Skip to content

Latest commit

 

History

History
203 lines (156 loc) · 11.3 KB

information-security-resources.md

File metadata and controls

203 lines (156 loc) · 11.3 KB
Raw

Information Security Resources

Content


Guidance and Roadmap


  • Ethical Hacking Roadmap – A Beginners Guide - LINK
  • The Roadmap to become an Ethical hacker - LINK
  • How To Become A Hacker - LINK
  • hacker-roadmap - GitHub. A collection of hacking tools, resources and references to practice ethical hacking.

Introduction to Information Security


  • Kevin Mitnick
    • The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data (2017) by Kevin D. Mitnick, Robert Vamosi
    • Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker (2011) by Kevin Mitnick [3.9, 24244]
  • Hacking: The Art of Exploitation (2nd, 2008) by Jon Erickson [4.16, 2187]
  • Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World (2015) by Bruce Schneier [4.01, 3421]
  • Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground (2011) by Kevin Poulsen [3.95, 7441]
  • Hacking Exposed 7: Network Security Secrets and Solutions by Stuart McClure, Joel Scambray
  • The Cyber Effect: A Pioneering Cyberpsychologist Explains How Human Behavior Changes Online by Mary Aiken
  • CISSP All-in-One Exam Guide by Shon Harris [4.07, 845]
  • Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman [4.19, 299]
  • Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks by Michal Zalewski [4.21, 415]
  • Writing Secure Code by David Le Blanc and Michael Howard [4.01, 371]
  • Halte aux hackers by Stuart McClure, Joel Scambray, George Kurtz [3.79, 1021]
  • Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door by Brian Krebs [3.74, 2399]
  • Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World by Joseph Menn

Some more

  • Principles of Information Security by Michael E. Whitman, Herbert J. Mattord [3.47, 190]
  • Security in Computing by Charles P. Pfleeger, Shari Lawrence Pfleeger [3.76, 184]
  • CISO Desk Reference Guide: A practical guide for CISOs by Bill Bonney, Gary Hayslip, and Matt Stamper
  • Hacking the Hacker: Learn From the Experts Who Take Down Hackers by Roger Grimes [3.66, 70]
  • Protecting Your Internet Identity: Are You Naked Online by Ted Claypoole and Theresa Payton [3.92, 24]
  • Future Crimes: Inside the Digital Underground and the Battle for Our Connected World by Marc Goodman
  • Hacked Again: It Can Happen To Anyone, Even A Cybersecurity Expert by Scott Schober [3.95, 92]
  • Borderless Behavior Analytics: Who’s inside? What’re they doing? by Saryu Nayyar
  • The Hacked World Order: How Nations Fight, Trade, Maneuver, and Manipulate in the Digital Age by Adam Segal [3.72, 255]

Insider Threat

  • The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes by Dawn M. Cappelli, Andrew P. Moore, Randall F. Trzeciak

Threat Modeling

  • Threat Modeling: Designing for Security by Adam Shostack

Basics


  • Linux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali (2018) by OccupyTheWeb
  • Getting Started Becoming a Master Hacker: Hacking is the Most Important Skill Set of the 21st Century! (2019) by Occupytheweb
  • Network Basics for Hackers: How Networks Work and How They Break (2023) by Master OccupytheWeb

Cryptography


Reference CS Fundamentals Resources - Cryptography


Network Security


  • Cryptography and Network Security: Principles and Practice (8th, 2022) by William Stallings
  • Network Security: Private Communication in a Public World (3rd, 2022) by Charlie Kaufman , Radia Perlman
  • Network Security: A Beginner's Guide by Eric Maiwald
  • Hacking Wireless Networks - The ultimate hands-on guide by Andreas Kolokithas
  • Network Security Assessment by Chris McNab
  • The Practice of Network Security Monitoring: Understanding Incident Detection and Response by Richard Bejtlich
  • Attacking Network Protocols: A Hacker's Guide to Capture, Analysis, and Exploitation by James Forshaw

Web Security


  • The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws (2nd, 2011) by Dafydd Stuttard, Marcus Pinto
  • The Tangled Web: a Guide to Securing Modern Web Applications (2011) by Michal Zalewski
  • Hacking APIs: Breaking Web Application Programming Interfaces (2022) by Corey J. Ball
  • Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities (2021) by Vickie Li
  • Web Application Security, A Beginner's Guide by Bryan Sullivan and Vincent Liu
  • Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast by Ben Walther and Paco Hope
  • Identity and Data Security for Web Development: Best Practices by Jonathan LeBlanc, Tim Messerschmidt
  • SQL Injection Attacks and Defense by Justin Clarke
  • Xss Attacks: Cross Site Scripting Exploits and Defense by Jeremiah Grossman, Seth Fogie, Robert C. Hansen
  • 白帽子讲Web安全 (2012) by 吴翰清
  • 白帽子讲浏览器安全 (2016) by 钱文祥
  • Web安全深度剖析 by 张炳帅

