KURU Lounge

Saturday, October 12, 2019

Reading up on the China Threat

I just finished "America the Vulnerable: Inside the New Threat Matrix of Digital Espionage, Crime, and Warfare" and "The Hundred-Year Marathon: China's Secret Strategy to Replace America as the Global Superpower" both were interesting but tended to the alarmist I think. I agree with their basic premise, that China (and others) is in the process of challenging America's pre-eminence on the world stage, and I believe that if they succeed that it will be bad for the world. The authors' tone however makes it sound like this is a done deal, inevitable and irreversible. I don't agree with that. Next up on the list is "Unrestricted Warfare: China's Master Plan to Destroy America"

In case you are wondering two of these three books appear on military cyber warfare reading lists:

https://docs.google.com/spreadsheets/d/12z7_8fUwSejPVd6bIosD405mhpLLM_DnTdcIiiKWpqw/edit#gid=2079030996

Sunday, September 22, 2019

SANS ICS 612 Review Part 2

This covers the second half of the ICS 612 course. On Morning 4 we picked up with the reaminder of the day 3 material, so basically more architecture and networking solutions. We did some work with a data historian and explored remote access a bit more.

After completing that material we moved right into System Management. This was pretty tools centric with some time spent on the ELK stack then on pushing that data into Integrity (formerly Sophia). We also spent time using Cyberlens and the Dragos suite as well as Indegy. The day closed out with discussions of ICS change management and ICS patch management.

Day 5 was a blast, the instructors borked our setups and we had to troubleshoot the issues and restore fuctionality. That was the first half of the morning. Then we did a CTF until lunch which was fairly challenging, but not exceptionally so. (I placed 4th out of 20 and I am a moron so...). Thae afternoon was spent providing feedback on the course and grinding coffee, which was the simulated business.

Overall this course was really good, of course most SANS Training is. Everything went far smoother than I expected for a beta course. I highly recommend this course, especially if you can couple it with some of the training from Threatgen which covers some of the areas like risk assessment that this course, as a mainly hands-on offering doesn't really delve into.

Friday, September 20, 2019

SANS ICS 612 Review Part 1

SANS Institute recently introduced a new class in their ICS Track; ICS 612: ICS Cybersecurity In-Depth. In the SANS world this, as a 600 level class would be an upper level Masters course. The course was developed by Tim Conway, Jeff Shearer, Jason Dely, and Chris Robinson. Tim, Jeff, and Jason are actually instructing.

So far the class has been excellent. It covers a wide variety of subjects in a logical sequence with days broken down, (so far), into Local Process: which deals mainly with local interaction with the PLC and other lower level equipment, System of System: which deals with pulling the local processes up into more distributed systems, and ICS Network Infrastructure: covering network equipment, segmentation and monitoring (we are only about half through this module), Everything has a lot of hands on using a student kit tied into a pod shared by two students.

Some of the topics being covered are:

PLC programming
Secure Architecture
Process and Data Flow
Remote Access

My only criticisms are the timing on the labs aren't quite right, but it's a beta course so that will get worked out, and I like case studies and so far there is only one.

I will finish this review after the course ends tomorrow night but so far I highly recommend it.

Tuesday, September 10, 2019

Cybersecurity Reading List

I have been building this list for quite awhile, and it's up to 200 books and papers now. The source material is a Dragos suggested reading list, professional reading lists from the various armed services, the University of North Georgia, Defcon Reading List, and the Cybersecurity Canon.

