Book Thread - What's-a-reading?

Kedislav · November 15, 2022, 2:21pm

Hey! I was digging around and found the latest book thread was back in '16, so I took it upon myself to make a new one. I personally am an avid reader and I think sharing interesting reads is important for both motivation and learning.

To keep this organized:
Be sure to tag the books you recommend so we can all benefit from the replies, tags are as follows;

(General) - for works that impart more generalized knowledge, or don’t fall into any one category.
(Fiction) - for works depicting fictional stories about hacking, programming or related.
(Real/Doc) - for books about real hacking, cybercrime cases and/or investigations into the hacking world.
(Philosophy) - for books that delve into the philosophic side of hacking, like ethics and related.
(Techspeak) - for technical works that are more guides to follow than leisure reading.
(Paper) - for highly technical academic papers on topics related.

Ideally link your books to a place people can get them, even more ideal if you include identifiers in your description (like the ISBN). For papers, extra points if you include a DOI, but any link where we can read it will do (reminder that papers behind paywalls only benefit the publisher, not the author, and actively hurt scientific learning).

If there are tags missing or some categories are weirdly/badly defined, please suggest them to me through DM so I can edit the post and add/edit them.

For my recommendations I have a few;

(Fiction) Attack/Surface by Cory Doctorow | ISBN-13 9781250757517

It is the third book of a series called “Little Brother”, but I didn’t read the first two and I still found it incredibly interesting, as well as realistic. The book follows Masha as she falls into this dichotomy of both working for the bad guys while helping the good guys evade them. As you could imagine, it is an unsustainable dilemma. One thing I like most is that Pavel Anni took the time to write the Mashapedia (n.a), a chapter-by-chapter breakdown of the real world technologies depicted in the book, making it a great introduction to the tech we use and the jargon we speak for people looking to start in the world of hacking and IT.

(Real/Doc) This is How They Tell Me the World Ends: The Cyberweapons Arms Race by Nicole Perlroth | ISBN-13 9781635576054

Truly fantastic investigative journalism into the cryptic world of cyberweapons and the 0-day market. It really puts into perspective how much power hackers wield in this highly connected world, and it proposes the problem of the “IoT wave” and how hackers, if said wave is completed, can weaponize it. The book was published before Russia’s aggressive invasion started, and it really helps put the conflict into perspective, as Perlroth dives into how cyber-aggression had escalated years prior. Very interesting book.

(General) The Jargon File by Eric S. Raymond

This is a file more than it is a book, mainly because it has many versions throughout the years. For the uninitiated, the Jargon file is a glossary of slang and terms different programmer and hacking subcultures use. You could find it in book form, but do not be careless; those might be old versions. I do not think of this as necessary reading, more like for-fun reading. It clarifies terminology as well as give insight into what and how hackers have been interacting with each other throughout the years and as technology evolves.

(Philosophy) Coding Democracy: How Hackers are Disrupting Power, Surveillance, and Authoritarianism by Maureen Webb | ISBN-13 9780262043557

I think the title describes it well enough that my words are a bit unnecessary, but a quick review doesn’t hurt anybody. This book is an in-depth analysis of how hacker culture has allowed democracy to move forward smoothly.

(Techspeak / Philosophy) The Art of Unix Programming by Eric S. Raymond | ISBN-13 9780131429017

Maybe you’ll say “Ked, recommending Raymond again?” and I’d respond “Exactly”. The Art of Unix Programming is an great book, as it details the Unix philosophy and its evolution to where it is today, as well as Unix and Unix-based OS’s. It is a great read, very long and arduous, but there is much to gain from reading a book like this. Again, not necessary reading, but good to have under the belt.

Those are my recommendations (for now), Papers and other academic material am still reading so didn’t note them down. Am curious to read what you recommend!

Note: I know there is the awesome lists on github with books for hackers, but I believe there is much to be gained from asking people directly and seeing what they’re reading.

LambdaCalculus · November 16, 2022, 9:43am

I personally am an avid reader and I think sharing interesting reads is important for both motivation and learning.

