(Part 2) Top products from r/netsec

I am currently a penetration tester with a small Healthcare penetration company. We perform black box security tests for Hospitals and Health Care organizations.

If you are looking for actual schooling then I suggest looking for a university with a Network Security/Information Assurance Degree. There are not too many with dedicated degrees, but it is becoming a much more popular field.

Most importantly go get some literature on the subject. Although reading can not take the place of actual experience, most books these days are designed to go along side of hands on experience or provide information if you wish to "further refine your skills".

If you are new to security I would suggest "The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy" By Patrick Engebretson. It is a great entry level book designed to introduce you to the concepts of penetration testing.

If you want to get down and dirty quickly "
Metasploit: The Penetration Tester's Guide" By David Kennedy is another great book though a bit more technical then the last.

These are only a few of many great books. If you want to become a good penetration tester, taste the fundamentals and then pick a focus to get good at. There are few jacks of all trades in Penetration testing.

Ok - Here's a list of books I've read in the last few years

• Gray Hat Hacking - The Ethical Hacker's Handbook - Really good intro to Software Sec / Reverse Enginering / Disclosure
  
• Counter Hack Reloaded - A 'bible' of phased attacks - classic book.
  
• Guide to Network Defense and Countermeasures - Technically designed as a 'prep' book for the SCNP, it's still a great read about IPS, IDS, NetSec Policies, Proxies, firewalls, packet filtering, etc
  
• Hacking Wireless Exposed - Great intro read on 802.11 sec.
  
• CWNA/CWSP Exam Guide - Assumes 0 knowledge about RF. More intense than Hacking Wireless Exposed, but also easier to learn from. I went into this book knowing very little about RF, left it feeling confident. Well written.
  
• Snort 2.1 - Self explanatory, but a book about the IDS system Snort. Not perfect, but again, great starter book.
  
• The Web Application Hacker's Handbook - The best for last. The holy grail of web hacking. Second edition SHOULD be coming very soon, depending on the drop date may be worth it to wait.
  
  As you can tell, I'm big on the technical books, and even exam prep books. This is just a selection, but I think it's a good starter pack to some different fields.
  

I've read a lot of these but I'm glad to see not all of them :) Adding to my reading list for sure.

Thanks!

EDIT: forgive me if these are already listed but just in case...

Bug Hunter's Diary - http://www.amazon.com/Bug-Hunters-Diary-Software-Security/dp/1593273851
Gives real hands on real-life experience in a "diary" format and covers some great bugs

Gray Hat Hacking - http://www.amazon.com/Hacking-Ethical-Hackers-Handbook-Edition/dp/0071742557
Despite a bad generic "ethical" title this book goes really in-depth on a lot of subjects (almost to the point of rambling actually) including fuzzing, client-side exploits (mostly browser-based), and much more.

Hacking Windows Exposed - http://www.amazon.com/Hacking-Exposed-Windows-Microsoft-Solutions/dp/007149426X
Another generic title but this book has small good parts scattered throughout, really written more for pentesters it has some very common red team methods but also has a few hidden gems hidden within the various subjects it tries to cover.

Also for anyone looking to get TAOSSA (The Art of Software Security Assessment) it's absolutely huge and WILL split down the middle while reading...it's sitting on my bookshelf right now in its ripped state but I've read it 4 times and still don't feel like all the material has sunken in, if you're going to buy any book at all it should be that one as it will provide countless hours/days/weeks/months of reading.

I said it this in another comment but in my opinion Network Security by Kaufman, Perlman, and Speciner is hands down the best book to cover the field of network security as a whole. It covers many topics in a broad fashion, but also provides the tools necessary to understand cryptography, and the various protocols used on the Internet. I rarely read a book cover to cover and usually skip chapters of interest, but this book (including the glossary), I've read cover to cover. What keeps bringing me back is the authors have such a great sense of humour and it shows in their writing, as they inject jokes and anecdotes throughout the text.

stormehh has some good points.

I agree, and would argue that you are better off learning the fundamentals at this stage in your life. I understand your urge to get out there and explore different tools and techniques as fast as possible (trust me, I've been there myself), but take my word for it when I say that you will get more out of it when you understand the underlying concepts/technologies/protocols.

