Thursday, March 28, 2019

Cybersecurity Reading List


  1. @War: The Rise of the Military Internet Complex by Shane Harris
  2. 1984 by George Orwell
  3. 3D Printing will Rock the World by John Hornick
  4. A Century of Spies: Intelligence in the Twentieth Century by Jeffrey T. Richelson 
  5. A Man Called Intrepid: The Secret War by William Stevenson 
  6. A Scanner Darkly by Phillip K. Dick
  7. Advanced Persistent Security: A Cyberwarfare Approach to Implementing Adaptive Enterprise Protection, Detection, and Reaction Strategies by Ira Winkler and Araceli Treu Gomes
  8. Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization by Tyler Wrightson
  9. Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization by Eric Cole
  10. Against the Gods: The Remarkable Story of Risk by Peter L Bernstein
  11. America the Vulnerable by Joel Brenner
  12. American Spies by Jennifer Stissa Grannick
  13. Applied Cryptography: Protocols, Algorithms, and Source Code in C by Bruce Schneier
  14. Approaching Zero: The Extraordinary Underworld of Hackers, Phreakers, Virus Writers, and Keyboard Criminals by Paul Mungo and Bryan Clough 
  15. Artificial Intelligence: A Modern Approach by Stuart J. Russell and Peter Norvig
  16. At Large: The Strange Case of the World's Biggest Internet Invasion by David Freedman and Charles Mann 
  17. Blackout by Marc Elsberg
  18. Bodyguard by William C. Dietz
  19. Brave New World by Aldous Huxley
  20. Brave New World Revisited by Aldous Huxley
  21. Breaking and Entering: The extraordinary story of a hacker named "Alien" by Jeremy N. Smith
  22. Breakpoint by Richard A. Clarke
  23. Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications by Ivan Ristic, ISBN-13: 978-1907117046
  24. Burning Chrome by William Gibson
  25. Che Guevara and the FBI: U.S. Political Police Dossier on the Latin American Revolutionary by Michael Ratner 
  26. Cheating at Blackjack Squared: The Dark Side of Gambling by Dustin D. Marks 
  27. Code of The Cynga Volume 1 by Chase Cunningham, Heather Dahl and Shirow Di Rosso (Illustrator)
  28. Code of the Cynga Volume 2 by Chase Cunningham, Heather Dahl and Shirow Di Rosso (Illustrator)
  29. Colossus And Crab by D.F. Jones
  30. Colossus by D.F. Jones
  31. Colossus the Forbin Project by D.F. Jones
  32. Colossus Triology: Colossus, The Fall of Colossus and Colossus and the Crab by D.F. Jones
  33. Competitive Intelligence : How to Gather, Analyze, and Use Information to Move Your Business to the Top by Larry Kahaner 
  34. Compilers: Principles, Techniques, and Tools by Alfred V. Aho, Monica S. Lam, Ravi Sethi, Jeffrey D. Ullman ISBN-13: 978-0201100884
  35. Computer Networks (5th Edition) by Andrew S. Tennebaum, ISBN-13: 978-0132126953 
  36. Confront and Conceal by David E. Sanger
  37. Corporate Espionage: What It Is, Why It's Happening in Your Company, What You Must Do About It by Ira Winkler 
  38. Count Zero by William Gibson
  39. Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon by Kim Zetter 
  40. Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses by Ed Skoudis; Tom Liston
  41. Counterstrike: The Untold Story of America's Secret Campaign Against Al Qaeda by Eric Schmitt
  42. Crack99: The Takedown of a $100 Million Chinese Software Pirate
  43. Cracking the Coding Interview: 150 Programming Questions and Solutions by Gayle Laakmann McDowell, ISBN-13: 978-0984782802
  44. Credit Power!: Rebuild Your Credit in 90 Days or Less by John Q. Newman 
  45. Crypto by Steven Levy
  46. Cryptonomicon by Neal Stephenson
  47. Cyber Adversary Characterization: Auditing the Hacker Mind by Tom Parker; Marcus H. Sachs; Eric Shaw; Ed Stroz; Matthew G. Devost Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats by Will Gragido; John Pirc