Same. I think that the major difference between yourself and myself is that I struggle to read fictional novels and (auto)biographies. I like fiction books, it’s just that my silly brain doesn’t lol (the exception is graphic novels and TV shows ).

Also, the format that you presented your books and paper is very similar to an annotated bibliography. I made one for a philosophy of ethics class back in community college (you may read it here if you wish). My head’s a bit frazzled atm, so will just list some papers and books that I have either read, currently reading, or will read in the future.

but any link where we can read it will do (reminder that papers behind paywalls only benefit the publisher, not the author, and actively hurt scientific learning).

Pro Tip: for any of y’all who don’t feel like enriching the over-bloated administrative staff at publishers, check out Sci-Hub or libgen for getting past them paywalls

Now let’s get on to the good stuff…

Annotated bibliography

General: Gallagher, S. (2013). A beginner’s guide to building botnets—with little assembly required. Ars Technica. Retrieved on Nov. 16, 2022 from: https://arstechnica.com/information-technology/2013/04/a-beginners-guide-to-building-botnets-with-little-assembly-required/

This is one of Ars Technica’s classic articles that (in my silly opinion) helped to mainstream botnet building to more would-be crackers and vandals. It discusses rudimentary stuff, but still worth a read imo.

General: Ars Staff (2011). Anonymous speaks: the inside story of the HBGary hack. Ars Technica. Retrieved on Nov. 16, 2022 from: https://arstechnica.com/tech-policy/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack/

I know that this may be a bit of an overrated event that happened in the hacker world, but the hacking of HBGary and the quasi-mainstreaming of the term “AntiSec” (keep in mind—not necessarily its original meaning, just the term) to the public. The idea that the Anonymous group could do more than just troll “lolcows” and impact politics was something revolutionary relative to the history of modern politics. To really make that point, the article discusses how relatively simple hacks like SQL Injection and credential stuffing was used to take down a government-grade cybersecurity contractor. That, in my opinion, is something that makes this article a classic imo (and why I can’t stop reading it from time-to-time lol).

Philosophy: Foy, J. J. (2011). SpongeBob SquarePants and Philosophy: Soaking Up Secrets Under the Sea! (Popular Culture and Philosophy, 60). Open Court. ISBN-13: 978-0812697308.

Spongebob is, hands down, one of the most important cultural phenomena in hackerdom and the internets. For any of you who may doubt me, I welcome you to watch the “EmpLemon” (2018) super special demonstrating how Spongebob is the greatest TV show ever made (on Nickelodeon) and how it contributes to internet (and hence hacker) culture. The book explores various philosophical themes such as anti-capitalism, liberal feminism, and sympathy for the villain.

Philosophy: Noble, S. U. (2018). Algorithms of Oppression: How Search Engines Reinforce Racism. NYU Press. ISBN: 9781479837243.

I haven’t read this book yet (but am meaning to when I get enough critical race theory under my belt ). Like the title suggests, it shows how algorithms can be abused to reinforce prejudice and stereotypes (like racism).

Philosophy: Taleb, N. N. (2010). The Black Swan: Second Edition: The Impact of the Highly Improbable: With a new section: “On Robustness and Fragility”. Random House Publishing Group.

This is more of a general philosophy book that discusses the limits of scientific epistemology and how academic elites destroyed the American economy (on many occasions). The author says some silly things (like how autistic persons lack a theory of mind and their overemphasis of non-mainstream economists like F. A. Hayek and Ludvig von Mises). It’s a good book for critical thinking. But as with any book, approach it with a healthy heaping of scepticism

Techspeak: Cybersecurity and Applied Mathematics. (2016). Elsevier. https://doi.org/10.1016/c2015-0-01807-x

This is a reference book for quantitative methods that can be applied to cybersecurity research. Topics include metrics, set algebra, probability, graph theory, game theory, linear algebra and string analysis (and more).

Techspeak: Erickson, J. (2008). Hacking: The Art of Exploitation [Second Edition]. No Starch Press. ISBN-13: 9781593271442.

