(Part 3) Top products from r/netsec

Ok - Here's a list of books I've read in the last few years

• Gray Hat Hacking - The Ethical Hacker's Handbook - Really good intro to Software Sec / Reverse Enginering / Disclosure
  
• Counter Hack Reloaded - A 'bible' of phased attacks - classic book.
  
• Guide to Network Defense and Countermeasures - Technically designed as a 'prep' book for the SCNP, it's still a great read about IPS, IDS, NetSec Policies, Proxies, firewalls, packet filtering, etc
  
• Hacking Wireless Exposed - Great intro read on 802.11 sec.
  
• CWNA/CWSP Exam Guide - Assumes 0 knowledge about RF. More intense than Hacking Wireless Exposed, but also easier to learn from. I went into this book knowing very little about RF, left it feeling confident. Well written.
  
• Snort 2.1 - Self explanatory, but a book about the IDS system Snort. Not perfect, but again, great starter book.
  
• The Web Application Hacker's Handbook - The best for last. The holy grail of web hacking. Second edition SHOULD be coming very soon, depending on the drop date may be worth it to wait.
  
  As you can tell, I'm big on the technical books, and even exam prep books. This is just a selection, but I think it's a good starter pack to some different fields.
  

I've read a lot of these but I'm glad to see not all of them :) Adding to my reading list for sure.

Thanks!

EDIT: forgive me if these are already listed but just in case...

Bug Hunter's Diary - http://www.amazon.com/Bug-Hunters-Diary-Software-Security/dp/1593273851
Gives real hands on real-life experience in a "diary" format and covers some great bugs

Gray Hat Hacking - http://www.amazon.com/Hacking-Ethical-Hackers-Handbook-Edition/dp/0071742557
Despite a bad generic "ethical" title this book goes really in-depth on a lot of subjects (almost to the point of rambling actually) including fuzzing, client-side exploits (mostly browser-based), and much more.

Hacking Windows Exposed - http://www.amazon.com/Hacking-Exposed-Windows-Microsoft-Solutions/dp/007149426X
Another generic title but this book has small good parts scattered throughout, really written more for pentesters it has some very common red team methods but also has a few hidden gems hidden within the various subjects it tries to cover.

Also for anyone looking to get TAOSSA (The Art of Software Security Assessment) it's absolutely huge and WILL split down the middle while reading...it's sitting on my bookshelf right now in its ripped state but I've read it 4 times and still don't feel like all the material has sunken in, if you're going to buy any book at all it should be that one as it will provide countless hours/days/weeks/months of reading.

I said it this in another comment but in my opinion Network Security by Kaufman, Perlman, and Speciner is hands down the best book to cover the field of network security as a whole. It covers many topics in a broad fashion, but also provides the tools necessary to understand cryptography, and the various protocols used on the Internet. I rarely read a book cover to cover and usually skip chapters of interest, but this book (including the glossary), I've read cover to cover. What keeps bringing me back is the authors have such a great sense of humour and it shows in their writing, as they inject jokes and anecdotes throughout the text.

Senior Infrastructure-Focused Security Engineer

Hi, I'm Kevin Hock and I work on the DataDog security team.
We are looking for some talented security engineers to join our security team here in NYC.

How Do I Apply

Send me an email with your resume and GitHub at [email protected]

What you will do

• Perform code and design reviews, contribute code that improves security throughout Datadog's infrastructure
  
• Monitor and set up alerts for anomalous activity
  
• Prioritize and track security issues across the company
  
• Help improve our security policies and processes
  
  Who you should be
  
  

• Have at least a year of full-time experience as a security engineer or similar
  
• Time in the trenches with some of the following Terraform/Configuration Management/ElastAlert/go-audit/osquery/Logging/Alerting (We are in AWS)
  
  Bonus points
  
  

• You contribute to security projects
  
• You're comfortable with Python or Go (You won't find any PHP or Java here :D)
  
• Incident response experience
  
• Hashicorp/Threat Response/Netflix OSS Fan
  
  Sample interview questions
  
  
• (Phone) What's a jumpbox? What is passive DNS? What even is a container?
  
• Flip to a page of a random Magoo article, maybe Ivan Ristic, CryptoPals, ask you about it
  
  I personally applied because I love Python but I like the company a lot so far.

Since searching wikipedia turned up the Timeline of Non-Sexual Social Nudity(TIL) I'm just going to guess you're you're looking for a more techie true to life rendition of the hacker archetype based on the amazon synopsis.