@War by Shane Harris
1984 by George Orwell
3D Printing Will Rock the World by John Hornick
A Century of Spies: Intelligence in the Twentieth Century by Jeffrey T. Richelson
A Fierce Domain: Conflict in Cyberspace 1986 to 2012 by Heasley
A Man Called Intrepid: The Secret War by William Stevenson
A Scanner Darkly by Phillip K. Dick
Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization by Eric Cole
America the Vulnerable by Joel Brenner
An Abbreviated History of Automation & Industrial Controls Systems and Cybersecurity by Hayden, Assante and Conway (paper)
Approaching Zero: The Extraordinary Underworld of Hackers, Phreakers, Virus Writers, and Keyboard Criminals by Paul Mungo and Bryan Clough
At Large: The Strange Case of the World's Biggest Internet Invasion by David Freedman and Charles Mann
Bodyguard by William C. Dietz
Brave New World by Aldous Huxley
Brave New World Revisited by Aldous Huxley
Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications by Ivan Ristic, ISBN-13: 978-1907117046
Burning Chrome by William Gibson
Che Guevara and the FBI: U.S. Political Police Dossier on the Latin American Revolutionary by Michael Ratner
Colossus And Crab by D.F. Jones
Colossus by D.F. Jones
Colossus the Forbin Project by D.F. Jones
Colossus Triology: Colossus, The Fall of Colossus and Colossus and the Crab by D.F. Jones
Competitive Intelligence : How to Gather, Analyze, and Use Information to Move Your Business to the Top by Larry Kahaner
Compilers: Principles, Techniques, and Tools by Alfred V. Aho, Monica S. Lam, Ravi Sethi, Jeffrey D. Ullman ISBN-13: 978-0201100884
Computer Networks (5th Edition) by Andrew S. Tennebaum, ISBN-13: 978-0132126953
Corporate Espionage: What It Is, Why It's Happening in Your Company, What You Must Do About It by Ira Winkler
Count Zero by William Gibson
Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon by Kim Zetter
Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses by Ed Skoudis; Tom Liston
Counterstrike: The Untold Story of America's Secret Campaign Against Al Qaeda by Eric Schmitt
Cracking the Coding Interview: 150 Programming Questions and Solutions by Gayle Laakmann McDowell, ISBN-13: 978-0984782802
Credit Power!: Rebuild Your Credit in 90 Days or Less by John Q. Newman
Crypto by Steven Levy
Cryptonomicon by Neal Stephenson
Cyber Adversary Characterization: Auditing the Hacker Mind by Tom Parker; Marcus H. Sachs; Eric Shaw; Ed Stroz; Matthew G. Devost Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats by Will Gragido; John Pirc
Cyber War: The Next Threat to National Security and What To Do About It by Richard A. Clarke; Robert Knake
Cyberpower and National Security by Franklin D. Kramer (Editor); Stuart H. Starr (Editor); Larry Wentz (Editor)
Cyberpunk: Outlaws and Hackers on the Computer Frontier by Katie Hafner and John Markhoff
Cybersecurity and Cyberwar: What Everyone Needs to Know by P.W. Singer
Cyber Security Assessments of ICS: A Good Practice Guide by DHS CPNI (Paper)
Dark Territory: The Secret History of Cyber War by Fred Kaplan
Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World by Bruce Schneier
Defeating Adversary Network Intelligence Efforts with Active Cyber Defense Techniques by Keith A. Repik
Delivering on Digital: The Innovators and Technologies That are Transforming Government
Design and Analysis of Knowledge-Base Centric Insider Threat Models by Qutaibah Althebyan
Diamond Age by Neal Stephenson
Diamond Model of intrusion analysis by Caltagirone, Pendergast, and Betz (paper)
Do Androids Dream of Electric Sheep by Phillip K. Dick
Double Loop Learning in Organizations by Argyris (paper)
Electric Power System Basics: For the Nontechnical Professional
Embedded Device Vulnerability Analysis by Oliver and O’Meara (Paper)
Ender's Game by Orson Scott Card
Exponential Organizations: Why new organizations are ten times better, faster, and cheaper than yours (and what to do about it) by Salim Ismail
Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet by Joseph Menn
Friendly Spies: How America's Allies Are Using Economic Espionage to Steal Our Secrets by Peter Schweizer
Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It by Marc Goodman
Future Noir: The Making of Blade Runner
Generating Hypothesis for Successful Threat Hunting by Lee, Bianco (Paper)
Ghost Fleet by P. W. Singer; August Cole
Ghost in the Wires by Kevin Mitnick; William L. Simon (As told to); Steve Wozniak (Foreword by)
Glass Houses: Privacy, Secrecy, and Cyber Insecurity in a Transparent World by Joel Brenner
Guidelines for Planning an Integrated Security Operations Center, EPRI (paper)
Hackers: Heroes of the Computer Revolution by Steven Levy
Hacking Exposed: Industrial Control Systems by Bodungen, Singer, Shbeeb, Hilt and Wilbit
Hacking Exposed 7: Network Security Secrets and Solutions by Stuart McClure; George Kurtz; Joel Scambray
Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions by Slava Gomzin
Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson, ISBN-13: 978-1593271442 , available in paperback
Heavy Weather by Bruce Sterling
How to Investigate Your Friends, Enemies, and Lovers by Trent Sands, John Q. Newman
How to Measure Anything in Cybbersecurity Risk by Douglas Hubbard and Richard Seiersen
Hunting with Rigor: Quantifying the Breadth, Depth and Threat Intelligence Coverage of a Threat Hunt in Industrial Control System Environments By Gunter (paper)
I, Robot by Issac Asimov
Idoru by William Gibson
In the Beginning...was the Command Line by Neal Stephenson
Industrial Automation and Process Control Security: SCADA, DCS, PLC, HMI, and SIS by Tyson Macaulay; Bryan L. Singer
Industrial Control Threat Intelligence by Caltagirone (paper)
Industrial Network Security by Knapp and Langill
Information Warfare: Chaos on the Electronic Superhighway by Winn Schwartau
Inside CIA's Private World: Declassified Articles from the Agency`s Internal Journal, 1955-1992 by H. Bradford Westerfield
Inside Cyber Warfare: Mapping the Cyber Underworld by Jeffrey Carr
Inside the CIA: Revealing the Secrets of the World's Most Powerful Spy Agency by Ronald Kessler
Insights into Building an Industrial Control System Security Operations Center, Dragos (paper)
Interface by Neal Stephenson
Islands in the Net by Bruce Sterling
Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen
Leadership BS: Fixing Workplaces and Careers One Truth at a Time by Jeffery Pfeiffer
Learn You a Haskell for Great Good!: A Beginner's Guide by Miran Lipovaca, ISBN-13: 978-1593272838
Learning RSLogix 5000 programming by Scott
Legion of the Damned by William C. Dietz
Lethal Interface by Mel Odom
Level 4: Virus Hunters of the CDC by Joseph B. McCormack, Susan Fischer-Hoch
Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath by Ted Koppel
Little Brother by Cory Doctorow
Lobbying and Policy Change: Who Wins, Who Loses, and Why by Frank R. Baumgartner
Man Plus by Frederick Pohl
Managing the Insider Threat: No Dark Corners by Nick Catrantzos
Mars Plus by Frederick Pohl
Masters of Deception: The Gang That Ruled Cyberspace by Michele Slatalla and Joshua Quittner
Measuring and Managing Information Risk: A FAIR Approach by Jack Freund and Jack Jones
Metasploit: The Penetration Testers Guide by David Kennedy, Jim O'Gorman, Devon Kearns, and Mati Ahorni
Mona Lisa Overdrive by William Gibson
Neuromancer by William Gibson
Newton's Telecom Dictionary: Telecommunications, Networking, Information Technologies, the Internet, Wired, Wireless, Satellites, and Fiber by Harry Newton
No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State by Glenn Greenwald
Our Robots, Ourselves: Robotics and the Myth of Autonomy by David Mindell
Out of the Inner Circle: The True Story of a Computer Intruder Capable of Cracking the Nation's Most Secure Computer Systems (Tempus) by Bill Landreth
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software by Michael Sikorski and Andrew Honig, ISBN-13: 978-1593272906
Predicting Malicious Behavior: Tools and Techniques for Ensuring Global Security by Daniel Jackson; Gary M. Jackson
Privacy on the Line: The Politics of Wiretapping and Encryption by Whitfield Diffie, Susan Landau
Privacy Power: Protecting Your Personal Privacy in the Digital Age by Trent Sands
Python Essential Reference (4th Edition) by David M. Beazley, ISBN-13: 978-0672329784
Radio Monitoring: The How-To Guide by T.J. Arey
Retrofitting Blade Runner: Issues in Ridley Scott's Blade Runner and Phillip K. Dick's Do Androids Dream of Electric Sheep?
Reverse Deception: Organized Cyber Threat Counter-Exploitation by Sean Bodmer; Max Kilger; Gregory Carpenter; Jade Jones; Jeff Jones
RFID: MIFARE and Contactless Cards in Application by Gerhard Schalk
Rtfm: Red Team Field Manual by Ben Clark, ISBN-13: 978-0321444424
Sams Teach Yourself Networking in 24 Hours by Uyless Black; Uyless D. Black; Joseph W. Habraken
Scanner Modifications And Antennas by Jerry Pickard
Scanners And Secret Frequencies (Electronic Underground S) by Henry Eisenson
Schismatrix Plus (Complete Shapers-Mechanists Universe) by Bruce Sterling
Science, Strategu and War by Osinga
Secrets and Lies: Digital Security in a Networked World by Bruce Schneier
Secure Architecture for Industrial Control Systems by Obregon
Secrets of a Buccaneer-Scholar: How Self-Education and the Pursuit of Passion Can Lead to a Lifetime of Success by James Marcus Bach, ISBN-13: 978-1439109090
Selected Stories of Philip K. Dick by Phillip K. Dick
Site Reliability Engineering by Betsy Beyer, Chris Jones, Jennifer Petoff and Niall Murphy
Skunk Works: A Personal Memoir of My Years at Lockheed by Ben Rich
Smart Card Developer's Kit by Scott Guthery, Timothy Jurgensen
Snow Crash by Neal Stephenson
Social Engineering: The Art of Human Hacking by Christopher Hadnagy
Society and the Internet: How Networks of Information and Communication are Changing Our Lives by Mark Graham, William H. Dutton, and Manuel Castells
Spam nation by Brian Krebs
