John Opdenakker
I want to order some #infosec books and start reading instead of being behind the computer at night. I'm NOT looking for hacking or appsec books. Interested in security awareness, OSINT, building security culture, security management,... books. Which ones do you recommend?
Book mentions in this thread
Intrusion Detection Honeypots
by Chris Sanders
The foundational guide for using deception against computer network adversaries.When an attacker breaks into your network, you have a home-field advantage. But how do you use it?Intrusion Detection Honeypots is the foundational guide to building, deploying, and monitoring honeypots -- security resources whose value lies in being probed and attacked. These fake systems, services, and tokens lure attackers in, enticing them to interact. Unbeknownst to the attacker, those interactions generate logs that alert you to their presence and educate you about their tradecraft. Intrusion Detection Honeypots teaches you how to: Use the See-Think-Do framework to integrate honeypots into your network and lure attackers into your traps, leverage honey services that mimic HTTP, SSH, and RDP, hide honey tokens amongst legitimate documents, files, and folders, entice attackers to use fake credentials that give them away, create honey commands, honey tables, honey broadcasts, and other unique detection tools that leverage deception, and monitor honeypots for interaction and investigate the logs they generate.With the techniques in this book, you can safely use honeypots inside your network to detect adversaries before they accomplish their goals.Social Engineering
by Christopher Hadnagy
The first book to reveal and dissect the technical aspect of many social engineering maneuvers From elicitation, pretexting, influence and manipulation all aspects of social engineering are picked apart, discussed and explained by using real world examples, personal experience and the science behind them to unraveled the mystery in social engineering. Kevin Mitnick—one of the most famous social engineers in the world—popularized the term “social engineering.” He explained that it is much easier to trick someone into revealing a password for a system than to exert the effort of hacking into the system. Mitnick claims that this social engineering tactic was the single-most effective method in his arsenal. This indispensable book examines a variety of maneuvers that are aimed at deceiving unsuspecting victims, while it also addresses ways to prevent social engineering threats. Examines social engineering, the science of influencing a target to perform a desired task or divulge information Arms you with invaluable information about the many methods of trickery that hackers use in order to gather information with the intent of executing identity theft, fraud, or gaining computer system access Reveals vital steps for preventing social engineering threats Social Engineering: The Art of Human Hacking does its part to prepare you against nefarious hackers—now you can do your part by putting to good use the critical information within its pages.Security Engineering
by Ross Anderson
Market_Desc: · Computer programmers and computer engineers with no security background· Computer Security Professionals· Students · Professors Special Features: · Revision of best-selling first edition, 0471389226, 3/9/01, 24,000 copies sold· Updated with 200 more pages and new coverage of Vista, Xen, phishing, Google issues, declassified military doctrine, Richard Clarke issues , Skype, mobile fraud, music security issues (iTunes, etc.), antitrust issues and more· No other book covers the security of embedded applications (cars, postal meters, vending machines, phones, etc.)· The author is one of the world's foremost authorities on security design for companies like Microsoft, Intel, and VISA; the first edition is considered the seminal work in security design About The Book: The book's contents speak to the audience: working technical professional with no security background. To that end, all examples are for current technologies and applications. Using current, real-world examples the book covers basic Concepts of Security Engineering (including examples of systems and failures).The book is a security design manual for embedded systems, the only one of its kind, thought to be a seminal work and controversial in high-level circles because some security experts think the author is giving the bad guys as many secret algorithms as the good guys but that's what you really have to know if you want to build good security systems.Votes: 7
The Phoenix Project
by Gene Kim
Bill has 90 days to fix a behind-schedule IT project, or his entire department will be outsourced. Fortunately, he has the help of a prospective board member, whose "Three Ways" philosophy might just save the day.Exploding the Phone
by Phil Lapsley
“A rollicking history of the telephone system and the hackers who exploited its flaws.” —Kirkus Reviews, starred review Before smartphones, back even before the Internet and personal computers, a misfit group of technophiles, blind teenagers, hippies, and outlaws figured out how to hack the world’s largest machine: the telephone system. Starting with Alexander Graham Bell’s revolutionary “harmonic telegraph,” by the middle of the twentieth century the phone system had grown into something extraordinary, a web of cutting-edge switching machines and human operators that linked together millions of people like never before. But the network had a billion-dollar flaw, and once people discovered it, things would never be the same. Exploding the Phone tells this story in full for the first time. It traces the birth of long-distance communication and the telephone, the rise of AT&T’s monopoly, the creation of the sophisticated machines that made it all work, and the discovery of Ma Bell’s Achilles’ heel. Phil Lapsley expertly weaves together the clandestine underground of “phone phreaks” who turned the network into their electronic playground, the mobsters who exploited its flaws to avoid the feds, the explosion of telephone hacking in the counterculture, and the war between the phreaks, the phone company, and the FBI. The product of extensive original research, Exploding the Phone is a groundbreaking, captivating book that “does for the phone phreaks what Steven Levy’s Hackers did for computer pioneers” (Boing Boing). “An authoritative, jaunty and enjoyable account of their sometimes comical, sometimes impressive and sometimes disquieting misdeeds.” —The Wall Street Journal “Brilliantly researched.” —The Atlantic “A fantastically fun romp through the world of early phone hackers, who sought free long distance, and in the end helped launch the computer era.” —The Seattle TimesEnterprise Security Architecture
