Saturday, October 12, 2019

Reading up on the China Threat

I just finished "America the Vulnerable: Inside the New Threat Matrix of Digital Espionage, Crime, and Warfare" and "The Hundred-Year Marathon: China's Secret Strategy to Replace America as the Global Superpower"  both were interesting but tended to the alarmist I think.  I agree with their basic premise, that China (and others) is in the process of challenging America's pre-eminence on the world stage, and I believe that if they succeed that it will be bad for the world.  The authors' tone however makes it sound like this is a done deal, inevitable and irreversible.  I don't agree with that.  Next up on the list is "Unrestricted Warfare: China's Master Plan to Destroy America"

In case you are wondering two of these three books appear on military cyber warfare reading lists:

https://docs.google.com/spreadsheets/d/12z7_8fUwSejPVd6bIosD405mhpLLM_DnTdcIiiKWpqw/edit#gid=2079030996

Sunday, September 22, 2019

SANS ICS 612 Review Part 2

This covers the second half of the ICS 612 course.  On Morning 4 we picked up with the reaminder of the day 3 material, so basically more architecture and networking solutions.  We did some work with a data historian and explored remote access a bit more. 

After completing that material we moved right into System Management.  This was pretty tools centric with some time spent on the ELK stack then on pushing that data into Integrity (formerly Sophia).  We also spent time using Cyberlens and the Dragos suite as well as Indegy.  The day closed out with discussions of ICS change management and ICS patch management.

Day 5 was a blast, the instructors borked our setups and we had to troubleshoot the issues and restore fuctionality.  That was the first half of the morning.  Then we did a CTF until lunch which was fairly challenging, but not exceptionally so. (I placed 4th out of 20 and I am a moron so...).  Thae afternoon was spent providing feedback on the course and grinding coffee, which was the simulated business.

Overall this course was really good, of course most SANS Training is.  Everything went far smoother than I expected for a beta course.   I highly recommend this course, especially if you can couple it with some of the training from Threatgen which covers some of the areas like risk assessment that this course, as a mainly hands-on offering doesn't really delve into.

Friday, September 20, 2019

SANS ICS 612 Review Part 1

SANS Institute recently introduced a new class in their ICS Track; ICS 612:  ICS Cybersecurity In-Depth.  In the SANS world this, as a 600 level class would be an upper level Masters course.  The course was developed by Tim Conway, Jeff Shearer, Jason Dely, and Chris Robinson.  Tim, Jeff, and Jason are actually instructing.

So far the class has been excellent.  It covers a wide variety of subjects in a logical sequence with days broken down, (so far), into Local Process: which deals mainly with local interaction with the PLC and other lower level equipment, System of System: which deals with pulling the local processes up into more distributed systems, and ICS Network Infrastructure: covering network equipment, segmentation and monitoring (we are only about half through this module),  Everything has a lot of  hands on using a student kit tied into a pod shared by two students.


Some of the topics being covered are:

PLC programming
Secure Architecture
Process and Data Flow
Remote Access

My only criticisms are the timing on the labs aren't quite right, but it's a beta course so that will get worked out, and I like case studies and so far there is only one.

I will finish this review after the course ends tomorrow night but so far I highly recommend it.

Tuesday, September 10, 2019

Cybersecurity Reading List

I have been building this list for quite awhile, and it's up to 200 books and papers now.  The source material is a Dragos suggested reading list, professional reading lists from the various armed services, the University of North Georgia, Defcon Reading List, and the Cybersecurity Canon.