Spy Catcher: The Candid Autobiography of a Senior Intelligence Officer by Peter Wright
Starship Troopers by Robert Heinlein
Stealing the Network: The Complete Series Collector's Edition, Final Chapter, and DVD by Ryan Russel, Ido Dubrawsky, FX, Joe Grand, Tim Mullen, ASIN: B006NV2EGI
Strategy: A History by Lawerence Freedman
Takedown: The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw - By the Man Who Did It by John Markhoff and Tsutomu Shimomura
Tallinn Manual on the International Law Applicable to Cyber Warfare
Tao of Network Security Monitoring by Bejtlich
TCP/IP Illustrated, Volume 1: The Protocols (2nd Edition) (Addison-Wesley Professional Computing Series) by Kevin Fall and W. Richard Stevens, ISBN-13: 978-0321336316
Technicians Guide to Programmable Controllers by Borden and Cox
The Age of the Unthinkable: Why the New World Disorder Constantly Surprises Us And What We Can Do About It by Joshua Cooper Ramo
The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers by Kevin Mitnick
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities by Mark Dowd, John McDonald, Justin Schuh ISBN-13: 978-0321444424
The Basics of Hacking and Penetration Testing, Second Edition: Ethical Hacking and Penetration Testing Made Easy by Patrick Engebretson, ISBN-13: 978-0124116443
The CERT Guide to Insider Threats: How to Prevent, Detect, & Respond to Information Technology Crimes by Dawn M. Cappelli; Andrew P. Moore; Randall F. Trzeciak
The Checlist Manifesto by Gawande
The Circle by Dave Eggers
The Cuckoo's Egg:Tracking a Spy through the Maze of Computer Espionage by Cliff Stoll
The Cyberthief and the Samurai by Jeff Goodell
The Defense of Hill 781: An Allegory of Modern Mechanized Combat by James R. McDonough; John R. Galvin (Foreword by)
The Dictator's Handbook: Why Bad Behavior is Almost Always Good Politics by Bruce Bueno de Mesquita
The Difference Engine by William Gibson
The Failure of Risk Management: Why It's Broken and How to Fix It by Douglas W. Hubbard
The Fall of Colossus by D.F. Jones
The FBI: Inside the World's Most Powerful Law Enforcement Agency by Ronald Kessler
The Four Types of Threat Detection by Caltagirone and Lee (paper)
The Forever War by Joe Haldeman
The Fugitive Game: Online with Kevin Mitnick by Jonathan Littman
The Future of Power by Joseph S. Nye
The Grey Line: Modern Corporate Espionage and Counterintelligence by Andrew Brown
The Hacker Crackdown: Law And Disorder On The Electronic Frontier by Bruce Sterling
The Hacker Playbook: Practical Guide To Penetration Testing by Peter Kim, ASIN: B00N4FG6TW
The Industrial Control System Cyber Kill Chain (paper)
The Innovator's Dilemma: The Revolutionary Book that Will Change the Way You Do Business by Clayton M. Christensen
The Instigators: How a Small Band of Digtal Activists Risked Their Lives and Helped Bring Down the Government of Egypt by David Wolman
The Lean Startup by Eric Ries
The Mossad: Israel's Secret Intelligence Service: Inside Stories by Dennis Eisenberg
The Net Delusion: The Dark Side of Internet Freedom by Evgeny Morozov
The Phoenix Project by Gene Kim, Kevin Behr, and George Spafford
The Puzzle Palace: Inside the National Security Agency, America's Most Secret Intelligence Organization by James Bamford
The Red Web: The Struggle Between Russia's Digital Dictators and the New Online Revolutionaries by Andrei Soldatov, Irina Borogan
The Seventh Sense: Power, Fortune and Survival in the Age of Networks
The Shadow Factory: The NSA from 9/11 to the Eavesdropping on America by James Bamford
The Singularity Is Near: When Humans Transcend Biology by Ray Kurzweil
The spy catcher trial: The scandal behind the #1 best seller by Malcolm Turnbull
The Starfish and the Spider: The Unstoppable Power of Leaderless Organizations by Ori Brafman
The Tangled Web: A Guide to Securing Modern Web Applications by Michael Zalewski, ISBN-13: 978-1593273880
The Ultimate Scanner: Cheek 3 by Bill Cheek
The Underground Database (The Electronic Underground, Vol 1)
The VALIS Trilogy by Phillip K. Dick
The Watchman: The Twisted Life and Crimes of Serial Hacker Kevin Poulsen by Jonathan Littman
Thinking Fast and Slow by Kahneman
True Names...and Other Dangers by Vernor Vinge
True Names: And the Opening of the Cyberspace Frontier by Vernor Vinge
Unmasking the Social Engineer by Christopher Hadnagy
Unrestricted Warfare: China's Master Plan to Destroy America by Qiao Liang
Virtual Light by William Gibson
War by Other Means: Economic Espionage in America by John J. Fialka
We are Anonymous by Parmly Olsen
When Sysadmins Ruled the Earth by Cory Doctrow
Where Wizards Stay Up Late: The Origins Of The Internet by Katie Hafner
Windows Internals, Part 1 by Mark Russinovich, Alex Ionescu, and David Solomon
Window Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry (2nd Edition) by Harlan Carvey
Winning as a CISO by Rich Baich
Wired for War by P. W. Singer
Worm by Mark Bowden
Zero Day by Mark Russinovich
Zodiac( The Eco-Thriller) by Neal Stephenson

