(ISC)² Lending Library
BTFM: Blue Team Field Manual (White, Alan and Clark, Ben)
Blue Team Field Manual (BTFM) is a Cyber Security Incident Response Guide that aligns with the NIST Cybersecurity Framework consisting of the five core functions of Identify, Protect, Detect, Respond, and Recover by providing the tactical steps to follow and commands to use when preparing for, working through and recovering from a Cyber Security Incident.
Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon (Zetter, Kim)
In January 2010, inspectors with the International Atomic Energy Agency noticed that centrifuges at a uranium enrichment plant in Iran were failing and being replaced at an unprecedented rate. The cause of their failure was a complete mystery.
Five months later, a seemingly unrelated event occurred. A computer security firm in Belarus was called in to troubleshoot some computers in Iran that were caught in a reboot loop—crashing and rebooting repeatedly. At first, technicians with the firm believed the malicious code they found on the machines was a simple, routine piece of malware. But as they and other experts around the world investigated, they discovered a virus of unparalleled complexity and mysterious provenance and intent. They had, they soon learned, stumbled upon the world’s first digital weapon.
Stuxnet, as it came to be known, was unlike any other virus or worm built before: It was the first attack that reached beyond the computers it targeted to physically destroy the equipment those computers controlled. It was an ingenious attack, jointly engineered by the United States and Israel, that worked exactly as planned, until the rebooting machines gave it all away.
And the discovery of Stuxnet was just the beginning: Once the digital weapon was uncovered and deciphered, it provided clues to other tools lurking in the wild. Soon, security experts found and exposed not one but three highly sophisticated digital spy tools that came from the same labs that created Stuxnet. The discoveries gave the world its first look at the scope and sophistication of nation-state surveillance and warfare in the digital age.
Kim Zetter, a senior reporter at Wired, has covered hackers and computer security since 1999 and is one of the top journalists in the world on this beat. She was among the first reporters to cover Stuxnet after its discovery and has authored many of the most comprehensive articles about it. In COUNTDOWN TO ZERO DAY: Stuxnet and the Launch of the World’s First Digital Weapon, Zetter expands on this work to show how the code was designed and unleashed and how its use opened a Pandora’s Box, ushering in an age of digital warfare in which any country’s infrastructure—power grids, nuclear plants, oil pipelines, dams—is vulnerable to the same kind of attack with potentially devastating results. A sophisticated digital strike on portions of the power grid, for example, could plunge half the U.S. into darkness for weeks or longer, having a domino effect on all other critical infrastructures dependent on electricity.
Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World (Menn, Joseph)
The shocking untold story of the elite secret society of hackers fighting to protect our privacy, our freedom -- even democracy itself
Cult of the Dead Cow is the tale of the oldest, most respected, and most famous American hacking group of all time. Though until now it has remained mostly anonymous, its members invented the concept of hacktivism, released the top tool for testing password security, and created what was for years the best technique for controlling computers from afar, forcing giant companies to work harder to protect customers. They contributed to the development of Tor, the most important privacy tool on the net, and helped build cyberweapons that advanced US security without injuring anyone. With its origins in the earliest days of the Internet, the cDc is full of oddball characters -- activists, artists, even future politicians. Many of these hackers have become top executives and advisors walking the corridors of power in Washington and Silicon Valley. The most famous is former Texas Congressman and current presidential candidate Beto O'Rourke, whose time in the cDc set him up to found a tech business, launch an alternative publication in El Paso, and make long-shot bets on unconventional campaigns.
Today, the group and its followers are battling electoral misinformation, making personal data safer, and battling to keep technology a force for good instead of for surveillance and oppression. Cult of the Dead Cow shows how governments, corporations, and criminals came to hold immense power over individuals and how we can fight back against them.
The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats (Clarke, Richard)
An urgent new warning from two bestselling security experts--and a gripping inside look at how governments, firms, and ordinary citizens can confront and contain the tyrants, hackers, and criminals bent on turning the digital realm into a war zone.
