15 Must read books if you want to work on Cyber Security

Motivation

One of the most frequent questions I get asked by my students: What books should I read if I want to work in Cyber Security?

So I reviewed what I have read so far, talked to colleagues I trust to conduct the following list (as I have a lot of german readers, there is always a link to the german and the english version). The list is a mixture of educational books as well as books that will give an idea about mindset of hackers, defenders and other players in that field.

If you have other recommendations, opinions or comments, I would highly appreciate every feedback in the comments below.

I will try to update the post on a regular base as new trends are coming up e.g. machine learning, AI or blockchain (but I do not see any must-read-books in that areas).

It is fair to say, it is not the only way into the security area, a good amount of people learned by blogs, twitter, youtube and such and there is nothing wrong with it, it is quite the opposite, as the pace of change is so fast, it is hard to keep books up to date.

Every item has links to amazon.com, if you happen to buy the book using the links you support the blog, thank you for that.

1. The Art of War

by Sun Tzu

A relative short (and cheap) book that teaches various aspects of war that most experts agree can also be applied to cyber security. To be honest, there are also a good amount of people who think Art of war is not as important, so read it and make your own opinion.
At least it will be a good ice breaker for networking.

Englisch link / German link

2. Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker

by Kevin Mitnick

This was the first security related book I read after attending a conference talk of the author Kevin Mitnick. It is fair to say he is one of the most known hackers and reading his stories gives the reader first hand access to the mind and motivation of a hacker. The book is also very good to read.

English link / German link

3. The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage

by Cliff Stoll

What to say, a book about espionage, spies and many more. Good book that for sure must be read.

English link / German link

4. Practical Malware Analysis: A Hands-On Guide to Dissecting Malicious Software

by Michael Sikorski

Reading that book will equip you with all concepts and skills to analyse malicious files. This is even a very good skill if your goal is not to become the top notch malware reverse engineer, but the concepts outlined in the book will help to understand weaponizing files to target systems or users.

English link / German link

5. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon by Kim Zetter

This book covers the maybe most prominent cyber security attack in history: Stuxnet. To understand motivation of companies to invest money in cyber security, knowing and trying to understand the Stuxnet case is so helpful and Kim Zetters book is the best to do so.

English link / German link

6. Rtfm: Red Team Field Manual

by Ben Clark

This list would be incomplete without at least one book covering the offensive aspect of cyber security professionals: red teaming. Even if you do not want to be payed to hack into companies, it is good to know what the people getting paid to hack into companies have read without a doubt.

English link / German link

7. Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan

by Jeff Bollinger, Brandon Enright, Matthew Valites

Legendary book outlining how to ramp up an Incident Response Plan to defend a network. If your goal is to go into red teaming, read that book to understand how defenders work.

English link / German link

8: 1984

by George Orwell

Fictional book but also a must read for making a career because it will sharpen your sensors for privacy more than any other book out there.

German link

9: Practical Unix & Internet Security

by by Simson Garfinkel, Gene Spafford, Alan Schwartz

Sooner or later everyone in the industry encounters Unix, that is why this book is on that list, because it is the bible for that area.

English link / German link

10: Computer Incident Response and Product Security

by Damir Rajnovic

Damir „Gaus“ Rajnovic created the standard to read to set up an Computer Security Incident Response Team (CSIRT / CIRT / CERT / CSIRT) or a Product Security Incident Response Team (P-SIRT).

German link

11: Applied Cryptography: Protocols, Algorithms and Source Code in C

by Bruce Schneier

A top x list in Cyber Security without a book from Bruce Schneier is not worth to listen to. Bruce Schneier is the rockstar in the area and his book the go to for cryptography.

English link / German link

12: Secure Coding: Principles and Practices

by Mark G. Graff, Kenneth R. van Wyk

You need to understand how to write secure code. Without that know how it is way harder to argue on basic security principles. This book is bootcamp for that purpose.

English link

13: Hacking: The Art of Exploitation

by Jon Erickson

Refered by a trusted friend as one of the go-to books for understanding exploitation.

English link

14: Cryptonomicon

by Neal Stephenson

Another fictional book on that list to understand motivation and boost your motivation in the field.

English link

Bonus: The Ultimate Hitchhiker’s Guide to the Galaxy

by Douglas Adams

When asking friends for opinions and recommendations for that list, the ultimate hitchhiker’s guide to the Galaxy was mentioned „because no security professional will take you seriously if you haven’t read it“ – nothing to add here.

English link / German link

Comment

You might have discovered, it is not yet 15 books, I am still on the journey to discover the remaining bricks. But rather prefer to let people read less books that have a big impact than more books with some that might not be the same caliber.

Have fun with reading.

(This post is inspired by 15 Must Read Books if You Want to Work on Wall Street)

Security API collection

While working on different stuff I was searching for a collection of APIs that are related of useful for security researchers, incident response people or threat intel.

Unable to find a good list of REST APIs decided to start it. The collection is hosted on a Security API list, and pull requests or issues mentioning missing APIs are highly welcome.

Why did I produce such a list? More and more people want to automate their workflows, Security Orchestration is the new Buzzword after last years Threat Intelligence, but basically containing the same, they both have in common to facilitate already available data, with Orchestration not storing that much data but enriching dots collected.

However the challenge is, what to integrate, everyone has their „go to“ tools they use on a daily base risking to miss some golden nuggets that are handy.

The list is divided (at the moment) in tools that are mostly on prem., online tools, SIEMs and various. With an increasing number of APIs that ordering might change of course.

So I really hope the list is useful and people can use it and that it can grow.

