(2022) My year in cybersecurity books
Practical Social Engineering: A Primer for the Ethical Hacker - Joe Gray
Joe Gray is a well know OSINT professional. Who is into OSINT know the quality of his work, but if you don’t know you can check it out his platform with his courses: https://www.theosintion.com/.
Now, in addition to his courses, Joe Gray release this very good book, which detail how to conduct Social Engineering engagements. These informations can be very useful, thinking in a cyber attack, in Reconnaissance and in the Weaponization stage (Cyber Kill Chain) or in the Resource Development tactic (MITRE ATT&CK). The book provide practical exercises on how to conduct these engagements and how to mitigate them, explaining the email features which is used in phishing campaigns, which are SPF, DMARC and DKIM, and how to configure them.
Social Engineering is a very good way to gather information which can be used in cyber attacks or to produce intelligence, so if you want to know more about it, this book is a very good source.
Ransomware: Understand. Prevent. Recover — Allan Liska
Nowadays, Ransomware is a must-know topic for cyber security professionals and enthusiats, which needs a special attention in relation to the other cyber attacks. Fortunatelly, there’s a website which can gather relevant information about it, knowing its history, the news, and how to mitigate them.
A good start to know what you need to get started in Ransomware is the website’s book, written by Allan Liska and available for free.
The book was written in 2021 and starts with a brief history and about criptocurrencies, to next discuss the defensive measures which can be taken to protect against it, focusing in backup and awareness, including tabletop exercises. In addition to these measures, it’s discussed important points to detect it, both proactive (Threat Hunting) and reactive (TTPs), and how to build Incident Response plans.
Antivirus Bypass Techniques — Nir Yehoshua , Uriel Kosayev
Good book to learn more about how the Antiviruses work and how to do a research to try to bypass them. The book starts with some approaches to bypass the Antiviruses which can be used to conduct the bypass. After that some ways to conduct the bypass, both dynamicly and staticly, are shown.
The techniques showed are important to understand the bypass process, but it’s important to understand the research approaches and use them to continue the research, if you are interested in the topic. So, this book is a good way to start.
Practical Memory Forensics — Svetlana Ostrovskaya , Oleg Skulkin
Memory Analysis is a important topic in Digital Forensics, since some analysis can’t be done just with information in the hard drive, event recovering deleted files. Knowing that, the book starts explaining about how memory works and its importance in the forensics process.
The book covers the forensics process in memory including Windows, Linux and macOS, explaining the difference among them and how to conduct the acquisition and to analyze the dump created in the acquisition process.
In each of the three operating systems, is explained how to perform user activity reconstruction and how to identify malicious behavior using the information contained in memory.
If you are passionate about Digital Forensics, this book is heavily recommended due to the importance of the memory analysis in a investigation and after read this book you will understand the kind of valuable information we can gather from memory.
Not technical, but related to cyber security.
Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers — Andy Greenberg
I had already interested to read this book before, with Russia in evidence in the news, I thought that it could be a good opportunity to finally read it and, for sure, it worth it.
The book starts with some stories involving russian cyber attacks and some geopolitical conflicts which leaded to attacks in the cyberspace, like the Estonia and Georgia cases. There’s also a story about some groups linked to Russia, and some more stories, involving vulnerabilities, like EternalBlue, and tools, like Mimikatz.
If you are interested in stories related to the use of vulnerabilities and cyber attacks in general, you should read this book. Also, I know that Russia has a mix of feelings for some people, but we have to admit that follow its involvements in cyber security are, at least, interesting.
The Red Web: The Struggle Between Russia’s Digital Dictators and the New Online Revolutionaries — Andrei Soldatov & Irina Borogan
To be honest, I knew about this book while reading Andy Greenberg’s Sandworm. Andrei and Irina have a great work about the actions of the Russia, since the involvement of the government in the Internet, until the use of its intelligence agency.
The books starts with the story of the telecommunications in Russia, following the beginning of Internet, and evolving to how the goverment wants to control it. During all this timeline, the intelligence agency is mentioned.
There’s also interesting points about the arrival of Snowden in Russia, and how the country tried to expand its control in Internet outside its own territory. Even the authors are russian, we have to bear in mind that they are critics of the current government and how the work of the intelligence agency is conducted.