Cybersecurity books: 5+ recommendations from our experts

Recently, I had a demonstration conversation with Alexey Malanov, a Lab employee and an experienced malware researcher , about whether, for example, a public relations officer (= not a techie) can become a virus analyst? The answer was simple and complex at the same time: the basics of programming, processor architecture, operating system features, network protocols ... In general, “buy a book on Assembler and come in five years”.

And what if you go up a level? From analyzing specific instances of malware (which in itself is not easy) to go to a comprehensive investigation of computer incidents? This is what our Global Research and Analysis Team (GReaT) division is doing. I recently addressed them with a similar question: what books can they recommend to other computer security specialists (bearing in mind that the basics of programming and other basic things have already been mastered)? The result was a list of five books - and in fact out of ten :-), - which can be found under the cut.


For a start, a small disclaimer: just below you will see many links to Amazon, and not at all because our experts prefer to buy books there. First, the initial list of popular books on security, which was shown to the experts, we took from there. The experts noted interesting books and added their recommendations, and we received feedback from our colleagues from 10 different countries of the world at once. It would be wrong to limit specialists only to books translated into Russian. Fortunately, in English, all the publications mentioned here are available in electronic form (at least in the Kindle Edition from Amazon, and possibly from other vendors). If you know about the publication of books from the list in Russian - let me know in the comments. Let's go!
')
1. Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation
Bruce Dang; year 2014
Link

If, as a result of reading the first chapter, you get the impression of some kind of lightness of presentation, then this impression is false. Reading this book, I was even glad that everything was stated in a simple and understandable language, even for a non-expert, and immediately paid for it.

After joining, you are immediately struck by a stream of detailed information about reverse engineering, the features of the Windows kernel and processor architectures without special discounts on the level of training. However, this is a tutorial rather than a reference guide for an experienced professional. The work of a security researcher most often begins with the analysis of malicious code, and this book is well suited to become familiar with this task.

2. The Practice of Network Security Monitoring: Understanding Incident Detection and Response
Richard Baytlich; year 2013
Link

The book provides a qualitative overview of tools for monitoring network security. What is important, the description of monitoring tools is complemented by practical examples of their use. The truth is not clear, why in the book in such a volume are given dumps of network traffic - this is especially striking in the paper edition. According to our experts, if you are familiar with the topic of security in computer networks for the first time, then this book is one of the best benefits.

3. Threat Modeling: Designing for Security
Adam Shostack; year 2014
Link

Although each of us is intuitively engaged in threat modeling, very few do it professionally. Adam Shostak is one such rare pro. His hard-to-translate work at Microsoft is called Security Development Lifecycle Threat Modeling; The accumulated labor experience was embodied in a thick six-page book, which is useful for both beginners and experienced specialists.

Starting with simple things like the four-way "What we build," "What can go wrong with the built," "What can we do about what can go wrong" and "Is our analysis good," Shostak plunges into each aspects of threat modeling very deeply, offering proven on personal experience techniques, software tools and little tricks to help build an effective threat model for anything. By the way, the book clearly identifies aspects that are more useful for application developers, IT system architects, and security specialists, which is also useful.

Reading the book is very clever for intelligent trolling, which the author regularly uses to describe clichés that often pop up when modeling threats, or situations at meetings with project participants (for example, not a computer problem at all, but a human problem in the style -query? ").

4. Android Hacker's Handbook
Joshua J. Drake; year 2014
Link

Unlike the PC ecosystem, where, in view of the number and “age” of threats, the scientific and practical work on their analysis has been going on for a long time, the Android platform is a fast-catching newbie. Therefore, there is only one Android security book on our list, and it is not so much about analyzing malware as about reviewing the full range of threats for mobile devices, from vulnerabilities in the OS to application development with security requirements in mind. The annotation to the book states that this is “the first edition for IT-professionals responsible for the security of smartphones.” A 500-page volume is not enough to describe all aspects of mobile security in detail, but most of the problems in this book are at least indicated. One of the authors of this book, by the way, used to be an expert at Kaspersky Lab.

5. The Art of Computer Virus Research and Defense
Peter Szor; 2005 year
Link

The only book of the five, released as many as 9 years ago. Before the advent of Android and iOS, tablets and the practice of using personal computers at work, cyber-weapons and many other elements of modern computer-networking reality. Nevertheless, the age of this particular book does not interfere at all, and for one simple reason: the development of the cyber threat protection industry is described here in retrospect. And to understand “where did it come from” is very important, regardless of what you are doing. For example, because threats on mobile devices evolve in almost the same scenario as threats for ordinary PCs (only much faster).

By the way, you can follow the activities of our experts from GReaT on Twitter. Regularly updated list of twitter can be found here .

Bonus tracks :)
Practical Malware Analysis: Disabled Malicious Software
Michael Sikorski; year 2012
Link
This book can be viewed as an alternative to the work of Bruce Dang or as a supplement.

Reversing: Secrets of Reverse Engineering
Eldad Eilam; 2005 year
Link
The examples in this book, also released 9 years ago, may seem outdated. But (relative) simplicity of the presentation of the topic for someone will be more valuable than the relevance of platforms and tools.

The Vulnerabilities (Mark Dowd; 2006; reference ).

The World's Most Popular Disassembler (Chris Eagle; 2011; link ).

The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory (Michael Hale Ligh; 2014; link ).

And what books on this topic would you recommend?