Resources
Online Reading
I like to use Inoreader to organise my online reading, sorting feeds into specific categories. Rules can be created to - for example - trigger a Microsoft Teams webhook when an article matching a specific criteria is added. One potential use case is creating a Teams channel for tracking vulnerabilities in products that you use.
In addition to RSS feeds, the APT & CyberCriminal Campaign Collection GitHub repo can save you a lot of time. Clone a local copy of it and keep it sync’d!
Newcomers to the industry may also find my Threat Intelligence learning resource useful. It offers a summary of the basics and an extensive list of blog posts, whitepapers and presentations to help guide and support your learning.
Twitter Lists
Ensure that you make these Private lists. I highly recommend Tweeten as a desktop client and TweetDeck as a web client.
Books
- Practical Malware Analysis by Michael Sikorski
- Malware Analyst’s Cookbook by Michael Ligh
- Practical Reverse Engineering by Bruce Dang
- Windows Internals (Part 1) by Mark Russinovich
- Windows Internals (Part 2) by Mark Russinovich
- The Art of Memory Forensics by Michael Ligh, Andrew Case, Jamie Levy and Aaron Walters
- Hacking: The Art of Exploitation by John Erickson
- Violent Python by TJ O’Connor
- The Practice of Network Security Monitoring: Understanding Incident Detection and Response by Richard Bejtlich
- Open Source Intelligence Techniques by Michael Bazzell
- Intelligence-Driven Incident Response by Scott J. Roberts and Rebekah Brown
- A Rulebook for Arguments by Anthony Weston
- A Burglar’s Guide to the City by Geoff Manaugh
- Terrorism and Counterintelligence: How Terrorist Groups Elude Detection by Blake Mobley
- Allen Dulles’s 73 Rules of Spycraft by James Srodes
- Tolkachev, A Worthy Successor to Penkovsky by Barry Royden
- Silent Warfare: Understanding the World of Intelligence by Abram Shulsky and Gary Schmitt
- Deciphering Sun Tzu: How to Read The Art of War by Derek Yuen
- Red Team: How to Succeed By Thinking Like the Enemy by Micah Zenko
- The Red Team Handbook by The University of Foreign Military and Cultural Studies
- Red Teams and Counterterrorism Training by Stephen Sloan
- Dirty Wars: The World Is a Battlefield by Jeremy Scahill
- Social Engineering: The Art of Human Hacking by Christopher Hadnagy
- The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
- Business Adventures by John Brooks
- Trading Wisdom: 50 lessons every trader should know by Cheds
- One Up On Wall Street by Peter Lynch
Training
- Reverse Engineering Workshops by @malwareunicorn
- The Beginner Malware Analysis Course by @0verfl0w_
- Zero2Automated: The Advanced Malware Analysis Course by @0verfl0w_ and @VK_Intel
- Attack Detection Fundamentals by @FSecureLabs
- Exploit Writing by @corelanc0d3r
Podcasts
- Red Team Podcast
- Adversarial Conversations
- Darknet Diaries
- Defensive Security Podcast
- Collective Intelligence
- Recorded Future
- State of the Hack
- The Privacy, Security, & OSINT Show
- The Underworld Podcast
- Bellingcat Podcast
Channels
Infosec
- SANS Digital Forensics and Incident Response
- FIRST
- OALabs
- Virus Bulletin
- hasherezade
- IppSec
- MalwareTech
- Colin Hardy
- LiveOverflow
- MalwareAnalysisForHedgehogs
- Raphael Mudge