TOP 5 Latest Cyber Security Books (2017-2019) | Best & Latest Must-Reads For Any Aspiring or Seasoned Hacker
by Marina Vorontsova
Whether you’re looking for a fascinating read for a weekend or educational hacking tutorial to learn from, you’re in the right place, because hereinbelow we’ll look into the TOP 5 Latest Books on Cyber Security, which were published between 2017 and 2019. You’ll find real-life anecdotes from Kevin Mitnick, the most famous hacker of all times, captivating stories about Russian hackers and cyber perpetrators, as well as step-by-step tutorials on hacking the high-profile companies.
The majority of the world’s population has a mixed feeling about hackers. On the one hand, there’s the omnipresent Anonymous, aka Cyber Robin Hood, saving the planet from evil capitalistic governments, on the other hand, there’s a cybercriminal, who exposes people’s personal information and sells it somewhere on the Dark Net. The reality is somewhere in between, however. Ethical hacking (or penetration testing) is when you work on finding weaknesses and vulnerabilities within the information systems and help companies and businesses address those issues in a timely fashion. The books below will help you deepen your knowledge of what ethical hacking is all about. Whether you’re a seasoned professional or a newbie, there’ll be something here for you.
The Hacker’s Playbook: Book 3 (2018) | Peter Kim
Advanced Penetration Testing (2017) | Wil Allsopp
The Art of Invisibility (2017) | Kevin Mitnick
How to Hack Like a GOD (2017) | Sparc FLOW
Unmasking Maskirovka (2019) | Dan Bagge
The Hacker’s Playbook: Book 3 (2018) | Peter Kim
It’s always good to start out with a classic. The Hacker’s Playbook has become a bible for aspiring new hackers and cybersecurity professionals who want to acquire both basic and advanced skills in information security.
There are currently three editions of the book with the latest edition (which we’ll talk about in a moment) published in 2018.
The man behind The Hacker’s Playbook series, Peter Kim, has been running penetration testing for more than 12 years; he worked for big corporations from Fortune 1000 in both entertainment and financial sectors; he’s also a mentor, founder of the largest technical security clubs in Southern California, called LETHAL, and CEO of a boutique penetration testing firm called Secure Planet. These outstanding credentials are more than enough to convince any reader that the author is profoundly knowledgeable about the subject in question. So, without further ado, let’s dive straight into the book.
What’s new in the third book from the series? The book provides an in-depth look into setting up a lab environment to test your attacks, newest tips, and tricks of penetration testing, updated topics from previous books, some of which include Abusing Active Directory and Abusing Kerberos, Lateral Movement Attacks, Newer Web Language Vulnerabilities, PowerShell Attacks, Ransomware Attacks, and Writing Malware and Evading AV. The author also addresses the current trend in the industry that represents a shift from penetration testers to Red Teamers.
Now, before you get confused, let’s briefly define “red teamers:” Red Team’s mission is to emulate the tactics, techniques, and procedures (TTPs) often exploited by adversaries; meaning that instead of methodology (so often praised by penetration testers) Red Teams simulate the real world environment and events. For example, Red Teams almost never run a vulnerability scan against the internal network, because these scans tend to be very loud on the network, and it’s easy for bad guys to get caught, thus what’s the point of performing full vulnerability scans if they are not going to be implemented by the adversaries anyway? Also, Red Teams work for up to 6 months and instead of listing vulnerabilities, gear their findings toward gaps in blue team processes, policies, and tools. Instead of caring for the origins of attacks, Red Teamers learn from TTPs.
For example, Red Teamers often use publicly available reports of attacks and analyze them to prevent further similar breaches. One of the sources mentioned in the book was from @cyb3rops, Florian Roth, who gathered a running list of APT Groups and Operations along with their toolsets. By studying documents such as this, Red Teamers simulate different attacks by building similar tools previously used by perpetrators. Another is MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) matrix, a large collection of different TTPs commonly used in attacks. Red Canary team prepared detailed information on each of these techniques, so you can check it here and here.
The book gets the reader acquainted with the major tools of the security trade, like Metasploit, Cobalt Strike, Powershell, dnscat2, and Nishang, among others. Then the author covers the major steps and tools employed within an environmental monitoring, brushes over important open source resources, and fully plunges into web application exploitation and web attacks. The last parts of the book are dedicated to compromising the network, social engineering, and physical attacks. For the labs in the book, Kim created a full Virtual Machine based on Kali Linux with all the tools installed.
