Category Archives: Books Shelf

Read “Effective Threat Intelligence: Building and running an intel team for your organization”.

Recently I read the kindle version of “Effective Threat Intelligence: Building and running an intel team for your organization” by James Dietle. I found out after the fact there was a paper back version of it, and even gave one copy away as a Christmas present.

Anyway, this is the book I wish I had in January of 2016, when  I moved from Incident Response / Event Analysis to Threat Intelligence. It’s a good primer on the subject. While it’s not completely new material, it’s the basics in one place. When I started doing TI, I had to learn from the ground up, and things were scattered. Some was easy, other parts were more advanced, and nothing made a good how to. Especially when I wanted to start showing value from the word go.

I think that if I had, had this book and read it when I was starting it would have been very beneficial. While it’s not as in depth as SANS For578,  I do think that it would make a good primer for anyone in IR going to SANS for Cyber Threat Intelligence.

 

 

Review of “Sailing the Sea of OSINT in the Information Age”

Just read, or re-read “Sailing the Sea of OSINT in the Information Age” by Stephen C. Mercado from the Studies in Intelligence Volume 48, number 3. I’ve had this for a while, I bought it 2013. Which is part of why I don’t remember if I read it before. It’s available from the CIA’s Library. It’s an article from the CIA’s Peer Reviewed Journal.

I found it very informative, even for something originally written in 2007.  While today, I think most of us in IT, think of OSINT as mainly tracking social media accounts (what some call SOCINT), it really goes beyond it.

The main points that were brought up:

  1. OSINT has been there for a very long time, since the beginning of Intelligence programs in the United States. It just hasn’t ever been formally given a department like others.
  2. It’s based off public media like magazines, books, news papers, radio and TV broadcasts.
  3. There are not enough people who understand foreign language / culture to get proper use out of OSINT.

There is things in the public space where OSINT lives that comes out better than in some of the other sources of intelligence. An example was information gathered by the Japanese about a former KGB officer.  “The resulting book and Levchenko’s press conferences were, according to a US intelligence officer, more revealing than his CIA debriefing”.

Which oddly ties in to something I saw on my Firefox browser recently.

So I’m curious, do we as a mono-langauge culture really have the skills we need to do intelligence. How many data leaks are found on foreign language hacking forums?

 

 

 

The article is worth the read, and brings up some good questions. I liked Mercado’s recommendation on making the Foreign Broadcast Information Service an intelligence service again, put OSINT under it, like how the NRO has IMGINT, and create incentives for people to study things like language and culture to increase the ability of the agency.

Working through Violent Python

I’m working through Violent Python. I’m still working on the Automating Python stuff to, but that requires WingIDE and I only have 1 license for that. Which means run on a VM at home.

Violent Python suggested an IDE at the beginning, but the examples are written in a way (at least in the first 2 chapters) so I can SSH to my multi-purpose server and do everything via VIM and the CLI.

Continue reading

Book Review: Mass Killers: How you Can Identify, Workplace, School, or Public Killers Before They Strike

I bought this book in December of 2013. I think started to read it, and lost interest / had other things come up. I recently picked this book up to read not that long ago, and went through it. Mike Roche, did a good job of breaking the book up in to parts. He uses his history in Law Enforcement to cover Mass Shootings, the signs, and how HR / Senior Leadership should handle the events leading up to a shooting.

Continue reading

Book Review: The Complete Guide to Shodan

I’ve stumbled around with Shodan.io for a while now. It’s a great tool, but using it effectively has always eluded me. John Matherly has given me some great advice on twitter, and I like Daniel Miessler’s Shodan Primer. But I never really find the information I need at the time.

While I know it is great to find webcams and spying Super Gnomes, that is just something I don’t use Shodan for. A lot of the reason I use Shodan lately is for work. Usually someone in management asks will if anyone knows what Shodan knows about the company. Which of our systems are listed on there.

Today while stumbling around trying to look up the company name and the netblocks, and using Dan’s cheatsheet (linked above), I noticed a new link on the page. Book.

This link goes to Lean Pub’s “The Complete Guide to Shodan” by John Matherly. It is a pay what you want book. They suggest just under $5.00 USD, for the 60 page booklet. I’m saying it’s worth more than that. I paid $10.00, which I still think is too low for this book.

The book can be delivered to your Kindle or downloaded as a pdf, an Epub, or Mobi file. I grabbed the PDF and Kindle copies of the file (too small to read on my phone and never figured out how to get it to show up in the Kindle Cloud reader).