Tuesday, May 21, 2019

Review - Dragos Assessing, Hunting and Monitoring of Industrial Control System Networks

Disclosure - I work for a company which subscribes to Dragos services so I got the corporate rate.

Last week I attended Dragos's Assessing, Hunting, and Monitoring of Industrial Control System Networks. I didn't really have a need to attended this course having previously attended all three courses in the SANS ICS track, but I had to take some vacation and I had bonus money to spend so I packed up and flew my butt to Baltimore. I arrived on the 13th and left on the 18th.

OK, overall I enjoyed the course. Especially the first 2.5 days, which covered ICS basics and Assessing ICS networks. This is the core of my work so it held the most interest for me. This course had one of the best explanations of the Purdue model I have encountered and a really good explanation of what ICS systems are and how they work. The exercises with the PLC were good, especially since we used actual Phoenix Contact PLCs, which most classes don't do. The discussion of ICS protocols was a little rushed but I did learn a couple things so I can't complain much.

Assessment of ICS networks started on day two and the discussion of architectural review was excellent. Here is my first work of warning - If you attend this class brush up on Wireshark and and reading .pcaps. I have used Wireshark off and on for years but it's not something I do on a routine basis so I was out of practice. This is a major part of the class going forward and it is introduced here. Be proficient in order to really get the most out of the class.

Threat Hunting started the second half of day three and honestly I felt like drug on forever. The material was good / useful but there was so much and the pacing just felt off to me. Some of that is my fault too though as this was the day the jetlag hit and I just couldn't stay focused and awake for the last two hours of the day. Again tools are introduced and you would be well advised to be familiar at least with Bro / Zeek and the ELK stack. Cyberlens is covered in this module and that was pretty fun and I have some uses for that tool at work that I can now pursue since it is freely distributed now.

Monitoring was the last module. It continued with the .pcap. bro/zeek, etc. exercises. This module also introduced the Dragos tool. Honestly that was the least useful section to me as it's not a tool I use or will be using, but if you re using it at work it will be a good exercise.

Like I said overall the course was good and I enjoyed it, but I would have enjoyed it more if I had refreshed my Wireshark and Bro skills. Don't take what I have said as real criticisms of the class but more as suggestions on how to get the most benefit.

Let me also say that the people at the Dragos office were all exceptionally nice and they feed you pretty well.