by John Sherwood
Security is too important to be left in the hands of just one department or employee-it's a concern of an entire enterprise. Enterprise Security Architecture shows that having a comprehensive plan requires more than the purchase of security software-it requires a framework for developing and maintaining a system that is proactive. The book is basedVotes: 4
Cult of the Dead Cow
by Joseph Menn
Hunting Cyber Criminals
by Vinny Troia
The skills and tools for collecting, verifying and correlating information from different types of systems is an essential skill when tracking down hackers. This book explores Open Source Intelligence Gathering (OSINT) inside out from multiple perspectives, including those of hackers and seasoned intelligence experts. OSINT refers to the techniques and tools required to harvest publicly available data concerning a person or an organization. With several years of experience of tracking hackers with OSINT, the author whips up a classical plot-line involving a hunt for a threat actor. While taking the audience through the thrilling investigative drama, the author immerses the audience with in-depth knowledge of state-of-the-art OSINT tools and techniques. Technical users will want a basic understanding of the Linux command line in order to follow the examples. But a person with no Linux or programming experience can still gain a lot from this book through the commentaries. This book’s unique digital investigation proposition is a combination of story-telling, tutorials, and case studies. The book explores digital investigation from multiple angles: Through the eyes of the author who has several years of experience in the subject. Through the mind of the hacker who collects massive amounts of data from multiple online sources to identify targets as well as ways to hit the targets. Through the eyes of industry leaders. This book is ideal for: Investigation professionals, forensic analysts, and CISO/CIO and other executives wanting to understand the mindset of a hacker and how seemingly harmless information can be used to target their organization. Security analysts, forensic investigators, and SOC teams looking for new approaches on digital investigations from the perspective of collecting and parsing publicly available information. CISOs and defense teams will find this book useful because it takes the perspective of infiltrating an organization from the mindset of a hacker. The commentary provided by outside experts will also provide them with ideas to further protect their organization’s data.Votes: 4
The Cuckoo's Egg
by Cliff Stoll
Transformational Security Awareness
by Perry Carpenter
Expert guidance on the art and science of driving secure behaviors Transformational Security Awareness empowers security leaders with the information and resources they need to assemble and deliver effective world-class security awareness programs that drive secure behaviors and culture change. When all other processes, controls, and technologies fail, humans are your last line of defense. But, how can you prepare them? Frustrated with ineffective training paradigms, most security leaders know that there must be a better way. A way that engages users, shapes behaviors, and fosters an organizational culture that encourages and reinforces security-related values. The good news is that there is hope. That’s what Transformational Security Awareness is all about. Author Perry Carpenter weaves together insights and best practices from experts in communication, persuasion, psychology, behavioral economics, organizational culture management, employee engagement, and storytelling to create a multidisciplinary masterpiece that transcends traditional security education and sets you on the path to make a lasting impact in your organization. Find out what you need to know about marketing, communication, behavior science, and culture management Overcome the knowledge-intention-behavior gap Optimize your program to work with the realities of human nature Use simulations, games, surveys, and leverage new trends like escape rooms to teach security awareness Put effective training together into a well-crafted campaign with ambassadors Understand the keys to sustained success and ongoing culture change Measure your success and establish continuous improvements Do you care more about what your employees know or what they do? It's time to transform the way we think about security awareness. If your organization is stuck in a security awareness rut, using the same ineffective strategies, materials, and information that might check a compliance box but still leaves your organization wide open to phishing, social engineering, and security-related employee mistakes and oversights, then you NEED this book.Cyber Risk Leaders
by Shamane Tan
This work seeks to understand this form of shamanism, its relationship to other shamanisms, and its survival in the new global economy, through anthropology, ethnobotany, cognitive psychology, legal history, and personal memoir. "An exhaustively researched and detailed study, unique among its kind and an absolute 'must-have' for college library collections strong in anthropology and information on indigenous religions."--Midwest Book Review