  1. @War by Shane Harris
  2. 1984 by George Orwell
  3. 3D Printing Will Rock the World by John Hornick
  4. A Century of Spies: Intelligence in the Twentieth Century by Jeffrey T. Richelson 
  5. A Fierce Domain: Conflict in Cyberspace 1986 to 2012 by Heasley
  6. A Man Called Intrepid: The Secret War by William Stevenson 
  7. A Scanner Darkly by Phillip K. Dick
  8. Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization by Eric Cole
  9. America the Vulnerable by Joel Brenner
  10. An Abbreviated History of Automation & Industrial Controls Systems and Cybersecurity by Hayden, Assante and Conway (paper)
  11. Approaching Zero: The Extraordinary Underworld of Hackers, Phreakers, Virus Writers, and Keyboard Criminals by Paul Mungo and Bryan Clough 
  12. At Large: The Strange Case of the World's Biggest Internet Invasion by David Freedman and Charles Mann 
  13. Bodyguard by William C. Dietz
  14. Brave New World by Aldous Huxley
  15. Brave New World Revisited by Aldous Huxley
  16. Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications by Ivan Ristic, ISBN-13: 978-1907117046
  17. Burning Chrome by William Gibson
  18. Che Guevara and the FBI: U.S. Political Police Dossier on the Latin American Revolutionary by Michael Ratner 
  19. Colossus And Crab by D.F. Jones
  20. Colossus by D.F. Jones
  21. Colossus the Forbin Project by D.F. Jones
  22. Colossus Triology: Colossus, The Fall of Colossus and Colossus and the Crab by D.F. Jones
  23. Competitive Intelligence : How to Gather, Analyze, and Use Information to Move Your Business to the Top by Larry Kahaner 
  24. Compilers: Principles, Techniques, and Tools by Alfred V. Aho, Monica S. Lam, Ravi Sethi, Jeffrey D. Ullman ISBN-13: 978-0201100884
  25. Computer Networks (5th Edition) by Andrew S. Tennebaum, ISBN-13: 978-0132126953 
  26. Corporate Espionage: What It Is, Why It's Happening in Your Company, What You Must Do About It by Ira Winkler 
  27. Count Zero by William Gibson
  28. Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon by Kim Zetter 
  29. Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses by Ed Skoudis; Tom Liston
  30. Counterstrike: The Untold Story of America's Secret Campaign Against Al Qaeda by Eric Schmitt
  31. Cracking the Coding Interview: 150 Programming Questions and Solutions by Gayle Laakmann McDowell, ISBN-13: 978-0984782802
  32. Credit Power!: Rebuild Your Credit in 90 Days or Less by John Q. Newman 
  33. Crypto by Steven Levy
  34. Cryptonomicon by Neal Stephenson
  35. Cyber Adversary Characterization: Auditing the Hacker Mind by Tom Parker; Marcus H. Sachs; Eric Shaw; Ed Stroz; Matthew G. Devost Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats by Will Gragido; John Pirc
  36. Cyber War: The Next Threat to National Security and What To Do About It by Richard A. Clarke; Robert Knake
  37. Cyberpower and National Security by Franklin D. Kramer (Editor); Stuart H. Starr (Editor); Larry Wentz (Editor)
  38. Cyberpunk: Outlaws and Hackers on the Computer Frontier by Katie Hafner and John Markhoff 
  39. Cybersecurity and Cyberwar: What Everyone Needs to Know by P.W. Singer
  40. Cyber Security Assessments of ICS: A Good Practice Guide by DHS CPNI (Paper)
  41. Dark Territory: The Secret History of Cyber War by Fred Kaplan
  42. Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World by Bruce Schneier
  43. Defeating Adversary Network Intelligence Efforts with Active Cyber Defense Techniques by Keith A. Repik
  44. Delivering on Digital: The Innovators and Technologies That are Transforming Government
  45. Design and Analysis of Knowledge-Base Centric Insider Threat Models by Qutaibah Althebyan
  46. Diamond Age by Neal Stephenson
  47. Diamond Model of intrusion analysis by Caltagirone, Pendergast, and Betz (paper)
  48. Do Androids Dream of Electric Sheep by Phillip K. Dick
  49. Double Loop Learning in Organizations by Argyris (paper)
  50. Electric Power System Basics:  For the Nontechnical Professional
  51. Embedded Device Vulnerability Analysis by Oliver and O’Meara (Paper)
  52. Ender's Game by Orson Scott Card
  53. Exponential Organizations: Why new organizations are ten times better, faster, and cheaper than yours (and what to do about it) by Salim Ismail
  54. Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet by Joseph Menn
  55. Friendly Spies: How America's Allies Are Using Economic Espionage to Steal Our Secrets by Peter Schweizer 
  56. Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It by Marc Goodman
  57. Future Noir: The Making of Blade Runner
  58. Generating Hypothesis for Successful Threat Hunting by Lee, Bianco (Paper)
  59. Ghost Fleet by P. W. Singer; August Cole
  60. Ghost in the Wires by Kevin Mitnick; William L. Simon (As told to); Steve Wozniak (Foreword by)
  61. Glass Houses:  Privacy, Secrecy, and Cyber Insecurity in a Transparent World by Joel Brenner
  62. Guidelines for Planning an Integrated Security Operations Center, EPRI (paper)
  63. Hackers: Heroes of the Computer Revolution by Steven Levy
  64. Hacking Exposed:  Industrial Control Systems by Bodungen, Singer, Shbeeb, Hilt and Wilbit
  65. Hacking Exposed 7: Network Security Secrets and Solutions by Stuart McClure; George Kurtz; Joel Scambray
  66. Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions by Slava Gomzin 
  67. Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson, ISBN-13: 978-1593271442 , available in paperback
