(Part 2) Best computer security & encryption books according to redditors
We found 323 Reddit comments discussing the best computer security & encryption books. We ranked the 67 resulting products by number of redditors who mentioned them. Here are the products ranked 21-40. You can also go back to the previous section.
For example, they are organizing fake protests in the US and instigating as much domestic antagonism as they can. They're trying to destabilize us remotely.
Here is the Wikipedia article: Internet Research Agency
Also read this book: The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age
The question is, will this renew Sec+. Also, keep in mind this does not replace OSCP. It's more of a Wireshark certification. The book will be released on June 5th.
Offical annoucement from Kali's blog
>Please Note: This is not a penetration testing course. This course is focused on teaching the student how to get the most out of the Kali Linux Penetration Testing Platform, not how to use the packaged tools in an offensive manner. Attending students will receive a signed copy of the “Kali Linux Revealed” book as well as a free voucher to sit the KLCP exam in a nearby Pearson VUE certification centre.
EDIT: I also want to put out there, that there are some great books to learn about Kali with already on the market and for fairly inexpensive.
Basic Security Testing with Kali Linux 2 and updated version released last year. I have read the first edition.
Packtpub also has a lot of Kali books, some are good, others are not.
Most of these books come in under $30 a piece. So great inexpensive resources to start learning.
That is a great list, just a few random comments.
Basics for discrete math, 6.042 is a nice resource, it has a free full open text book. While it's actually simpler than most of your links it actually gives a nice introduction to some of the formalisms you'll run into later.
CLRS is an amazing reference for just about anything you need. It's not a nice introduction to things but it will easily save your behind as a reference in a pinch.
My one real disagreement is your suggestion of abstract algebra book, I'm a fan of Algebra by artin. It's a bit rough, but you can usually pick up older versions fairly cheap and it comes with course notes. It can come with it's ocw counterpart. It's how I learned, and i personally think it's one of the better resources out there.
The more mature version of cousot's class is 6.820 which is a fairly good class but can actually take a while to get through the material if you don't have a friend to do it with. If you get through it, you will have one hell of a base.
For crypto, since i do love crypto probably a bit different, Stanford is a great class I suggest looking at My suggestions, start with
Number Theory and Cryptography is one of the best books I've read on EC yet. It's approachable and actually does an amazing job. If you want checks with it, try the psets here
Just a few supplementary suggestions.
You gave a great list, an absolutely a amazing roadmap
I completely disagree that the agency is "out of control and costing far more than its usefulness is worth."
We know that other countries spy on our government and corporations. We know that there's a huge number of criminal organizations looking to gain control of everyday people's computers. Imagine what would happen if someone with sinister motives was able to gain control of key infrastructure? It's no secret that computer security is far from perfect. There's a great book on computer security called Worm that goes into great detail to how governments don't take cyber security seriously. Turn on Windows XP without SP2 and see how quickly your computer is compromised. While I don't agree with CSEC spying on Canadians, I think arguing against their existence is ignorant.
Check out both of these:
https://www.amazon.com/Windows-Forensics-Dr-Philip-Polstra/dp/1535312432/ref=pd_bxgy_14_2?_encoding=UTF8&psc=1&refRID=VQSKGZQB96FGFCZ6RDP6
https://www.amazon.com/Linux-Forensics-Philip-Polstra/dp/1515037630/ref=pd_sim_14_1?_encoding=UTF8&psc=1&refRID=2W8ANWN11ZRKGCDPZ1EQ
Windows Forensics and Linux Forensics by Phil Polstra are 2 books about Forensics and IR that came out in 2015-2016. They go real in-depth about filesystems and teach you how to understand the parsing/processing and forensic analyses proces by creating your own python scripts instead of just running tools and rely on those. I can really recommend these books for starters.
https://www.amazon.com/Windows-Forensics-Dr-Philip-Polstra/dp/1535312432
https://www.amazon.com/Linux-Forensics-Philip-Polstra/dp/1515037630/ref=pd_sbs_14_t_2?_encoding=UTF8&psc=1&refRID=ZZV0H8ZCEWQDX1HNX8TW
Don't bother with setting up things to try and attack. You will be on blue team and your job is defense. It's better to find someone to attack your VMs instead of trying it yourself.
A good starting point is just learning what the normal list of services look like on Windows and Linux boxes. Process monitor is a great tool for Windows to practice with.
Have a good understanding how ports work and how to lock them down. Be aware of the most common ports that are exploited, and how they're exploited. Don't let anything talk to other boxes that they don't need too.