  48. Cyber Operations and the Use of Force in International Law by Marco Roscini
  49. Cyber War: The Next Threat to National Security and What To Do About It by Richard A. Clarke; Robert Knake
  50. Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners  by Jason Andress and Steve Winterfeld
  51. Cyberdeterrence and Cyberwar by Martin C. Lubicki
  52. Cyberpower and National Security by Franklin D. Kramer (Editor); Stuart H. Starr (Editor); Larry Wentz (Editor)
  53. Cyberpunk: Outlaws and Hackers on the Computer Frontier by Katie Hafner and John Markhoff 
  54. Cybersecurity and Cyberwar: What Everyone Needs to Know by P.W. Singer
  55. Cybersecurity for Business Executives by NTT
  56. Cybersecurity Leadership by Mansur Hasib
  57. Cyberspace And The State by David J. Betz and Tim Stevens
  58. Cyberspace in Peace and War by Martin C. Libicki
  59. Daemon by Daniel Suarez
  60. Dark Territory:  The Secret History of Cyber War by Fred Kaplan
  61. Dark Times in the City by Gene Kerrigan
  62. DarkMarket: How Hackers Became the New Mafia by Misha Glenny
  63. Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World by Bruce Schneier
  64. Defeating Adversary Network Intelligence Efforts with Active Cyber Defense Techniques by Keith A. Repik
  65. Design and Analysis of Knowledge-Base Centric Insider Threat Models by Qutaibah Althebyan
  66. Diamond Age by Neal Stephenson
  67. Do Androids Dream of Electric Sheep by Phillip K. Dick
  68. Dragnet Nation by Julia Angwin
  69. Ender's Game by Orson Scott Card
  70. Exploding the Phone by Phil Lapsley
  71. Exponential Organizations: Why new organizations are ten times better, faster, and cheaper than yours (and what to do about it) by Salim Ismail
  72. Fallout: The True Story of the CIA's Secret War on Nuclear Trafficing by Catherine Collins and Douglas Frantz
  73. Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet by Joseph Menn
  74. Freedom by Daniel Suarez
  75. Friendly Spies: How America's Allies Are Using Economic Espionage to Steal Our Secrets by Peter Schweizer 
  76. Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It by Marc Goodman
  77. Future Noir: The Making of Blade Runner
  78. Ghost Fleet by P. W. Singer; August Cole
  79. Ghost in the Wires by Kevin Mitnick; William L. Simon (As told to); Steve Wozniak (Foreword by)
  80. Hackers: Heroes of the Computer Revolution by Steven Levy
  81. Hacking Exposed 7: Network Security Secrets and Solutions by Stuart McClure; George Kurtz; Joel Scambray
  82. Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions by Slava Gomzin 
  83. Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson, ISBN-13: 978-1593271442 , available in paperback
  84. Heavy Weather by Bruce Sterling
  85. How to Investigate Your Friends, Enemies, and Lovers by Trent Sands, John Q. Newman 
  86. How to Measure Anything in Cybersecurity Risk by Douglas W. Hubbard and Richard Seiersen
  87. How to Measure Anything: Finding the Intangibles in Business by Douglas W. Hubbard
  88. I, Robot by Issac Asimov
  89. Idoru by William Gibson
  90. In the Beginning...was the Command Line by Neal Stephenson
  91. Industrial Automation and Process Control Security: SCADA, DCS, PLC, HMI, and SIS by Tyson Macaulay; Bryan L. Singer
  92. Information Disposition by Robert J. Johnson
  93. Information Warfare: Chaos on the Electronic Superhighway by Winn Schwartau 
  94. Inside CIA's Private World: Declassified Articles from the Agency`s Internal Journal, 1955-1992 by H. Bradford Westerfield 
  95. Inside Cyber Warfare: Mapping the Cyber Underworld by Jeffrey Carr
  96. Inside the CIA: Revealing the Secrets of the World's Most Powerful Spy Agency by Ronald Kessler 