  68. Heavy Weather by Bruce Sterling
  69. How to Investigate Your Friends, Enemies, and Lovers by Trent Sands, John Q. Newman 
  70. How to Measure Anything in Cybbersecurity Risk by Douglas Hubbard and Richard Seiersen
  71. Hunting with Rigor: Quantifying the Breadth, Depth and Threat Intelligence Coverage of a Threat Hunt in Industrial Control System Environments By Gunter (paper)
  72. I, Robot by Issac Asimov
  73. Idoru by William Gibson
  74. In the Beginning...was the Command Line by Neal Stephenson
  75. Industrial Automation and Process Control Security: SCADA, DCS, PLC, HMI, and SIS by Tyson Macaulay; Bryan L. Singer
  76. Industrial Control Threat Intelligence by Caltagirone (paper)
  77. Industrial Network Security by Knapp and Langill
  78. Information Warfare: Chaos on the Electronic Superhighway by Winn Schwartau 
  79. Inside CIA's Private World: Declassified Articles from the Agency`s Internal Journal, 1955-1992 by H. Bradford Westerfield 
  80. Inside Cyber Warfare: Mapping the Cyber Underworld by Jeffrey Carr
  81. Inside the CIA: Revealing the Secrets of the World's Most Powerful Spy Agency by Ronald Kessler 
  82. Insights into Building an Industrial Control System Security Operations Center, Dragos (paper)
  83. Interface by Neal Stephenson
  84. Islands in the Net by Bruce Sterling
  85. Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen 
  86. Leadership BS: Fixing Workplaces and Careers One Truth at a Time by Jeffery Pfeiffer
  87. Learn You a Haskell for Great Good!: A Beginner's Guide by Miran Lipovaca, ISBN-13: 978-1593272838
  88. Learning RSLogix 5000 programming by Scott
  89. Legion of the Damned by William C. Dietz
  90. Lethal Interface by Mel Odom
  91. Level 4: Virus Hunters of the CDC by Joseph B. McCormack, Susan Fischer-Hoch 
  92. Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath by Ted Koppel
  93. Little Brother by Cory Doctorow
  94. Lobbying and Policy Change: Who Wins, Who Loses, and Why by Frank R. Baumgartner
  95. Man Plus by Frederick Pohl
  96. Managing the Insider Threat: No Dark Corners by Nick Catrantzos
  97. Mars Plus by Frederick Pohl
  98. Masters of Deception: The Gang That Ruled Cyberspace by Michele Slatalla and Joshua Quittner 
  99. Measuring and Managing Information Risk: A FAIR Approach by Jack Freund and Jack Jones
  100. Metasploit: The Penetration Testers Guide by David Kennedy, Jim O'Gorman, Devon Kearns, and Mati Ahorni
  101. Mona Lisa Overdrive by William Gibson
  102. Neuromancer by William Gibson
  103. Newton's Telecom Dictionary: Telecommunications, Networking, Information Technologies, the Internet, Wired, Wireless, Satellites, and Fiber by Harry Newton
  104. No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State by Glenn Greenwald 
  105. Our Robots, Ourselves: Robotics and the Myth of Autonomy by David Mindell
  106. Out of the Inner Circle: The True Story of a Computer Intruder Capable of Cracking the Nation's Most Secure Computer Systems (Tempus) by Bill Landreth 
  107. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software by Michael Sikorski and Andrew Honig, ISBN-13: 978-1593272906 
  108. Predicting Malicious Behavior: Tools and Techniques for Ensuring Global Security by Daniel Jackson; Gary M. Jackson
  109. Privacy on the Line: The Politics of Wiretapping and Encryption by Whitfield Diffie, Susan Landau 
  110. Privacy Power: Protecting Your Personal Privacy in the Digital Age by Trent Sands 
  111. Python Essential Reference (4th Edition) by David M. Beazley, ISBN-13: 978-0672329784
  112. Radio Monitoring: The How-To Guide by T.J. Arey 
  113. Retrofitting Blade Runner: Issues in Ridley Scott's Blade Runner and Phillip K. Dick's Do Androids Dream of Electric Sheep?
  114. Reverse Deception: Organized Cyber Threat Counter-Exploitation by Sean Bodmer; Max Kilger; Gregory Carpenter; Jade Jones; Jeff Jones
  115. RFID: MIFARE and Contactless Cards in Application by Gerhard Schalk 
  116. Rtfm: Red Team Field Manual by Ben Clark, ISBN-13: 978-0321444424 
  117. Sams Teach Yourself Networking in 24 Hours by Uyless Black; Uyless D. Black; Joseph W. Habraken
  118. Scanner Modifications And Antennas by Jerry Pickard 
  119. Scanners And Secret Frequencies (Electronic Underground S) by Henry Eisenson 
  120. Schismatrix Plus (Complete Shapers-Mechanists Universe) by Bruce Sterling
  121. Science, Strategu and War by Osinga
  122. Secrets and Lies: Digital Security in a Networked World by Bruce Schneier
  123. Secure Architecture for Industrial Control Systems by Obregon
  124. Secrets of a Buccaneer-Scholar: How Self-Education and the Pursuit of Passion Can Lead to a Lifetime of Success by James Marcus Bach, ISBN-13: 978-1439109090
  125. Selected Stories of Philip K. Dick by Phillip K. Dick
  126. Site Reliability Engineering by Betsy Beyer, Chris Jones, Jennifer Petoff and Niall Murphy
  127. Skunk Works: A Personal Memoir of My Years at Lockheed by Ben Rich 
  128. Smart Card Developer's Kit by Scott Guthery, Timothy Jurgensen 
  129. Snow Crash by Neal Stephenson
  130. Social Engineering: The Art of Human Hacking by Christopher Hadnagy 
  131. Society and the Internet: How Networks of Information and Communication are Changing Our Lives by Mark Graham, William H. Dutton, and Manuel Castells
  132. Spam nation by Brian Krebs
  133. Spy Catcher: The Candid Autobiography of a Senior Intelligence Officer by Peter Wright 
