Good books to read?

[Opeth]

Plenty of books out there waiting readers, but u have to buy something meet your level of knowledge, So ur question ought to be laid out like: I know blah, blah, blah in computing and i have certificates in blah, blah, blah and i want to know blah, blah, blah in blah, blah, blah.
It is not really rational to buy some books like "Hacking Exposed" and u don't have any foundation upon which you built ur upcoming level of knowledge!.

Cheers,

[zencoder]

Originally posted here by CXGJarrod
Personally, I think that the greatest bit of social engineering Kevin Mitnick has done is getting everyone to buy his book...

Damn! Harsh...although most of the 'pundits' who've I've listened to usually say Mitnick is an incredible liar, not an incredible hacker...thus The Art of Deception's success.

Well, I'm gonna go out on a limb here and suggest a few. Neither of these are technical at all (except for a few of Cliff's descriptions...and they are technical only in the sense of the early UNIX days of ARPAnet and such).

*Notice* These books are NOT technical instruction books on 'how to hack'. They are much more of the geek-lore that many of us have grown up with, or the more technical instruction-via-story telling on 'How to Social Engineer' (the second book.)

The Cuckoo's Egg - ISBN 0743411463 this is an interesting read and one of the first information security related books. Incidentaly, it describes one of the first 'honeypots' known to have been made for luring a network intruder.

Corporate Espionage - ISBN 0761508406 this is also an older book, but it describes real world intrusions by a professional pen-tester, Ira Winkler (formerly of the NSA and notable person in the political/government spectrum of Information Security.) It's more interesting then Cuckoo's Egg, IMHO.

[thread_killer]

I'm awful partial to:

Exploiting Software by Hoglund and McGraw

As well as the Stealing The Network books published by Black Hat

[Spyrus]

I would have to agree with Opeth when he stated that it helps to know what you want to find out with your reading. If you want to go after security I would recommend you start with basics like TCP/IP and how different layers of the security model work. If you want to focus on windows aim for some books based there. etc etc etc...

Now I really like the Hacking Exposed books. Kevin Mitnicks book really wasnt all that useful unless you plan on making a bunch of phone calls and trying to Socially Engineer ppl. Personally i think i gained more information on social engineering reading some of the tutorials on this website then I did from his book.

Though this book is old I got a lot of information from this
"The CISSP Prep Guide: Mastering the Ten Domains of Computer Security"
If you want to learn more about active directory I can recommend some good readings as well.

[TheSpecialist]

Actually I hated hacking exposed... anything that may even seem slightly worth while in that book I've probably heard about weeks, months, and yes even years ahead of time... before the ink even hits the pages. Other than that in all honesty I can't say that it was anything beyond a over the top list of definitions to various computer related jargon... that and a large yellow-pages filled with URLs that lead to things I've seen a thousand times before. There really is nothing to actually learn from it & most people I've talked to who have read that book said it was mostly just entertainment value for them aswell. But In all honesty its like the author is reffering everything to a class-room filled with five year olds... even that would clearly be offensive to anyone around the age of five.

Its not as bad as anything Kevin Shitnick has wrote or the things Carolyn Mienel & that Arab chump has ripped off... but still you'd figuer that a book that claims to give so much exposure could go a little more in depth into the particulars... and less time in sand-whiching a thousand things together and giving small detail here and there into explaining what something is and where to find source/binaries and patches.