  97. Interface by Neal Stephenson
  98. Internet Police: How Crime Went Online and the Cops Followed by Nate Anderson
  99. Islands in the Net by Bruce Sterling
  100. Judgment Under Uncertainty: Heuristics and Biases by Daniel Kahneman and Paul Slovic
  101. Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen 
  102. Leadership BS: Fixing Workplaces and Careers One Truth at a Time by Jeffery Pfeiffer
  103. Learn You a Haskell for Great Good!: A Beginner's Guide by Miran Lipovaca, ISBN-13: 978-1593272838
  104. Legion of the Damned by William C. Dietz
  105. Lethal Interface by Mel Odom
  106. Level 4: Virus Hunters of the CDC by Joseph B. McCormack, Susan Fischer-Hoch 
  107. Lights Out by Ted Koppel
  108. Little Brother by Cory Doctorow
  109. Lobbying and Policy Change: Who Wins, Who Loses, and Why by Frank R. Baumgartner
  110. Locked Down: Information Security For Lawyers by Sharon D. Nelson, David G. Ries, and John W. Simek
  111. Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code by Michael Ligh and Steven Adair 
  112. Man Plus by Frederick Pohl
  113. Managing the Insider Threat: No Dark Corners by Nick Catrantzos
  114. Mars Plus by Frederick Pohl
  115. Masters of Deception: The Gang That Ruled Cyberspace by Michele Slatalla and Joshua Quittner 
  116. McMafia: A Journey Through the Global Criminal Underworld by Misha Glenny
  117. Measuring and Managing Information Risk: A FAIR Approach by Jack Freund and Jack Jones
  118. Metasploit: The Penetration Testers Guide
  119. Modern Operating Systems: Global Edition by Andrew Tannbaum and Herbert Bos
  120. Mona Lisa Overdrive by William Gibson
  121. Navigating the Digital Age
  122. Network Forensics: tracking hacker through cyberspace by Sherri Davidoff and Jonathon Ham
  123. Network Security Assessment: Know Your Network by Chris McNab
  124. Neuromancer by William Gibson
  125. Newton's Telecom Dictionary: Telecommunications, Networking, Information Technologies, the Internet, Wired, Wireless, Satellites, and Fiber by Harry Newton
  126. No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State by Glenn Greenwald 
  127. Offensive Countermeasures: The Art of Active Defense by John Strand and Paul Asadoorian
  128. Out of the Inner Circle: The True Story of a Computer Intruder Capable of Cracking the Nation's Most Secure Computer Systems (Tempus) by Bill Landreth 
  129. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software by Michael Sikorski and Andrew Honig, ISBN-13: 978-1593272906 
  130. Predicting Malicious Behavior: Tools and Techniques for Ensuring Global Security by Daniel Jackson; Gary M. Jackson
  131. Privacy on the Line: The Politics of Wiretapping and Encryption by Whitfield Diffie, Susan Landau 
  132. Privacy Power: Protecting Your Personal Privacy in the Digital Age by Trent Sands 
  133. Python Essential Reference (4th Edition) by David M. Beazley, ISBN-13: 978-0672329784
  134. Python Forensics by Chet Hosmer
  135. Radio Monitoring: The How-To Guide by T.J. Arey 
  136. Ready Player One by Ernest Cline
  137. Reamde by Neal Stephenson
  138. Retrofitting Blade Runner: Issues in Ridley Scott's Blade Runner and Phillip K. Dick's Do Androids Dream of Electric Sheep?
  139. Reverse Deception: Organized Cyber Threat Counter-Exploitation by Sean Bodmer; Max Kilger; Gregory Carpenter; Jade Jones; Jeff Jones
  140. RFID: MIFARE and Contactless Cards in Application by Gerhard Schalk 
  141. Rise of the Machines by Thomas Rio
  142. Rtfm: Red Team Field Manual by Ben Clark, ISBN-13: 978-0321444424 
  143. Sams Teach Yourself Networking in 24 Hours by Uyless Black; Uyless D. Black; Joseph W. Habraken