  134. Starship Troopers by Robert Heinlein
  135. Stealing the Network: The Complete Series Collector's Edition, Final Chapter, and DVD by Ryan Russel, Ido Dubrawsky, FX, Joe Grand, Tim Mullen, ASIN: B006NV2EGI
  136. Strategy: A History by Lawerence Freedman
  137. Takedown: The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw - By the Man Who Did It by John Markhoff and Tsutomu Shimomura 
  138. Tallinn Manual on the International Law Applicable to Cyber Warfare
  139. Tao of Network Security Monitoring by Bejtlich
  140. TCP/IP Illustrated, Volume 1: The Protocols (2nd Edition) (Addison-Wesley Professional Computing Series) by Kevin Fall and W. Richard Stevens, ISBN-13: 978-0321336316
  141. Technicians Guide to Programmable Controllers by Borden and Cox
  142. The Age of the Unthinkable: Why the New World Disorder Constantly Surprises Us And What We Can Do About It by Joshua Cooper Ramo
  143. The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers by Kevin Mitnick 
  144. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities by Mark Dowd, John McDonald, Justin Schuh ISBN-13: 978-0321444424 
  145. The Basics of Hacking and Penetration Testing, Second Edition: Ethical Hacking and Penetration Testing Made Easy by Patrick Engebretson, ISBN-13: 978-0124116443 
  146. The CERT Guide to Insider Threats: How to Prevent, Detect, & Respond to Information Technology Crimes by Dawn M. Cappelli; Andrew P. Moore; Randall F. Trzeciak
  147. The Checlist Manifesto by Gawande
  148. The Circle by Dave Eggers
  149. The Cuckoo's Egg:Tracking a Spy through the Maze of Computer Espionage by Cliff Stoll
  150. The Cyberthief and the Samurai by Jeff Goodell 
  151. The Defense of Hill 781: An Allegory of Modern Mechanized Combat by James R. McDonough; John R. Galvin (Foreword by)
  152. The Dictator's Handbook: Why Bad Behavior is Almost Always Good Politics by Bruce Bueno de Mesquita
  153. The Difference Engine by William Gibson
  154. The Failure of Risk Management: Why It's Broken and How to Fix It by Douglas W. Hubbard
  155. The Fall of Colossus by D.F. Jones
  156. The FBI: Inside the World's Most Powerful Law Enforcement Agency by Ronald Kessler 
  157. The Four Types of Threat Detection by Caltagirone and Lee (paper)
  158. The Forever War by Joe Haldeman
  159. The Fugitive Game: Online with Kevin Mitnick by Jonathan Littman 
  160. The Future of Power by Joseph S. Nye
  161. The Grey Line: Modern Corporate Espionage and Counterintelligence by Andrew Brown
  162. The Hacker Crackdown: Law And Disorder On The Electronic Frontier by Bruce Sterling 
  163. The Hacker Playbook: Practical Guide To Penetration Testing by Peter Kim, ASIN: B00N4FG6TW
  164. The Industrial Control System Cyber Kill Chain (paper)
  165. The Innovator's Dilemma: The Revolutionary Book that Will Change the Way You Do Business by Clayton M. Christensen
  166. The Instigators: How a Small Band of Digtal Activists Risked Their Lives and Helped Bring Down the Government of Egypt by David Wolman
  167. The Lean Startup by Eric Ries
  168. The Mossad: Israel's Secret Intelligence Service: Inside Stories by Dennis Eisenberg 
  169. The Net Delusion: The Dark Side of Internet Freedom by Evgeny Morozov
  170. The Phoenix Project by Gene Kim, Kevin Behr, and George Spafford
  171. The Puzzle Palace: Inside the National Security Agency, America's Most Secret Intelligence Organization by James Bamford 
  172. The Red Web: The Struggle Between Russia's Digital Dictators and the New Online Revolutionaries by Andrei Soldatov, Irina Borogan
  173. The Seventh Sense: Power, Fortune and Survival in the Age of Networks
  174. The Shadow Factory: The NSA from 9/11 to the Eavesdropping on America by James Bamford
  175. The Singularity Is Near: When Humans Transcend Biology by Ray Kurzweil
  176. The spy catcher trial: The scandal behind the #1 best seller by Malcolm Turnbull 
  177. The Starfish and the Spider: The Unstoppable Power of Leaderless Organizations by Ori Brafman
  178. The Tangled Web: A Guide to Securing Modern Web Applications by Michael Zalewski, ISBN-13: 978-1593273880
  179. The Ultimate Scanner: Cheek 3 by Bill Cheek 
  180. The Underground Database (The Electronic Underground, Vol 1) 
  181. The VALIS Trilogy by Phillip K. Dick
  182. The Watchman: The Twisted Life and Crimes of Serial Hacker Kevin Poulsen by Jonathan Littman 
  183. Thinking Fast and Slow by Kahneman
  184. True Names...and Other Dangers by Vernor Vinge
  185. True Names: And the Opening of the Cyberspace Frontier by Vernor Vinge
  186. Unmasking the Social Engineer by Christopher Hadnagy
  187. Unrestricted Warfare: China's Master Plan to Destroy America by Qiao Liang
  188. Virtual Light by William Gibson
  189. War by Other Means: Economic Espionage in America by John J. Fialka 
  190. We are Anonymous by Parmly Olsen
  191. When Sysadmins Ruled the Earth by Cory Doctrow
  192. Where Wizards Stay Up Late: The Origins Of The Internet by Katie Hafner 
  193. Windows Internals, Part 1 by Mark Russinovich, Alex Ionescu, and David Solomon
  194. Window Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry (2nd Edition) by Harlan Carvey 
  195. Winning as a CISO by Rich Baich
  196. Wired for War by P. W. Singer
  197. Worm by Mark Bowden
  198. Zero Day by Mark Russinovich
  199. Zodiac( The Eco-Thriller) by Neal Stephenson