Let’s briefly cover some of the interesting topics from the book, before we skip to the next one.
Cloud scanning. Now, that’s important because more and more companies are switching over to various cloud infrastructures, meaning a lot of new attacks come to light. The main problem here is that many tenants use dynamic IPs: their servers change rapidly and they are not listed in a certain block on the cloud provider. Thus, it’s imperative to figure out where the IP ranges are owned by different providers. For example, for Amazon: http://bit.ly/2vUSjED To make the identification process faster, the author recommends using tools such as Shodan, Censys, or manually parsing SSL Certificates. Some other tools discussed include Discover Scripts, which combines all the recon tools on Kali Linux and is maintained regularly; brute-force subdomains with KNOCK; Sublist3r for search queries, SubBrute with its DNS spider feature that crawls enumerated DNSrecords. To scan different commit histories on GitHub, Kim suggests using Truffle Hog or git-all-secrets. To identify buckets and victim’s AWS infrastructure, Kim advocates for Slurp and Bucket Finder, the latter won’t only find different buckets, but also download the content from those buckets for further analysis. To learn more about AWS vulnerabilities, see: http://flaws.cloud/
Web attacks. In chapters on web attacks, Kim spends a lot of time going through Node.js as it has become super popular for the past couple of years. Moreover, research has shown that more than 53% of npm packages could have been vulnerable because of weak credentials. Thus, Kim argues, it’s imperative to understand how hackers can attack those things. To analyze web applications, Kim uses Wappalyzer, BuiltWith, Retire.JS, and Burp Suite. Kim goes into explaining, simulating, and offering exercises and labs with XSS (Cross-Site Scripting) attacks, including obfuscated XSS payload attacks, BeEF (Browser Exploitation Framework), Blind XSS, DOM Based XSS, and advanced attacks on Node.js.
With a more frequent prevalence of NoSQL databases, like MongoDB, Kim spends a fair amount of time going over vulnerabilities in NoSQL injections. With the proliferation of different frameworks, libraries, and languages, it’s important to understand how all of them work to predict and stop the possible attacks.
In regards to phishing, Kim advocates for looking at some of the automated attacks like Gophish, for Ruby fans something like Phishing Frenzy, and for Python -- King Phisher. These automated tools are great for recording straightforward phishing campaigns. Targeting specific people and knowing more about them certainly takes time, but it yields the greatest results. Hackers try to find leaked emails, programs the company might be using, system upgrades, use open source tools for finding information about specific people. Kim goes through the process of creating malicious Microsoft office files, taking advantage of Windows DDE (Dynamic Data Exchange) protocol, using hidden encrypted payloads with EmbededInHTML and demiguise, as well as exploiting internal Jenkins.
Overall, if you’re looking for a purely practical guide with almost zero theory but a lot of practice, hands-on techniques, labs, recommendations for testing and analytic tools (both free and paid) and a bunch of useful GitHub repositories, then this book is for you.
Previous versions of the book:
Meanwhile, we hop on to the next one.
Advanced Penetration Testing: Hacking the World's Most Secure Networks (2017) | Wil Allsopp
Wil Allsopp was a brilliant security specialist who combined his tremendous expertise and experience in his writing and passed it all along to generations to come. He was engaged in projects and training on four continents and lectured in both Europe and the US, where he was a highly sought expert and security consultant. His last book, Advanced Penetration Testing, is the one we’re going to review in this article.
This book is more than the collection of wisdom by the renowned security specialist, but a full-blown guide that contains crucial techniques to understand your own system’s defense mechanisms. Allsopp goes far beyond Metasploit and Kali Linux and provides a more complex attack simulation that covers social engineering, vulnerability exploits, programming, custom coding examples, use of scanning tools, among others.
The book is broken down into nine chapters dedicated to particular industries, with practical application within each chapter that adds a layer of functionality to solve different problems and apply the results to the environments in the discussion. The book is code-agnostic but assumes you have a solid programming background. Instead of writing a dry technical manual, Allsopp adopts a different approach in structuring this book: each chapter gives a context about a particular industry, new technologies and attacks pertaining to such industries. The industries and environments covered include medical facilities and hospital infrastructure, research universities, financial institutions (such as banks), pharmaceutical companies, police headquarters, classified data networks, the weaponry (guns) and publishing industry, and mobile infrastructure (attacking smartphones and creating hostile code for iOS and Android).