Thursday, March 28, 2019

Cybersecurity Reading List

@War: The Rise of the Military Internet Complex by Shane Harris
1984 by George Orwell
3D Printing will Rock the World by John Hornick
A Century of Spies: Intelligence in the Twentieth Century by Jeffrey T. Richelson
A Man Called Intrepid: The Secret War by William Stevenson
A Scanner Darkly by Phillip K. Dick
Advanced Persistent Security: A Cyberwarfare Approach to Implementing Adaptive Enterprise Protection, Detection, and Reaction Strategies by Ira Winkler and Araceli Treu Gomes
Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization by Tyler Wrightson
Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization by Eric Cole
Against the Gods: The Remarkable Story of Risk by Peter L Bernstein
America the Vulnerable by Joel Brenner
American Spies by Jennifer Stissa Grannick
Applied Cryptography: Protocols, Algorithms, and Source Code in C by Bruce Schneier
Approaching Zero: The Extraordinary Underworld of Hackers, Phreakers, Virus Writers, and Keyboard Criminals by Paul Mungo and Bryan Clough
Artificial Intelligence: A Modern Approach by Stuart J. Russell and Peter Norvig
At Large: The Strange Case of the World's Biggest Internet Invasion by David Freedman and Charles Mann
Blackout by Marc Elsberg
Bodyguard by William C. Dietz
Brave New World by Aldous Huxley
Brave New World Revisited by Aldous Huxley
Breaking and Entering: The extraordinary story of a hacker named "Alien" by Jeremy N. Smith
Breakpoint by Richard A. Clarke
Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications by Ivan Ristic, ISBN-13: 978-1907117046
Burning Chrome by William Gibson
Che Guevara and the FBI: U.S. Political Police Dossier on the Latin American Revolutionary by Michael Ratner
Cheating at Blackjack Squared: The Dark Side of Gambling by Dustin D. Marks
Code of The Cynga Volume 1 by Chase Cunningham, Heather Dahl and Shirow Di Rosso (Illustrator)
Code of the Cynga Volume 2 by Chase Cunningham, Heather Dahl and Shirow Di Rosso (Illustrator)
Colossus And Crab by D.F. Jones
Colossus by D.F. Jones
Colossus the Forbin Project by D.F. Jones
Colossus Triology: Colossus, The Fall of Colossus and Colossus and the Crab by D.F. Jones
Competitive Intelligence : How to Gather, Analyze, and Use Information to Move Your Business to the Top by Larry Kahaner
Compilers: Principles, Techniques, and Tools by Alfred V. Aho, Monica S. Lam, Ravi Sethi, Jeffrey D. Ullman ISBN-13: 978-0201100884
Computer Networks (5th Edition) by Andrew S. Tennebaum, ISBN-13: 978-0132126953
Confront and Conceal by David E. Sanger
Corporate Espionage: What It Is, Why It's Happening in Your Company, What You Must Do About It by Ira Winkler
Count Zero by William Gibson
Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon by Kim Zetter
Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses by Ed Skoudis; Tom Liston
Counterstrike: The Untold Story of America's Secret Campaign Against Al Qaeda by Eric Schmitt
Crack99: The Takedown of a $100 Million Chinese Software Pirate
Cracking the Coding Interview: 150 Programming Questions and Solutions by Gayle Laakmann McDowell, ISBN-13: 978-0984782802
Credit Power!: Rebuild Your Credit in 90 Days or Less by John Q. Newman
Crypto by Steven Levy
Cryptonomicon by Neal Stephenson
Cyber Adversary Characterization: Auditing the Hacker Mind by Tom Parker; Marcus H. Sachs; Eric Shaw; Ed Stroz; Matthew G. Devost Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats by Will Gragido; John Pirc
Cyber Operations and the Use of Force in International Law by Marco Roscini
Cyber War: The Next Threat to National Security and What To Do About It by Richard A. Clarke; Robert Knake
Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners by Jason Andress and Steve Winterfeld
Cyberdeterrence and Cyberwar by Martin C. Lubicki
Cyberpower and National Security by Franklin D. Kramer (Editor); Stuart H. Starr (Editor); Larry Wentz (Editor)
Cyberpunk: Outlaws and Hackers on the Computer Frontier by Katie Hafner and John Markhoff
Cybersecurity and Cyberwar: What Everyone Needs to Know by P.W. Singer
Cybersecurity for Business Executives by NTT
Cybersecurity Leadership by Mansur Hasib
Cyberspace And The State by David J. Betz and Tim Stevens
Cyberspace in Peace and War by Martin C. Libicki
Daemon by Daniel Suarez
Dark Territory: The Secret History of Cyber War by Fred Kaplan
Dark Times in the City by Gene Kerrigan
DarkMarket: How Hackers Became the New Mafia by Misha Glenny
Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World by Bruce Schneier
Defeating Adversary Network Intelligence Efforts with Active Cyber Defense Techniques by Keith A. Repik
Design and Analysis of Knowledge-Base Centric Insider Threat Models by Qutaibah Althebyan
Diamond Age by Neal Stephenson
Do Androids Dream of Electric Sheep by Phillip K. Dick
Dragnet Nation by Julia Angwin
Ender's Game by Orson Scott Card
Exploding the Phone by Phil Lapsley
Exponential Organizations: Why new organizations are ten times better, faster, and cheaper than yours (and what to do about it) by Salim Ismail
Fallout: The True Story of the CIA's Secret War on Nuclear Trafficing by Catherine Collins and Douglas Frantz
Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet by Joseph Menn
Freedom by Daniel Suarez
Friendly Spies: How America's Allies Are Using Economic Espionage to Steal Our Secrets by Peter Schweizer
Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It by Marc Goodman
Future Noir: The Making of Blade Runner
Ghost Fleet by P. W. Singer; August Cole
Ghost in the Wires by Kevin Mitnick; William L. Simon (As told to); Steve Wozniak (Foreword by)
Hackers: Heroes of the Computer Revolution by Steven Levy
Hacking Exposed 7: Network Security Secrets and Solutions by Stuart McClure; George Kurtz; Joel Scambray
Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions by Slava Gomzin
Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson, ISBN-13: 978-1593271442 , available in paperback
Heavy Weather by Bruce Sterling
How to Investigate Your Friends, Enemies, and Lovers by Trent Sands, John Q. Newman
How to Measure Anything in Cybersecurity Risk by Douglas W. Hubbard and Richard Seiersen
How to Measure Anything: Finding the Intangibles in Business by Douglas W. Hubbard
I, Robot by Issac Asimov
Idoru by William Gibson
In the Beginning...was the Command Line by Neal Stephenson
Industrial Automation and Process Control Security: SCADA, DCS, PLC, HMI, and SIS by Tyson Macaulay; Bryan L. Singer
Information Disposition by Robert J. Johnson
Information Warfare: Chaos on the Electronic Superhighway by Winn Schwartau
Inside CIA's Private World: Declassified Articles from the Agency`s Internal Journal, 1955-1992 by H. Bradford Westerfield
Inside Cyber Warfare: Mapping the Cyber Underworld by Jeffrey Carr
Inside the CIA: Revealing the Secrets of the World's Most Powerful Spy Agency by Ronald Kessler
Interface by Neal Stephenson
Internet Police: How Crime Went Online and the Cops Followed by Nate Anderson
Islands in the Net by Bruce Sterling
Judgment Under Uncertainty: Heuristics and Biases by Daniel Kahneman and Paul Slovic
Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen
Leadership BS: Fixing Workplaces and Careers One Truth at a Time by Jeffery Pfeiffer
Learn You a Haskell for Great Good!: A Beginner's Guide by Miran Lipovaca, ISBN-13: 978-1593272838
Legion of the Damned by William C. Dietz
Lethal Interface by Mel Odom
Level 4: Virus Hunters of the CDC by Joseph B. McCormack, Susan Fischer-Hoch
Lights Out by Ted Koppel
Little Brother by Cory Doctorow
Lobbying and Policy Change: Who Wins, Who Loses, and Why by Frank R. Baumgartner
Locked Down: Information Security For Lawyers by Sharon D. Nelson, David G. Ries, and John W. Simek
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code by Michael Ligh and Steven Adair
Man Plus by Frederick Pohl
Managing the Insider Threat: No Dark Corners by Nick Catrantzos
Mars Plus by Frederick Pohl
Masters of Deception: The Gang That Ruled Cyberspace by Michele Slatalla and Joshua Quittner
McMafia: A Journey Through the Global Criminal Underworld by Misha Glenny
Measuring and Managing Information Risk: A FAIR Approach by Jack Freund and Jack Jones
Metasploit: The Penetration Testers Guide
Modern Operating Systems: Global Edition by Andrew Tannbaum and Herbert Bos
Mona Lisa Overdrive by William Gibson
Navigating the Digital Age
Network Forensics: tracking hacker through cyberspace by Sherri Davidoff and Jonathon Ham
Network Security Assessment: Know Your Network by Chris McNab
Neuromancer by William Gibson
Newton's Telecom Dictionary: Telecommunications, Networking, Information Technologies, the Internet, Wired, Wireless, Satellites, and Fiber by Harry Newton
No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State by Glenn Greenwald
Offensive Countermeasures: The Art of Active Defense by John Strand and Paul Asadoorian
Out of the Inner Circle: The True Story of a Computer Intruder Capable of Cracking the Nation's Most Secure Computer Systems (Tempus) by Bill Landreth
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software by Michael Sikorski and Andrew Honig, ISBN-13: 978-1593272906
Predicting Malicious Behavior: Tools and Techniques for Ensuring Global Security by Daniel Jackson; Gary M. Jackson
Privacy on the Line: The Politics of Wiretapping and Encryption by Whitfield Diffie, Susan Landau
Privacy Power: Protecting Your Personal Privacy in the Digital Age by Trent Sands
Python Essential Reference (4th Edition) by David M. Beazley, ISBN-13: 978-0672329784
Python Forensics by Chet Hosmer
Radio Monitoring: The How-To Guide by T.J. Arey
Ready Player One by Ernest Cline
Reamde by Neal Stephenson
Retrofitting Blade Runner: Issues in Ridley Scott's Blade Runner and Phillip K. Dick's Do Androids Dream of Electric Sheep?
Reverse Deception: Organized Cyber Threat Counter-Exploitation by Sean Bodmer; Max Kilger; Gregory Carpenter; Jade Jones; Jeff Jones
RFID: MIFARE and Contactless Cards in Application by Gerhard Schalk
Rise of the Machines by Thomas Rio
Rtfm: Red Team Field Manual by Ben Clark, ISBN-13: 978-0321444424
Sams Teach Yourself Networking in 24 Hours by Uyless Black; Uyless D. Black; Joseph W. Habraken
Scanner Modifications And Antennas by Jerry Pickard
Scanners And Secret Frequencies (Electronic Underground S) by Henry Eisenson
Schismatrix Plus (Complete Shapers-Mechanists Universe) by Bruce Sterling
Secrets and Lies: Digital Security in a Networked World by Bruce Schneier
Secrets of a Buccaneer-Scholar: How Self-Education and the Pursuit of Passion Can Lead to a Lifetime of Success by James Marcus Bach, ISBN-13: 978-1439109090
Security Metrics: Replacing Fear Uncertainty and Doubt by Andrew Jaquith
Selected Stories of Philip K. Dick by Phillip K. Dick
Skunk Works: A Personal Memoir of My Years at Lockheed by Ben Rich
Smart Card Developer's Kit by Scott Guthery, Timothy Jurgensen
Smart Casino Gambling: How to Win More and Lose Less by Olaf Vancura
Smart Drugs II (Smart Drug Series, V. 2) by Ward Dean, John Morgenthaler, Steven Fowkes
Smashing the Stack for Fun and Profit by Aleph One
Snow Crash by Neal Stephenson
Social Engineering: The Art of Human Hacking by Christopher Hadnagy
Spam Nation by Brian Krebs
Spy Catcher: The Candid Autobiography of a Senior Intelligence Officer by Peter Wright
Starship Troopers by Robert Heinlein
Stealing the Network: The Complete Series Collector's Edition, Final Chapter, and DVD by Ryan Russel, Ido Dubrawsky, FX, Joe Grand, Tim Mullen, ASIN: B006NV2EGI