Tuesday, May 21, 2019

Review - Dragos Assessing, Hunting and Monitoring of Industrial Control System Networks

Disclosure - I work for a company which subscribes to Dragos services so I got the corporate rate.

Last week I attended Dragos's Assessing, Hunting, and Monitoring of Industrial Control System Networks.  I didn't really have a need to attended this course having previously attended all three courses in the SANS ICS track, but I had to take some vacation and I had bonus money to spend so I packed up and flew my butt to Baltimore.  I arrived on the 13th and left on the 18th.

OK, overall I enjoyed the course.  Especially the first 2.5 days, which covered ICS basics and Assessing ICS networks.  This is the core of my work so it held the most interest for me.  This course had one of the best explanations of the Purdue model I have encountered and a really good explanation of what ICS systems are and how they work.  The exercises with the PLC were good, especially since we used actual Phoenix Contact PLCs, which most classes don't do.  The discussion of ICS protocols was a little rushed but I did learn a couple things so I can't complain much.

Assessment of ICS networks started on day two and the discussion of architectural review was excellent.  Here is my first work of warning - If you attend this class brush up on Wireshark and and reading .pcaps. I have used Wireshark off and on for years but it's not something I do on a routine basis so I was out of practice.  This is a major part of the class going forward and it is introduced here.  Be proficient in order to really get the most out of the class.

Threat Hunting started the second half of day three and honestly I felt like drug on forever.  The material was good / useful but there was so much and the pacing just felt off to me.  Some of that is my fault too though as this was the day the jetlag hit and I just couldn't stay focused and awake for the last two hours of the day.  Again tools are introduced and you would be well advised to be familiar at least with Bro / Zeek and the ELK stack.  Cyberlens is covered in this module and that was pretty fun and I have some uses for that tool at work that I can now pursue since it is freely distributed now.

Monitoring was the last module.  It continued with the .pcap. bro/zeek, etc. exercises.  This module also introduced the Dragos tool.  Honestly that was the least useful section to me as it's not a tool I use or will be using, but if you re using it at work it will be a good exercise. 

Like I said overall the course was good and I enjoyed it, but I would have enjoyed it more if I had refreshed my Wireshark and Bro skills.  Don't take what I have said as real criticisms of the class but more as suggestions on how to get the most benefit.

Let me also say that the people at the Dragos office were all exceptionally nice and they feed you pretty well. 