This might sound old fashioned, but read these books. It's a lot of material, but well worth the effort. You can get all three of them used for about $75:

"Computer Security: Art and Science" - Matt Bishop

"The TCP/IP Guide: A Comprehensive, Illustrated Internet Protocols Reference" - Charles M. Kozierok

"Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd Edition)" - Edward Skoudis & Tom Liston

Good luck to you, and follow the light side of the force.

best advice i can give is to start reading anything and everything you can get your hands on related to programming, operating systems, networking, security, etc......



a few books i'm reading/have read/on my list to read and all are excellent starting points:

BackTrack 4: Assuring Security by Penetration Testing (this book was just released and still relevant when using BackTrack5)

Metasploit: The Penetration Tester's Guide

Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques

Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning

Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition



plenty of links to keep you busy for awhile:
Open Penetration Testing Bookmarks Collection

Since searching wikipedia turned up the Timeline of Non-Sexual Social Nudity(TIL) I'm just going to guess you're you're looking for a more techie true to life rendition of the hacker archetype based on the amazon synopsis.

Based on that I'd recommend:

Cryptonomicon

just.go.read.it.right.now.

It may take a little effort to get into, damn thing is a tomb, but give it a chance. You will not be disappoint.

--------------

Stealing the Network Series

How to Own a Box

How to Own a Continent

How to Own an Identity

How to Own a Shadow

comments

These are told in a chapter/viewpoint style, each chapter is usually written by a different knowledgeable, and sometimes security famous, security dude. Out of those I've only read How to Own an Identity so far, but it was pretty good and and my guess is that the rest hold up to that standard, so dive in. They are a series from what I understand so reading them in order is probably a good idea, but not completely necessary.

_____

And then for flair (these are more scifi/cyberpunk-ish; so if that's not your thing avoid):

Snowcrash

comments

The main character's name is Hiro Protagonist. No seriously. He's a ninja, he's a hacker, he lives in a U-Store-it container, and he delivers pizza for the Mob in a post-collapse USA, can you really not read this book now?

--------------

The Diamond Age

comments

All about the practical social implications of nanotechnolgy told through the eyes of a young girl, her father, and an assortment of disposable associates.

--------------

The Sprawl Trilogy

Neuromancer

Count Zero

Mona Lisa Overdrive

comments

I've only read Neuromancer and Mona Lisa Overdrive, which were both great, so I'm guessing Count Zero is probably good too.

Similar to Snowcrash in the lone gun hacker sense, except with more drugs a little bit more of a scattered tone.


And if all else fails there's always the DEF CON reading list.

ninja edits because I suck at markdown

I'm just a netsec tourist, but I've found that SANS is a good resource. You can watch trending issues with good analysis at isc.sans.edu

I would also recommend The Cuckoo's Egg It's not very relevant technically to what you will be doing, but it's worth the read because it is a fascinating story, and you might garner some hints in terms of methodology.

It's not really NetSec related per se but Daemon is pretty exciting even if it is a bit far fetched. The author used to be a security consultant so at least it won't insult you with too many inaccuracies.

Not fiction, but a story of true events - Masters of Deception: The Gang That Ruled Cyberspace is an absolutely awesome read.

It doesn't do anything you don't tell it to. You can tell it to do a lot.

I'd recommend testing the wifi stuff out at home with some old APs, or something like range-box (image here). Other features can be tested with VMs in virtualbox.

Metasploit unleashed or Penetration Testing have some decent suggestions about building test machines (as well as directions for some of the tools of course).

Stealing the Network: How to Own a Continent is pretty good fiction - in the sense that it hasn't really happened. It's completely plausible, though...