Knowing firewalls is your best friend and will be the biggest factor in keeping your network safe. They usually use Juniper and Palo Alto firewalls.
Disable things like CMD and Powershell if you don't know how to use them efficiently yourself, because they will be used against you. It's better to get rid of it if you can't use it.
Avoid using the internet on the VM boxes because your connection can be intercepted and exploited. You are usually given outdated operating systems so be familiar with common exploits from yesteryears.
The blue team field manual is a great resource. It won't teach you anything but it's a very good reference point, and you can use that to dig deeper in other sources.
Honestly, you don't need to be a network security major to do well at these competitions. The red team isn't going to break everything to the point where it isn't usable or easily fixable until the very end of the competition. If you at least have some computer systems background you should be fine. Understand Windows/Linux, Active Directory, SQL, and Firewalls.
https://www.amazon.com/Blue-Team-Field-Manual-BTFM-ebook/dp/B077WF4WYV
Agree with others that there are privacy issues with Apple. But I think for most people its going to be the easiest least bad option for their privacy.
I recommend this book for maintaining privacy on ios: Just really covers everything.
I'd be wary of someone's suggestion to install one killer app. In fact in general the less apps on your phone the better.
At Amazon
https://www.amazon.com/Computer-Security-Principles-Practice-4th/dp/0134794109/ref=dp_ob_title_bk
It is worth pointing out that at last a few of the "modules" talked about were lifted from actual black market malware. Both the p2p updating function and the ability to "ride" on USB and other media come from the conficker worm.
http://www.amazon.com/Worm-First-Digital-World-War/dp/0802119832
If you can pick up a copy of Bill Stallings (Willian Stallings) book on a torrent somewhere you'll be in a good starting spot.
https://www.amazon.ca/Computer-Security-Principles-Practice-4th/dp/0134794109/ref=sr_1_1?ie=UTF8&qid=1549406283&sr=8-1&keywords=computer+security+principles+and+practice
Or buy it on amazon if you have extra cash.
You're just not discounting your cash versus the risk your taking on, you'll probably go to prison for stealing what are now seen as assets by governments. 1 million dollars to go to prison versus 10 Million? One million doesn't seem like so much if you lose it all and go to the pen for 10-15 years.
That's if you get caught of course, but high-end criminals factor that into their equations.
Most of my nosleep stuff is on my Wattpad page. But there's other, non-horror there as well.
Also, Unescaped, a Medieval Cybersecurity Incident, is available on Kindle.
The book ComSec does this. Turns out the preferred device seems to be an iPod.
ComSec: Off-The-Grid Communication Strategies for Privacy Enthusiasts, Journalists, Politicians, Crooks, and the Average Joe https://www.amazon.com/dp/1722124784/ref=cm_sw_r_cp_api_wGm9BbVCA1CGD
Tails USBs also do a decent job.
Worm: The First Digital World War?
Sorry this has taken me so long to get too. Been busy.
First, understand that Kali is nothing mote than a collection of tools. Its those tools that you are actually wanting to learn.
KaliTutorials is one place you can start.
Also, there is an abundance of videos on YouTube and if you are serious about wanting to learn penetration testing/security makes sure you book mark Irongeek
Like I said earlier, by the time books are written, edited, and published, they can often be out of date.
If you do want to understand some of the basics, here are books you should look at:
Metasploit: The Penetration Tester's Guide
rtfm
btfm
Basic Security Testing with Kali Linux 2 I havent read this one but I have heard good things
The Hacker Playbook
[The Hacker Playbook 2] (https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1512214566/ref=pd_sim_14_4?_encoding=UTF8&pd_rd_i=1512214566&pd_rd_r=2HDYK8BDM5MR8PV03JG8&pd_rd_w=kiAl7&pd_rd_wg=fAjYi&psc=1&refRID=2HDYK8BDM5MR8PV03JG8)
Also a good list of resources can be found here: cybrary.it
Check out Unmaksing The Social Engineer, it's purely about reading, interpreting, and using body language.
https://www.amazon.com/Unmasking-Social-Engineer-Element-Security/dp/1118608577
Don't forget Hadnagy's 2nd book, written with assistance from Paul Kelly and Dr. Paul Ekman
http://www.amazon.com/Unmasking-Social-Engineer-Element-Security/dp/1118608577
It's slightly shorter, and the focus is on body language and microexpressions, but I felt is was a good supplement to The Art of Human Hacking
Someone gave me a used copy of the little black book of computer viruses. This prompted me to learn assembly. From there I sorta dicked around with com/exe infectors and a few other things until I went to college. The intro language at my university was then c. So I guess that was how "I" got started - assembly :p
This is one of my favorite books on elliptic curve cryptography, just thought I'd pass it along
http://www.amazon.com/Elliptic-Curves-Cryptography-Mathematics-Applications/dp/1420071467
Have you studied much about elliptic curves? Their application to cryptography is really cool.
