Cybersecurity is a broad field with lots of interesting topics. Sometimes it’s hard to find the best source for digging further into a certain field — something like a guide for the InfoSec jungle. This articles tries to solve that issue by providing a list of go to books, you could read in 2021 to learn from the best IT-security experts and there experiences.
Social Engineering: The Science of Human Hacking
“Social Engineering: The Science of Human Hacking reveals the craftier side of the hacker’s repertoire―why hack into something when you could just ask for access? Undetectable by firewalls and antivirus software, social engineering relies on human fault to gain access to sensitive spaces; in this book, renowned expert Christopher Hadnagy explains the most commonly-used techniques that fool even the most robust security personnel, and shows you how these techniques have been used in the past. The way that we make decisions as humans affects everything from our emotions to our security. Hackers, since the beginning of time, have figured out ways to exploit that decision making process and get you to take an action not in your best interest. This new Second Edition has been updated with the most current methods used by sharing stories, examples, and scientific study behind how those decisions are exploited.”
Threat Modeling: Designing for Security
“Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You’ll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies.
Systems security managers, you’ll find tools and a framework for structured thinking about what can go wrong. Software developers, you’ll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you’ll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling.”
Attribution of Advanced Persistent Threats: How to Identify the Actors Behind Cyber-Espionage
“An increasing number of countries develop capabilities for cyber-espionage and sabotage. The sheer number of reported network compromises suggests that some of these countries view cyber-means as integral and well-established elements of their strategical toolbox. At the same time the relevance of such attacks for society and politics is also increasing. Digital means were used to influence the US presidential election in 2016, repeatedly led to power outages in Ukraine, and caused economic losses of hundreds of millions of dollars with a malfunctioning ransomware. In all these cases the question who was behind the attacks is not only relevant from a legal perspective, but also has a political and social dimension.
Attribution is the process of tracking and identifying the actors behind these cyber-attacks. Often it is considered an art, not a science.
This book systematically analyses how hackers operate, which mistakes they make, and which traces they leave behind. Using examples from real cases the author explains the analytic methods used to ascertain the origin of Advanced Persistent Threats.”
Intrusion Detection Honeypots: Detection through Deception
“The foundational guide for using deception against computer network adversaries.
When an attacker breaks into your network, you have a home-field advantage. But how do you use it?
Intrusion Detection Honeypots is the foundational guide to building, deploying, and monitoring honeypots — security resources whose value lies in being probed and attacked. These fake systems, services, and tokens lure attackers in, enticing them to interact. Unbeknownst to the attacker, those interactions generate logs that alert you to their presence and educate you about their tradecraft. Intrusion Detection Honeypots teaches you how to: — Use the See-Think-Do framework to integrate honeypots into your network and lure attackers into your traps.”
Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers
“In 2014, the world witnessed the start of a mysterious series of cyberattacks. Targeting American utility companies, NATO, and electric grids in Eastern Europe, the strikes grew ever more brazen. They culminated in the summer of 2017, when the malware known as NotPetya was unleashed, penetrating, disrupting, and paralyzing some of the world’s largest businesses — from drug manufacturers to software developers to shipping companies. At the attack’s epicenter in Ukraine, ATMs froze. The railway and postal systems shut down. Hospitals went dark. NotPetya spread around the world, inflicting an unprecedented ten billion dollars in damage — the largest, most destructive cyberattack the world had ever seen.
The hackers behind these attacks are quickly gaining a reputation as the most dangerous team of cyberwarriors in history: a group known as Sandworm. Working in the service of Russia’s military intelligence agency, they represent a persistent, highly skilled force, one whose talents are matched by their willingness to launch broad, unrestrained attacks on the most critical infrastructure of their adversaries. They target government and private sector, military and civilians alike.”
Crime Dot Com: From Viruses to Vote Rigging, How Hacking Went Global
by Geoff White
“On May 4, 2000, an email that read “kindly check the attached LOVELETTER” was sent from a computer in the Philippines. Attached was a virus, the Love Bug, and within days it had been circulated across the globe, paralyzing banks, broadcasters, and businesses in its wake, and extending as far as the UK Parliament and, reportedly, the Pentagon. The outbreak presaged a new era of online mayhem: the age of Crime Dot Com. In this book, investigative journalist Geoff White charts the astonishing development of hacking, from its conception in the United States’ hippy tech community in the 1970s, through its childhood among the ruins of the Eastern Bloc, to its coming of age as one of the most dangerous and pervasive threats to our connected world. He takes us inside the workings of real-life cybercrimes, drawing on interviews with those behind the most devastating hacks and revealing how the tactics employed by high-tech crooks to make millions are being harnessed by nation states to target voters, cripple power networks, and even prepare for cyber-war. From Anonymous to the Dark Web, Ashley Madison to election rigging, Crime Dot Com is a thrilling, dizzying, and terrifying account of hacking, past and present, what the future has in store, and how we might protect ourselves from it.”
Hunting Cyber Criminals: A Hacker’s Guide to Online Intelligence Gathering Tools and Techniques
by Vinny Troia
“The skills and tools for collecting, verifying and correlating information from different types of systems is an essential skill when tracking down hackers. This book explores Open Source Intelligence Gathering (OSINT) inside out from multiple perspectives, including those of hackers and seasoned intelligence experts. OSINT refers to the techniques and tools required to harvest publicly available data concerning a person or an organization. With several years of experience of tracking hackers with OSINT, the author whips up a classical plot-line involving a hunt for a threat actor. While taking the audience through the thrilling investigative drama, the author immerses the audience with in-depth knowledge of state-of-the-art OSINT tools and techniques. Technical users will want a basic understanding of the Linux command line in order to follow the examples. But a person with no Linux or programming experience can still gain a lot from this book through the commentaries.”
Practical Cloud Security: A Guide for Secure Design and Deployment
by Chris Dotson
“With their rapidly changing architecture and API-driven automation, cloud platforms come with unique security challenges and opportunities. This hands-on book guides you through security best practices for multivendor cloud environments, whether your company plans to move legacy on-premises projects to the cloud or build a new infrastructure from the ground up.
Developers, IT architects, and security professionals will learn cloud-specific techniques for securing popular cloud platforms such as Amazon Web Services, Microsoft Azure, and IBM Cloud. Chris Dotson — an IBM senior technical staff member — shows you how to establish data asset management, identity and access management, vulnerability management, network security, and incident response in your cloud environment.”
Full Stack Recruiter: The Ultimate Edition
by Jan Tegze
“This comprehensive recruitment and sourcing guide is divided into two parts.
The first part focuses entirely on sourcing strategies. You’ll learn new and creative ways to source and find great candidates, as well as how to uncover their contact details and approach them in a respectful and effective manner. And much more!
The second part deals with recruitment. You’ll learn how to excel in recruitment marketing, candidate engagement, recruitment analytics, candidate engagement, cold-calling, and efficiently manage many other essential aspects of your role.”
CEH Certified Ethical Hacker All-in-One Exam Guide
by Matt Walker
“Thoroughly updated for CEH v10 exam objectives, this integrated self-study system offers complete coverage of the EC-Council’s Certified Ethical Hacker exam. In this new edition, IT security expert Matt Walker discusses the latest tools, techniques, and exploits relevant to the exam. You’ll find learning objectives at the beginning of each chapter, exam tips, practice exam questions, and in-depth explanations. Designed to help you pass the exam with ease, this comprehensive resource also serves as an essential on-the-job reference.”