Thursday, March 28, 2019

Cybersecurity Reading List


  1. @War: The Rise of the Military Internet Complex by Shane Harris
  2. 1984 by George Orwell
  3. 3D Printing will Rock the World by John Hornick
  4. A Century of Spies: Intelligence in the Twentieth Century by Jeffrey T. Richelson 
  5. A Man Called Intrepid: The Secret War by William Stevenson 
  6. A Scanner Darkly by Phillip K. Dick
  7. Advanced Persistent Security: A Cyberwarfare Approach to Implementing Adaptive Enterprise Protection, Detection, and Reaction Strategies by Ira Winkler and Araceli Treu Gomes
  8. Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization by Tyler Wrightson
  9. Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization by Eric Cole
  10. Against the Gods: The Remarkable Story of Risk by Peter L Bernstein
  11. America the Vulnerable by Joel Brenner
  12. American Spies by Jennifer Stissa Grannick
  13. Applied Cryptography: Protocols, Algorithms, and Source Code in C by Bruce Schneier
  14. Approaching Zero: The Extraordinary Underworld of Hackers, Phreakers, Virus Writers, and Keyboard Criminals by Paul Mungo and Bryan Clough 
  15. Artificial Intelligence: A Modern Approach by Stuart J. Russell and Peter Norvig
  16. At Large: The Strange Case of the World's Biggest Internet Invasion by David Freedman and Charles Mann 
  17. Blackout by Marc Elsberg
  18. Bodyguard by William C. Dietz
  19. Brave New World by Aldous Huxley
  20. Brave New World Revisited by Aldous Huxley
  21. Breaking and Entering: The extraordinary story of a hacker named "Alien" by Jeremy N. Smith
  22. Breakpoint by Richard A. Clarke
  23. Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications by Ivan Ristic, ISBN-13: 978-1907117046
  24. Burning Chrome by William Gibson
  25. Che Guevara and the FBI: U.S. Political Police Dossier on the Latin American Revolutionary by Michael Ratner 
  26. Cheating at Blackjack Squared: The Dark Side of Gambling by Dustin D. Marks 
  27. Code of The Cynga Volume 1 by Chase Cunningham, Heather Dahl and Shirow Di Rosso (Illustrator)
  28. Code of the Cynga Volume 2 by Chase Cunningham, Heather Dahl and Shirow Di Rosso (Illustrator)
  29. Colossus And Crab by D.F. Jones
  30. Colossus by D.F. Jones
  31. Colossus the Forbin Project by D.F. Jones
  32. Colossus Triology: Colossus, The Fall of Colossus and Colossus and the Crab by D.F. Jones
  33. Competitive Intelligence : How to Gather, Analyze, and Use Information to Move Your Business to the Top by Larry Kahaner 
  34. Compilers: Principles, Techniques, and Tools by Alfred V. Aho, Monica S. Lam, Ravi Sethi, Jeffrey D. Ullman ISBN-13: 978-0201100884
  35. Computer Networks (5th Edition) by Andrew S. Tennebaum, ISBN-13: 978-0132126953 
  36. Confront and Conceal by David E. Sanger
  37. Corporate Espionage: What It Is, Why It's Happening in Your Company, What You Must Do About It by Ira Winkler 
  38. Count Zero by William Gibson
  39. Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon by Kim Zetter 
  40. Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses by Ed Skoudis; Tom Liston
  41. Counterstrike: The Untold Story of America's Secret Campaign Against Al Qaeda by Eric Schmitt
  42. Crack99: The Takedown of a $100 Million Chinese Software Pirate
  43. Cracking the Coding Interview: 150 Programming Questions and Solutions by Gayle Laakmann McDowell, ISBN-13: 978-0984782802
  44. Credit Power!: Rebuild Your Credit in 90 Days or Less by John Q. Newman 
  45. Crypto by Steven Levy
  46. Cryptonomicon by Neal Stephenson
  47. Cyber Adversary Characterization: Auditing the Hacker Mind by Tom Parker; Marcus H. Sachs; Eric Shaw; Ed Stroz; Matthew G. Devost Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats by Will Gragido; John Pirc
  48. Cyber Operations and the Use of Force in International Law by Marco Roscini
  49. Cyber War: The Next Threat to National Security and What To Do About It by Richard A. Clarke; Robert Knake
  50. Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners  by Jason Andress and Steve Winterfeld
  51. Cyberdeterrence and Cyberwar by Martin C. Lubicki
  52. Cyberpower and National Security by Franklin D. Kramer (Editor); Stuart H. Starr (Editor); Larry Wentz (Editor)
  53. Cyberpunk: Outlaws and Hackers on the Computer Frontier by Katie Hafner and John Markhoff 
  54. Cybersecurity and Cyberwar: What Everyone Needs to Know by P.W. Singer
  55. Cybersecurity for Business Executives by NTT
  56. Cybersecurity Leadership by Mansur Hasib
  57. Cyberspace And The State by David J. Betz and Tim Stevens
  58. Cyberspace in Peace and War by Martin C. Libicki
  59. Daemon by Daniel Suarez
  60. Dark Territory:  The Secret History of Cyber War by Fred Kaplan
  61. Dark Times in the City by Gene Kerrigan
  62. DarkMarket: How Hackers Became the New Mafia by Misha Glenny
  63. Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World by Bruce Schneier
  64. Defeating Adversary Network Intelligence Efforts with Active Cyber Defense Techniques by Keith A. Repik
  65. Design and Analysis of Knowledge-Base Centric Insider Threat Models by Qutaibah Althebyan
  66. Diamond Age by Neal Stephenson
  67. Do Androids Dream of Electric Sheep by Phillip K. Dick
  68. Dragnet Nation by Julia Angwin
  69. Ender's Game by Orson Scott Card
  70. Exploding the Phone by Phil Lapsley
  71. Exponential Organizations: Why new organizations are ten times better, faster, and cheaper than yours (and what to do about it) by Salim Ismail
  72. Fallout: The True Story of the CIA's Secret War on Nuclear Trafficing by Catherine Collins and Douglas Frantz
  73. Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet by Joseph Menn
  74. Freedom by Daniel Suarez
  75. Friendly Spies: How America's Allies Are Using Economic Espionage to Steal Our Secrets by Peter Schweizer 
  76. Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It by Marc Goodman
  77. Future Noir: The Making of Blade Runner
  78. Ghost Fleet by P. W. Singer; August Cole
  79. Ghost in the Wires by Kevin Mitnick; William L. Simon (As told to); Steve Wozniak (Foreword by)
  80. Hackers: Heroes of the Computer Revolution by Steven Levy
  81. Hacking Exposed 7: Network Security Secrets and Solutions by Stuart McClure; George Kurtz; Joel Scambray
  82. Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions by Slava Gomzin 