There are a ton of books out there documenting the whole cyberwar. The warhead theft was an unclassified presentation at a security conference and is well known in security circles. It's covered in the book.
Worm: The first Digital World War . It's new and badass.
Adam Shostack wrote the book on it, it's a thorough study of infosec threat modeling. The book is good, but a bit fluffy ( a lot of nearly repetitive content). https://www.amazon.com/Threat-Modeling-Designing-Adam-Shostack-ebook/dp/B00IG71FAS/ref=sr_1_1
He's also got a blog and has done a lot of presentations.
I was going to study for it through the remainder of the year. From what I have read on forums the following holds:
I passed the ISSEP exam about a month ago (1023 in the US last count) and have not heard back from the folk at (ISC)2 yet - can't put in on my tag line until then. The ISSAP looked interesting given my background in Software Architecture and Design/Systems Engineering. So I will start studying for it in the next 6 months.
For what I can tell, it should be GD. They made an error. Not terribly uncommon. I made one in a geocache challenge and I was left wondering why nobody could find it. There is an excellent book on cryptography called "Codebreakers" that had a really fun cipher challenge but he goofed on the PKE and made it basically impossible to solve.
William F. Friedman wrote 3 books on crypto that the NSA has declassified. These should be quite valuable to you:
EDIT: Check out Military Cryptanalytics too.
Some pretty good reads on the subject:
Top Secret: A Handbook of Codes, Ciphers and Secret Writing https://www.amazon.com/dp/0763629723/ref=cm_sw_r_awd_WF1Dub0WN55RY
The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography https://www.amazon.com/gp/aw/d/B004IK8PLE/ref=aw_ss_kndl_dp/
Codebreaker: The History of Codes and Ciphers https://www.amazon.com/dp/0802715478/ref=cm_sw_r_awd_OH1Dub103RXB7
And, believe it or not,
Cracking Codes and Cryptograms For Dummies https://www.amazon.com/gp/aw/d/B005CB22A8/ref=aw_ss_kndl_dp/
You also might check your local newspaper for "Cryptoquote." It's a daily quote that uses a different cipher each day. Great for practice!
A good book about computer viruses in general is The Little Black Book of Computer Viruses. A bit dated now perhaps, but it's a good read, all the same. Full text is here apparently, though it says it is an 'Electronic Edition'.
Hello,
The word breach is misspelled in the the ebook, HIPAA Compliance Risks that Result in Security Breeches.
Regards,
Aryeh Goretsky
Sure - we are working through this right now along with a lot of supplemental material the teacher has put together himself - the book is fine on its own though.
https://www.amazon.com/gp/product/1530506565/ref=oh_aui_detailpage_o01_s00?ie=UTF8&psc=1
While you could technically jump straight into this and start messing around with the pen testing applications, I'd strongly recommend working through the book from my original post as you'll have a strong foundation of what you are actually doing and what to do when things go wrong or aren't working exactly right.
We also use this book, however I'd probably not recommend spending the money unless you have worked through both books and really want to get into pen testing. Even then I probably wouldn't recommend it as its just a reference book or "cheat sheet" of popular commands, locations of files like passwords, etc. etc. Its made to be taken out to the field and as a small reference book if you forget something and don't have time for google. We are using it because we are actually doing pen testing in random labs where we walk into a room for the first time and have two hours to exploit various things. Ill link it anyway though just in case:
https://www.amazon.com/gp/product/1494295504/ref=oh_aui_detailpage_o01_s00?ie=UTF8&psc=1
There is another book we haven't bought but he may have us pick up and if that happens ill link it as well. Hope this all helped and good luck!
edit: I forgot about this - we will be using some of this once we've finished the second book in a few weeks:
https://www.amazon.com/dp/1787120236/ref=sspa_dk_detail_1?psc=1&pd_rd_i=1787120236&pd_rd_wg=ER8Ij&pd_rd_r=XXN8MBMYPHSMXCBYGQX8&pd_rd_w=lHcrS