America's next major war is likely to be provoked by a cyber attack. From well-covered stories like the Stuxnet virus, which helped slow Iran's nuclear program, to lesser-known tales like EternalBlue, the 2017 cyber battle that closed hospitals in Britain and froze shipping crates in Germany in midair, we have entered an age in which online threats carry real-world consequences. But we do not have to let autocrats and criminals run amok in the digital realm. We now know a great deal about how to make cyberspace far less dangerous--and about how to defend our security, economy, democracy, and privacy from cyber attack.
This is a book about the realm in which nobody should ever want to fight a war: The Fifth Domain, the Pentagon's term for cyberspace. Our guides are two of America's top cybersecurity experts, seasoned practitioners who are as familiar with the White House Situation Room as they are with Fortune 500 boardrooms. Richard A. Clarke and Robert K. Knake offer a vivid, engrossing tour of the often unfamiliar terrain of cyberspace, introducing us to the scientists, executives, and public servants who have learned through hard experience how government agencies and private firms can fend off cyber threats.
Clarke and Knake take us inside quantum-computing labs racing to develop cyber superweapons; bring us into the boardrooms of the many firms that have been hacked and the few that have not; and walk us through the corridors of the U.S. intelligence community with officials working to defend America's elections from foreign malice. With a focus on solutions over scaremongering, they make a compelling case for "cyber resilience"--building systems that can resist most attacks, raising the costs on cyber criminals and the autocrats who often lurk behind them, and avoiding the trap of overreaction to digital attacks.
Above all, Clarke and Knake show us how to keep The Fifth Domain a humming engine of economic growth and human progress, not give in to those who would turn it into a wasteland of conflict. Backed by decades of high-level experience in the White House and the private sector, this book delivers a riveting, agenda-setting insider look at what works in the struggle to avoid cyberwar.
Ghost in the Wires: My Adventures as the World's Most Wanted Hacker (Mitnick, Kevin)
If they were a hall of fame or shame for computer hackers, a Kevin Mitnick plaque would be mounted the near the entrance. While other nerds were fumbling with password possibilities, this adept break-artist was penetrating the digital secrets of Sun Microsystems, Digital Equipment Corporation, Nokia, Motorola, Pacific Bell, and other mammoth enterprises. His Ghost in the Wires memoir paints an action portrait of a plucky loner motivated by a passion for trickery, not material game. (P.S. Mitnick's capers have already been the subject of two books and a movie. This first-person account is the most comprehensive to date.)
Hash Crack: Password Cracking Manual (Picolet, Joshua)
The Hash Crack: Password Cracking Manual v2.0 is an expanded reference guide for password recovery (cracking) methods, tools, and analysis techniques. A compilation of basic and advanced techniques to assist penetration testers and network security professionals evaluate their organization's posture. The Hash Crack manual contains syntax and examples for the most popular cracking and analysis tools and will save you hours of research looking up tool usage. It also includes basic cracking knowledge and methodologies every security professional should know when dealing with password attack capabilities. Hash Crack contains all the tables, commands, online resources, and more to complete your cracking security kit.
Obfuscation: A User's Guide for Privacy and Protest (Brunton, Finn and Nissenbaum, Helen)
With Obfuscation, Finn Brunton and Helen Nissenbaum mean to start a revolution. They are calling us not to the barricades but to our computers, offering us ways to fight today’s pervasive digital surveillance—the collection of our data by governments, corporations, advertisers, and hackers. To the toolkit of privacy protecting techniques and projects, they propose adding obfuscation: the deliberate use of ambiguous, confusing, or misleading information to interfere with surveillance and data collection projects. Brunton and Nissenbaum provide tools and a rationale for evasion, noncompliance, refusal, even sabotage—especially for average users, those of us not in a position to opt out or exert control over data about ourselves. Obfuscation will teach users to push back, software developers to keep their user data safe, and policy makers to gather data without misusing it.
Brunton and Nissenbaum present a guide to the forms and formats that obfuscation has taken and explain how to craft its implementation to suit the goal and the adversary. They describe a series of historical and contemporary examples, including radar chaff deployed by World War II pilots, Twitter bots that hobbled the social media strategy of popular protest movements, and software that can camouflage users’ search queries and stymie online advertising. They go on to consider obfuscation in more general terms, discussing why obfuscation is necessary, whether it is justified, how it works, and how it can be integrated with other privacy practices and technologies.
