(2023) My year in cybersecurity books
Incident Response with Threat Intelligence - Roberto Martinez
To be honest, I read almost this entire book last year, but decided to put it in this year list.
This book can be read for those with no experience in both topics, Incident Reponse and Threat Intelligence, since it explains the basic concepts of them, to, after that, explains how to use Threat Intelligence to help and improve the response to security incidents, and how to use detection engineering to understand better the attacks, like the use of attack simulation tools.
I consider very important to read this book, since Threat Intelligence is even more involved in other cybersecurity fields and this book describe exactly how to use it in investigations.
https://www.packtpub.com/product/incident-response-with-threat-intelligence/9781801072953
Incident Response Techniques for Ransomware Attacks - Oleg Skulkin
After finish to read the previous mentioned book, I decided to read this book with the idea of improve the investigation of attacks related to Ransomware.
The book starts talking about human-operated Ransomware attacks, to give some examples and bring the idea about groups which conduct this kind attack. After that, it explains the Incident Response process, mentioning the use of Threat Intelligence focused in Ransomware.
Furthermore, it brings a detailed explaination on how to conduct the investigation of each technique, which is very important to know since the Ransomware cases are growing each more.
https://www.packtpub.com/product/incident-response-techniques-for-ransomware-attacks/9781803240442
Android Security Internals — Nikolay Elenkov
I know, it’s and old book, from 2015. At the time, the current Android version was 6 and many things have changed since then — you will note it when it talks about permissions, saying that they are all or nothing.
Even if it’s about an outdated version, I think that this book is important to understand the Android internals.
https://nostarch.com/androidsecurity
Mastering Malware Analysis - Alexey Kleymenov, Amr Thabet
A complete book for malware analysts who want to know beyond the Windows executables analysis. It covers analysis for .NET, Java, mobile systems (Android and iOS), and even architectures used in IoT. It explains the particularities in each one of these analysis and how to perform both static and dynamic in each one of them.
https://www.packtpub.com/product/mastering-malware-analysis/9781789610789
The Android Malware Handbook - Qian Han, Salvador Mandujano, Sebastian Porst, V.S. Subrahmanian, Sai Deep Tetali, and Yanhai Xiong
This book hit the mark to combine two emerging technologies: Android Malware, which are increasing and evoluting quickly over the years, and Machine Learning, which has been used even more in the field to detect and classify malwares.
Event if you are not familiar with Android Malware Analysis, the book starts explaining how to perform static and dynamic analysis. After that, explains the concepts of how Machine Learning can be used to classify information, in special, malwares.
Knowing the Machine Learning concepts, it explains how to use them with Android Applications to classify Rooting Malwares, Spywares, Banking Trojans, Ransomwares and SMS Fraud. In each one of them it’s explained their characteristics and how the classification methods can be used (and if it’s possible) to classify them correctly over goodware and other malwares.
Combining techniques to perform Android Malware Analysis with how to use Machine Learning to improve the detection and the analysis make this book a should read book for those to deal with Android Malware.
https://nostarch.com/androidmalwarehandbook
Not technical but related to cybersecurity
Pegasus: How a Spy in Your Pocket Threatens the End of Privacy, Dignity, and Democracy — Laurent Richard, Sandrine Rigaud
It’s the full story about how the investigation of a then software to allow remote access to a mobile device, to be used for techincal support, became a software used by a Israeli company and has been bought by many governments for millions of dollars to spy journalists and other governments.
Laurent and Sandrine, from Forbidden Stories, a group of journalists who investigate the killing of journalists, were contacted by Claudio Guarnieri and Donncha Ó Cearbhaill, from Amnstesy International Security Lab, with a list of cell phone numers, which they believe that are related to targets.
The book have twenty-one chapters with the timeline and all the details of the investigation, with some chapters dedicated to particular stories of Khadija Ismaylova and Omar Radi, who were victim of the spyware. There are emphasis to some regimes who used the tool against their own citizens, like Azerbaijan, the UEA, Morroco, Rwanda and Saudi Arabia.
