Welcome to Threat Intel’s #WednesdayWisdom column, which aims to help improve your cybersecurity knowledge and keep you informed on important developments.
There are many sources of information for those working in, or hoping to work in, the world of cyber security. Technical blogs, online courses, podcasts, webcasts, and more provide a wealth of information on the latest happenings in the threat landscape.
However, sometimes you can’t beat a good book, so in the run-up to World Book Day, which takes place on Sunday, April 23, we asked a range of Symantec experts for their essential reads for cyber security professionals (or those looking to get into the industry), as well as any other personal favorites.
The recommendations of Eric Chien, distinguished engineer and technical director in Symantec Security Response, ranged from practical guides for those in the industry, to some cracking tales of cybercrime.
Unsurprisingly, given Eric was one of the lead researchers involved in Symantec’s investigation into the infamous Stuxnet threat, even featuring in Alex Gibney’s Zero Days documentary on the subject, one of his recommendations is a book looking at the background of that digital weapon.
· Cryptonomicon; Neal Stephenson: A work of fiction that jumps from the 1940s to the present day that features cryptographers and hackers, and hints at a dark future.
· Cuckoo’s Egg; Clifford Stoll: Stoll’s memoir about his quest to capture a cyber spy.
· Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon; Kim Zetter: Cyber security journalist Zetter tells the story behind Stuxnet.
· Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground; Kevin Poulsen: Ex-hacker and journalist Poulsen recounts his tale of the pursuit of an infamous cybercriminal.
· The Art of Computer Virus Research and Defense; Peter Szor: One of the lead researchers behind Norton AntiVirus, Szor takes readers behind the scenes of antivirus research.
· Windows Internals, Part 1 (Developer Reference) 6th Edition; Mark E Russinovich, David A Solomon, Alex Ionescu: A guide to Windows architecture and internals.
· Applied Cryptography: Protocols, Algorithms, and Source Code in C; Bruce Schneier: An essential introduction to cryptography.
· The Practice of Network Security Monitoring: Understanding Incident Detection and Response; Richard Bejtlich: This book details how Network Security Monitoring can help protect networks and data.
Ireland-based threat analysis engineer Jennifer is currently busy preparing for Symantec’s Cyber War Games final, which will take place in May.
While Jennifer admits she tends to read technical blog posts about particular subjects, there are some practical books she continues to turn to as well.
· Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software; Michael Sikorski, Andrew Honig: An excellent handbook for starting out with malware analysis.
· The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws; Dafydd Stuttard; Marcus Pinto: A guide to web application penetration testing.
· The Hacker Playbook 2: Practical Guide To Penetration Testing; Peter Kim: A step-by-step guide to the “game” of penetration hacking.
Principal technical support engineer and avid reader Mick Halpin recommended an array of books covering a variety of different areas.
· Spam Nation: The Inside Story of Organized Cybercrime — from Global Epidemic to Your Front Door; Brian Krebs: Awesome investigation into where this stuff comes from and who makes their money from it.
· Fatal System Error: The Hunt for the New Crime Lords Who Are Bringing Down the Internet; Joseph Menn: Pretty old now but a worthy read that delves into the murky world of cyber crime.
· DarkMarket: How Hackers Became the New Mafia; Misha Glenny: Mick used one word to describe this book, which details the fight back against malicious hackers: awesome.
· McMafia: A Journey Through the Global Criminal Underworld; Misha Glenny: Also by Glenny, this book sees the veteran journalist travel across five continents to speak with people at every level of the criminal cyber underworld.
· The Hacking Exposed series contains detailed advice and strategies to help defeat cyber criminals.
· Cyber War: The Next Threat to National Security and What to Do About It; Richard A. Clarke, Robert Knake: Former presidential adviser and counter-terrorism expert Clarke details the threat the US faces from cyber crime.
· Universal Scams & Fraud Detection; David Snow: This book focuses mainly on the many billions lost to insurance fraud but also features information on computer-related scams.
· The Florentine Deception; Carey Nachenberg: A work of fiction by a Symantec alumnus, this is a bit Dan Brown, and a fun adventure that exposes some dangers inherent to computers.
· Dark Times in the City; Gene Kerrigan: A recommendation that’s unrelated to tech, this is a crime novel by Irish journalist Kerrigan.
A principal software engineer and analyst in Symantec Security Response, Gavin has been involved in many investigations into cyber criminals’ tactics and behaviors.
While admitting that he now finds a lot of the information he needs online, he recommended some books he has turned to over the years.
· The Hacker Crackdown; Bruce Sterling: A nice summary of the hacking landscape in the 1980s and 1990s.
· Rise of the Machines: The Lost History of Cybernetics; Thomas Rid: Pulling together the history of cybernetics, this book also has some details about the first publicized international espionage hacking.
· Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power; David E Sanger: A wide-ranging book, it contains details about Stuxnet, and Operation Olympic Games.
· Ready Player One: A Novel; Ernest Cline: A fiction recommendation, this is a fun book for anyone with an interest in computers who grew up in the 1980s.
· Network Security Assessment: Know Your Network; Chris McNab: A guide to performing network-based penetration testing.
· Computer Networks; Andrew Tanenbaum, David Wetherall; An introduction to networking, explaining how networks work from the inside out.
· Gavin also recommends the Hacking Exposed series, which was also recommended above.