Based on that I'd recommend:

Cryptonomicon

just.go.read.it.right.now.

It may take a little effort to get into, damn thing is a tomb, but give it a chance. You will not be disappoint.

--------------

Stealing the Network Series

How to Own a Box

How to Own a Continent

How to Own an Identity

How to Own a Shadow

comments

These are told in a chapter/viewpoint style, each chapter is usually written by a different knowledgeable, and sometimes security famous, security dude. Out of those I've only read How to Own an Identity so far, but it was pretty good and and my guess is that the rest hold up to that standard, so dive in. They are a series from what I understand so reading them in order is probably a good idea, but not completely necessary.

_____

And then for flair (these are more scifi/cyberpunk-ish; so if that's not your thing avoid):

Snowcrash

comments

The main character's name is Hiro Protagonist. No seriously. He's a ninja, he's a hacker, he lives in a U-Store-it container, and he delivers pizza for the Mob in a post-collapse USA, can you really not read this book now?

--------------

The Diamond Age

comments

All about the practical social implications of nanotechnolgy told through the eyes of a young girl, her father, and an assortment of disposable associates.

--------------

The Sprawl Trilogy

Neuromancer

Count Zero

Mona Lisa Overdrive

comments

I've only read Neuromancer and Mona Lisa Overdrive, which were both great, so I'm guessing Count Zero is probably good too.

Similar to Snowcrash in the lone gun hacker sense, except with more drugs a little bit more of a scattered tone.


And if all else fails there's always the DEF CON reading list.

ninja edits because I suck at markdown

>Paranoia and worrying about pretty much everything is just my nature. My girlfriend laughs (nicely) about how much I worry about everything.

Just remember, there is a difference between paranoia and taking calculated risks/risk management. On that note, I suggest you read both Secrets and Lies as well as Beyond Fear. These two books will get you into the right mindset.

> I appreciate that this isn't about defining an iron-clad policy and walking away from it, and that it's instead about taking reasonable steps to make sure we're not opening ourselves up.

And remember that a policy means nothing without enforcement.

> I've already thrown together a wiki to manage the ever growing list of infosec "to do" items

Great idea. This will also help you if you ever need to justify your position to management. Often times it's difficult to "prove" that you've done anything to secure the enterprise. Make sure to identify your successes and note them at meetings, promotion time, etc.

• Malware Analyst's CookBook is pretty good, lots of examples of techniques with example code.
  
• The Rootkit Arsenal is also supposedly really good.
  
• The Shellcoders Handbook (2nd edition) will help you get up to speed with mainstream exploitation techniques.
  
• Linux Kernel Development is a short read and describes the architecture of the Linux Kernel. Also explains many basic Operating System concepts.
  
• UNIX Network Programming, Volume 1: The Sockets Networking API (3rd Edition) introduced IP/IPv6/IPSec/TCP/UDP/SCTP as well as the POSIX Socket API.
  
• Cannot stress this enough, pickup your choice of a C/C++/Java/C#/Python/Ruby/etc book. Having a solid understanding of a programming language will make life much easier.

Four ways:

• 1. hacking-related meetups like 2600, defcon and meetup.com. Usually, people there are more than helpful in answering questions and sometimes they lead you in new and different directions.
     
• 2. blogs and stuff I find on the web. You can check out my delicious list here: http://delicious.com/steveeq1/hacking . Any cools hacks and stuff I find on the web, I put on my delicious links. As you can see, I have a lot of them
     
• 3. Books. In my opinion, the best one is "Gray Hat Hacking". It not only tells you how to exploit, but the philosophy behind the programming. It goes deep into C and assembler, so the book assumes you have some previous knowledge. Book available here: http://www.amazon.com/Gray-Hat-Hacking-Second-Handbook/dp/0071495681/ref=sr_1_1?ie=UTF8&s=books&qid=1268684120&sr=8-1
     
• 4. Experimentation. It's not enough just to read. I find that it sinks in more when I actually DO the examples given and experiment and play "what if?".

Most of the books I was going to suggest have already been listed. If you want to read a nice novel I would also suggest Zero Day by Mark Russinovich. It came out this past year and has already got some great reviews. http://www.amazon.com/Zero-Day-Novel-Mark-Russinovich/dp/031261246X

Let's see... on my desk right now I have Unix in a Nutshell, The Illustrated Network, and Windows Internals (among others).