The last chapter is a little different than the rest of the book in that it gives a hypothetical example of intelligence gathering on a nation-state. The target state is North Korea, which makes it even more intriguing considering the secrecy surrounding the hermit state. In the chapter, Allsopp looks at the technologies used by North Korea, namely its custom Linux-based desktop and server operating systems, allocation of its IP addresses, state’s telephone network, a mobile telephone network, approved devices, and Intranet. Allsopp plays around with the North Korean operating system called Red Star (both server and desktop based on Fedora Linux with Korea localizations) to give readers a great deal of insight at both layout and networking technologies used in North Korea. Within the book he promised to make Red Star available for other users to download via torrents from his website, which, unfortunately, I was not able to find, I think Allsopp didn’t have a chance to do so. Later in the chapter, he explores the North Korean Telephone system, its vulnerabilities, and gives an example of how one may “war dial” to automatically dial huge swaths of numbers and record what was found by using VoIP and WarVOX. By the end of the chapter, the author shows how to play around with HTML5 and API, explains how to insert a malware code and an invisible iFrame to a target website.
Overall, the book is an exciting read. If you want to get a glimpse at how hackers attack police HQs, undermine gun industries, intelligence agencies, or simply hack regular banks, then this book is a must-read. Wil Allsopp was breaking things for 20 years for major corporations across the globe and was paid for doing just that. So get yourself a cup of Joe and open the book!
And we continue to get the ball rolling with jumping for the next item on our list.
The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data (2017) | Kevin Mitnick
Everybody’s familiar with Kevin Mitnick, right? I mean he certainly doesn’t need a lengthy introduction except for giving the man high-five respect saying he’s the most famous hacker on the planet who turned good. His pursuit, arrest, and trial received a great deal of media attention and controversy, but, nevertheless, he actually did end up serving five years in prison. Many believe some of the charges against him were heavily fabricated and punishment way excessive, Mitnick himself claimed that he never used any particular hacking software but rather exploited security breaches through social engineering. In any case, thankfully, he’s doing good now, consulting Fortune 500 companies, as well as the FBI, and his prison days are long over. In this article, we’ll cover his last book the Art of Invisibility which mainly deals with privacy issues, the topic that has been recently exposed thanks to Facebook and Cambridge Analytica. However, Mitnick wrote his book before the scandal, alarming people and predicting many things that later ensued after the book’s publication.
Even if you think there’s no need for online privacy unless you’re a terrorist or a criminal, well, then you’re obviously misinformed. But I’m sure that most of the readers here are pretty much on par with everything that relates to security, identity theft, online privacy, and many other relating issues. Because after all, the right to privacy is a fundamental human right (if you’re not convinced, then check the 1948 United Nations Universal Declaration of Human Rights).
Privacy is complex. It’s so complex, Mitnick argues, that you can go to jail because of a lobster. Yep, you’ve read it right. Possession of a small lobster is a federal crime in the United States, and if you ever posted a picture on Facebook with you and a lobster, chances are somebody can use that against you.
Throughout his book, Mitnick explains what’s actually happening with surreptitious data collection and what you can do to protect yourself. He attempts to teach the reader to encrypt and send a secure e-mail, protect themselves with good password management, hide their true IP address, prevent the computer from being tracked, and defend one’s anonymity.
Well, one of the most obvious advice Mitnick gives is having a strong password for everything. If you think that only common people unrelated to security have a weak password, then you might be surprised to learn that some of the top executives at large corporations have passwords like “12345678,” e.g. CEO of Sony Entertainment, Michael Lynton, before he got hacked, used to have a password of “sonyml3.” Now the good password won’t necessarily save you from an attack, because there's a great deal of sophisticated password-cracking tools out there, like oclHashcat, but it will wear out an attacker and he might just as well move on to the next target. Since the best passwords are rarely human-readable, it’s best to have a password manager, like Password Safe and KeePass, and of course, opt for 2FA (two-factor authentication) on all sites, where it’s available.
