Get best of the week

A selection of books on cybersecurity: how to conduct a pentest and what to oppose social engineering

Books from the list came out in 2018–2019. They are recommended on Hacker News and Reddit. Under the cut - stories about the intricacies of hackers, reflections of the president of Microsoft about the prospects and risks in IT, as well as tips for testing with a specialist who worked with DARPA, NSA and DIA.


Photos - Kaur Kristjan - Unsplash


Tools and Weapons: The Promise and the Peril of the Digital Age

The author of the book is Brad Smith, legal adviser and president of Microsoft. He talks about the prospects and dangers of information technology: from social networks to artificial intelligence systems. In a way, Tools and Weapons can be called Microsoft memoirs. The author opens the door to the corporation’s internal kitchen, talking about methods of dealing with major cyber attacks and the decisions made in this regard. For example, it will be about how the company released a patch against the WannaCry virus for the long-unsupported Windows XP.


The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber ​​Threats

“The Fifth Domain” was written by Richard Clarke, an information security expert. He has been coordinating the fight against terrorism for over thirty years. Robert Knake, who was responsible for cyber security at the White House from 2011 to 2015, acted as a co-author. Today they work as information security consultants for Fortune 500 firms.

Richard and Robert's work is about battles taking place in the “fifth domain,” as the Pentagon calls cyberspace. Under the cover are the stories of companies that have undergone hacker attacks and successfully repelled them. In this vein, the authors touch on the topic of cyber defense tactics: from code obfuscation to sharding and network segmentation.

Those who like “The Fifth Domain”, it makes sense to pay attention to another work of the same authors - “ Cyber ​​War», Which became the best seller according to The New York Times. Compared to the first, it is written in a more popular language.


Social Engineering: The Science of Human Hacking

Attacks based on social engineering methods are some of the most dangerous. They cannot be blocked by a firewall and detected by an antivirus. Christopher Hadnagy, an information security consultant and host of the social-engineer.org podcast , talks about the most effective hacker tricks and the underlying psychology. The text contains many real stories and references to scientific research. Some readers noted that Social Engineering also helped them develop social communication skills.


Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World

This book hit the Palo Alto Networks cyber security literature hall of fame ”. Its author is a Pentester with 20 years of experience, Marcus Carey, who has worked with NSA , DARPA and DIA .

Marcus compiled a list of 14 questions - about information technology, as well as work processes and personal qualities of hackers. He asked seventy information security specialists. The answers received vary widely: from brief and sarcastic, to detailed and thoughtful. But the information in this book helps to understand the "white hackers" and immerse themselves in their routine.



Photos - David Rangel - Unsplash


Click Here to Kill Everybody: Security and Survival in a Hyper-connected World

In 2025, the number of IoT devices in the world will exceed 75 billion. Such a number of gadgets opens up new opportunities for attackers. They can turn off the security system at home and open electronic locks. Hackers are even able to take control of the car. For example, back in 2015, two US information security experts managed to crack a Jeep Cherokee and steer it into a ditch. In 2017, engineers from Trend Micro exploited a vulnerability in the vehicle’s CAN bus and disabled airbags.

These and other dangers lurking in the world of the Internet of things are described in Click Here to Kill Everybody. It was written by Bruce Schneier (Bruce Schneier) - a member of the board of directors of the Electronic Frontiers Fund (EFF) and author of the blog Schneier on Security, which reads more than 250 thousand people.


The Hacker Playbook 3: Practical Guide to Penetration Testing

This is a guide for pentesters. It is a sequel to The Hacker Playbook and The Hacker Playbook 2 by Peter Kim. The author in the original manner tells about all the stages of penetration testing: from setting up a computer to compiling a report on detected vulnerabilities.

Kim introduces the reader to the main distributions and utilities for pentests: Nmap, Nessus, Metasploit and Exploit-DB. It also examines antivirus bypass mechanisms and hash cracking programs. Many points in the book are described briefly, but in the text there is always a link to thematic material on the network, where you can get detailed information on the issue of interest.


Digital Resilience: Is Your Company Ready for the Next Cyber ​​Threat?

This is a practical guide for companies about protecting against cyber attacks. It was composed by Ray Rothrock, the head of the RedSeal agency, which assesses the information security of corporate networks. The author tells the stories of organizations that recovered from a major hack (and those who failed to do this). As one example, he cites a credit card leak of 40 million Target chain store customers.

We at 1cloud.ru offer the SSL Certificate service . If you need to confirm the domain owner, protect the transferred data or copyright to the software.
Before buying an SSL certificate , we recommend that you find out which file format is suitable for your web server. Our experts are ready to help and answer questions.

More articles:


All Articles