Re: Network Security Book Club

Practical Packet Analysis: Not network security per se, but I found this book to be particularly useful for using Wireshark and understanding protocols.

Re: Network Security Book Club

I actually have a copy of that I read through last year. I enjoyed it, and g3k mentioned wanting to read it, so it will likely be on the list. Speaking of, perhaps I should mention the list we are considering.

Starting with:
Hacking, the Art of Exploitation <-- the CTF talk recommended it
The IDA Pro Book <-- Also recommended by the CTF talk.

Future Possibilities:
The Shellcoder's Handbook <-- Recommended by CTF talk, but from reading reviews, most recommend assembly experience before reading.
Practical Packet Analysis <-- Mentioned by g3k as a desire, recommended by thePrez98

I'd like to read at least one forensic analysis book before CTF as well, as I saw that the official CTF had some challenges there, and I find it fascinating.

Odd that the only other one anyone had suggested was the same as the one you recommended. Must be good lol. Thanks!

Mel

Re: Network Security Book Club

I'll just shut up rather than recommend one of mine or a friends book.

Perhaps outside of the top three should be some of Bruce shneiers (sp) works. While you may not agree with him, his booms helped me to 'think secure' and helped understand the process and the goals better.

Hacking exposed comes to mind as well. It's tricky to recommend a limited list as some focus on theory and others on specific tools.

Dammit, now you have me thinking

Re: Network Security Book Club

Counter Hack Reloaded is a great book and one that I keep going back to as a reference.

Re: Network Security Book Club

These are great suggestions --- being a bit of a sec book whore (comes with the job) I'll throw in my 2 cents as well:

Gray Hat Hacking 2nd Ed, this is an AWESOME book if you find "Hacking the Art of Exploitation" a little too much to bite off as an intro book. Actually Gray Hat is a good intro for IDA Pro / Reverse Engineering / Exploitation developement as well. It's got intro chapters on programming (scripting, c, and assembly) reverse engineering w/ IDA, exploitation, Linux, and Windows.

Of course I strongly recommend Hacking the Art of Exploitation, one of the very best books in print today --- it's just that I've seen a lot of students grab the book with excitement only to be lost after the first few chapters.

Re: Network Security Book Club

The thread topic being "Network Security Book Club" - The IDA Pro Book (Chris Eagle's) is a bit of a mismatch. It's an amazing book, but if you don't have a background in assembly it's going to be a bit overwhelming. It's quite advanced.

Definitely a must-read for people on their way to playing CTF and generally getting into that line of work, but if you're looking to brush up on *network* security before you start diving into reverse engineering and binary analysis and so on, you can probably save the IDA Pro book for later. :)

Honestly - way back in a previous life when I was getting my CCNP, the set of highly technical Cisco Press books I read cover to cover and studied 10 hours a day for two months solidified my network protocol knowledge down to the point that I was writing out ethernet frames in binary on whiteboards just to win an argument. It was immensely satisfying and made me a much better security engineer, even though that wasn't the focus of the books. It was just how I chose to use the information I was learning.

If you want to actually get your hands dirty - don't just learn how to break it, learn how to build it. All the intricacies and nuances. It'll make you better at breaking things in new and exciting ways later, and you'll understand the true nature and scope of the issues better than you would otherwise.

IMO.