So here is the list of books for the InfoSec Book Club for 2012. If it goes well and everyone is interested, I will do it again next year as well.
I noted an asterisk (*) next to books that I have been able to find audio versions available either on audible or on Amazon. And just to help y’all out, No Starch Press books are available on Amazon for a discounted rate, but if you order via No Starch’s website you get an ebook version and you’re helping out Bill. Which is honestly better, in my opinion. Without further ado, here are the list of the books!
Title: Dissecting The Hack: The F0rb1dd3n Network
Author: Jayson E. Street
Description: Dissecting the Hack is one heck of a ride! Hackers, IT professional, and Infosec aficionados (as well as everyday people interested in security) will find a gripping story that takes the reader on a global trip through the world of computer security exploits. One-half thriller, one-half reference, each provides context for the other. Together they will show you how to see the digital world just below the surface of daily life.
Yes, the security threats are real! In this revised edition the Part 2 content is completely NEW. Read more about the tactics that you see executed throughout the story in the second half of the book where you will learn to recon, scan, explore, exploit, and expunge with the tools and techniques shown in the story.
Title: Ghost in the Wires: My Adventures As The World’s Most Wanted Hacker*
Author: Kevin Mitnick
Description: Kevin Mitnick was the most elusive computer break-in artist in history. He accessed computers and networks at the world’s biggest companies–and however fast the authorities were, Mitnick was faster, sprinting through phone switches, computer systems, and cellular networks. He spent years skipping through cyberspace, always three steps ahead and labeled unstoppable. But for Kevin, hacking wasn’t just about technological feats-it was an old fashioned confidence game that required guile and deception to trick the unwitting out of valuable information.
Driven by a powerful urge to accomplish the impossible, Mitnick bypassed security systems and blazed into major organizations including Motorola, Sun Microsystems, and Pacific Bell. But as the FBI’s net began to tighten, Kevin went on the run, engaging in an increasingly sophisticated cat and mouse game that led through false identities, a host of cities, plenty of close shaves, and an ultimate showdown with the Feds, who would stop at nothing to bring him down.
Title: Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks (NSP)
Author: Michael Zalewski
Description: There are many ways that a potential attacker can intercept information, or learn more about the sender, as the information travels over a network. Silence on the Wire uncovers these silent attacks so that system administrators can defend against them, as well as better understand and monitor their systems.
Silence on the Wire dissects several unique and fascinating security and privacy problems associated with the technologies and protocols used in everyday computing, and shows how to use this knowledge to learn more about others or to better defend systems. By taking an indepth look at modern computing, from hardware on up, the book helps the system administrator to better understand security issues, and to approach networking from a new, more creative perspective. The sys admin can apply this knowledge to network monitoring, policy enforcement, evidence analysis, IDS, honeypots, firewalls, and forensics.
Title: Daemon *
Author: Daniel Suarez
Description: Technology controls almost everything in our modern-day world, from remote entry on our cars to access to our homes, from the flight controls of our airplanes to the movements of the entire world economy. Thousands of autonomous computer programs, or daemons, make our networked world possible, running constantly in the background of our lives, trafficking e-mail, transferring money, and monitoring power grids. For the most part, daemons are benign, but the same can’t always be said for the people who design them.
Matthew Sobol was a legendary computer game designer—the architect behind half-a-dozen popular online games. His premature death depressed both gamers and his company’s stock price. But Sobol’s fans aren’t the only ones to note his passing. When his obituary is posted online, a previously dormant daemon activates, initiating a chain of events intended to unravel the fabric of our hyper-efficient, interconnected world. With Sobol’s secrets buried along with him, and as new layers of his daemon are unleashed at every turn, it’s up to an unlikely alliance to decipher his intricate plans and wrest the world from the grasp of a nameless, faceless enemy—or learn to live in a society in which we are no longer in control. . . .
Title: Freedom *
Author: Daniel Suarez
Description: In the opening chapters of Freedom(tm), the Daemon is well on its way toward firm control of the modern world, using an expanded network of real-world, dispossessed darknet operatives to tear apart civilization and rebuild it anew. Civil war breaks out in the American Midwest, with the mainstream media stoking public fear in the face of this ‘Corn Rebellion’. Former detective Pete Sebeck, now the Daemon’s most famous and most reluctant operative, must lead a small band of enlightened humans in a populist movement designed to protect the new world order.
But the private armies of global business are preparing to crush the Daemon once and for all. In a world of conflicted loyalties, rapidly diminishing government control, and a new choice between free will and the continuing comforts of ignorance, the stakes could not be higher: hanging in the balance is nothing less than democracy’s last hope to survive the technology revolution.
