Recommended Reading. This page lists books that I have found to be highly relevant and useful for learning topics within computer security, digital forensics, incident response, malware analysis, and reverse engineering.
These books range from introductory texts to advanced research works. While some of these books may seem dated, the information contained is still very useful to people learning today, and much of the information is essential to becoming proficient in the information security realm. Please note that, in order to avoid ranking individual books, each category is listed in alphabetical order and each book is listed in alphabetical order within its category.
If you notice any errors with this page or have books that you think should be listed then please contact me. I will only list books that I have personally read and for which I am willing to vouch. Application Security - Native Application Security - Web Cryptography Database Forensics Digital Forensics and Incident Response Linux Usage Networking. How Apple and Amazon Security Flaws Led to My Epic Hacking. In the space of one hour, my entire digital life was destroyed.
First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook. In many ways, this was all my fault. My accounts were daisy-chained together. Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location.
Those security lapses are my fault, and I deeply, deeply regret them. But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. This isn’t just my problem. I realized something was wrong at about 5 p.m. on Friday. Lulz. “Wait. “Mr. Deep Inside a DNS Amplification DDoS Attack. A few weeks ago I wrote about DNS Amplification Attacks.
These attacks are some of the largest, as measured by the number of Gigabits per second (Gbps), that we see directed toward our network. For the last three weeks, one persistent attacker has been sending at least 20Gbps twenty-four hours a day as an attack against one of our customers. That size of an attack is enough to cripple even a large web host. For CloudFlare, the nature of our network means that the attack, which gets diluted across all of our global data centers, doesn't cause us harm. Even from a cost perspective, the attack doesn't end up adding to our bandwidth bill because of the way in which we're charged for wholesale bandwidth. We buy a lot of bandwidth and we pay for the higher of our ingress (in-bound) or egress (out-bound) averaged over a month. Given that the latest attack wasn't impacting us or any of our customers, we decided to let it run for a while and see what we could learn. Amplification Attacks. Is your Twitter password secure?