xorl %eax, %eax

Archive for the ‘books’ Category

Book: Practical Malware Analysis

leave a comment »

I had this book for quite a few years and never read it cover to cover. Recently I decided to do this and this is my review. It is still a very relevant resource if you are entering the world of malware analysis and it is definitely worth reading.

The book is written by two experts in the field, Michael Sikorski and Andrew Honig. Both very experienced malware analysts and reverse engineers. It is an 800 pages long book from 2012 that starts from zero, and moves up to advanced malware analysis and reverse engineering. No Starch Press provides a full listing of contents, reviews and sample chapters online if you want to check it out.

Basically, the book is from 2012 but the vast majority of its content is applicable today too. So far it is the most complete book that I have read on the topic of malware analysis. If you want to enter this world then I definitely recommend it as a good resource. However, keep in mind that it is a book from 2012, there will definitely be a few thing that are not as common today and many newer techniques that are not included in the book. It is also worth noting that it’s written in the form of lecturing book with exercises and examples at the end of each chapter. Overall, very nice book. :)


Written by xorl

March 18, 2018 at 13:33

Posted in books

Book: Threat Intelligence and Me: A Book for Children and Analysts

leave a comment »

This is one of the funniest and at the same time informative books around threat intelligence. It is written by Robert Lee and the illustrations were made by Jeff Haas.

I don’t have much to say about this book, I just love to get this book over to anyone that says “threat intelligence” in every other sentence without having a clue about what they are talking about. Definitely something worth having in your library and a great gift for any buzzword lovers you come across.

Written by xorl

January 23, 2018 at 08:10

Posted in books

Book: The Gift of Fear

leave a comment »

I don’t care who you are or what profession do you have, the “The Gift of Fear: And Other Survival Signals That Protect Us from Violence” is a book that will definitely benefit you. Even more if you are a woman. The author, Gavin de Becker, is an expert on violent crimes but this book is mostly about understanding and predicting violent human behaviour. Definitely one of the best books I’ve read recently.

You can find the table of contents of this amazing book below.

  • In the Presence of Danger
  • The Technology of Intuition
  • The Academy of Prediction
  • Survival Signals
  • Imperfect Strangers
  • High-Stakes Predictions
  • Promises to Kill (Understanding threats)
  • Persistence, Persistence (Dealing with people who refuse to let go)
  • Occupational Hazards (Violence in the workplace)
  • Intimate Enemies (Domestic violence)
  • “I Was Trying to Let Hum Down Easy” (Date stalking)
  • Fear of Children (Violent Children)
  • Better to Be Wanted by the Police Then Not to Be Wanted At All (Attacks against public figures)
  • Extreme Hazards
  • The Gift of Fear

I don’t have much to say about this book. Although it is more focused on violence against women (for very good reasons), it is an amazing book, full of extremely valuable information. It is something that everyone should read as it can improve everyone’s life. Incredible work written in a direct and understandable way, providing practical methods and knowledge for everyday life security and safety.

Written by xorl

December 2, 2017 at 00:02

Posted in books

Book: How to Define and Build an Effective Cyber Threat Intelligence Capability

with one comment

This is a tiny (42 pages long) book that theoretically helps security professionals in their first steps in building an effective Cyber Threat Intelligence (CTI) capability in their organization. However, it’s not so “effective” in achieving this.

Title: How to Define and Build an Effective Cyber Threat Intelligence Capability
Author: Henry Dalziel

The book is split in eight chapters which are the ones listed below.

  1. Introduction
  2. A Problem Well-Defined is Half-Solved
  3. Defining Business Objectives or “Start with Why”
  4. Common Objectives of a Threat Intelligence Program
  5. Translating Objectives into Needs, or “Why Drives What”
  6. How Technology Models Operationalize Threat Data
  7. Who: Given Why, What, and How, Now You Can Ask Where To Get It
  8. Conclusion and Recap

None of what is included in this book is actually bad information. However, almost none of the provided information is going to help in building an effective CTI capability. We are talking about a 42 pages long book that costs $40. That sets some high expectations. Unfortunately, the book is far from reaching those. You can easily get way better quality content from free sources on this topic rather than this book. So, yeah. It doesn’t worth $40 for what it provides. Maybe $2-5 and a different title would be a more realistic.

Written by xorl

November 10, 2017 at 22:53

Posted in books

Book: Absolute OpenBSD (2nd Edition)

with 2 comments

This is an excellent book for OpenBSD I recently had the opportunity to read. Let’s move on to my per chapter overview of the book.