This book is divided up in to Web Interface, External Tools (like the linux command line), Developer API, Industrial Control Systems, Appendices, and Exercise Solution.

There are exercises at the end of the Web Interface, External Tools, and API sections. Not all of them worked the way they were described in the book. For example I couldn’t find the Rastalvskarn Powerplant, even though it shows up with the link in the solution section.

I’ve read some documents on the API and struggled to get them to work. After reading the book, while I still have some questions, I know I can write the Network Alert that management wants.

Get this book, it’s worth more than anything you’ll pay for it. While it is only just over 60 pages, the content is great! Especially especially the Filter list in Appendix B.

p.s. It is worth getting an account, and paying for access.

 

Currently trying to read

Having such a hard time finding time to read. Here is my current list:

  • Blue Team Handbook: Incident Response Edition (for work)
  • Counter Hack Reloaded (for work)
  • Wireless Reconnaissance in Penetration Testing (for my raspberry pi projects)
  • Kathy Reichs Bones of the Lost
  • Dresden: Summer Knight
  • Dresden: Death Masks
  • Dresden: Blood Rites
  • Google Earth Forensics (needs to be read while at pc with Google Earth, hands on)
  • Mass Killers (need to finish)
  • Rise of the Warrior cop (need to finish)
  • The Hobbyist Guide to the RTL-SDR (Needs to be read at pc, with SDR, hands on)
  • Kathy Reichs short story Bones in her Pocket
  • Incident Response & Computer Forensics
  • Hacker’s Challenge 1: Incident Response
  • The 30th edition, illustrated Princess Bride (birthday present)

And of course, classes start soon, which means even less time to read. The novels I could probably do on books on audio with my current drive, but I’m not a fan of audio books, I zone them out, and miss too much.

Of the above list, the ones with book marks in them: Mass Killers, Blue Team Handbook, Google Earth Forensics, Rise of the Warrior Cop, and The Hobbyist’s guide to RTL-SDR. Counter Hack should be in that list, but lost my other copy, bought 2nd starting fresh.

Book Review: Getting An Information Security Job for Dummies

First off, Getting an Information Job for Dummies took way to long for me to read. But that’s because of other commitments. I got the book in May, when a lot of people in the echo chamber were trashing it. I was also looking for advantages in trying to find a new job that went with my B.S. in Information Assurance and after 6 months was feeling desperate.

First, the book isn’t as good as it could have been. Second, it wasn’t as bad as people were making it out to be on Twitter. Third, the author uses too much of his own personal experience in it (something I’m guilty of with this blog). Fourth, he kept equating lock picking to crime. Which I didn’t like at all and being from Washington I thought he’d do better. They are legal there.

Continue reading

Book Review: Meditation for Warriors

I’ve been studying Martial Arts for around 30 years on. I’ve gotten a couple of other books by Loren W. Christensen, mostly on training and diet. However Meditation For Warriors: Practical Mediation for Cops, Solders, and Martial  Artists is the first one that focused on the mental aspect.

This book is written as a practical guide to focus your mind, giving you a calmer demeanor, and allows you to stay cool, calm, and collected when the stuff hits the fan.

I really like that while it’s geared towards “Warriors” (Police, Soldiers, Martial Artists), it’s a really down to earth book that anyone could read and get a better understanding of meditation. Part of the goal of the book was to give non-practitioners a real world view of the importance of meditation.

Continue reading

Book Review: Personal Digital Securty

I read Personal Digital Security: Protecting Yourself From Online Crime by Michael Bazzell. I think this book is a good place to start, if someone wants to learn more about computer security.  A seasoned practitioner of Information Security could use this book as a core component to create a great Security Awareness Training program for users.

Mr. Bazzell starts off as if the reader knows very little information on computer security. However by the end of the book, he’s very conversational in tone, and is suggesting the reader shares what he learned.

The book has a building block approach. Not all readers will need to go chapter by chapter. But starting with Chapters 1 and 2, Mr. Bazzell starts a great foundation for the things in the rest of the book. The book starts with protecting your computer, and then your passwords. From there he goes on to show how to protect your online accounts, your data, and your credit cards, your debit and your banking information. Next is about protecting your telephones, cellular and work. Chapters 8 and 9 go in to always connected devices and wireless networking. Chapter 10 talks about how parents can protect their children online.

If your bank accounts  or credit card has been compromised and you want a deeper understanding read this book. If you want to create a Security Awareness Program, start with this book. If you want to get in to Computer Security, this book covers the basics you should already know by the time you walk in to a class room or entry level job.