To make it harder for someone else to read your emails, Mitnick strongly advocates using end-to-end encryption, so that your message stays unreadable until it reaches its intended recipient, and only you and your receiver have the necessary keys to decode the message, as opposed to telecommunication career, website owner, or an app developer. One of the tools suggested by Mitnick is a PGP plug-in for the Chrome and Firefox Internet browsers, namely Mailvelope.
To mask your IP address, the author suggests using a service known as an anonymous remailer, which simply changes the e-mail address of the sender before sending the message, in particular, its best to use Type III emailers that allow for two-way communication, like Mixminion. Otherwise, you can use the onion router (Tor), which was used by Snowden and Poitras back in the day (Orbot for Android and Onion Browser for iOS). The downside of Tor, though, is that it’s slow and there’s no control over exit nodes, which might be still controlled by the government.
Among other advice are using a burner phone (although these are not completely anonymous too), for the truly paranoid - landline phones that are able to encrypt all your voice conversations over copper wires, or otherwise SDES-encrypted VoIP (with a vendor using SSL/TLS), or Signal (a free application from Open Whisper Systems) that uses end-to-end encryption and perfect forward secrecy (PFS). Also, Mitnick advises configuring “Secret Conversations” while using any messaging app, however, even that won’t work 100%, or looking for apps that use off-the-record messaging, or OTR, and ideally PFS. Among apps that use both OTR and PFS are ChatSecure, Signal, and Cryptocat.
For unbiased search results, try using DuckDuckGo instead, because it doesn’t track your previous searches, thus doesn’t manipulate the output data. Use Virtual Machine to disable others from seeing your search history, or various built-in plug-ins that will give you control over which trackers you want to allow on a page (like Ghostery). Mitnick also discourages the use of the Internet of Things devices, like talking thermostats and TVs, or if used, set them to “voice recognition-off”.
Before we move on to the next book, it’s interesting to note that Mitnick advises to destroy your key cards from hotels and never give them in when you check out, because these cards contain crucial information about your stay, your credit card, and home address. The problem with these cards is that the data gets overwritten only when another person checks in to the same room, until then - your information is still stored on that card.
Overall, that was a great read. Mitnick provides colorful examples either from the criminal or journalism history, with sometimes happy outcomes, and sometimes not. If you’re an investigative reporter, this book is a must-read.
How to Hack Like a GOD: Master the secrets of hacking through real life scenarios (Hacking the planet Book 2) Kindle Edition (2017) | Sparc FLOW
Sparc FLOW is a computer security specialist, who specializes in ethical hacking and who’s presented his research at major cybersecurity conferences like Black Hat, DEF CON, Hack In The Box. He’s also a prolific writer, who has published over five books over the few years. His book, How to Hack Like a God, is what we’re covering here. In this book, Sparc flies over concepts and systems like Kerberos, Citrix, and Mainframes, as well as provides the name of every tool and script he uses.
For the book, Sparc makes up a hypothetical example of a luxury fashion brand (GibsonBird), which he wants to attack and guides the reader through his thinking and planning for an attack, as well as the attack itself.
The idea he primarily chooses is to plant a small hardware backdoor in one of GibsonBird’s many shops. This implant connects to Sparc’s computer and gives him access to the local network. While saying Sparc’s computer, what is actually implied is a private server rented with Bitcoin and which hosts Kali Linux distribution. To make it completely anonymous Sparc relies on the VPN service provider and public Wi-Fi. For the local computer, he chooses a volatile operating system that only lives in memory while the USB key is plugged-in.
The hardware for implanting is Rasberry PI Zero, barebones circuit board that has the essential parts to run a mini computer. He configures the devices to build a fully functional backdoor, all of which he describes in greatest detail. After setting it all up, he looks for an open RJ45 port in one of GibsonBird’s stores in a mall (because these, he argues, are the easiest targets). He then accesses an Ethernet port, which according to the description in the book sounds like a lot of fun, and implants his PI. Now, he’s ready to begin his “work of art” operation.
He uses the classic ARP spoofing technique to trick the devices into using PI as a gateway instead of legitimate routers. If that doesn’t work for you, then he suggests using NetBIOS poisoning attack with the Responder tool. To be completely sure nothing can deter the attacker from doing its job, Sparc looks for Intrusion Detection System by scanning for the most common open ports on each machine (using nmap).