Title: Absolute OpenBSD: UNIX for the Practical Paranoid
Author: Michael W. Lucas

Chapter 1: Getting Additional Help
A brief overview of the OpenBSD project’s support model along with the available resources (documentation, assistance, etc.).

Chapter 2: Installation Preparations
A very well written chapter for everything you might need before installing OpenBSD starting from hardware specifications, and moving on how to obtain OpenBSD, understanding partitioning, disklabels, etc.

Chapter 3: Installation Walk-Through
Once again the author starts from the very first steps such as configuring BIOS and goes through all the steps of the installer, disk configuration as well as some more advanced disklabel information.

Chapter 4: Post-Install Setup
In this chapter you can find information on all the basic configuration that usually takes place exactly after the installation process. This ranges from software configuration, timezone settings, networking to more advanced concepts like keyboard mappings, graphic console, etc.

Chapter 5: The Boot Process
Here after a description of the boot loader the author provides us with information on how to work in single-user mode, how to choose different kernel for booting, using serial console and of course, multi-user booting along with everything that comes with it.

Chapter 6: User Management
As the chapter’s title implies, this is a complete guide for user management on OpenBSD. Apart from all the common administration tasks (adding, editing, removing users) there is also a detailed section for login classes.

Chapter 7: Root, and How to Avoid It
This chapter could easily be renamed to “The complete guide to SUDO” since it includes all the required information to configure privileged accounts using SUDO.

Chapter 8: Disks and Filesystems
One of the most useful chapters to anyone moving from Linux to OpenBSD. It’s another detailed part of the book referencing everything that someone needs to know to have a very good understanding of disks and filesystems in the OpenBSD world. This includes partitioning, labeling, FFS (Fast Filesystem), etc. as well as information for managing disks and filesystems on OpenBSD.

Chapter 9: More Filesystems
The previous chapter was mostly focusing on the lower level of disks and filesystems while this one moves to a more in-depth approach on the filesystems. Herein you can find a lot of useful information for MFS (Memory Filesystem), foreign filesystems, NFS, etc.

Chapter 10: Securing Your System
This is a 10 pages chapter but with enough information to keep you researching for some time. It’s an introduction to all the security mechanisms offered by OpenBSD and suggestions on how to keep your system secure after its initial configuration.

Chapter 11: Overview of TCP/IP
Another introduction chapter this time for networking. It’s a very nice and well written part discussing all the basics of TCP/IP from theory to practice always having in mind the OpenBSD’s implementation of it.

Chapter 12: Connecting to the Network
All the essential steps to get your OpenBSD network connected having working Ethernet and DNS name resolution. Furthermore in this chapter there are sections for slightly more advanced topics like trunking, VLANs and over IPv6 tunneling.

Chapter 13: Software Management
Apart from the expected, detailed information on packages and port systems, here the reader can find information on customizing ports and sub-packages.

Chapter 14: Everything /etc
Literally this is the best title to describe what you can find in this chapter. It’s a brief overview of every single configuration file under /etc directory.

Chapter 15: System Maintenance
Here are some common administrative tasks separated by daily, weekly, monthly and custom maintenance tasks. Additionally, you can find information on system logging configuration and management, NTP, device drivers and hardware sensors configuration.

Chapter 16: Network Servers
A description of configuring and managing the most common network servers in OpenBSD. This includes LPD, DHCP, TFTP, SSH and SNMP.

Chapter 17: Desktop OpenBSD
Basically, this is everything you need to know to make your OpenBSD a working desktop environment. From the basic information on setting up X to working with CWM window manager and TMUX.

Chapter 18: Kernel Configuration
The first part of this chapter’s aim is to provide an introduction to understanding OpenBSD’s kernel from a system administrator’s point of view. The next sections deal with more advanced subjects such as kernel tuning via sysctl and custom kernel configuration with config or boot-time kernel configuration.

Chapter 19: Building Custom Kernels
Chapter starts by identifying the cautions of using custom kernels and after that it moves to the complete guide from configuring your own kernel, testing, building, installing and using it.

Chapter 20: Upgrading
Another in-depth chapter this time for the upgrading process in OpenBSD. The first sections provide information on OpenBSD versioning and upgrade process while the following ones discuss in detail all the required steps to upgrade your system with all the available methods.

Chapter 21: Packet Filtering
One of the main advantages of OpenBSD is the Packet Filtering (PF) system. This is an excellent introduction to it that includes all the basic information along with many different rules for various network protocols, configuration options and examples for sanitizing network traffic.

Chapter 22: Advanced PF
Continuing from the previous one, this is a more advanced view of PF. The reader can find more information on setting up packet filtering with subjects like tables, NAT, anchors, bandwidth management, logging, etc.