Learn sysadmin skills (linux sysadmin especially), learn to program in atleast one language can be anything: javascript or even python. Learn to hack web applications. Learn about infrastructure penetration testing. Have a look at hackerone.com and bugcrowd.com. Here are some guides to get your started:

Here is a copy paste of what I sent to another guy. Anyways here is my reading list: Check this too for practice: (List of vulnerable web applications that you can try on)https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project Try hackerone and bugcrowd too. Live sites you can hack. Some Stuff to read: https://forum.bugcrowd.com/t/common-assessment-tool-cheatsheets/502 https://forum.bugcrowd.com/t/researcher-resources-tutorials/370 https://ghostbin.com/paste/5o5zc https://www.reddit.com/r/netsec/comments/4k7y0q/video_of_hack_on_catalan_police_union/ http://0x27.me/HackBack/0x00.txt https://www.reddit.com/r/netsec/comments/3782hv/here_are_some_burp_suite_tutorials_for_you_guys/ Also read: 1. The Web Application Hacker's Handbook. (800 pages but just browser through it) 2. The Database Hackers's Handbook 3. Android Hacker's Handbook 4 . This book is good if you still very new: https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641 Also read this: https://www.owasp.org/images/5/52/OWASP_Testing_Guide_v4.pdf and this: https://github.com/jhaddix/tbhm Also check my subbreddit: /r/netsec_reading http://www.slideshare.net/bugcrowd/how-do-i-shot-web-jason-haddix-at-defcon-23 Some more blackhat stuff: https://ghostbin.com/paste/5o5zc https://www.reddit.com/r/netsec/comments/4k7y0q/video_of_hack_on_catalan_police_union/ http://0x27.me/HackBack/0x00.txt https://www.reddit.com/r/netsec/comments/3782hv/here_are_some_burp_suite_tutorials_for_you_guys/

Data and Computer Communications by William Stallings

This is the book that I used in my "Network Theory & Test" course in university. This book has some pretty deep material with networks in the logical and physical realm. The previous edition to the one I listed also had chapters on crypto and how that worked.

So is this one. That doesn't make it any less good.

I have that same book. Good to hear it is easy to follow I was using this one but I guess I have a short attention span or something because it was hard to follow.

Sanitize all the inputs! I wasn't a coder so I had no idea how sanitation works, or whether all XSS can be stopped.

I once did a xss exercise on an app where I just went through the XSS Cheat Sheet

At first I did regular javascript. It was fixed. Then I did some Hex Encoded javascript. Then finally... to prove a point I did some Unicode javascript. Simply sanitizing for each type of XSS encoding trick isn't enough.

\u003CXSS\u00A0STYLE\u003Dalert\u0028\u0022XSS\u0022\u0029\u003E

The above line gets decoded as this:

<XSS STYLE=alert("XSS")>

Nice unicode conversation app.

http://rishida.net/tools/conversion/

---------------------------------------------

http://coding.smashingmagazine.com/2011/01/11/keeping-web-users-safe-by-sanitizing-input-data/

Prepared Statements:

http://stackoverflow.com/questions/687787/how-should-i-sanitize-database-input-in-java

Check out Grey Hat Hacker, the bit about client side browser stuff is cool.

Also: http://seclists.org/

Then there's always this: http://docs.oracle.com/javaee/5/tutorial/doc/bnbyk.html

Edit: formatting and stuff.

Masters of Deception: The Gang that Ruled Cyberspace.

By far my favorite book, it touches on a lot of old school stuff. I still read it from time to time.

http://www.amazon.com/Masters-Deception-Gang-Ruled-Cyberspace/dp/0060926945

http://www.amazon.com/Cuckoos-Egg-Tracking-Computer-Espionage/dp/0743411463

For C: http://www.amazon.com/Programming-Language-2nd-Brian-Kernighan/dp/0131103628

Known as the K&R it is THE way to learn C, as long as you are familiar with general programming concepts already (scripting counts).

start here, continue here, report back in two months.

Hacking Exposed

Anyone have recommendations for a USB ethernet adapter? One that supports promiscuous mode/etc.

Really like the idea of the SharkTapUSB, but there's no way I'm paying $200 for one.

