security books

wolfric

In a broad sense of the term "security" here are some of the books i've gotten or are on the list so far. I'm hoping people can suggest some other good ones.
Strictly technical and preferably hands on. Nothing about the general idea and philosophy behind security which generally tends to bore me to tears.

• nmap (official book)
• reversing (secrets of reverse engineering)
• stealing the network (all 4)
• hacking, the art of exploitation
• network security hacks
• practical cryptography
• private communication in a public world
• metasploit penetration testers guide
• the f0rb1dd3n netwwork
• kingpin
• malware analysts cookbook tools and techniques for fighting malicious code

SecurityGuy

From the technical/cryptographic side search for Bruce Schneier books

wolfric

Yeah i actually have secrets and lies which I read the start of but found it too generic but sure he also wrote practical (and applied) cryptography which are on the list. I've read about half of practical cryptography (and bits of applied cryptography) and it's really well put together and the right amount of technical info in there.

Recommend any of his other books? Someone else mentioned cryptography engineering actually.

SecurityGuy

Yeah, "Secrets and Lies" is very light like a novel. I've read "Applied cryptography" a few years ago and "Practical Cryptography" quite recently. It's interesting how author's opinions dramatically changed (it's mentioned in Practical C.)
I've also read fragments of "Security Engineering" by Ross Anderson which is less about crypto and more about overall security but to be honest it's good for reference but not too much for reading.

Screaming Monkey

"secrets and lies" is one of my favourites, its key point is that
all this fancy crypto doesn't help you secure things, a system with an algorithm
from "applied cryptography" broken because the user put their
password on a post-it and didn't see a problem with that.

Some books i got recently..

Practical Lock Picking By Deviant Ollam
http://www.syngress.com/hacking-and-penetration-testing/Practical-Lock-Picking/

and Social Engineering: The Art of Human Hacking
http://www.amazon.co.uk/Social-Engineering-Art-Human-Hacking/dp/0470639539/

the_syco

Screaming Monkey wrote: »

and Social Engineering: The Art of Human Hacking
http://www.amazon.co.uk/Social-Engineering-Art-Human-Hacking/dp/0470639539/

I found Mitnicks examples in "The Art of Deception" to be good. Also the examples in the book "Stealing the Network: how to own the box" were good.

syklops

I found Gray Hat Hacking to be very good as an all rounder book.

Avoid anything by Ankit Fadia, he's a spoofer.

There was a book I read a few years ago by a guy called Dr K called the Hackers Handbook. It was another all rounder, but it had some great tips, like how to set up a hacking lab, and suggestions for getting into Linux.

I'll have a look on my shelves at home, and see if there is anything I have forgotten.

h57xiucj2z946q

the_syco wrote: »

I found Mitnicks examples in "The Art of Deception" to be good. Also the examples in the book "Stealing the Network: how to own the box" were good.

Is this book good?

A mate of mine posted me out this book a few weeks ago and didn't get a chance to look at it yet.

the_syco

Ty Many Plate wrote: »

Is this book good?

A mate of mine posted me out this book a few weeks ago and didn't get a chance to look at it yet.

(Sorry about the late response - just back from a festival yesterday)
I found it gives a good beginning to explaining how social engineering works, and the different ways you could go about it. It also reads like a novel at times, so it kept my interest, but still had me searching for some of the terms online. It also shows where it can be most useful.

dlofnep

I've read a number of security books over the years. The first real book I read was the first edition of Hacking Exposed. I've since read newer editions including the wireless version, and hacking linux exposed.

Hacking Exposed (Multiple editions)
Hacking Linux Exposed
Hacking Wireless Exposed
Google Hacking for Pen-testers
Grey hat Hacking (This is very solid)
Professional Penetration testing (This is orientated to setting up hacking labs to practice on)
SQL Injection Attacks and Defense
Hacking: The art of exploitation.

I'm sure I've missed a few, as I've read these over the best part of 10 years. I read Mitnick's two books also, and I've ordered his new one which should be here soon.

While books are great - I often find it easier to sit down and to just focus on one individual thing, and practice it until I'm familiar with it. It's alot easier now to setup a lab to hack than it used to be, so I think people are learning alot quicker these days.

wolfric

Uploaded with ImageShack.us

More to be delivered

abelard

Lots of good suggestions above, but could someone recommend me one of them based on the following?.....

I don't need something completely exhaustive, just a good introduction to the practice of hacking/penetration testing etc, and I can pick up more advanced texts from there.

I don't have an IT degree, and have no experience programming, but I'm not exactly computer illiterate and have some mathematical grounding, so I don't mind something that moves at a decent pace as long as it starts with basics.

Does such a book exist?