The beauty of Internet of Things, Sparc says, is that most of the devices are configured with the default passwords provided in the manual, thus he quickly gets access to cameras within the store.
When he gets an authentication request from the manager’s computer, he uses John the Ripper to crack the password and break into it.
To remotely execute commands on a Windows machine, Sparc says that he needs at least one of the following network conditions: RDP - port 3389 open on the machine, RPC port 135 and 49152-65535, Remote PowerShell (WinRM) ports 5985-5986. By performing the nmap scan, he quickly finds port 135 to be open.
He executes an Empire (PowerShell Network) script on the manager’s computer using wmiexec tool. He then discovers that a manager uses Citrix technology to run applications on distant servers, opens an Internet Explorer on the machine with the help of (guess what?) a Calculator app, and gets to system files. By exploiting Gentilkiwi by Mimikatz, he gets credentials of the hundreds of users on Citrix, in particular, domain admin account. But apparently, it’s not enough, and Sparc continues his exploration of the forests and goes through some other privilege escalation tricks. Along the way he argues that pentesters often overlook Mainframe, instead, going for emails and Domain Controllers, whereas the real data is actually on Datasets in a Mainframe with oftentimes poor security audit reviews.
During his “promenade” inside the luxury fashion brand’s information system, he manages to amass a vast amount of data: gigabytes of sales, employees’ salaries, credit card details, and other random stuff. That amassed data, though, is pretty much useless, unless you can transfer it to a secure location, where you can further break it down and work with it. While exfiltrating data, Sparc urges to pay close attention to the content of those transferable data: if a fashion brand happens to be expecting egress traffic and we, by chance, transfer the word doc with sensitive keywords, it will raise all sorts of alarms. To avoid this, he says it’s best to zip every doc and transform it into a meaningless text. So, Sparc zips the data with the Empire module and encodes it using certutil -encode to convert the zip doc to a text file. He, then, registers a dedicated server with Amazon, gets a legitimate domain and puts data on it. Bingo!
The book not only takes you on a step-by-step journey through hacking into a fashion brand, but provides valuable tips, hacking insights, and all possible scripts that might get in handy once you’re working with something like this. Overall, this is a fantastic read for any hacker or pentester out there, willing to learn more about how hackers actually think and what scripts, programs, the software they use to break into information systems.
Another earlier read from the author:
- How to Hack Like a PORNSTAR: A step by step process for breaking into a BANK (Hacking the planet Book 1) (2017)
Unmasking Maskirovka: Russia's Cyber Influence Operations (2019) | Dan Bagge
This is the last book on the list, it’s also the newest. In fact, it just came out in February last month, so there’s a great chance you have not yet heard of it. But it’s a great read in case you’re interested in Russian hackers, who have been making it to top headlines for the last few years. The reason everyone got so concerned with Russian hackers working for the government, is, of course, their active participation in a manipulation of the electoral processes in the United States, which Russian government, unsurprisingly, strongly denies. Apart from being super political, this book can still be handy for anyone who wants to learn how Russians think and what drives Russian information warfare. The foreword of the book outlines the possible target audience, who might be interested in reading the book, among those are policymakers and strategists, as well as anyone else who works with information in cyber realms.
Dan Bagge, Czech cyber defense expert, guides a reader through Russia’s political and military objectives and offers thoughtful and potentially effective counter-measures. He argues, that for measures to be truly effective, one needs to know their enemy. Thus, he provides a list of strategic doctrinal and military documents, breaks them down in chunks, and explains what is implied by every statement he highlights from those docs. He says, that Russian hybrid approach, built around the concept of reflexive control, knows no distinction between peacetime and war: all policies are a continuation of the previous agenda. However, Bagge argues that one may fall victim to those campaigns by trying to mimic them, conversely, he suggests refusing the temptation to copy Russian tactics, which would inevitably lead to undermining western liberal values. The book provides the analytical framework of the information warfare and a practical manual on how to cope with such threats; it strives to educate and gives advice on building resilience against Russian scaremongering tactics.
