Practical Mobile Forensics

Practical Mobile Forensics is an introduction to mobile forensics for iOS, Android, Windows Phone and BlackBerry devices.

The book has a repeating format for each platform following along the lines of theory, data extraction, and analysis. 

Due to device availability, the only chapters I went through were for iOS and Android.  I was able to complete the Android chapters without any issues, however, i feel that some changes in iOS 8 likely caused a little bit of issues here and there with the iOS side.  Also, a lot of the tools/techniques happen to mention support for iOS versions less than 6.1. 

Overall, I felt this book provided a good foundation into getting into mobile forensics.  Due to the cost of a lot of the software covered in this book, I would recommend this more for enterprise-level users who likely have licenses to the software discussed in this book.

You can read more about it here.

image

Penetration Testing with the Bash Shell

My friends at Packt Publishing cut me a copy of Penetration Testing with the Bash Shell by Keith Makan.  To my disappointment, there wasn’t really a lot of material on the bash shell in this book.  Which leads us to a great follow-up question:  “What’s in there?”

Let’s break it down. 

First off, the book is a quick read and is only five chapters at about a hundred and twenty-five pages. 

Chapter one goes into the basics of navigating the file system— learning how to change directories, use the man pages, IO redirection, find and grep.  Pretty standard stuff for any tech book.

Chapter two talks about how to configure your prompt, managing your history file, and setting up/configuring tab completion.

Chapter three goes into reconnaissance with tools like dig, dnsmap, ping, and nmap.  I don’t feel like executing other applications from the command line really constitutes ‘penetration testing with the bash shell’.

Exploitation and reverse engineering is the topic for chapter four.  That means using metasploit and its suite of tools. The section on reverse engineering doesn’t really go into any examples of revering, just goes over objdump and gdb. 

And we finish up with chapter five which covers MAC/arp spoofing, ettercap, brute forcing with medusa, using tcpdump and some automated scanning tools.

Overall, this books wasn’t bad. I think it isn’t named appropriately for the content.  If you’re fresh to the penetration testing scene, you should be able to pick up some info from here. But if you’re looking on some more in-depth configurations and use of bash or penetration testing… move along.

You can read more about it here.

image

O’Reilly Intermediate Python Video Series

Decided to switch things up a bit and try a video series from O’Reilly.  I started out with their Intermediate Python by Steve Holden. 

To be completely honest, using IPython Notebook ruined the experience for me.  To be fair,  you could do the course without it, but if found working with IPython Notebook to be unnecessary overhead and robbed me of what little joy I got out of this course.

From a content perspective, the series comes with about thirty-two videos that are pretty much stand-alone and do not build on previously learned concepts. There’s a couple of clips that are not course related, likely as a break from learning.  I was indifferent about these, and in the end, realized they just wasted disk space and added no real value to my development skill.

Overall, I did not enjoy this course at all.  The format and use of IPython Notebook took away from the experience.  I’d recommend picking up one of O’Reilly books on Python instead.

You can read more about the course here.

Kali Linux – Assuring Security by Penetration Testing

Had some time over the holiday to finish my review copy of Kali Linux – Assuring Security by Penetration Testing, which is Ppobably one of the better beginner/intermediate Kali books. 

This book covers a lot of ground and lays down a solid foundation for discovery, enumeration, vulnerability assessment, exploitation, persistence, and reporting.  It covers a lot of the basic tools like nmap, wireshark, metasploit, openvas,and  burp as well as going into some of the fuzzers, MITM attacks, escalation and more.  

The only thing that would make this book perfect is if the author got rid of the first two chapters (downloading,installing,configuring, etc) and condensed the chapters on penetration testing methodologies and reporting together. 

You can read more about it here.

Expert Metasploit Penetration Testing [Video Course]

I took some time and looked through Packt’s ‘Expert Metasploit Penetration Testing’ Video course higher expectaions due to the work “Expert” being in the title.  Before we begin, let me say this:  the course isn’t bad at all.  It’s great— but geared more toward people who haven’t been exposed to metasploit (or Linux) at all.

For example— the first few parts of course go over basic use of nmap, how to view command line parameters— not something I would really expect in an “expert” course.  The material takes you through the basics of a nmap and nessus scan, basic uses of the msf suite (msfpayload, msfencode, meterpreter, etc) as well as covering some basic post exploitation tactics. 

Another thing that didn’t set well with me as the material is over two dead distributions— Backtrack 5 and Windows XP SP2.  It’s time to move on to Kali and Windows 7 or 8.  ms08_067_netapi is great as an academic demonstration, but it would be nice to see material that covered more modern operating systems.

All-in-all, this isn’t a bad course at all.  If you’re new to the penetration testing scene and have never used some of the tools demonstrated, I would highly recommend taking the time and going through this course.

You can read more about it here:

You can view a sample of the course on pivoting on YouTube here:

Network Security Through Data Analysis

Understanding your logs and traffic flows are critical to identifying and remediating threats to (or in) your environment.   While the author does not go to any great lengths of depth, he does provide a solid high-level approach to the multitude of ways you can sift through your data and detect anomalies.  

Overall, this book was alright.  I wish it went into greater depth on some of the topics (perhaps the author would make an intermediate-advanced volume??? :D )   I would recommend this for anyone looking to get a solid foundation collection, detection, and correlation.  

You can read more about the book here:

Web Services Testing with soapUI

I received my review copy of Web Services Testing with soapUI a few days ago and I’m pretty much indifferent with this book.  On one hand, there isn’t a lot of books out there dealing with soapUI, so it’s hard to compare it to others on the market.  The book is alright— it covers the basics of installation and configuration as well as conducting some discussion surrounding webservices in general.  If you’re new to webservices or soapUI, this book could provide some value with you.

You can read more about it here.

Malware Forensics Field Guide for Linux Systems

Much like it’s Windows counterpart, the Malware Forensics Field Guide for Linux Systems does not disappoint.  With this book, some Linux fundamentals, a few open source tools, and a suspect piece of software you can begin the incident handling process for a suspect piece of software found on a Linux system.

This book also comes with some best practices and cheat sheets for every step of the process.  Not only does it tell you what do to, but it also tells you what you shouldn’t do in order to maintain the integrity of the collection.

Overall, the MFFGfLS is a great addition to your incident response/malware analysis collection. 

You can read more about it here.

Regular Expressions Cookbook

I’ve always been a fan of the ‘Cookbook’ series of books: it’s the information I want, when I want it, without the fluff.  This book definitely does not disappoint.  Here’s how the book is laid out:

1.  Present the problem.
2.  Present the solution
3.  Present the solution if it’s different in .net, java, pcre, etc.

While the earlier chapters deal with the basics and some theory, this book is geared more to regex veterans.  Regardless, it’s a great addition to my ‘essentials’ shelf.  Highly recommend to any professional who deals in regular expressions daily.

You can read more about it here.

image

Malware Forensics Field Guide for Windows Systems

While not a in-depth as Practical Malware Analysis or the Malware Analysts Cookbook, Malware Forensics Field Guide for Windows Systems provides a great guide for those looking to either create or compliment their incident response process by detailing industry standard techniques for reversing malware. 

That being said, where this book shines is it’s aptly-named field guide look and feel which allows you to quickly get to information pertinent to your incident.  The book is littered with analysts tips, screenshots, and checklists that streamline the IR process.

If you’re looking to compliment your IR processes and procedures, you can’t go wrong with this book.   Once you have an established process and are familiar with the tools, I’d also recommend picking up the other two books mentioned as they are more hands-on with labs that will put the foundations learned in this book to use.

You can read more about it here.

image