You talk to your local google datacenter over HTTPS (let's say). It hits their front door, they decrypt it there, and to service your request they may need to transport data from other google datacenters. Those requests are (currently) unencrypted, although they are traveling over private data lines and not the public internet. Somehow NSA is getting in the middle of that communication and intercepting the unencrypted (although supposedly private) traffic. This would also apply to replication traffic to support disaster recovery in case they lose a data center, Google needs copies of your data in more than once place in their infrastructure. So that's an opportunity for NSA to get your entire set of data going back as far as google has it, potentially.

So the real question here is how is NSA getting in the middle to attack these private links. One way would be they are either getting cooperation from or just outright breaking into the carriers of this private traffic and intercepting it. They'd literally just need access to the fiber traffic in a way to split the beams off to get their own copy - they've been caught doing this before. Also anyone who's read Blind Man's Bluff can see there's other crazier ways to break into trans-oceanic communications links.

TLDR: Threat Intelligence is the product of a cyclic process where data and information are put in to context producing knowledge about Threats or potential Threats as well as vulnerabilities in your own systems and network.

Network Security Monitoring is a means for collecting data for threat intelligence, but the data collected from netmon tools alone is not threat intelligence before they have been analysed, interpreted, evaluated and put into an context, often by correlating with other data from both internal and external sources.

Short Intro to TI:

To understand what Threat Intelligence is, you need to look at what traditional Intelligence is,
because the concept of Data-Driven Security and Threat Intelligence are basically derived from
that. US DoD define "Intelligence" as:

"The product resulting from the collection, processing, integration, evaluation, analysis and interpretation of available information concerning foreign nations, hostile or potentially hostile forces or elements or areas of actual or potential operations."

I don't think there exist any really good definitions of Threat Intelligence/Cyber Threat Intelligence yet,
but Rob McMillan at Gartner has a pretty decent one:

"Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard."

Just as traditional Intelligence, we distinguish Threat intelligence into 3 levels, Strategic, Tactical and Operational Intelligence. Strategic Intelligence is made for CxO level management and should basically answer Who wants to attack you, Why they are attacking you and Where the organization is being targeted, this type of Threat Intelligence has long lifetime and can often be used over years. Tactical Intelligence should answer What and When, describing what techniques and methods an attacker uses, at which time he is attacking you et cetera, basically producing a dossier/signature of an threat actor. This Threat Intelligence has shorter lifetime then strategic, because Threat Actors tend to change their techniques and procedures from time to time when new tools arrive. Operational Intelligence provides answers about How you are being attacked, often in the terms what is known as IOC's. Operational Intelligence has really short lifetime, like from a couple of hours to a week, this is because compromised computers tend to be taken of the net and IP addresses, binaries, DNS and such tends to be changes often. Because of this, Operational Intelligence often have high rates of false positives.


I recommend reading: http://www.amazon.com/Building-Intelligence-Led-Security-Program-Allan/dp/0128021454/ its not too deep and cover all the theory basics.

> but getting it on to the specific machine would be difficult.

Not really. StuxNet showed us all that releasing a rather mundane piece of malware full of NOOPs is rather easy and rather simple to avoid detection for quite a while. That is, it's only full of NOOPs until it hits the one or two computers it was designed to hit.

Think of actual viruses. There are a ton of viruses and bacteria in the wild that are transmitted through hosts, but have no ill effect on those hosts. Humans have thousands of strains of bacteria living inside them that are actually beneficial, but if injected in other mammals many cause great harm to that host. Even AIDS, being such a destructive virus to humans, does absolutely nothing in the apes it previously was hosted in (as far as research tell us it was)

One of the biggest annoyances with traditional malware, like most of the fake AV shit floating around, is that they are fucking annoying and push popups and warnings and all sorts of shit onto the infected user's machine. The best malware in my opinion is completely daemonized, designed to not alert the user that it even exists, quietly destroying something in the background until its job is complete and then cleaning itself up and moving along. Though, I might have enjoyed Daemon and Neuromancer just a little too much.

Edit: I agree with most of the answers in this thread though. A malware along these lines would serve no purpose other than vigilante destruction. Unless it could somehow legally get people in trouble (planting child porn or something), I don't see how this would work to be beneficial long term to the creator, as a widespread infection in a single organization would most easily be flagged suspicious by a reasonably smart investigator or systems admin.