  144. Scanner Modifications And Antennas by Jerry Pickard 
  145. Scanners And Secret Frequencies (Electronic Underground S) by Henry Eisenson 
  146. Schismatrix Plus (Complete Shapers-Mechanists Universe) by Bruce Sterling
  147. Secrets and Lies: Digital Security in a Networked World by Bruce Schneier
  148. Secrets of a Buccaneer-Scholar: How Self-Education and the Pursuit of Passion Can Lead to a Lifetime of Success by James Marcus Bach, ISBN-13: 978-1439109090
  149. Security Metrics: Replacing Fear Uncertainty and Doubt by Andrew Jaquith
  150. Selected Stories of Philip K. Dick by Phillip K. Dick
  151. Skunk Works: A Personal Memoir of My Years at Lockheed by Ben Rich 
  152. Smart Card Developer's Kit by Scott Guthery, Timothy Jurgensen 
  153. Smart Casino Gambling: How to Win More and Lose Less by Olaf Vancura 
  154. Smart Drugs II (Smart Drug Series, V. 2) by Ward Dean, John Morgenthaler, Steven Fowkes 
  155. Smashing the Stack for Fun and Profit by Aleph One
  156. Snow Crash by Neal Stephenson
  157. Social Engineering: The Art of Human Hacking by Christopher Hadnagy 
  158. Spam Nation by Brian Krebs
  159. Spy Catcher: The Candid Autobiography of a Senior Intelligence Officer by Peter Wright 
  160. Starship Troopers by Robert Heinlein
  161. Stealing the Network: The Complete Series Collector's Edition, Final Chapter, and DVD by Ryan Russel, Ido Dubrawsky, FX, Joe Grand, Tim Mullen, ASIN: B006NV2EGI
  162. Strategy: A History by Lawerence Freedman
  163. Takedown: The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw - By the Man Who Did It by John Markhoff and Tsutomu Shimomura 
  164. Tallinn Manual on the International Law Applicable to Cyber Warfare
  165. TCP/IP Illustrated, Volume 1: The Protocols (2nd Edition) (Addison-Wesley Professional Computing Series) by Kevin Fall and W. Richard Stevens, ISBN-13: 978-0321336316
  166. The Age of the Unthinkable: Why the New World Disorder Constantly Surprises Us And What We Can Do About It by Joshua Cooper Ramo
  167. The Art of Computer Virus Research and Defense by Peter Szor
  168. The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers by Kevin Mitnick 
  169. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities by Mark Dowd, John McDonald, Justin Schuh ISBN-13: 978-0321444424 
  170. The Basics of Hacking and Penetration Testing, Second Edition: Ethical Hacking and Penetration Testing Made Easy by Patrick Engebretson, ISBN-13: 978-0124116443 
  171. The Blue Nowhere by Jeffery Deaver
  172. The CERT Guide to Insider Threats: How to Prevent, Detect, & Respond to Information Technology Crimes by Dawn M. Cappelli; Andrew P. Moore; Randall F. Trzeciak
  173. The Code Book by Simon Singh
  174. The Cuckoo's Egg:Tracking a Spy through the Maze of Computer Espionage by Cliff Stoll
  175. The Cybersecurity Dilemma by Ben Buchanan
  176. The Cyberthief and the Samurai by Jeff Goodell 
  177. The Defense of Hill 781: An Allegory of Modern Mechanized Combat by James R. McDonough; John R. Galvin (Foreword by)
  178. The Dictator's Handbook: Why Bad Behavior is Almost Always Good Politics by Bruce Bueno de Mesquita
  179. The Difference Engine by William Gibson
  180. The Failure of Risk Management: Why It's Broken and How to Fix It by Douglas W. Hubbard
  181. The Fall of Colossus by D.F. Jones
  182. The FBI: Inside the World's Most Powerful Law Enforcement Agency by Ronald Kessler 
  183. The Florentine Deception by Carey Nachenberg
  184. The Forever War by Joe Haldeman
  185. The Fugitive Game: Online with Kevin Mitnick by Jonathan Littman 
  186. The Girl With The Dragon Tattoo by Stieg larsen
  187. The Grey Line: Modern Corporate Espionage and Counterintelligence by Andrew Brown
