebook/dp/B00AR3K1KY/ref=pd_sim_kstore_2
I implement HIPAA compliant security progams professionally.
Not to knock Jim and Chris' book- I have it and it's an excellent resource- but there are other resources out there which may better suit your current level, such as pfSense 2 Cookbook which has step-by-step walk throughs of common features.
That book is a bit out of date. I'd recommend
Basic Security Testing With Kali Linux, Third Edition https://www.amazon.com/dp/1725031981/ref=cm_sw_r_cp_apa_i_mf-DCbFRVVDBK
If you want to flip over and look at how to prep firms for doing IT Security audits (aka build a security program that works and meets standard compliance frameworks), I did a book on that. https://www.amazon.com/Security-Risk-Control-Management-Preparation/dp/1484221397
I emphasize a bunch on SOX audits (via SSAE 16/18) which is huge mystery for a lotta IT shops to deal with, especially a CPA walks thru the door and sees how poor the written processes and policies are around basic IT controls. Seriously, there is a strong need for someone with auditor experience to consult to get folks ready.
I'd suggest "The Mobile Application Hacker's Handbook" (http://www.amazon.com/The-Mobile-Application-Hackers-Handbook/dp/1118958500).
Combine it with "The Web Application Hacker's Handbook" (http://www.amazon.com/gp/product/1118026470/) and you should have a pretty good handle on testing mobile security, including the backend stuff.
These are both from a "breakers" point of view, but they go into how to secure/prevent the various attacks they teach, so are a very good source for developers.
As some general tips and what to look for, especially concerning secure communications, look into certificate pinning, message signing, and don't store anything sensitive on the device without encryption (or on the server).
Source: I break mobile apps and websites for a living
> WAHH is still updated with newer editions
I tried again and can't find anything newer than the 2011 2nd edition. Do you have a newer Amazon link, publication year, or something for a newer edition of WAHH?
I did find newer works in the same series (1, 2, 3, 4), but not an update to WAHH.
Only read Ch 5. Lock Picking so far. That was very informative. If the rest of the book is as good (and Amazon reviews indicate it is), I'd go for it.
Mobile Application Security for Android (so, doing AppSec right when you're building an Android app).
http://www.amazon.com/Application-Security-Android-Platform-Permissions/dp/1449315070