Liam, a director of development in the Symantec Security Response team, was one of the lead researchers involved in Symantec’s investigation into Stuxnet. He, together with Eric Chien, is now considered one of the authorities on this subject, and also featured in Alex Gibney’s Zero Days documentary.
Given how closely they have worked together, it is perhaps unsurprising that there was some overlap with Eric’s and Liam’s recommendations, Liam also recommended Cuckoo’s Egg, Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon, and Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground.
· Exploding the Phone; Phil Lapsley: This book tells the story of the people who, long before the internet, discovered how to hack the telephone.
· Ghost In The Wires: My Adventures as the World’s Most Wanted Hacker; Kevin Mitnick, William Simon: Mitnick recounts his experiences as the “world’s most wanted hacker”.
· The Code Book: The Secret History of Codes and Code-breaking; Simon Singh: A look at the history of man’s urge to uncover the secrets of codes.
· Fallout: The True Story Of The CIA’s Secret War On Nuclear Trafficking; Catherine Collins, Douglas Frantz: This book examines the circumstances that led to nuclear weapons technology spreading throughout the world.
· Wiring Up The Big Brother Machine… And Fighting It; Mark Klein: Whistleblower Klein recounts the impact of revealing that illegal government spying apparatus had been installed at an AT&T office by the NSA.
· Fatal System Error: The Hunt for the New Crime Lords Who Are Bringing Down the Internet; Joseph Menn: This book was also recommended by Mick Halpin.
· Malware Analyst’s Cookbook and DVD: Tools and Techniques for Fighting Malicious Code; Michael Ligh, Steven Adair, Blake Hartstein, Matthew Richard: A computer forensics “how-to” for fighting malicious code and analyzing incidents.
· The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler; Chris Eagle: An essential read for those analyzing malware, conducting vulnerability research, or reverse engineering software.
· Liam also recommends Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software, which is also recommended above.
Aleatha, a senior principal research engineer based in California, had some words of wisdom about what she thinks it takes to be a good cyber security professional.
“It’s important to know how exploits happen and how the bad guys think. You also need to know what tools are at your disposal to help protect users.”
“My bookshelf is a mix of hacking guides and crypto. You also need to understand modern operating systems and software architecture to understand how a lot of vulnerabilities occur, so it’s good to have a really solid OS book. I have the Tanenbaum OS book (Modern Operating Systems: Global Edition), like everyone else. It’s Unix-centric, but it’ll teach you about things like heaps, stacks, and context switches, which are applicable to all OSes. And [to be a good cyber security professional] you should have some experience in a low-level language like C, so you understand things like pointers and memory layout.”
· Smashing the Stack for Fun and Profit; Aleph One: It’s a little dated, but this short pamphlet gives a great intro to the one of the most basic classes of security exploit, while explaining the OS fundamentals around it. If you are wondering how malware works, start here.
· The Shellcoder’s Handbook: Discovering and Exploiting Security Holes; Chris Anley; John Heasman; Felix Lindner; Gerardo Richarte: This is a really detailed guide to the theory and practice of finding and exploiting security holes. It doesn’t focus on hacking tools, as many other books do, instead focusing on the nitty gritty of hacking: how to smash stacks; how to exploit buffer overflows; how to return into libraries. It’s not for the amateur, it assumes you have a good knowledge of how software and operating systems work, but it’s got incredible depth. Another good one in this vein is Hacking: The Art of Exploitation (Jon Erickson).
· The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler; Chris Eagle (as recommended above): Will teach you how to reverse engineer code. It’s useful for analysts, as well as for understanding how hackers find vulnerabilities.
· Applied Cryptography: Protocols, Algorithms, and Source Code in C; Bruce Schneier (as recommended above): It’s a good idea to rely on well-vetted crypto libraries wherever possible, know how to use them right, and what the pitfalls are. Schneier is one of the best writers on this subject. I also follow his blog, which is great for keeping up with recent exploits and developments in security.
A senior director of engineering and “cyber security czar” at Symantec, Tarah is also a well-known speaker on the tech conference circuit, an author, and a prolific tweeter.
She had three recommendations to make for what she thought were the most relevant reads for those in the field of cyber security.
· Theory of Games and Economic Behavior; John von Neumann, Oskar Morgenstern: First published by Princeton University Press in 1944, this book was a groundbreaking text upon which modern-day game theory is based.
· Judgment Under Uncertainty: Heuristics and Biases; Daniel Kahneman, Paul Slovic, Amos Tversky: This book brings together a range of academic papers to study the factors that influence human decision making.
· Threat Modeling: Designing for Security; Adam Shostack: This book details how to build better security into the design of systems, software, and services.
Candid, a principal threat researcher in Symantec Security Response, says that a lot of his information these days comes from white papers and articles, while also underlining that cyber security is a broad field with different skills required in different areas.
“Reverse engineering or forensics might apply to one person, whereas others can use more information on web application security and python scripting.”
Three of Candid’s recommendations have already been mentioned:
· Hacking: The Art of Exploitation: Candid describes this as a good start for those who want to learn about buffer overflows and other exploits.
Candid also recommends:
· The Tangled Web: A Guide to Securing Modern Web Applications; Michal Zalewski: This is a good start for those wanting to learn about web application security.
Like this story? Recommend it by hitting the heart button so others on Medium see it, and follow Threat Intel on Medium for more great content.