EH-Net

So I am currently in the process of studying for MCITP, its not exactly exciting stuff, so I needed some bed time reading.  Friend pointed me to the "Stealing the Network" series.  I am someone new to the InfoSec field, been doing Sys Admin stuff for a while but decided I wanted to do more than clean up the mess once it made its way in.  I want to learn more about how it go there to begin with.  So when I'm not studying Microsoft, I am reading up on InfoSec and EH materials.

So I am about half way through STN: Owning the Identity, so far it blows my mind but at the same time making me even MORE interested in the field.  I was happy to see one of the stories mentioning tools I am already familiar with and realize I am on the right track!  So for any other newbies out there, take a look at this series of books, it is fantastic!!

On a side note, another friend of mine said I should give "Hacking for Moscow" a read to see some old school hacking.

Are you more interested in hacker stories and related stuff or are you looking for technical books?

I think you'd enjoy "The Cuckoo's Egg". Real life tracking of a hacker, from the Admin's point of view.

Awesec, interested in both, but trying to keep the technical books limited until I complete my MCITP, I get distracted too easily when I get bored, so figure for the bed time or outside reading material the stories are decent enough.  Most of the technical stuff beyond the recon is a bit over my head at the moment.

The Cuckoo's egg eh?  Think I heard of it.  Thanks for the suggestion. 

You can find my review on "The Cuckoo's Egg" here (http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,4467.0/).

Another book which is said to be worth the read is titled Daemon - A Novel (http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,1271.0/).

Kevin Mitnick also wrote a few books which are not too technical.

Personally I also enjoyed Secrets and Lies: Digital Security in a Networked World (http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,4468.0/).

Generally I'd recommend to browse through EH-Net's book section which contains some reviews. You will also find an older thread started by don about Books on Hacking / Hackers (http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,34.0/) which contains quite a few listings as well.

Thanks for the suggestions Awesec!  I'll take a gander in there once my list thins out :D 

Secrets and Lies has parts that are technical if I remember right. I read it a couple of years ago. It's kind of a Tech Book for Managers.

Have a read of Fatal system error http://fserror.com/

Fascinating look at the growth of bots used for crime, from a couple of view points and all true stories. Bit like The Cuckoo's Egg, but more up to date.  Has some excellent links to follow on reading, plus links to the news stories mention in the book and is very relevant to the mess some of us have to clean up today ;-)

i can recommend both books written by kevin mitnick. ofcourse it is focused on the social engineering part but this makes it non-technical. there are some real good/funny stories in there!

i shall have a look at the reviews part to select some for my own reading, thanks!

j0rDy, thanks, I actually read one so far, can't remember which one, but it was actually in my local library which I thought was funny.  It was definitely interesting to read about his social engineering exploits!  Easiest way into an organization is to ask for the keys :D

haha, never thought you would find such books in libraries! actually the easiest way in is by tailgating, (pretend you are busy on the phone and act clumsy with your fake badge) but thats another topic  ;)

Ah never thought about that one.  But yeah that could work.  Shoot I did a lot or pre-sale network assessments for my last company.  Some prospects would leave me in the server room with all the nice backup tapes nearby and the server consoles logged in.  That certainly went on the report.

i always get tempted to try to get in an organization when i have my first meeting with them to talk about the assessment, but i guess it would leave a non ethical impression so i never do...