Title: Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground
Author: Kevin Poulsen
Description: In a previous life, Poulsen served five years in prison for hacking. So the Wired senior editor and “Threat Level” blogger knows intimately the terrain he explores in this page-turning tale of the criminal exploits of a hacker of breathtaking ambition, Max Butler, who stole access to 1.8 million credit card accounts. Poulsen understands both the hows of hacking, which he explains clearly, as well as the whys, which include, but also can transcend, mere profit. Accordingly, his understanding of the hacking culture, and his extensive interviews with Butler, translates into a fascinating depiction of a cybercriminal underworld frightening in its complexity and its potential for harm, and a society shockingly vulnerable to cybercrime. The personalities, feuds, double dealing, and scams of the hackers are just one half of this lively story. The other half, told with equal verve, is law enforcement’s efforts to find and convict Butler and his accomplices. (Butler is now serving a 13-year sentence and owes .5 million in restitution.) Poulsen renders the hacker world with such virtual reality that readers will have difficulty logging off until the very end. (Feb.)
Title: Practical Lock Picking: A Physical Penetration Tester’s Training Guide
Author: Deviant Ollam
Description: For the first time, Deviant Ollam, one of the security industry’s best-known lockpicking teachers, has assembled an instructional manual geared specifically toward penetration testers. Unlike other texts on the subject (which tend to be either massive volumes detailing every conceivable style of lock or brief “spy manuals” that only skim the surface) this book is for INFOSEC professionals that need essential, core knowledge of lockpicking and seek the ability to open most locks with relative ease. Deviant’s material is presented with rich, detailed diagrams and is offered in easy-to-follow lessons which allow even beginners to acquire the knowledge very quickly. Everything from straightforward lockpicking to quick-entry techniques like shimming, bumping, and bypassing is explained and shown.Whether you’re being hired to penetrate security or simply trying to harden your own defenses, this book is essential.
Title: Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems (NSP)
Author: Chris Sanders
It’s easy to capture packets with Wireshark, the world’s most popular network sniffer, whether off the wire or from the air. But how do you use those packets to understand what’s happening on your network?
With an expanded discussion of network protocols and 45 completely new scenarios, this extensively revised second edition of the best-selling Practical Packet Analysis will teach you how to make sense of your PCAP data. You’ll find new sections on troubleshooting slow networks and packet analysis for security to help you better understand how modern exploits and malware behave at the packet level. Add to this a thorough introduction to the TCP/IP network stack and you’re on your way to packet analysis proficiency.
Learn how to:
- Use packet analysis to identify and resolve common network problems like loss of connectivity, DNS issues, sluggish speeds, and malware infections
- Build customized capture and display filters
- Monitor your network in real-time and tap live network communications
- Graph traffic patterns to visualize the data flowing across your network
- Use advanced Wireshark features to understand confusing captures
- Build statistics and reports to help you better explain technical network information to non-techies
Title: Metasploit: The Penetration Tester’s Guide (NSP)
Author: David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni
The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester’s Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors.
Once you’ve built your foundation for penetration testing, you’ll learn the Framework’s conventions, interfaces, and module system as you launch simulated attacks. You’ll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks…
You’ll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else’s to the test, Metasploit: The Penetration Tester’s Guide will take you there and beyond.
Title: The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage
Author: Cliff Stoll
Description: Cliff Stoll was an astronomer turned systems manager at Lawrence Berkeley Lab when a 75-cent accounting error alerted him to the presence of an unauthorized user on his system. The hacker’s code name was “Hunter” — a mysterious invader who managed to break into U.S. computer systems and steal sensitive military and security information. Stoll began a one-man hunt of his own: spying on the spy. It was a dangerous game of deception, broken codes, satellites, and missile bases — a one-man sting operation that finally gained the attention of the CIA…and ultimately trapped an international spy ring fueled by cash, cocaine, and the KGB.
Title: Sectrets & Lies: Digital Security in a Networked World
Author: Bruce Schneier
Description: Praise for Sectrets and Lies “This is a business issue, not a technical one, and executives can no longer leave such decisions to techies. That’s why Secrets and Lies belongs in every manager’s library.” Business Week “Clear and passionate, this is the definitive book on Internet security from the leading thinker on the subject.” The Industry Standard “Startlingly lively…a jewel box of little surprises you can actually use.” Fortune “Secrets is a comprehensive, well-written work on a topic few business leaders can afford to neglect.” Business 2.0 “Instead of talking algorithms to geeky programmers, [Schneier] offers a primer in practical computer security aimed at those shopping, communicating or doing business online almost everyone, in other words.” The Economist “Schneier peppers the book with lively anecdotes and aphorisms, making it unusually accessible.” Los Angeles Times
Title: Digital Forensics with Open Source Tools
Author: Cory Altheide and Harlan Carvey
Description: Digital Forensics with Open Source Tools is the definitive book on investigating and analyzing computer systems and media using open source tools. The book is a technical procedural guide, and explains the use of these tools on Linux and Windows systems as a platform for performing computer forensics. Both well known and novel forensic methods are demonstrated using command-line and graphical open source computer forensic tools for examining a wide range of target systems and artifacts.
- Written by world-renowned forensic practitioners
- Details core concepts and techniques of forensic file system analysis
- Covers analysis of artifacts from the Windows, Mac, and Linux operating systems
*****Update*****: Today until midnight 12/3, No Starch Press is offering 40% off on their books. Use GEEKGIFT at checkout to have the discount applied. To make things easier, I have also noted books that are available on the No Starch site by putting (NSP) next to the title.