2010-12-17

Technical Reading List update

Updating the technical reading list with some new books. No particular order.


Windows Internals, 5th Edition
Russinovich, Solomon, Microsoft Press 2009 1231 pg, Library Congress # 98052-6399
The authoritative reference for the Windows OS internals. ‘nuff said.
The Shellcoder’s Handbook, 2cd edition
Anley, Heasman, FX, Richarte, Wiley 2007 718 pg, ISBN 978-0-470-08023-8
In-depth coverage of Exploits and how to build them. Buy the book and read it quickly before this edition also becomes out-dated! Oups – too late! Actually, everything is cumulative so this book lays the foundation that the newer exploit technologies are building on.
Advanced Windows Debugging
Hewardt, Pravat, Addison-Wesley 2008 809 pg, ISBN 978-0-321-37446-2
Extensive authoritative coverage of the classic Windows debugging tools. Practical coverage of Windows internals from a debugger’s standpoint. Essential skill set for malware analysis, forensics, exploit development. Authors are very Microsoft-centric in their outlook / choice of tools. Valgrind? Ollydbg?
Malware Analyst’s Cookbook
Ligh, Adair, et al, Wiley 2011 716 pg ISBN 978-0-470-61303-0
Since I’m writing this in 2010, I must have got my copy from a time machine! …. Great book! Super practical overview of what works and how to do it. “Must read” for malware forensics work.
Fuzzing – Brute Force Vulnerability Discovery
Sutton, Greene, Amini, Addison-Wesley 2007 543 pg, ISBN 0-32-144611-9
Anything Pedram Amini is involved in has to be good. This book is a solid overview of most everything fuzzing. Says it all in one place. Written in 2007, but still a good read.
Art of Software Security Assessment
Dowd, McDonald, Schuh, Addison-Wesley 2007 1174 pg ISBN 0-321-44442-6
The last in the last but definitely not the least!! At 1000+ pg this is a tome, nothing less. The authors say in their preface: “You’ll get the most value if you read this book straight through at least once …” And they are right (unfortunately!) This is the authoritative reference on source code review and includes in-depth discussions of related OS internals topics both in Unix and Windows. The web-related coverage towards the end is becoming outdated but is still useful.

2 comments:

Jessica said...

oh thanks

Blogger said...

Looking for the Ultimate Dating Site? Join to find your perfect date.