Requirements
- Setting Requirements by Scott Roberts (@sroberts) (2016)
Models and Research
- The Diamond Model of Intrusion Analysis by Sergio Caltagirone (@cnoanalysis), Andrew Pendergast (@0xAndrew), and Chris Betz (2013)
- Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains by Eric Hutchins (@killchain), Mike Cloppert (@mikecloppert), and Rohan Amin (2011)
- Security Intelligence: Attacking the Kill-Chain by Mike Cloppert (@mikecloppert) (2010)
- Reflections on Trusting Trust by Ken Thompson
- Pyramid of Pain by David Bianco
Analysis and Cognition
- Psychology of Intelligence Analysis by Richards Heuer (1999)
- Analysis, War, and Decision: Why Intelligence Failures are Inevitable by Richard Betts (1978)
Tradecraft
- The Ten Commandments of Intrusion Analysis by Chris Sanders (@chrissanders88) (2012)
- Fifteen Axioms for Intelligence Analysis by Frank Watanabe
Good Stories
- Technical details of the attack described by Markoff in NYT by Tsutomu Shimomura (1995)
- An Evening with Berferd In Which a Cracker is Lured, Endured, and Studied by Bill Cheswick (@wcheswick) (1991)
- Ender’s Game by Orson Scott Card (Changing Strategies to Meet Adversary Evolution)
- The Cuckoo’s Egg by Clifford Stoll (@The_Cuckoo_Egg)
- Stalking the Wiley Hacker by Clifford Stoll (@The_Cuckoo_Egg) (1988)
- There Be Dragons by Steven Bellovin (@SteveBellovin) (1992)
Technical
- Smashing the Stack for Fun and Profit by Aleph One (@Aleph_One) (1996)
- Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection by Ptacek and Newsham (1998)
- Security Problems in the TCP/IP Protocol Suite by Steven Bellovin (@SteveBellovin) (1989)
- Hacking Exposed by McClure, Scambray, and Kurtz
- With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988 by Mark W. Eichin and Jon A. Rochlis
- Windows Internals by Mark E. Russinovich, David A. Solomon, and Alex Ionescu
- Practical Malware Analysis by Michael Sikorski and Andrew Honig
Other Reading Lists of Note
Blogs to Watch
- CYINT Analysis (@cyint_dude)
- Swannysec by John Swanson (@swannysec)
- Chris Sanders (@chrissanders88)
- SRoberts by Scott Roberts (@sroberts)
- Enterprise Detection and Response by David Bianco (@davidjbianco)
- Windows Incident Response by Harlan Carvey
- Krebs on Security by Brian Krebs ( @briankrebs)
Patton Adams
Rick Howard used to insist that we read Toffler. Any text that helps analysts develop their visualization techniques is good too (have to mention Tufte but he’s not the only one).
Vince
Another good read is Underground: http://www.underground-book.net/
Ben
I think there’s also a lot of value in reading good fiction novels also – whilst you might not think so on the outset, these authors take time and research to develop a story – more than just a ‘how to’. they’re typically more engaging and provide context for the information and tradecraft. …Just my two cents.