does anyone know of any good books on security/hacking? i have been looking at some books in barnes and noble but not sure if they are worth the money. some are pretty pricey! :eek:
-thanks in advance-
Printable View
does anyone know of any good books on security/hacking? i have been looking at some books in barnes and noble but not sure if they are worth the money. some are pretty pricey! :eek:
-thanks in advance-
Here are some of the references from my original thread:
Quote:
Originally posted here by whatthe
I'm more a web guy than books right now. I'd check through the Tutorials section to get an idea of some of the topics out there.
Some websites to browse through are CERT http://www.cert.org/ and SANS http://www.sans.org/
Computer books can be damn expensive so you might want to look around a bit before you plunk down your cash.
Hope this helps.
Quote:
Originally posted here by rowdy_yates
try this one if you can find it cheap.
Hacking Linux Exposed, Second Edition
http://www.hackinglinuxexposed.com/
it's actually a lot of fun and usedful for getting an idea of how to secure linux/unix variants.
obviously, the hack probably won't work on most system - but definatly a good read and education.
Quote:
Originally posted here by MURACU
Check out this site. It publishes electronic books free. You only have to register to have access. The boks are very well written but I dont know if they cover the areas you are interested in. HAving said that I find them very usefull as an admin.realtime publishers
I'll look around with search and see if I can find a few more and edit 'em in. Hope that helps. :D
AntiOnline Product/Book Reviews (AO forums)
AntiOnline Tutorial Index (tutorials written by our very own gurus here at AO)
Security Tutorial Index (Somewhat the same as above, only the direct Security portion)
I figure you can find some books in the Book forum (:p), and some of the tutorials are VERY well written and probably alot more helpful than a corperate book (seeing as the people writing them have alot of experience with what they're writing about).
Oh, and Welcome to AntiOnline!
thanks a lot, i'll look into all of those
Well if your like me and you like to hold the book in your hand a read it offline, a great place to look is :
1. www.campusi.com <- find the book you like first then go here to check prices against 60 vendors, i got the 4th edition hacking exposed book for about $5.00 plus shipping :-)
2. Ebay also has som good prices, but you have to like the bidding game.
Hope those help.
Just bear in mind that most of the vulnerabilites disscused in the books have had patches released for them by the time the book hits the shelf.
try "hacking: the art of exploitation". I found it pretty helpful on how memory and the CPU work. Plus, it gives good examples to go along with the reading
That is the only book that I have that i feel is good enough to mention
One I was recommended in here which I bought is "Network Security Assessment" published by O'Reilly.
I've got a support background rather than programming but I'm finding it not pitched at too high a level.
Another one was "Network security Hacks" again on O'Reilly. I've only scanned through this one but it looks useful.
The Shellcoders Handbook : Discovering and Exploiting Security Holes
by Authors: Jack Koziol , David Litchfield , Dave Aitel , Chris Anley , Sinan "noir" Eren , Neel Mehta , Riley Hassell
Released: 22 March, 2004
ISBN: 0764544683
Exploiting Software How to Break Code
By Greg Hoglund, Gary McGraw
Publisher : Addison Wesley
Pub Date : February 17, 2004
ISBN : 0-201-78695-8
2 good books if you are into programming/assembly
I highly recommend Kevin Mitnick's The Art of Deception as well. It doesn't touch much on the technical side of hacking, but it's teaches some startling lessons on social engineering, which goes hand-in-hand with successful hacking.
Personally, I think that the greatest bit of social engineering Kevin Mitnick has done is getting everyone to buy his book. (No offense Angelic)
Plenty of books out there waiting readers, but u have to buy something meet your level of knowledge, So ur question ought to be laid out like: I know blah, blah, blah in computing and i have certificates in blah, blah, blah and i want to know blah, blah, blah in blah, blah, blah. :D
It is not really rational to buy some books like "Hacking Exposed" and u don't have any foundation upon which you built ur upcoming level of knowledge!.
Cheers,
Damn! Harsh...although most of the 'pundits' who've I've listened to usually say Mitnick is an incredible liar, not an incredible hacker...thus The Art of Deception's success.Quote:
Originally posted here by CXGJarrod
Personally, I think that the greatest bit of social engineering Kevin Mitnick has done is getting everyone to buy his book...
Well, I'm gonna go out on a limb here and suggest a few. Neither of these are technical at all (except for a few of Cliff's descriptions...and they are technical only in the sense of the early UNIX days of ARPAnet and such).
*Notice* These books are NOT technical instruction books on 'how to hack'. They are much more of the geek-lore that many of us have grown up with, or the more technical instruction-via-story telling on 'How to Social Engineer' (the second book.)
The Cuckoo's Egg - ISBN 0743411463 this is an interesting read and one of the first information security related books. Incidentaly, it describes one of the first 'honeypots' known to have been made for luring a network intruder.
Corporate Espionage - ISBN 0761508406 this is also an older book, but it describes real world intrusions by a professional pen-tester, Ira Winkler (formerly of the NSA and notable person in the political/government spectrum of Information Security.) It's more interesting then Cuckoo's Egg, IMHO.
I'm awful partial to:
Exploiting Software by Hoglund and McGraw
As well as the Stealing The Network books published by Black Hat
I would have to agree with Opeth when he stated that it helps to know what you want to find out with your reading. If you want to go after security I would recommend you start with basics like TCP/IP and how different layers of the security model work. If you want to focus on windows aim for some books based there. etc etc etc...
Now I really like the Hacking Exposed books. Kevin Mitnicks book really wasnt all that useful unless you plan on making a bunch of phone calls and trying to Socially Engineer ppl. Personally i think i gained more information on social engineering reading some of the tutorials on this website then I did from his book.
Though this book is old I got a lot of information from this
"The CISSP Prep Guide: Mastering the Ten Domains of Computer Security"
If you want to learn more about active directory I can recommend some good readings as well.
Actually I hated hacking exposed... anything that may even seem slightly worth while in that book I've probably heard about weeks, months, and yes even years ahead of time... before the ink even hits the pages. Other than that in all honesty I can't say that it was anything beyond a over the top list of definitions to various computer related jargon... that and a large yellow-pages filled with URLs that lead to things I've seen a thousand times before. There really is nothing to actually learn from it & most people I've talked to who have read that book said it was mostly just entertainment value for them aswell. But In all honesty its like the author is reffering everything to a class-room filled with five year olds... even that would clearly be offensive to anyone around the age of five.
Its not as bad as anything Kevin Shitnick has wrote or the things Carolyn Mienel & that Arab chump has ripped off... but still you'd figuer that a book that claims to give so much exposure could go a little more in depth into the particulars... and less time in sand-whiching a thousand things together and giving small detail here and there into explaining what something is and where to find source/binaries and patches.