Penetration & Pentest


  • Metasploit: The Penetration Tester's Guide (2011) by David Kennedy, Jim O'Gorman, Devon Kearns, Mati Aharoni
  • Gray Hat Hacking: The Ethical Hacker's Handbook (6th, 2022) by Shon Harris, Chris Eagle, Allen Harper
  • Black Hat Python: Python Programming for Hackers and Pentesters (2nd, 2021) by Justin Seitz
  • Hands on Hacking: Become an Expert at Next Gen Penetration Testing and Purple Teaming (2020) by Matthew Hickey, Jennifer Arcuri
  • Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Gordon Fyodor Lyon
  • Rtfm: Red Team Field Manual (2014 )by Ben Clark. The RTFM contains the basic syntax for commonly used Linux and Windows command line tools, but it also encapsulates unique use cases for powerful tools such as Python and Windows PowerShell.
  • Blue Team Field Manual (2017) by Alan J White, Ben Clark. A Cyber Security Incident Response Guide.
  • PTFM: Purple Team Field Manual (2020) by Tim Bryant. A manual for all security professionals and integrates red and blue team methodologies.
  • LFM: Linux Field Manual (2021) by Tim Bryant
  • Operator Handbook: Red Team + OSINT + Blue Team Reference by Joshua Picolet

Operating System Security


  • A Guide to Kernel Exploitation: Attacking the Core by Enrico Perla

Software Security


  • The Shellcoder's Handbook: Discovering and Exploiting Security Holes by Jack Koziol, Chris Anley, John Heasman
  • Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd, 2006) by Edward Skoudis, Tom Liston
  • A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security by Tobias Klein
  • 0day安全:软件漏洞分析技术 by 王清

Mobile Security


  • Mobile SecurityAndroid Security Cookbook by Keith Makan, Scott Alexander-Bown
  • Android Security Internals: An In-Depth Guide to Android's Security Architecture by Nikolay Elenkov
  • Android Hacker's Handbook by Joshua J. Drake, Zach Lanier, Collin Mulliner, Pau Oliva Fora, Stephen A. Ridley, Georg Wicherski
  • Android软件安全与逆向分析 by 丰生强
  • IOS Application Security: The Definitive Guide for Hackers and Developers by David Thiel
  • iOS Hacker's Handbook by Charlie Miller (Goodreads Author), Dion Blazakis, Dino DaiZovi, Stefan Esser, Vincenzo Iozzo, Ralf-Philip Weinmann

Reverse Engineering


  • Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software (2012) by Michael Sikorski
  • Reversing: Secrets of Reverse Engineering (2005) by Eldad Eilam
  • 有趣的二进制:软件安全与逆向分析 by [日] 爱甲健二
  • Reverse Engineering for Beginners by Dennis Yurichev
  • Practical Reverse Engineering: X86, X64, ARM, Windows Kernel, Reversing Tools, and Obfuscation by Alexandre Gazet, Bruce Dang, and Elias Bachaalany
  • The IDA Pro book by Chris Eagle
  • Hacking the Xbox: An Introduction to Reverse Engineering by Andrew Huang
  • Practical Binary Analysis: Build Your Own Linux Tools for Binary Instrumentation, Analysis, and Disassembly by Dennis Andriesse
  • The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory by Michael Hale Ligh, Andrew Case, Jamie Levy, Aaron Walters
  • Hacker Disassembling Uncovered by Kris Kaspersky, Natalia Tarkova, Julie Laing
  • 加密与解密 by 段钢
  • 软件调试 by 张银奎

Social Engineering


  • Social Engineering: The Science of Human Hacking (2nd, 2018) by Christopher Hadnagy, Paul Wilson
  • The Art of Deception: Controlling the Human Element of Security (2007) by Kevin D. Mitnick, William L. Simon, Steve Wozniak
  • The Art of Intrusion (2005) by Kevin Mitnick
  • Social Engineering: The Science of Human Hacking by Christopher Hadnagy

Security Engineering and Architecture


  • Practical Cybersecurity Architecture: A guide to creating and implementing robust designs for cybersecurity architects (2020) by Ed Moyle and Diana Kelley
  • Security Engineering: A Guide to Building Dependable Distributed Systems by Ross J. Anderson [4.2, 631]
  • Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder. by Don Murdoch
  • Practical Cloud Security: A Guide for Secure Design and Deployment by Chris Dotson
  • Secure by Design by Dan Bergh Johnsson, Daniel Deogun, Daniel Sawano
  • Building Secure and Reliable Systems: Best Practices for Designing, Implementing, and Maintaining Systems (2020) by Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, Adam Stubblefield

References

[1] Books For the Aspiring Hacker - Goodreads