  83. Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson, ISBN-13: 978-1593271442 , available in paperback
  84. Heavy Weather by Bruce Sterling
  85. How to Investigate Your Friends, Enemies, and Lovers by Trent Sands, John Q. Newman 
  86. How to Measure Anything in Cybersecurity Risk by Douglas W. Hubbard and Richard Seiersen
  87. How to Measure Anything: Finding the Intangibles in Business by Douglas W. Hubbard
  88. I, Robot by Issac Asimov
  89. Idoru by William Gibson
  90. In the Beginning...was the Command Line by Neal Stephenson
  91. Industrial Automation and Process Control Security: SCADA, DCS, PLC, HMI, and SIS by Tyson Macaulay; Bryan L. Singer
  92. Information Disposition by Robert J. Johnson
  93. Information Warfare: Chaos on the Electronic Superhighway by Winn Schwartau 
  94. Inside CIA's Private World: Declassified Articles from the Agency`s Internal Journal, 1955-1992 by H. Bradford Westerfield 
  95. Inside Cyber Warfare: Mapping the Cyber Underworld by Jeffrey Carr
  96. Inside the CIA: Revealing the Secrets of the World's Most Powerful Spy Agency by Ronald Kessler 
  97. Interface by Neal Stephenson
  98. Internet Police: How Crime Went Online and the Cops Followed by Nate Anderson
  99. Islands in the Net by Bruce Sterling
  100. Judgment Under Uncertainty: Heuristics and Biases by Daniel Kahneman and Paul Slovic
  101. Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen 
  102. Leadership BS: Fixing Workplaces and Careers One Truth at a Time by Jeffery Pfeiffer
  103. Learn You a Haskell for Great Good!: A Beginner's Guide by Miran Lipovaca, ISBN-13: 978-1593272838
  104. Legion of the Damned by William C. Dietz
  105. Lethal Interface by Mel Odom
  106. Level 4: Virus Hunters of the CDC by Joseph B. McCormack, Susan Fischer-Hoch 
  107. Lights Out by Ted Koppel
  108. Little Brother by Cory Doctorow
  109. Lobbying and Policy Change: Who Wins, Who Loses, and Why by Frank R. Baumgartner
  110. Locked Down: Information Security For Lawyers by Sharon D. Nelson, David G. Ries, and John W. Simek
  111. Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code by Michael Ligh and Steven Adair 
  112. Man Plus by Frederick Pohl
  113. Managing the Insider Threat: No Dark Corners by Nick Catrantzos
  114. Mars Plus by Frederick Pohl
  115. Masters of Deception: The Gang That Ruled Cyberspace by Michele Slatalla and Joshua Quittner 
  116. McMafia: A Journey Through the Global Criminal Underworld by Misha Glenny
  117. Measuring and Managing Information Risk: A FAIR Approach by Jack Freund and Jack Jones
  118. Metasploit: The Penetration Testers Guide
  119. Modern Operating Systems: Global Edition by Andrew Tannbaum and Herbert Bos
  120. Mona Lisa Overdrive by William Gibson
  121. Navigating the Digital Age
  122. Network Forensics: tracking hacker through cyberspace by Sherri Davidoff and Jonathon Ham
  123. Network Security Assessment: Know Your Network by Chris McNab
  124. Neuromancer by William Gibson
  125. Newton's Telecom Dictionary: Telecommunications, Networking, Information Technologies, the Internet, Wired, Wireless, Satellites, and Fiber by Harry Newton
  126. No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State by Glenn Greenwald 
  127. Offensive Countermeasures: The Art of Active Defense by John Strand and Paul Asadoorian
  128. Out of the Inner Circle: The True Story of a Computer Intruder Capable of Cracking the Nation's Most Secure Computer Systems (Tempus) by Bill Landreth 
  129. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software by Michael Sikorski and Andrew Honig, ISBN-13: 978-1593272906 
  130. Predicting Malicious Behavior: Tools and Techniques for Ensuring Global Security by Daniel Jackson; Gary M. Jackson
  131. Privacy on the Line: The Politics of Wiretapping and Encryption by Whitfield Diffie, Susan Landau 
  132. Privacy Power: Protecting Your Personal Privacy in the Digital Age by Trent Sands 
  133. Python Essential Reference (4th Edition) by David M. Beazley, ISBN-13: 978-0672329784
  134. Python Forensics by Chet Hosmer
  135. Radio Monitoring: The How-To Guide by T.J. Arey 
  136. Ready Player One by Ernest Cline
  137. Reamde by Neal Stephenson
  138. Retrofitting Blade Runner: Issues in Ridley Scott's Blade Runner and Phillip K. Dick's Do Androids Dream of Electric Sheep?
  139. Reverse Deception: Organized Cyber Threat Counter-Exploitation by Sean Bodmer; Max Kilger; Gregory Carpenter; Jade Jones; Jeff Jones
  140. RFID: MIFARE and Contactless Cards in Application by Gerhard Schalk 
  141. Rise of the Machines by Thomas Rio
  142. Rtfm: Red Team Field Manual by Ben Clark, ISBN-13: 978-0321444424 
  143. Sams Teach Yourself Networking in 24 Hours by Uyless Black; Uyless D. Black; Joseph W. Habraken
  144. Scanner Modifications And Antennas by Jerry Pickard 
  145. Scanners And Secret Frequencies (Electronic Underground S) by Henry Eisenson 
  146. Schismatrix Plus (Complete Shapers-Mechanists Universe) by Bruce Sterling
  147. Secrets and Lies: Digital Security in a Networked World by Bruce Schneier
  148. Secrets of a Buccaneer-Scholar: How Self-Education and the Pursuit of Passion Can Lead to a Lifetime of Success by James Marcus Bach, ISBN-13: 978-1439109090
  149. Security Metrics: Replacing Fear Uncertainty and Doubt by Andrew Jaquith
  150. Selected Stories of Philip K. Dick by Phillip K. Dick
  151. Skunk Works: A Personal Memoir of My Years at Lockheed by Ben Rich 
  152. Smart Card Developer's Kit by Scott Guthery, Timothy Jurgensen 
  153. Smart Casino Gambling: How to Win More and Lose Less by Olaf Vancura 
  154. Smart Drugs II (Smart Drug Series, V. 2) by Ward Dean, John Morgenthaler, Steven Fowkes 
  155. Smashing the Stack for Fun and Profit by Aleph One
  156. Snow Crash by Neal Stephenson
  157. Social Engineering: The Art of Human Hacking by Christopher Hadnagy 
  158. Spam Nation by Brian Krebs
  159. Spy Catcher: The Candid Autobiography of a Senior Intelligence Officer by Peter Wright 
  160. Starship Troopers by Robert Heinlein
  161. Stealing the Network: The Complete Series Collector's Edition, Final Chapter, and DVD by Ryan Russel, Ido Dubrawsky, FX, Joe Grand, Tim Mullen, ASIN: B006NV2EGI
  162. Strategy: A History by Lawerence Freedman
  163. Takedown: The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw - By the Man Who Did It by John Markhoff and Tsutomu Shimomura 