As for intro books into networking and security, well I read the Passport series books. Network and Security. I think there's one for A+.

Also, check out Learn to Subnet.

Hopefully you at least have a background in computers... like perhaps CS degree program or something similar?

I have that same book. Good to hear it is easy to follow I was using this one but I guess I have a short attention span or something because it was hard to follow.

Or "Computer Organization and Design, Fifth Edition: The Hardware/Software Interface"

http://www.amazon.com/Computer-Organization-Design-Fifth-Edition/dp/0124077269

I can never say enough good things about this linux book:
A Practical Guide to Linux Commands, Editors, and Shell Programming

Sorry for the delay, missed this one. I used this book: http://www.amazon.com/Certified-Ethical-Hacker-All-Guide/dp/0071772294/ref=cm_cr_pr_product_top

You talk to your local google datacenter over HTTPS (let's say). It hits their front door, they decrypt it there, and to service your request they may need to transport data from other google datacenters. Those requests are (currently) unencrypted, although they are traveling over private data lines and not the public internet. Somehow NSA is getting in the middle of that communication and intercepting the unencrypted (although supposedly private) traffic. This would also apply to replication traffic to support disaster recovery in case they lose a data center, Google needs copies of your data in more than once place in their infrastructure. So that's an opportunity for NSA to get your entire set of data going back as far as google has it, potentially.

So the real question here is how is NSA getting in the middle to attack these private links. One way would be they are either getting cooperation from or just outright breaking into the carriers of this private traffic and intercepting it. They'd literally just need access to the fiber traffic in a way to split the beams off to get their own copy - they've been caught doing this before. Also anyone who's read Blind Man's Bluff can see there's other crazier ways to break into trans-oceanic communications links.

TLDR: Threat Intelligence is the product of a cyclic process where data and information are put in to context producing knowledge about Threats or potential Threats as well as vulnerabilities in your own systems and network.

Network Security Monitoring is a means for collecting data for threat intelligence, but the data collected from netmon tools alone is not threat intelligence before they have been analysed, interpreted, evaluated and put into an context, often by correlating with other data from both internal and external sources.

Short Intro to TI:

To understand what Threat Intelligence is, you need to look at what traditional Intelligence is,
because the concept of Data-Driven Security and Threat Intelligence are basically derived from
that. US DoD define "Intelligence" as:

"The product resulting from the collection, processing, integration, evaluation, analysis and interpretation of available information concerning foreign nations, hostile or potentially hostile forces or elements or areas of actual or potential operations."

I don't think there exist any really good definitions of Threat Intelligence/Cyber Threat Intelligence yet,
but Rob McMillan at Gartner has a pretty decent one:

"Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard."

Just as traditional Intelligence, we distinguish Threat intelligence into 3 levels, Strategic, Tactical and Operational Intelligence. Strategic Intelligence is made for CxO level management and should basically answer Who wants to attack you, Why they are attacking you and Where the organization is being targeted, this type of Threat Intelligence has long lifetime and can often be used over years. Tactical Intelligence should answer What and When, describing what techniques and methods an attacker uses, at which time he is attacking you et cetera, basically producing a dossier/signature of an threat actor. This Threat Intelligence has shorter lifetime then strategic, because Threat Actors tend to change their techniques and procedures from time to time when new tools arrive. Operational Intelligence provides answers about How you are being attacked, often in the terms what is known as IOC's. Operational Intelligence has really short lifetime, like from a couple of hours to a week, this is because compromised computers tend to be taken of the net and IP addresses, binaries, DNS and such tends to be changes often. Because of this, Operational Intelligence often have high rates of false positives.


I recommend reading: http://www.amazon.com/Building-Intelligence-Led-Security-Program-Allan/dp/0128021454/ its not too deep and cover all the theory basics.

Destabilization of the Middle East started when the British and Americans deliberately divided up the Middle East into countries with major ethnic divisions to make them easier to control. This is a gross over generalization but there is a great book about it if you want to learn more although its crazy long. http://www.amazon.com/Power-Faith-Fantasy-America-Present/dp/0393330303

Terrorism as a tactic, suicide bombing in particular, was actually used by the Jews when they came to what was then called "British Controlled Palestine." After WW2 the Zionist movement led to mass exodus from Jews out of Europe to Palestine. They essentially used terrorist tactics against the British to get them to leave (which worked).