Offensive Countermeasures: The Art of Active Defense (Strand, John and Asadoorian, Paul)
Tired of playing catchup with hackers? Does it ever seem they have all of the cool tools? Does it seem like defending a network is just not fun?
This books introduces new cyber-security defensive tactics to annoy attackers, gain attribution and insight on who and where they are. It discusses how to attack attackers in a way which is legal and incredibly useful.
Red Team: How to Succeed By Thinking Like the Enemy (Zenko, Micah)
Essential reading for business leaders and policymakers, an in-depth investigation of red teaming, the practice of inhabiting the perspective of potential competitors to gain a strategic advantage.
Red teaming. The concept is as old as the Devil's Advocate, the eleventh-century Vatican official charged with discrediting candidates for sainthood. Today, red teams are used widely in both the public and the private sector by those seeking to better understand the interests, intentions, and capabilities of institutional rivals. In the right circumstances, red teams can yield impressive results, giving businesses an edge over their competition, poking holes in vital intelligence estimates, and troubleshooting dangerous military missions long before boots are on the ground. But not all red teams are created equal; indeed, some cause more damage than they prevent. Drawing on a fascinating range of case studies, Red Team shows not only how to create and empower red teams, but also what to do with the information they produce.
In this vivid, deeply-informed account, national security expert Micah Zenko provides the definitive book on this important strategy -- full of vital insights for decision makers of all kinds.
RTFM: Red Team Field Manual (Clark, Ben)
The Red Team Field Manual (RTFM) is a no fluff, but thorough reference guide for serious Red Team members who routinely find themselves on a mission without Google or the time to scan through a man page. The RTFM contains the basic syntax for commonly used Linux and Windows command line tools, but it also encapsulates unique use cases for powerful tools such as Python and Windows PowerShell. The RTFM will repeatedly save you time looking up the hard to remember Windows nuances such as Windows wmic and dsquery command line tools, key registry values, scheduled tasks syntax, startup locations and Windows scripting. More importantly, it should teach you some new red team techniques.
More opportunities for you to earn CPEs
Did you realize that you can earn 5 CPEs by reading a book and writing a 250-word description? That's only one page (of double-spaced text)! Learn more about earning CPEs.
At our most recent board meeting, a motion was passed to establish the first (ISC)² USMG Chapter Lending Library. This library will start out with 10 curated titles relating to information security and will initially be housed in the Gray Cyber Center (home of the RCC-E) on Clay Kaserne.
Why are you doing this?
We are always looking for ways to add value to your membership! This provides an engaging, self-paced method to earn CPEs and encourage life-long learning.
How can I borrow a book?
We will make every effort to have at least some titles available at every chapter event. Additionally, members who work on Clay can email to arrange a time to visit the RCC-E as a visitor and select a title. Our Chapter Librarian is CPT Andre Powell and you can reach him at DSN 565-6118 to reserve a book or arrange pick-up/drop-off.
HINT: CPT Powell is earning CPEs by volunteering for the chapter. Do you want additional CPEs? Contact us to learn how we can help each other.
What kind of books are you looking for?
Anything with a nexus to one of the (ISC)² CBK domains. Specific technology areas, security concepts, or even biographies/non-fiction (e.g. a biography of the first CYBERCOM director or a chronology of STUXNET).
Can I get a tax write-off if I donate?
Unfortunately. we are not able to offer donation receipts at this time. However, you will get much better sleep at night knowing your books went to a great cause.
We need your book donations!
If you're like us, you probably have large piles of IT books you read exactly once and will never read again. Consider donating them to our library effort and let others read them for the very first time (and clean out your office in the same go).
WHAT: We are formally establishing a Lending Library for the USMG Chapter. The library will contain curated titles that are relevant to information security.
WHO: Library titles will be available to all members in good standing.
WHERE: We plan to house the library inside the RCC-E (Gray Cyber Center) on Clay Kaserne. When feasible, we will make titles available at official events.
HOW: We will start off fairly-low tech and use a simple sign-out sheet to track who is in possession of a given title at a given time.
WHY: Members are eligible to earn CPEs for reading cybersecurity-related books!