Chapter 23: Customizing OpenBSD
This last chapter is mostly comprised by ideas and small how-to sections for performing not-so-common tasks with OpenBSD. For example, here you can find information on virtualization, diskless setup, custom upgrades, etc.

This is definitely the absolute OpenBSD book since anyone, even with no experience with this operating system, can easily learn everything he/she needs to work with it. The chapters have a gradual level increase from completely basic to advanced so more advanced users can skip some of the initial ones and move on to the subject they want. Overall it’s an excellent, well written book providing great amount of information. However, the there is not a lot of knowledge for the most advanced users so in my opinion it is mostly focused on people that are starting or have recently started working with OpenBSD.

Written by xorl

May 18, 2013 at 14:19

Posted in books

Book: FreeBSD Device Drivers

with 2 comments

Before even reading it I knew that this book would be excellent. J. Kong proved that on his previous book and this is just another equally good example of his writing skills. So, here is my review…

Title: FreeBSD Device Drivers: A Guide for the Interpid
Author: Joseph Kong

Chapter 1: Building and Running Modules
This is an introduction to FreeBSD kernel modules with some additional information on character and block devices kernel modules.

Chapter 2: Allocating Memory
After going through the memory management routines, he provides a simple and understandable example of using them in kernel modules.

Chapter 3: Device Communication and Control
Moving to this chapter we have the I/O operations starting with IOCTL and next discussing (always in detail) the SYSCTL interface and of course providing examples for both cases.

Chapter 4: Thread Synchronization
A very interesting chapter dealing with synchronization issues of concurrent threads. After analysing a race condition in a kernel module, J. Kong dives into the details of race condition prevention using MUTEXes, shared/exclusive locks, reader/writer locks and condition variables always along with straightforward examples of each subject.

Chapter 5: Delaying Execution
Basically this is all about sleeping and context switching using the numerous available ways that FreeBSD supports.

Chapter 6: Case Study: Virtual NULL Modem
As you can guess from the title, this is a case study of a working virtual NULL modem terminal driver.

Chapter 7: Newbus and Resource Allocation
This is the first chapter dealing with actual hardware interaction kernel programming using Newbus.

Chapter 8: Interrupt Handling
From registering an interrupt handler up to writing a complete interrupt handler and generating interrupts, Joseph Kong explains all the steps required to achieve this.

Chapter 9: Case Study: Parallel Port Printer Driver
This is the second case study in this book utilizing all of the previously discussed features.

Chapter 10: Managing and Using Resources
Another very informative chapter dealing with concepts such as I/O ports, I/O memory, stream operations and memory barriers.

Chapter 11: Case Study: Intelligent Platform Management Interface Driver
A complete case study of an IPMI device driver.

Chapter 12: Direct Memory Access
As you can easily deduce from the title here you can find information for DMA programming in FreeBSD kernel. Everything such as DMA tags, synchronizing DMA buffers, etc. along with example kernel modules are available in this chapter.

Chapter 13: Storage Drivers
Starting with the disk structure it moves to all the components required to write a working block I/O device driver.

Chapter 14: Common Access Method
This chapter goes through the details of CAM mainly for HBA and SIM drivers.

Chapter 15: USB Drivers
Continuing from the previous chapter that dealt with HBAs, this one moves to USB. After a brief overview of the architecture and the structures used in FreeBSD operating system, the author discusses the routines used for USB device driver development.

Chapter 16: Network Drivers, Part 1: Data Structures
The title is pretty much self explanatory. J. Kong explains the essential network interface structures for management, media, mbuf, etc. and he also provides a simple example to demonstrate them.

Chapter 17: Network Drivers, Part 2: Packet Reception and Transmission
This is a small chapter which is also the last one and it deals with the network reception and transmission routines of the FreeBSD kernel.

Once again, Joseph Kong wrote a book that is compact, concise and well written. Each chapter can be used alone as a reference but there is also a flow between them if you choose to read the entire book. I would suggest this book to anyone interested in FreeBSD device drivers development and have a basic understanding of operating systems and C programming. Additionally, if you are a security oriented programmer you can use it as inspiration for rootkit development. Definitely an excellent book with all the information you’ll need to start developing your own FreeBSD device drivers.

Written by xorl

June 6, 2012 at 22:36

Posted in books

Book: The Tangled Web

with 4 comments

Everybody in the “security world” knows Michal Zalewski and his work especially in the field of web security and exploitation. So, with no further introduction here is my review of his new book, “The Tangled Web“.

Title: The Tangled Web: A Guide to Securing Modern Web Applications
Author: Michal Zalewski

Chapter 1: Security in the World of Web Applications
Here we have a nice introduction to the web application security going through all the required theoretical information as well as useful historical references.