  188. The Hacker Crackdown: Law And Disorder On The Electronic Frontier by Bruce Sterling 
  189. The Hacker Playbook: Practical Guide To Penetration Testing by Peter Kim (or The Hacker Playbook 2)
  190. The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler
  191. The Illusion of Due Diligence: Notes from the CISO Underground
  192. The Inevitable: Understanding the 12 Technological Forces That Will Shape Our Future by K. Kelly
  193. The Innovator's Dilemma: The Revolutionary Book that Will Change the Way You Do Business by Clayton M. Christensen
  194. The Innovators: How a Group of Hackers, Geniuses and Geeks Created the Digital Revolution by W. Isaacson
  195. The Lean Startup by Eric Ries
  196. The Mossad: Israel's Secret Intelligence Service: Inside Stories by Dennis Eisenberg 
  197. The Phoenix Project by Gene Kim, Kevin Behr, and George Spafford
  198. The Practice of Network Security Monitoring
  199. The Psychology of Information Security by Leron Zinatulin
  200. The Puzzle Palace: Inside the National Security Agency, America's Most Secret Intelligence Organization by James Bamford 
  201. The Red Web: The struggle between Russia's digital dictators and the new online revolutionaries by Andrei Soldatov and Irina Borogan
  202. The Seventh Sense by Joshua Cooper Rand
  203. The Shadow Factory: The NSA from 9/11 to the Eavesdropping on America by James Bamford
  204. The Shellcoders Handbook:  Discovering and Exploiting Security Holes by Chris Anley, John Heasman, Felix Linder, Geraldo Richarte
  205. The Singularity Is Near: When Humans Transcend Biology by Ray Kurzweil
  206. The spy catcher trial: The scandal behind the #1 best seller by Malcolm Turnbull 
  207. The Starfish and the Spider: The Unstoppable Power of Leaderless Organizations by Ori Brafman
  208. The Tangled Web: A Guide to Securing Modern Web Applications by Michael Zalewski, ISBN-13: 978-1593273880
  209. The Ultimate Scanner: Cheek 3 by Bill Cheek 
  210. The Underground Database (The Electronic Underground, Vol 1) 
  211. The VALIS Trilogy by Phillip K. Dick
  212. The Watchman: The Twisted Life and Crimes of Serial Hacker Kevin Poulsen by Jonathan Littman 
  213. The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws by David Stuttard and Marcus Pinto
  214. Theory of Games and Economic Behavior by Oskar Morgenstern and Ariel Rubinstein
  215. There Will Be Cyberwar by Richard Stiennon
  216. Threat Modelling: Designing For Security by Adam Shostack
  217. Trojan Horse by Mark Russinovich
  218. True Names...and Other Dangers by Vernor Vinge
  219. True Names: And the Opening of the Cyberspace Frontier by Vernor Vinge
  220. Universal Scams and Fraud Detection by David Snow
  221. Unmasking the Social Engineer by Christopher Hadnagy
  222. Unrestricted Warfare: China's Master Plan to Destroy America by Qiao Liang
  223. US House Committee on Oversight and Government Reform Report on the Equifax Data Breach
  224. Virtual Light by William Gibson
  225. War by Other Means: Economic Espionage in America by John J. Fialka 
  226. We are Anonymous by Parmy Olsen
  227. When Sysadmins Ruled the Earth by Cory Doctrow
  228. Where Wizards Stay Up Late: The Origins Of The Internet by Katie Hafner 
  229. Windows Internals Part 1 by Mark Russinovich
  230. Winning as a CISO by Rich Baich
  231. Wired for War by P. W. Singer
  232. Wiring Up The Big Brother Machine…And Fighting It by Mark Klein
  233. Worm by Mark Bowden
  234. Zero Day by Mark Russinovich
  235. Zodiac( The Eco-Thriller) by Neal Stephenson
This list was compiled from the professional reading lists of JSOC, US Army, USAF, USN, USMC, DHS, The Small Wars, DefCon and Dark Reading