Strategy: A History by Lawerence Freedman
Takedown: The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw - By the Man Who Did It by John Markhoff and Tsutomu Shimomura
Tallinn Manual on the International Law Applicable to Cyber Warfare
TCP/IP Illustrated, Volume 1: The Protocols (2nd Edition) (Addison-Wesley Professional Computing Series) by Kevin Fall and W. Richard Stevens, ISBN-13: 978-0321336316
The Age of the Unthinkable: Why the New World Disorder Constantly Surprises Us And What We Can Do About It by Joshua Cooper Ramo
The Art of Computer Virus Research and Defense by Peter Szor
The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers by Kevin Mitnick
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities by Mark Dowd, John McDonald, Justin Schuh ISBN-13: 978-0321444424
The Basics of Hacking and Penetration Testing, Second Edition: Ethical Hacking and Penetration Testing Made Easy by Patrick Engebretson, ISBN-13: 978-0124116443
The Blue Nowhere by Jeffery Deaver
The CERT Guide to Insider Threats: How to Prevent, Detect, & Respond to Information Technology Crimes by Dawn M. Cappelli; Andrew P. Moore; Randall F. Trzeciak
The Code Book by Simon Singh
The Cuckoo's Egg:Tracking a Spy through the Maze of Computer Espionage by Cliff Stoll
The Cybersecurity Dilemma by Ben Buchanan
The Cyberthief and the Samurai by Jeff Goodell
The Defense of Hill 781: An Allegory of Modern Mechanized Combat by James R. McDonough; John R. Galvin (Foreword by)
The Dictator's Handbook: Why Bad Behavior is Almost Always Good Politics by Bruce Bueno de Mesquita
The Difference Engine by William Gibson
The Failure of Risk Management: Why It's Broken and How to Fix It by Douglas W. Hubbard
The Fall of Colossus by D.F. Jones
The FBI: Inside the World's Most Powerful Law Enforcement Agency by Ronald Kessler
The Florentine Deception by Carey Nachenberg
The Forever War by Joe Haldeman
The Fugitive Game: Online with Kevin Mitnick by Jonathan Littman
The Girl With The Dragon Tattoo by Stieg larsen
The Grey Line: Modern Corporate Espionage and Counterintelligence by Andrew Brown
The Hacker Crackdown: Law And Disorder On The Electronic Frontier by Bruce Sterling
The Hacker Playbook: Practical Guide To Penetration Testing by Peter Kim (or The Hacker Playbook 2)
The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler
The Illusion of Due Diligence: Notes from the CISO Underground
The Inevitable: Understanding the 12 Technological Forces That Will Shape Our Future by K. Kelly
The Innovator's Dilemma: The Revolutionary Book that Will Change the Way You Do Business by Clayton M. Christensen
The Innovators: How a Group of Hackers, Geniuses and Geeks Created the Digital Revolution by W. Isaacson
The Lean Startup by Eric Ries
The Mossad: Israel's Secret Intelligence Service: Inside Stories by Dennis Eisenberg
The Phoenix Project by Gene Kim, Kevin Behr, and George Spafford
The Practice of Network Security Monitoring
The Psychology of Information Security by Leron Zinatulin
The Puzzle Palace: Inside the National Security Agency, America's Most Secret Intelligence Organization by James Bamford
The Red Web: The struggle between Russia's digital dictators and the new online revolutionaries by Andrei Soldatov and Irina Borogan
The Seventh Sense by Joshua Cooper Rand
The Shadow Factory: The NSA from 9/11 to the Eavesdropping on America by James Bamford
The Shellcoders Handbook: Discovering and Exploiting Security Holes by Chris Anley, John Heasman, Felix Linder, Geraldo Richarte
The Singularity Is Near: When Humans Transcend Biology by Ray Kurzweil
The spy catcher trial: The scandal behind the #1 best seller by Malcolm Turnbull
The Starfish and the Spider: The Unstoppable Power of Leaderless Organizations by Ori Brafman
The Tangled Web: A Guide to Securing Modern Web Applications by Michael Zalewski, ISBN-13: 978-1593273880
The Ultimate Scanner: Cheek 3 by Bill Cheek
The Underground Database (The Electronic Underground, Vol 1)
The VALIS Trilogy by Phillip K. Dick
The Watchman: The Twisted Life and Crimes of Serial Hacker Kevin Poulsen by Jonathan Littman
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws by David Stuttard and Marcus Pinto
Theory of Games and Economic Behavior by Oskar Morgenstern and Ariel Rubinstein
There Will Be Cyberwar by Richard Stiennon
Threat Modelling: Designing For Security by Adam Shostack
Trojan Horse by Mark Russinovich
True Names...and Other Dangers by Vernor Vinge
True Names: And the Opening of the Cyberspace Frontier by Vernor Vinge
Universal Scams and Fraud Detection by David Snow
Unmasking the Social Engineer by Christopher Hadnagy
Unrestricted Warfare: China's Master Plan to Destroy America by Qiao Liang
US House Committee on Oversight and Government Reform Report on the Equifax Data Breach
Virtual Light by William Gibson
War by Other Means: Economic Espionage in America by John J. Fialka
We are Anonymous by Parmy Olsen
When Sysadmins Ruled the Earth by Cory Doctrow
Where Wizards Stay Up Late: The Origins Of The Internet by Katie Hafner
Windows Internals Part 1 by Mark Russinovich
Winning as a CISO by Rich Baich
Wired for War by P. W. Singer
Wiring Up The Big Brother Machine…And Fighting It by Mark Klein
Worm by Mark Bowden
Zero Day by Mark Russinovich
Zodiac( The Eco-Thriller) by Neal Stephenson

This list was compiled from the professional reading lists of JSOC, US Army, USAF, USN, USMC, DHS, The Small Wars, DefCon and Dark Reading

Monday, February 04, 2019

Stupid Thing I Have Heard Lately

Radio yesterday (Meet the Press, I think) political analyst discussing Howard Schultz, "He is a billionaire with experience and huge negatives. Hew has no path to the White House" or words very close to that. I was amazed no one laughed at him and said, "Oh, you mean he is another Trump?"