xorl %eax, %eax

Archive for the ‘books’ Category

Practical IoT Hacking: The Definitive Guide to Attacking the Internet of Things

leave a comment »

A month or so ago, I was thrilled when I saw that this book was published. First because it covers a very interesting topic that not a lot of information of that level of detail was ever consolidated so nicely to a single place before, and secondly because one of the authors is an old friend of mine, Fotios Chantzis (AKA ithilgore).

iothackingbook

The reasons why it took me so long to write about it was because I had to study it and it’s quite extensive, including several hands-on exercises and even VMs to run them on! It’s a large (464 pages long) book but it doesn’t fill this space with unnecessary information. It’s a book that can get anyone without any prior knowledge of IoT hacking and raise them to a level that they’d feel comfortable with debugging hardware devices, understanding the most common exploitation avenues, and have a solid foundation for the most frequently used protocols and standards.

 

Table of contents 

Preface

Foreword

Part One: The IoT Threat Landscape
Chapter 1: The IoT Security World
Chapter 2: Threat Modeling
Chapter 3: A Security Testing Methodology

Part Two: Network Hacking
Chapter 4: Network Assessments
Chapter 5: Analyzing Network Protocols
Chapter 6: Exploiting Zero-configuration Networking

Part Three: Hardware Hacking
Chapter 7: UART, JTAG, and SWD Exploitation
Chapter 8: Hacking SPI and I2C
Chapter 9: Firmware Hacking

Part Four: Radio Hacking
Chapter 10: Short Range Radio: Abusing RFID
Chapter 11: Bluetooth Low Energy
Chapter 12: Medium Range Radio: Hacking Wi-Fi
Chapter 13: Long Range Radio: LPWAN

Part Five: Targeting the IoT Ecosystem
Chapter 14: Attacking Mobile Applications
Chapter 15: Hacking the Smart Home

Appendix A: Tools for IoT Hacking

 

If you are an experienced IoT security researcher you might find some of the content too basic for you since the book assumes the reader has no prior experience with this field. However, even for those experienced IoT hackers, there are lots of in-depth details that you might not be aware of.

Now, if you are not that experienced but interested in this subject, then that’s the best resource that is currently available to get you from zero knowledge to a competent IoT security researcher. 

I know F. Chantzis for almost two decades now and from the day he started working on this I was certain the end result would be a world-class book. Just to be clear, I am not discrediting the other authors and contributors, just saying that knowing Fotis I had no doubt that he wouldn’t let something below perfect to be released with his name attached to it.

To summarize, this is the most complete IoT hacking book to get someone with no knowledge of the domain or even a seasoned professional, and elevate them to level where they won’t just feel comfortable performing IoT security research, but they’d also have all the required skills to do so.

Written by xorl

March 29, 2021 at 13:51

Posted in books

Book: Practical Malware Analysis

leave a comment »

I had this book for quite a few years and never read it cover to cover. Recently I decided to do this and this is my review. It is still a very relevant resource if you are entering the world of malware analysis and it is definitely worth reading.



The book is written by two experts in the field, Michael Sikorski and Andrew Honig. Both very experienced malware analysts and reverse engineers. It is an 800 pages long book from 2012 that starts from zero, and moves up to advanced malware analysis and reverse engineering. No Starch Press provides a full listing of contents, reviews and sample chapters online if you want to check it out.

Basically, the book is from 2012 but the vast majority of its content is applicable today too. So far it is the most complete book that I have read on the topic of malware analysis. If you want to enter this world then I definitely recommend it as a good resource. However, keep in mind that it is a book from 2012, there will definitely be a few thing that are not as common today and many newer techniques that are not included in the book. It is also worth noting that it’s written in the form of lecturing book with exercises and examples at the end of each chapter. Overall, very nice book. :)

Written by xorl

March 18, 2018 at 13:33

Posted in books

Book: Threat Intelligence and Me: A Book for Children and Analysts

leave a comment »

This is one of the funniest and at the same time informative books around threat intelligence. It is written by Robert Lee and the illustrations were made by Jeff Haas.



I don’t have much to say about this book, I just love to get this book over to anyone that says “threat intelligence” in every other sentence without having a clue about what they are talking about. Definitely something worth having in your library and a great gift for any buzzword lovers you come across.

Written by xorl

January 23, 2018 at 08:10

Posted in books

Book: The Gift of Fear

leave a comment »

I don’t care who you are or what profession do you have, the “The Gift of Fear: And Other Survival Signals That Protect Us from Violence” is a book that will definitely benefit you. Even more if you are a woman. The author, Gavin de Becker, is an expert on violent crimes but this book is mostly about understanding and predicting violent human behaviour. Definitely one of the best books I’ve read recently.



You can find the table of contents of this amazing book below.

  • In the Presence of Danger
  • The Technology of Intuition
  • The Academy of Prediction
  • Survival Signals
  • Imperfect Strangers
  • High-Stakes Predictions
  • Promises to Kill (Understanding threats)
  • Persistence, Persistence (Dealing with people who refuse to let go)
  • Occupational Hazards (Violence in the workplace)
  • Intimate Enemies (Domestic violence)
  • “I Was Trying to Let Hum Down Easy” (Date stalking)
  • Fear of Children (Violent Children)
  • Better to Be Wanted by the Police Then Not to Be Wanted At All (Attacks against public figures)
  • Extreme Hazards
  • The Gift of Fear

I don’t have much to say about this book. Although it is more focused on violence against women (for very good reasons), it is an amazing book, full of extremely valuable information. It is something that everyone should read as it can improve everyone’s life. Incredible work written in a direct and understandable way, providing practical methods and knowledge for everyday life security and safety.

Written by xorl

December 2, 2017 at 00:02

Posted in books

Book: How to Define and Build an Effective Cyber Threat Intelligence Capability

with one comment

This is a tiny (42 pages long) book that theoretically helps security professionals in their first steps in building an effective Cyber Threat Intelligence (CTI) capability in their organization. However, it’s not so “effective” in achieving this.



Title: How to Define and Build an Effective Cyber Threat Intelligence Capability
Author: Henry Dalziel

The book is split in eight chapters which are the ones listed below.

  1. Introduction
  2. A Problem Well-Defined is Half-Solved
  3. Defining Business Objectives or “Start with Why”
  4. Common Objectives of a Threat Intelligence Program
  5. Translating Objectives into Needs, or “Why Drives What”
  6. How Technology Models Operationalize Threat Data
  7. Who: Given Why, What, and How, Now You Can Ask Where To Get It
  8. Conclusion and Recap

None of what is included in this book is actually bad information. However, almost none of the provided information is going to help in building an effective CTI capability. We are talking about a 42 pages long book that costs $40. That sets some high expectations. Unfortunately, the book is far from reaching those. You can easily get way better quality content from free sources on this topic rather than this book. So, yeah. It doesn’t worth $40 for what it provides. Maybe $2-5 and a different title would be a more realistic.

Written by xorl

November 10, 2017 at 22:53

Posted in books