No list of hacker literature would be complete without referencing this great tome. It may be from a “bygone era,” but it could not be more relevant today. Topics include programming in C and assembly, exploitation, shellcoding, network hacking, evading security measures and cryptanalysis. It teaches these ideas from scratch!

Techspeak: Graham, D. G. (2021). Ethical Hacking: A Hands-on Introduction to Breaking In. No Starch Press. ISBN: 978-1-7185-0187-4.

This is a pretty hardcore book that discusses penetration testing at a more advanced level. It discusses zero-day discovery with SMT solvers and theorem provers, writing a Linux Kernel Module rootkit from scratch, and even social engineering with deepfakes!

Techspeak: Hickey, M. & Arcuri, J (2020). Hands on Hacking: Become an Expert at Next Gen Penetration Testing and Purple Teaming. John Wiley & Sons. ISBN: 978-1-119-56145-3.

Do note that I am a tad biased here since I am casual friends with the authors, but this is a pretty good introduction to penetration testing for super-n00bs like myself lol. It discusses penetration testing methodology and has lots of fun exercises to keep the reader’s mind stimulated!

Techspeak: Jones, R. (2005). Internet Forensics. O’Reilly Publishing. ISBN: 0-596-10006-X

This is a pretty damn good book on digital archeology and computer network forensics imo. Its section on archiving websites is super fire

Techspeak: “Spark Flow” (2020). How to Hack Like a Ghost: Breaching the Cloud. No Starch Press. ISBN-13: 978-1-7185-0126-3.

This book stands out amongst the other “techspeak” books in the sense that it’s more of a narrative of the author hacking into a fictional political consulting company and introduces technical notions along the way. It’s a fun read if you’ve got the basic red teaming stuff down and are ready to simulate hacking a real organisation.

Honestly, I’ve got more books on my proverbial plate (I’ll probably die of old age before I can read them all lol).

c0z · November 16, 2022, 10:39am

Honestly you should make this a #wiki

Also here are other threads on 0x00sec that list books as well, for reference.

Kedislav · November 16, 2022, 7:02pm

I did think of making it a wiki, but decided against it since it was more of “hey here are some recommendations, what do you recommend I read or what are you reading that you find interesting?” instead of a “here is a compendium of useful resources”. I’ll be more careful in the future. Thank you for linking the other book threads, seems I was very wrong about them being in '16.

Also, are those your personal bookshelves? Interesting reads there. I remember seeing the Linux Firewalls (ISBN-13 9781593271411) in my university library, but since I dropped out my access has been revoked. Thanks for reminding me of its existence lol, imma download it again.

c0z · November 19, 2022, 2:54pm

I still have some books that I left back in the states but that’s most of them. Linux firewalls was eh

Raul_Garcia · December 21, 2022, 2:07am

Currently reading (Real/Doc) Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency by Andy Greenberg. 35% in, so far, so good.

I previously read (Real/Doc) Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers by the same author and I like it, that is why I gave this one a chance.

On similar topics, but more hands-on instead of just journalism, I also liked these two books a lot:

(Real/Doc) (Techspeak) Hunting Cyber Criminals: A Hacker’s Guide to Online Intelligence Gathering Tools and Techniques by Vinny Troia.
(Techspeak) Hands-On Red Team Tactics: A practical guide to mastering Red Team operations by Singh, Harpreet

If you prefer some cyberpunk fiction instead, check out (Fiction) Trouble and Her Friends by Melissa Scott. It’s not at the same level of Neuromancer or Snowcrash, but its an entertaining read.

Kedislav · December 26, 2022, 10:02pm

Greenberg is an amazing author. Have only read a couple chapters of the Sandworm book and it’s incredible. Thanks for sharing

BillGatesSux · March 13, 2023, 1:01am

I have been a religous collector for a while I started around 19:04 and could not put them down. Still buying today!

system · March 17, 2023, 6:22am

This topic was automatically closed after 121 days. New replies are no longer allowed.