  164. Tallinn Manual on the International Law Applicable to Cyber Warfare
  165. TCP/IP Illustrated, Volume 1: The Protocols (2nd Edition) (Addison-Wesley Professional Computing Series) by Kevin Fall and W. Richard Stevens, ISBN-13: 978-0321336316
  166. The Age of the Unthinkable: Why the New World Disorder Constantly Surprises Us And What We Can Do About It by Joshua Cooper Ramo
  167. The Art of Computer Virus Research and Defense by Peter Szor
  168. The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers by Kevin Mitnick 
  169. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities by Mark Dowd, John McDonald, Justin Schuh ISBN-13: 978-0321444424 
  170. The Basics of Hacking and Penetration Testing, Second Edition: Ethical Hacking and Penetration Testing Made Easy by Patrick Engebretson, ISBN-13: 978-0124116443 
  171. The Blue Nowhere by Jeffery Deaver
  172. The CERT Guide to Insider Threats: How to Prevent, Detect, & Respond to Information Technology Crimes by Dawn M. Cappelli; Andrew P. Moore; Randall F. Trzeciak
  173. The Code Book by Simon Singh
  174. The Cuckoo's Egg:Tracking a Spy through the Maze of Computer Espionage by Cliff Stoll
  175. The Cybersecurity Dilemma by Ben Buchanan
  176. The Cyberthief and the Samurai by Jeff Goodell 
  177. The Defense of Hill 781: An Allegory of Modern Mechanized Combat by James R. McDonough; John R. Galvin (Foreword by)
  178. The Dictator's Handbook: Why Bad Behavior is Almost Always Good Politics by Bruce Bueno de Mesquita
  179. The Difference Engine by William Gibson
  180. The Failure of Risk Management: Why It's Broken and How to Fix It by Douglas W. Hubbard
  181. The Fall of Colossus by D.F. Jones
  182. The FBI: Inside the World's Most Powerful Law Enforcement Agency by Ronald Kessler 
  183. The Florentine Deception by Carey Nachenberg
  184. The Forever War by Joe Haldeman
  185. The Fugitive Game: Online with Kevin Mitnick by Jonathan Littman 
  186. The Girl With The Dragon Tattoo by Stieg larsen
  187. The Grey Line: Modern Corporate Espionage and Counterintelligence by Andrew Brown
  188. The Hacker Crackdown: Law And Disorder On The Electronic Frontier by Bruce Sterling 
  189. The Hacker Playbook: Practical Guide To Penetration Testing by Peter Kim (or The Hacker Playbook 2)
  190. The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler
  191. The Illusion of Due Diligence: Notes from the CISO Underground
  192. The Inevitable: Understanding the 12 Technological Forces That Will Shape Our Future by K. Kelly
  193. The Innovator's Dilemma: The Revolutionary Book that Will Change the Way You Do Business by Clayton M. Christensen
  194. The Innovators: How a Group of Hackers, Geniuses and Geeks Created the Digital Revolution by W. Isaacson
  195. The Lean Startup by Eric Ries
  196. The Mossad: Israel's Secret Intelligence Service: Inside Stories by Dennis Eisenberg 
  197. The Phoenix Project by Gene Kim, Kevin Behr, and George Spafford
  198. The Practice of Network Security Monitoring
  199. The Psychology of Information Security by Leron Zinatulin
  200. The Puzzle Palace: Inside the National Security Agency, America's Most Secret Intelligence Organization by James Bamford 
  201. The Red Web: The struggle between Russia's digital dictators and the new online revolutionaries by Andrei Soldatov and Irina Borogan
  202. The Seventh Sense by Joshua Cooper Rand
  203. The Shadow Factory: The NSA from 9/11 to the Eavesdropping on America by James Bamford
  204. The Shellcoders Handbook:  Discovering and Exploiting Security Holes by Chris Anley, John Heasman, Felix Linder, Geraldo Richarte
  205. The Singularity Is Near: When Humans Transcend Biology by Ray Kurzweil
  206. The spy catcher trial: The scandal behind the #1 best seller by Malcolm Turnbull 
  207. The Starfish and the Spider: The Unstoppable Power of Leaderless Organizations by Ori Brafman
  208. The Tangled Web: A Guide to Securing Modern Web Applications by Michael Zalewski, ISBN-13: 978-1593273880
  209. The Ultimate Scanner: Cheek 3 by Bill Cheek 
  210. The Underground Database (The Electronic Underground, Vol 1) 
  211. The VALIS Trilogy by Phillip K. Dick
  212. The Watchman: The Twisted Life and Crimes of Serial Hacker Kevin Poulsen by Jonathan Littman 
  213. The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws by David Stuttard and Marcus Pinto
  214. Theory of Games and Economic Behavior by Oskar Morgenstern and Ariel Rubinstein
  215. There Will Be Cyberwar by Richard Stiennon
  216. Threat Modelling: Designing For Security by Adam Shostack
  217. Trojan Horse by Mark Russinovich
  218. True Names...and Other Dangers by Vernor Vinge
  219. True Names: And the Opening of the Cyberspace Frontier by Vernor Vinge
  220. Universal Scams and Fraud Detection by David Snow
  221. Unmasking the Social Engineer by Christopher Hadnagy
  222. Unrestricted Warfare: China's Master Plan to Destroy America by Qiao Liang
  223. US House Committee on Oversight and Government Reform Report on the Equifax Data Breach
  224. Virtual Light by William Gibson
  225. War by Other Means: Economic Espionage in America by John J. Fialka 
  226. We are Anonymous by Parmy Olsen
  227. When Sysadmins Ruled the Earth by Cory Doctrow
  228. Where Wizards Stay Up Late: The Origins Of The Internet by Katie Hafner 
  229. Windows Internals Part 1 by Mark Russinovich
  230. Winning as a CISO by Rich Baich
  231. Wired for War by P. W. Singer
  232. Wiring Up The Big Brother Machine…And Fighting It by Mark Klein
  233. Worm by Mark Bowden
  234. Zero Day by Mark Russinovich
  235. Zodiac( The Eco-Thriller) by Neal Stephenson
This list was compiled from the professional reading lists of JSOC, US Army, USAF, USN, USMC, DHS, The Small Wars, DefCon and Dark Reading


Monday, February 04, 2019

Stupid Thing I Have Heard Lately

Radio yesterday (Meet the Press, I think) political analyst discussing Howard Schultz, "He is a billionaire with experience and huge negatives.  Hew has no path to the White House" or words very close to that.  I was amazed no one laughed at him and said, "Oh, you mean he is another Trump?"

Reading up on the China Threat

I just finished " America the Vulnerable: Inside the New Threat Matrix of Digital Espionage, Crime, and Warfare " and " The H...