Part I: Anatomy of the Web
Chapter 2: It Starts with a URL
Although a chapter dedicated to URL might initially seem like an overkill, M. Zalewski proves the opposite. In this chapter we can see that are so many details in parsing URLs correctly that is extremely difficult to have an application able to handle all of them properly.

Chapter 3: Hypertext Transfer Protocol
Similarly to the previous chapter, this one is dedicated to the “web protocol”, HTTP and all the security related information that go with it. This includes everything from requests, handling, encoding schemes, data transfers, etc. Definitely an excellent chapter.

Chapter 4: Hypertext Markup Language
Moving to a higher level we have the language of the web, HTML. This language that has literally changed the world has also many nuances crucial to any security researcher. From parsing to integration semantics and content inclusion, this chapter has all the information you need to know to start looking at HTML from a security researcher’s point of view.

Chapter 5: Cascading Style Sheets
We all know that nowadays it is almost impossible to find any web site that does not use Cascading Style Sheets (CSS) to change the content’s appearance. From a security perspective CSS are also important, many subjects like encodings, parsing and XBL bindings are discussed here.

Chapter 6: Browser-Side Scripts
Currently the most common kind of vulnerabilities. So, as you can easily guess here we have a lot of neat JavaScript stuff. However, the author is not limited to this and also provides information for everything that falls into that category. This means various things including DOM, Visual Basic, encodings, etc.

Chapter 7: Non-HTML Document Types
On the web we have numerous non-HTML files and all of them could have serious security impact on a web application. This chapter attempts to cover the most critical such as plain-text files, images, audio and video, XML, SVG, WML, RSS and Atom feeds, etc. by providing a quick overview for each one of them.

Chapter 8: Content Rendering with Browser Plug-ins
The last chapter of the first part of the book moves to a more complex subject. Starting with the essentials like invoking a plug-in, M. Zalewski moves to more advanced issues such as document rendering helpers and the various application frameworks (Adobe Flash, Microsoft Silverlight, etc.).

Part II: Browser Security Features
Chapter 9: Content Isolation Logic
Starting with the second part we now deal with the security policies that assist in securing web applications. Author explains how same-origin policy should be implemented for different types of objects and requests. Then he moves to plug-in related security policies and more advanced topics like unexpected or ambiguous origins.

Chapter 10: Origin Inheritance
Here we have information for client-side content that has different origin from its parent. Everything that has to do with “about:”, “javascript:”, etc. falls into this category and consequently a lot of details regarding the security implications of this are discussed in this chapter.

Chapter 11: Life Outside Same-Origin Rules
Continuing from the previous chapters, this one moves to a subject that has to do with content outside same-origin policy. For example, window or frame interactions.

Chapter 12: Other Security Boundaries
Apart from handling of the content there are a lot limitations that a web application should enforce. In this chapter you can find information for such topics like internal network(s) access, prohibited ports, third-party cookies, etc.

Chapter 13: Content Recognition Mechanisms
After discussing the document type detection model, M. Zalewski goes through many security related subjects that have to do with the content recognition including malformed MIME types, Content-Type values, downloaded files, character set handling, etc.

Chapter 14: Dealing with Rogue Scripts
Starting with denial-of-service attacks and the equivalent mitigation strategies for web applications, he moves to appearence problems and timing attacks on the user interface.

Chapter 15: Extrinsic Site Privileges
Here we have an overview of the extrinsic site privilege model including information for site permissions, password managers as well as a discussion of Microsoft Internet Explorer’s zone model.

Part III: A Glimpse of Things to Come
Chapter 16: New and Upcoming Security Features
The last part of this books is about the future of web application security. Many useful ideas and implementations are analysed in this chapter including popular ones like sandboxed frames and XSS filtering to less popular like security model extension frameworks for cross-domain requests.

Chapter 17: Other Browser Mechanisms of Note
Really interesting ideas that affect the security of web applications are provided here. Some of them are protocol registration, binary HTTP, P2P networking, geolocation discovery, UI notifications, media capture, etc.

Chapter 18: Common Web Vulnerabilities
This is the last chapter of the book and it’s a quick reference of all the common web vulnerabilities along with a small description.

So, if you are seriously interested in web application security and not limited to simple SQL injection and XSS vulnerabilities you should definitely read this book. I’m not aware of any other book dealing with this subject in such detail, most web application books are limited to vulnerability discovery and exploitation of bug classes known for at least 10 years but this one is about understanding each part of an application from the design, specifications, logic and of course implementation. Excellent work.

Written by xorl

January 29, 2012 at 21:51

Posted in books