Bagge says that cyber literacy is not something solely dedicated to computer geeks, but is essential for anyone who wants to contribute to national security. Previous considerations of cybersecurity as the purely technical matter has led to the unintended consequences of underestimating the importance and strength of cyber warfare capabilities. It’s not enough to master the technical information, one should strive to combine the technical world with policy and real-world events to understand how to combat such threats.
Russians have been able to target well-established societal functions, like commercial advertising, elections, political contests, democratic foundations, and even individual perceptions, through things like fabrication, manipulation, and military deception. The difference between the three is that while fabrication is providing purely false information, manipulation is using truthful information but distorting it to one’s own benefits; military deception is, however, more clandestine, and can further be divided into active and passive. Passive deception is hiding intentions, military readiness, capabilities from opposing forces. Active deception creates false assumptions or something that is not even in existence. For example, the preparation of a hostile act and not carrying it out repeatedly provides a false sense of security for an adversary, the tactic also known as “familiarity breeds contempt.”
The author claims that Russian academics and military experts perceive cyber warfare as a combination of technology and information-psychology, like a holistic concept. The reason Russians engage in such psychologically clandestine operations is that they do not possess the advanced military technology, even if they claim otherwise. The subversion of adversary's national infrastructure without reaching the threshold of armed conflict provides for limitless possibilities and requires less dollar-investment.
The primary instrument of cybernetics is reflexive control, i.e. modeling decision-making systems and disrupting them, or influencing the adversary in such a way that they make decisions favorable for the deceiver. There are four prerequisites for reflexive control: manipulation of sensory awareness, hiding true intentions from the opponent, influence the opponent’s information resources, and a combination of tampering with data processors and sensory awareness.
Now, if that sounds complicated, then probably because it is. For example, consider the Soviet military school of thought. In order to influence the objectives of is opponents, the school offered to provide the adversary with such amount of ambiguity and uncertainty about the Soviet goals, that the adversary was unable to define any aim whatsoever.
The documents, that the author spends time analyzing, are Military Doctrine of the Russian Federation from 2010 and 2015, Conceptual Views Regarding the Activities of the Armed Forces of the Russian Federation from 2010, and The Value of Science in the Foresight from 2013.
These documents clearly outlined the setting up of counter-propaganda aimed at preventing negative consequences of the spread of disinformation about Russian policy. And in fact, as we can clearly see, the counter propaganda engine is fulfilled with the establishment of Sputnik and Russia Today. RT (despite being founded to battle disinformation) is involved in spreading disinformation itself, although favorable for Russians. Also, there’s a great deal of “preserving traditional morals and spiritual values of Russians,” however, none of those values and morals are clearly defined in any of those documents.
In the chapter on cyber-related examples, the author provides the following instances from the recent past. First, diverting the increasing Western interest in Russian military actions in Ukraine by conducting a cyber attack on the French Television network TV5Monde under the disguise of Cybercaliphate, which later proved to be false and used as a distraction mechanism by the proxy group APT28, aka Fancy Bear. Second, CyberBerkut performing DoS attacks on the cell phones of Verkhovna Rada and more than 500 hundred web-based information sources, back in 2014. Third, Russia Today publishing article presenting false accusations that the NATO Cooperative Cyber Defense Center of Excellence in Tallinn was involved in the establishment of Mirotvorce webpage. There are many other instances of planting false information and fake news throughout the book, which are outside of the scope of this article. So, I encourage everyone, to buy the book and see for themselves. Some pretty captivating read, and at times a true eye-opener. One of this horrifying, and yet, nevertheless, interesting attacks that the author descibes is Russian hacking of Ukranian billboards to show provocative content, depict Ukrainian political leaders as anti-Russian, display mass graves, and use it as propaganda.
In any case, although, being political, the book is still worth reading in the era of fake news, attacks on privacy, and false accusations. Bagge says it’s important to educate people to discern false information from true, have a strong nervous system, and be able to think and respond quickly relying on solid logical conclusions. It’s also important to disseminate positive narratives contrary to the negative content of the opponent.
We truly hope you’ve bookmarked or wish-listed any of those five books that we’ve covered above. And if so, enjoy reading and never stop learning. If you liked the review, please, give it a thumbs-up and share the article with others.
About the author
Marina Vorontsova is a copywriter from Soshace.com. Soshace is a hiring platform for web developers: hire a developer or apply for a remote job.