This is a curated list of our favorite cybersecurity books, software tools we use, purpose-built pentesting hardware, files referenced in our presentations, and cybersecurity pages we like. Selections are our own. No compensation has been received from any individual or company.
In Spam Nation, investigative journalist and cybersecurity expert Brian Krebs unmasks the criminal masterminds driving some of the biggest spam and hacker operations targeting Americans and their bank accounts. Tracing the rise, fall, and alarming resurrection of the digital mafia behind the two largest spam pharmacies-and countless viruses, phishing, and spyware attacks-he delivers the first definitive narrative of the global spam problem and its threat to consumers everywhere.
In 2011, a twenty-six-year-old libertarian programmer named Ross Ulbricht launched the ultimate free market: the Silk Road, a clandestine Web site hosted on the Dark Web where anyone could trade anything—drugs, hacking software, forged passports, counterfeit cash, poisons—free of the government’s watchful eye.
The first true account of computer espionage tells of a year-long single-handed hunt for a computer thief who sold information from American computer files to Soviet intelligence agents
Former hacker Kevin Poulsen has, over the past decade, built a reputation as one of the top investigative reporters on the cybercrime beat. In Kingpin, he pours his unmatched access and expertise into book form for the first time, delivering a gripping cat-and-mouse narrative—and an unprecedented view into the twenty-first century’s signature form of organized crime.
Kevin Mitnick was the most elusive computer break-in artist in history. He accessed computers and networks at the world's biggest companies--and no matter how fast the authorities were, Mitnick was faster, sprinting through phone switches, computer systems, and cellular networks. As the FBI's net finally began to tighten, Mitnick went on the run, engaging in an increasingly sophisticated game of hide-and-seek that escalated through false identities, a host of cities, and plenty of close shaves, to an ultimate showdown with the Feds, who would stop at nothing to bring him down.
Just as a professional athlete doesn’t show up without a solid game plan, ethical hackers, IT professionals, and security researchers should not be unprepared, either. The Hacker Playbook provides them their own game plans. Written by a longtime security professional and CEO of Secure Planet, LLC, this step-by-step guide to the “game” of penetration hacking features hands-on examples and helpful advice from the top of the field.
This second version of The Hacker Playbook takes all the best "plays" from the original book and incorporates the latest attacks, tools, and lessons learned. Double the content compared to its predecessor, this guide further outlines building a lab, walks through test cases for attacks, and provides more customized code.
The Hacker Playbook 3 (THP3) will take your offensive hacking skills, thought processes, and attack paths to the next level. This book focuses on real-world campaigns and attacks, exposing you to different initial entry points, exploitation, custom malware, persistence, and lateral movement--all without getting caught! This heavily lab-based book will include multiple Virtual Machines, testing environments, and custom THP tools.
Phishing Dark Waters addresses the growing and continuing scourge of phishing emails, and provides actionable defensive techniques and tools to help you steer clear of malicious emails. Phishing is analyzed from the viewpoint of human decision-making and the impact of deliberate influence and manipulation on the recipient. With expert guidance, this book provides insight into the financial, corporate espionage, nation state, and identity theft goals of the attackers, and teaches you how to spot a spoofed e-mail or cloned website.
Social Engineering: The Science of Human Hacking reveals the craftier side of the hacker’s repertoire—why hack into something when you could just ask for access? Undetectable by firewalls and antivirus software, social engineering relies on human fault to gain access to sensitive spaces; in this book, renowned expert Christopher Hadnagy explains the most commonly-used techniques that fool even the most robust security personnel, and shows you how these techniques have been used in the past.
Cult of the Dead Cow is the tale of the oldest, most respected, and most famous American hacking group of all time. Though until now it has remained mostly anonymous, its members invented the concept of hacktivism, released the top tool for testing password security, and created what was for years the best technique for controlling computers from afar, forcing giant companies to work harder to protect customers. They contributed to the development of Tor, the most important privacy tool on the net, and helped build cyberweapons that advanced US security without injuring anyone.
The Complete Guide to Shodan is the official book written by the founder that explains the ins and outs of the search engine. Readers will be introduced to the variety of websites that are available to access the data, how to automate common tasks using the command-line and create custom solutions using the developer API.
Since 2005, Hak5 has developed the most recognized devices in pentesting. They aspire to elevate the InfoSec industry by educating, equipping and encouraging an all-inclusive community – where all hackers belong.
HackerWarehouse.com strives to be your one-stop shop for all your computer security needs from defense to offense. They understand the importance of tools and gear which is why they carry only the highest quality gear from the best brands in the industry.
Annual list of the world’s hottest pure-play cybersecurity companies.
Cybercrime Magazine publishes our annual and quarterly reports covering global cybercrime, cyberwarfare, hacks and data breaches, cybersecurity market forecasts and spending predictions, publicly traded cybersecurity companies and stock performance, M&A and VC funding activity, cyber defense employment, and more.
MITRE ATT&CK™ is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
The Center for Internet Security (CIS) publishes the CIS Critical Security Controls (CSC) to help organizations better defend against known attacks by distilling key security concepts into actionable controls to achieve greater overall cybersecurity defense.
In the 1950s and 1960s the National Security Agency (NSA) cranked out beautiful and captivating posters to remind Americans that keeping secrets was important. These declassified posters were unearthed by Government Attic, via its use of the Freedom of Information Act. Funded by the taxpayer, these vintage NSA security posters from the 1950s and 1960s are in the public domain.
Null Byte is a white hat hacker world for anyone interested in hacking, science, networking, social engineering, security, pen-testing, getting root, zero days, etc.
Daniel Miessler is a recognized cybersecurity expert and writer with 20 years in Information Security. His experience ranges from technical assessment and implementation, to executive level advisory services consulting, to building and running industry-leading security programs.
His 20 years of experience in security ranges from the vibrant startup ecosystem in his birthplace of Silicon Valley, to working with many of the top 100 worldwide companies. He frequently gives talks and participates in panels around the world, and his work and commentary have been featured in dozens of the world’s leading publications.
Peerlyst is building a community where information security pros can team up for a better future—for themselves and their enterprises. Home base for security leaders, Peerlyst is where you go to find knowledge and learn from experts, as well as to build your own professional reputation by sharing what you know.
Whether you want to spread news, ask a question, create a resource, or share expertise and product insights, Peerlyst gives you an audience of more than half a million security professionals.
Files we mention or reference in our presentations.