This post will contain a subjective list of recommended reading – stuff that I found either interesting, useful or otherwise beneficial during this year. However, this time it won’t be all about the books; unlike what I wrote last year, this list contains freely available publications, booklets and documents from a variety of fields of expertise.
I do believe this content is relevant when helping us all prepare for what might be coming next in 2023 and beyond. Happy reading.
PS. Please, do let me know if you are interested in a new post with recommended OSINT and security books.
Common TTPs of modern ransomware groups – great piece of research from Kaspersky here. Ransomware remains a very significant feature of the digital threats landscape and it can only be expected to rise and adapt in 2023 and beyond. The research makes frequent references to established international frameworks like NIST and MITRE while including some less known ransomware groups that have operated in the space of the last 6 years (although it does not cover the most recent actors, like Karakurt or Vice Society). Kaspersky’s report does a decent job of combining high level overviews with some technical details that can be used when reviewing event logs.
The Cyber Intelligence Analyst’s Cookbook – created in 2020 by The Open Source Research Society, this booklet focuses on various OSINT techniques and methodologies for investigating cyber incidents. Heavily focused on researching post-breach artifacts using tools like Maltego and MISP.
The DOJ Journal of Federal Law and Practice May 2021 – published by the US Department of Justice. I found this particular volume interesting due to the wide variety of topics it addresses – from data breach investigations, blockchain analysis, to prosecuting offences committed using drones.
ENISA Threat Landscape for Ransomware Attacks – ENISA is The European Union Agency for Cybersecurity and it regularly produces useful and timely publications on cyber threats. This one is dated July 2022, so at the time of writing this blog post, it’s probably one of the most recent and accurate info booklets out there. Apart from outlining how ransomware works, it contains some recommendations regarding building ransomware resilience and responding to incidents.
Finding Beacons in the Dark – this is a guide to cyber threat intelligence written by the BlackBerry Research and Intelligence Team. Written from a very practical standpoint, without the usual academic padding and theorising overhang, it reads well and is relevant. This is a great example of something written by people who engage hands-on with the subject matter.
Guidelines for Digital Forensics First Responders – since this is an Interpol publication, its primary target audience is law enforcement personnel. However, like any set of best practices, the contents of this guide are easily applicable for other professions. Search and seizure might be a very law enforcement specific area of investigations, but it does exist in adapted iterations within the private industry too. Regardless – an interesting read, especially when it comes to virtual assets, vehicles and maritime equipment.
OSINT Navigator for Investigative Journalists – a very handy, concise and to the point manual on how to conduct OSINT investigations. It offers comprehensive instructions on how to set up an investigative environment, how to leverage various sources and how to clean up the acquired data. A solid resource for OSINT beginners and casual enthusiasts who want to level up their game.
Introduction to Malware Analysis – a booklet for beginners from LetsDefend; this is a noob-friendly guide on how to gain some hands on experience with malicious software examination. From breaking down categories of various types of malware, to VM setup and conducting static vs dynamic analysis. A good resource for self starters.
The Nmap Cookbook – an oldie (2010) but goldie. Nmap remains a very relevant tool for conducting network scans and can be used for both defence and offence. Contains lots of commands and various Nmap parameters for network discovery – all ready to be tried out and tested. Particularly useful when preparing for industry certifications and other exams.
Money laundering through the gambling industry – freshly out of the digital printing press of the Basel Institute on Governance (September 2022), this booklet focuses on using AML measures within the gambling industry. Interesting examples of how money is laundered through gambling and what should be done to stop it.
Russian Intelligence – an absolute must-read and one of my private highlights of this list. I could not believe this is a freely accessible publication, as it would definitely be worth paying money for it. Russia and its kleptocratic regime has been and most likely will remain a relevant threat for the foreseeable future. This book focuses on the why and the how of Russian intelligence agencies and their operations. If you wish to gain a good understanding of the FSB, GRU and SVR tradecraft, read this book.
SOC Analyst Interview Questions – I have no idea who the author of this is, but they did a good job on compiling various sample questions asked during a SOC analyst interview. If you consider a career in cybersecurity or are about to interview for cybersecurity analysts jobs, this should come in handy.
Threat Hunting Playbook – publication by Rank Software. A very clear breakdown of threat attack indicators and threat hunting scenarios. Contains examples of queries that can be used within a SIEM. Highly recommended for cybersecurity specialists and incident responders.
Top 50 Security Threats – we all probably heard about the OWASP Top 10 – but who can name the top 50 security threats? Well, now we can, thanks to this list created by Splunk. The notes under each threat provide a high level overview of what it does and how. An easy read, useful for quickly expanding your knowledge of the current cyber threat ecosystem.