MISP Issues with certificates

Recently I came a across some MISP issues with Certificates with remote servers. Even it is okay with Test connection, if you try to push or pull events it will not do anything. Also logs will not tell you anything. If you run tcpdump to debug and watch in Wireshark you will see something like the screen shot.

Before adding it to the documentation of MISP, here is a brain dump what I did:

Scenario:
Server 1 – running MISP
Server 2 – running MISP

Server 1 wants to push events to Server 2

Server 2 has a TLS / SSL certificate signed by an internal CA. Because cakephp is not respecting the OS CA store. This needs to be done manually.

Looking up the certificate with full chain in Firefox will not reveal the FULL cert patch because it is not showing the ROOT CA.

What you need to do is create a new text file and add all public certificates to that file and save it as a .pem file (including the sign of the Root CA)
This pem file then needs to be added as certificate to the MISP Server config.

Within gitter we had a discussion why it is not okay to simply mark the „self signed“ box. It appears that certificates that are signed by a CA (and not signed locally) have several indications for such signatures:

#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
...

and

ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]

Useful:

keytool -printcert -file certificate.pem

And:

openssl s_client -showcerts -connect server2:443

Mount a VDH file within linux

To mount a VDH (Virtual Hard Disk) file in linux (e.g. ubuntu):

sudo apt-get install virtualbox-fuse
sudo mkdir /mnt/vhd-mountpoint/
sudo vdfuse -f disk.vhd /mnt/vhd-mountpoint/
mkdir /mnt/vhd-mountpoint
sudo mount -o loop  /mnt/vhd-mountpoint/Part1 /mnt/part1

VDH is mostly used within Windows 7 and newer.

VLC OSX dock history deactivate

To deactivate the history of recent files opened with VLC displayed in the OSX dock can be done with the following commands (execute in terminal):

defaults write org.videolan.vlc NSRecentDocumentsLimit 0
defaults delete org.videolan.vlc.LSSharedFileList RecentDocuments
defaults write org.videolan.vlc.LSSharedFileList RecentDocuments -dict-add MaxAmount 0

Restart dock:

killall Dock

Find more

Adding your own crt from a CA to ubuntu local ca store

If you are trying to for example develop python and accessing something encrypted with SSl and that SSL certificate is not signed by a well known CA you might get an error.

That is because your CA is not added to the local CA store of e.g. Ubuntu.

You can add your signatures by:

sudo mkdir /usr/share/ca-certificates/extra
sudo cp FOO.crt /usr/share/ca-certificates/extra/FOO.crt
sudo dpkg-reconfigure ca-certificates

Then the new certificates will be added to your local store.
(please be careful as sudo dpkg-reconfigure ca-certificates is only checking for files *.crt, so no *.cer etc).

raspberry pi libgcc1 problem

Havin problems with your PI to update:


sudo apt-get install libgcc1
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.
Statusinformationen werden eingelesen.... Fertig
Die folgenden NEUEN Pakete werden installiert:
libgcc1
0 aktualisiert, 1 neu installiert, 0 zu entfernen und 0 nicht aktualisiert.
2 nicht vollständig installiert oder entfernt.
Es müssen noch 0 B von 54,2 kB an Archiven heruntergeladen werden.
Nach dieser Operation werden 210 kB Plattenplatz zusätzlich benutzt.
E: Debconf-Version konnte nicht ermittelt werden. Ist debconf installiert?
debconf: apt-extracttemplates schlug fehl: Datei oder Verzeichnis nicht gefunden
dpkg: Vor-Abhängigkeitsproblem betreffend .../libgcc1_1%3a4.8.2-21~rpi3rpi1_armhf.deb, welches libgcc1:armhf enthält:
libgcc1 hängt (vorher) von multiarch-support ab
multiarch-support ist entpackt, wurde aber nie konfiguriert.

dpkg: Fehler beim Bearbeiten von /var/cache/apt/archives/libgcc1_1%3a4.8.2-21~rpi3rpi1_armhf.deb (--unpack):
Vor-Abhängigkeitsproblem - libgcc1:armhf wird nicht installiert
Fehler traten auf beim Bearbeiten von:
/var/cache/apt/archives/libgcc1_1%3a4.8.2-21~rpi3rpi1_armhf.deb

(Sorry for german only)

ans other stuff is also not working:


sudo apt-get install --reinstall multiarch-support libgcc1 debconf
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.
Statusinformationen werden eingelesen.... Fertig
Probieren Sie »apt-get -f install«, um dies zu korrigieren:
Die folgenden Pakete haben unerfüllte Abhängigkeiten:
debconf : Hängt ab von (vorher): perl-base (>= 5.6.1-4) soll aber nicht installiert werden
Empfiehlt: apt-utils (>= 0.5.1) soll aber nicht installiert werden
Empfiehlt: debconf-i18n soll aber nicht installiert werden
E: Unerfüllte Abhängigkeiten. Versuchen Sie »apt-get -f install« ohne Angabe eines Pakets (oder geben Sie eine Lösung an).

You might want to do the following:

goto:
http://archive.raspbian.org/raspbian/pool/main/e/eglibc/
Locate the latest multiarch file
wget it...
sudo dpkg -i --force-depends multiarch-support_2.13-38+rpi2+deb7u3_armhf.deb
sudo apt-get -f install
sudo apt-get update
sudo apt-get upgrade

Things I have googled for:


raspberry libgcc1 problem

raspberry debconf has never

sudo dpkg -i --force-depends multiarch-support_2.13-38+rpi2_armhf.deb
sudo apt-get -f install
sudo apt-get update