Monday, February 04, 2019

Stupid Thing I Have Heard Lately

Radio yesterday (Meet the Press, I think) political analyst discussing Howard Schultz, "He is a billionaire with experience and huge negatives.  Hew has no path to the White House" or words very close to that.  I was amazed no one laughed at him and said, "Oh, you mean he is another Trump?"

Thursday, January 31, 2019

Organizational Dysfunction costs a company $10,000,000 in sttlement with NERC for CIP violations

Woke up this morning and found this in my mailbox: "$10,000,000 Settlement Agreement for NERC CIP Violations" from the SANS ICS forums

The short story here is that the company appears to have had a completely dysfunctional security culture / organization  This dysfunction lead to a 127 separate violations of CIP standards in every area except Incident Reporting and Response.  Settlement cost the company $10,000,000. 

It was basically a shitshow (at least in my first reading of the report).  Anyway it's interesting reading if you work in security.

Report here

Monday, January 28, 2019

Breaking and Entering: The Extraordinary Story of a Hacker Called "Alien"

written by Jeremy Smith, this book is a kind of third person memoir following the life and career of a young woman from entering MIT to eventually founding her own pentest company. 

The story is interesting enough to keep you engaged despite long periods of excruciating detail and outfits, college dorm room dinners (veggie burritos) etc.  I think that detail is added to a) pad out the book length a bit, and  b) help convince you that the story is true, since the author changed names and details - for protection.  It makes it a little hard to judge veracity at times.

Overall the book is a somewhat interesting read on the career path of an infosec / cybersecurity professional but not super exciting.  I recommend it if you are interested in the field but not for general consumption.

Sunday, January 20, 2019

Bad Blood - Secrets and Lies in a Silicon Valley Startup

My week three book has been Bad Blood: Secrets and Lies in a Silicon Valley Startup, which covers the rise and fall of Elizabeth Holmes and Theranos from 2003 to 2018. 

For those not aware Theranos, which was founded by Holmes, purported to be revolutionizing clinical laboratory diagnosis.  A claim which turned out to be all smoke and mirrors. 

The book starts kind of slowly but quickly picks up as Holmes (in my unprofessional opinion) psychopathy becomes apparent very early.  On TV this might make a good sitcom, if framed correctly, especially when you consider all the high powered financiers and politicians she hoodwinked.  As a true crime story it just makes you shake your head and wonder what the hell is going on in this country.

Highly recommended.

Sunday, January 13, 2019

Aurora Generator Tests - INL

I am planning on attending the Dragos ICS training class this year and so I have been going through their recommended reading list.  One of the items on that list is the test footage from Idaho National Labs Aurora Generator Tests, in which the INL showed that a cyber attack could cause physical damage to an installation.





It's only just over a minute long and doesn't show a lot, but this is the beginning of Stuxnet.

Tuesday, January 01, 2019

Report on the 2017 Equifax Breach

The House Oversight Committee released a report on the 2017 Equifax Data Breach a couple weeks ago.  I just got around to reading it and it is pretty scathing, although couched in governmentese.  I highly recommend reading it no matter who you are, and if you work in the Information / Cyber Security field it should be mandatory that you read it.

Link

2019 Resolutions

1.  I didn't get to Dubai in 2018 so I am going to put that on the list again for 2019
2.  Read at least one (1) book per week.  Fiction / Non-Fiction doesn't matter.  At least 5 must be books I wouldn't ordinarily read.
3.  Read at least one (1) SANS whitepaper per week
4.  Pass CISM exam in May.
5.  Pass CISA exam by September.
6.  Rebuild my Bug Out Bag (for earthquake preparedness not because I expect a government downfall or something)
7.  Blog at least once per week.

Cybersecurity Reading List

@War: The Rise of the Military Internet Complex by Shane Harris 1984 by George Orwell 3D Printing will Rock the World by John Hornick A...