@stephen so far? georgia weidmans "penetration testing - a practical introduction to hacking"
that book got me started and served as a guide for the best part of a year.
@0xmrtn Thanks! Looking up reviews online, people are saying it's kind of out of date nowadays. I wonder if she'll release an updated version.
@stephen yeah it is outdated - but in as far as i know, she's currently working on an updated version.
(might be in here, not sure though https://themanyhats.club/podcast/ep-27-many-hats-indeed-with-georgia-weidman/)
@0xmrtn Great, thanks for following up. I’ll be sure to check out the second edition when it comes out (unless I can find the first edition used at a good price)!
@stephen best of luck searching for it! i still think it's worth a read, because the procedures are still valid - although the tech isn't
@stephen -- Little Brother by Cory Doctorow -- https://craphound.com/category/littlebrother/ -- Mostly because it made it easier to explain some of the concepts of the basics to bosses, co-workers, and friends who worried about the big and flashy without paying attention to the small, common, and mundane.
@stephen you know, the book with the biggest impact is probably Dan Ariely’s books on human rationality. They are not infosec books, but are immensely insightful into why we are where we are in infosec, and gave me ideas on how to make the situation better.
@stephen these books are a gateway drug into much more serious stuff from Richard Thaler, Dan Kahneman, and others.
Yeah, I gotta agree with Jerry, not so much on the specific books, but in studying human behavior... there are two specifics... thinking like the criminal, and thinking like the target...
One you need to understand in order to be able to anticipate threat models, the other you need to effectively communicate and educate with end-users... also helps to understand how to design solutions that are workable to the user.
A solution that is perceived to sacrifice business functionality won't last long in the wild.
- Hacking the human
- Liars and Ouliers
- The book of risk
- Web app hacker handbook
A Mastodon instance for info/cyber security-minded people.