https://systemoverlord.com/tags/reading-list.htmlRecent content in Reading List on System OverlordHugoen-usdavid@systemoverlord.com (David Tomaschik)david@systemoverlord.com (David Tomaschik)Fri, 26 Jun 2020 00:00:00 +0000https://systemoverlord.com/2020/06/26/security-culture-reading-list.htmlFri, 26 Jun 2020 00:00:00 +0000david@systemoverlord.com (David Tomaschik)https://systemoverlord.com/2020/06/26/security-culture-reading-list.html<p>A friend recently asked me if I could recommend some reading about hacking and security culture. I gave a couple of quick answers, but it inspired me to write a blog post in case anyone else is looking for similar content. Unless otherwise noted, I&rsquo;ve read all of these books/resources and can recommend them.</p>https://systemoverlord.com/2014/09/13/getting-started-in-information-security/Sat, 13 Sep 2014 19:30:22 +0000david@systemoverlord.com (David Tomaschik)https://systemoverlord.com/2014/09/13/getting-started-in-information-security/<p>I&rsquo;ve only been an information security practitioner for about a year now, but I&rsquo;ve been doing things on my own for years before that. However, many people are just getting into security, and I&rsquo;ve recently stumbled on a number of resources for newcomers, so I thought I&rsquo;d put together a short list.</p> <ul> <li><a href="http://krebsonsecurity.com/2012/07/how-to-break-into-security-schneier-edition/">Brian Krebs and Bruce Schneier put together some thoughts</a></li> <li><a href="http://averagesecurityguy.info/2011/09/13/security-career-question/">Stephen, aka Average Security Guy has a good discussion, mostly focusing on certifications</a></li> <li><a href="http://www.slideshare.net/ChrisGrayson/so-you-want-to-be-a-hacker">Chris Grayson&rsquo;s &ldquo;So you want to be a hacker&rdquo; presentation</a></li> <li><a href="http://www.reddit.com/r/netsec/wiki/start">Reddit&rsquo;s /r/netsec wiki maintains a good page on getting started</a></li> <li><a href="https://www.dc801.org/infosec-resources/">DC801&rsquo;s list of InfoSec Resources</a></li> </ul>https://systemoverlord.com/2014/05/30/weekly-reading-list-for-53014/Fri, 30 May 2014 07:00:00 +0000david@systemoverlord.com (David Tomaschik)https://systemoverlord.com/2014/05/30/weekly-reading-list-for-53014/<p>It&rsquo;s been a busy week, so I&rsquo;m just going to drop some info about Radare2.</p> <h3 id="radare2-materials">Radare2 Materials</h3> <ul> <li><a href="https://github.com/Maijin/radare2book">Radare2Book</a></li> <li><a href="http://radare.org/get/ncn2010.pdf">@pancake&rsquo;s presentation on patching with r2</a></li> <li><a href="http://canthack.org/2011/07/adventures-with-radare-1-a-simple-shellcode-analysis/">Adventures with Radare2</a></li> <li><a href="http://radare.org/y/?p=talks">Miscellaneous Radare2 Talks</a></li> </ul>https://systemoverlord.com/2014/05/23/weekly-reading-list-for-52314/Fri, 23 May 2014 07:00:00 +0000david@systemoverlord.com (David Tomaschik)https://systemoverlord.com/2014/05/23/weekly-reading-list-for-52314/<p>###Radare2 Book Maijin on GitHub is in the process of putting together an <a href="https://radare.gitbooks.io/radare2book/">online book for Radare2</a>. I&rsquo;ve been looking for a good resource for using Radare2, and this is a great start.</p> <p>###Reverse Engineering for Beginners Dennis Yurichev has a <a href="http://yurichev.com/RE-book.html">free eBook on Reverse Engineering</a>. I haven&rsquo;t gotten through it yet, but it looks interesting, and you can&rsquo;t beat the price.</p> <p>###Hacker Playbook Finally, I finished up <a href="http://www.amazon.com/gp/product/1494932636/ref=as_li_tl?ie=UTF8&amp;camp=1789&amp;creative=390957&amp;creativeASIN=1494932636&amp;linkCode=as2&amp;tag=systemovecom-20">The Hacker Playbook: Practical Guide To Penetration Testing</a> this week. You can find <a href="https://systemoverlord.com/2014/05/21/book-review-the-hacker-playbook/">my full review here</a>.</p>https://systemoverlord.com/2014/05/09/reading-list-for-592014/Fri, 09 May 2014 07:00:00 +0000david@systemoverlord.com (David Tomaschik)https://systemoverlord.com/2014/05/09/reading-list-for-592014/<p>###On XTS Mode for Disk Encryption Thomas Ptacek writes <a href="http://sockpuppet.org/blog/2014/04/30/you-dont-want-xts/">You Don&rsquo;t Want XTS</a>, and suggests that though XTS works well enough in practice, it is far from ideal for Full Disk Encryption, and should not be used at all for other encryption operations (i.e., anything that doesn&rsquo;t resemble FDE). XTS is useful only in that it makes &ldquo;random access&rdquo; encryption more secure, as you need for a disk. For encryption of whole blocks of data at rest, you probably want CBC mode, and for anything on the wire, AES-GCM is the new hotness.</p>