2015-12-09 at 10:58 PM UTC
So in order to collectively increase our knowledge of compsci and especially cyber security i would like it if we could recommend eachother some learning material.
So here is mine.
1. for beginners i would recommend the book called: penetration testing a hands on approach to hacking. It will familiarize you with kali linux, setting up a virtual lab and teach you how to work metasploit. I mostly use it as a reference for when i need to brush up on some metassploit functionality.
2. Any cyber security guy should be familiar with several types of OS but you will probably do most of your work on a Linux distro, which is why as my second recomendation i chose: Bash Cookbokbook. I am reading it currently, not only will it intimately aquint you with bash it will help you get to know how linux operates and teaxh you to make extremely userul shellscripts, not just sysadmin kind of stuff but bash scripts can be employes for a host of tasks among which of course sec related.
3. When it comes to programming python is the language i chose to write sec scripts in, therefore if you know a little python my next suggestion would be to pick up grey hat python i am about 40% through because i read books a litte through eachother one day this subject will peak my interest the other day the other one. What is nice about grey hat python is that it generally teaches you about security applications, making hacking tools but also automating tasks and making a debugger for instance it is a general programming book with a focus on hacking.
3. Staying with python for now i absolutely recommend Black Hat Python as well, it is completely focused on developing hacking tools and teaching you the principles behind it's functionality you will learn how make tools for web app hacking, malware, privilege escalation and even the basics of a botnet. I am about 80% through with this book and it has taught me a lot i highly recommend this one if you want to be a puthon hacker.
4. I found another awesome book for hacking with python i have not read it yet but from what i did read about it it is reasonably advanced for my skill level at least it is called Violent Python and it deals with creating a SSH botnet, antivirus evasion, wireless techniques for bluetooth and custom exploit development. I plan on reading this in the near future.
5. This next one is the bible for web application hacking it is called; the web application hackers handbook 2nd edition. It covers everything you need to know it is 1000 pages but it covers all known tecniques, proper methodology source code analysis php exploits java exploits javascript, perl xss payloads xml injection discovering bugs and exploiting them XXE, token manipulation cookie injection. This book is a treasure trove of imformation. And i plan on reading it drom cover to cover in the future
6. Last but not least i was lookimg into getting the book: practical malware analysis to get a better understandimg of malware, anyone ever read it? Is it good?
thanks guys anyway this was my list it will be a while before i finish them all but when i do i will have gaines some seriously hardcore cybersec knowldge.
so any books tou would recommemd? And why?
2015-12-10 at 3:11 AM UTC
The only book I own that pertains to security stuff is Handbook of Applied Cryptography, which is largely a reference volume although the first chapter is an excellent introduction to crypto even for a total novice. It's really invaluable in implementing crypto when you have to and teaches a lot about how things can go wrong. Not something you'd probably read cover to cover, but reading up on the handful of algorithms you see day to day (MD5 and SHA families, AES, and RSA most likely) is interesting and worthwhile.
I think that Think Python: How to Think Like a Computer Scientist is the second best introduction to programming ever penned (first has to go to SICP of course and while less interesting than The Little Schemer it ultimately wins out in terms of being more accessible). It presents a view of programming that you don't outgrow at the point you write your first large program (unlike the vast majority of introductory material) and, while a cliche remark, it really does focus on the underlying ideas rather than the brute mechanics of shuffling data around, syntax and such.
For general CS knowledge, I think Compilers: Principles, Techniques, and Tools, better known as "The Dragon Book" is a really fundamental text. For a number of reasons compilers embody a lot of the classical problems in computer science. I think at the point a person could be put in a room and write a simple compiler without a reference (beyond like their implementing language's reference material) is the point where they graduate from "beginner" to "capable of solving any solved problem", like not necessarily research level but competent enough that no problem with a known solution would be impossible for them given enough time. I think a majority of professional programmers probably couldn't pass that hurdle.
And finally P&H's Computer Organization and Design is considered the canonical book on processors from the programmer's perspective. I'm not sure how it would do as reading material on its own, it's a really dense book. I read it in the context of a pair of courses in school, both of which I consider among maybe 5 courses I took over my college career that really made the whole four year thing worth it. Anyway, P&H really digs down into the low level mechanics of a processor and some really fascinating automated optimization techniques (which I think are a lot more valuable as takeaways than "hey, I can write fizzbuzz in assembly"). A must read for people who want to know "what's really going on", if only as a cure to that illness. The complexity of even the simple CPUs presented in P&H teaches the important lesson of when to shut up and trust the magical abstractions as though they were divinely imparted immutable and atomic elements of the universe itself.
2015-12-10 at 9:55 AM UTC
Awesome stuff lan, i might pick up Think Python, you know i tend to jump in the deep end with projects way above my skill level and somehow sometimes pull it oof. But to have the basics an fundamentals under my belt would really help me in the future i reckon.
also thank you for the detailed reply i aapreciaye it.
2015-12-16 at 5:12 AM UTC
I must be out of order, because I actually started with Web Applications Hackers Handbook, then learned JAVA, and have had your #1 book but haven't read it yet. I'm ready to dive in again with a goal of no drinking alcohol all next year and at least improving my Android security App that I started.
