Cybersec and Programming Study Guides

cybersecurity, programming, and threat model guides

CSIAC DoD Cybersecurity Policy Chart
This chart organizes cybersecurity policies and guidance by Strategic Goal and Office of Primary Responsibility. Double-clicking* on the box directs users to the most authoritative publicly accessible source. Policies in italics indicate the document is marked for limited distribution or no authoritative public-facing hyperlink is currently available. The linked sites are not controlled by the developers of this chart. We regularly check the integrity of the links, but you may occasionally experience an error message due to problems at the source site or the site's decision to move the document. CNSS policies link only to the CNSS site. Boxes with red borders reflect recent updates.

97 Things Every Programmer Should Know
Kevlin Henney: 97 Things Every Programmer Should Know draws on the wisdom of crowds and the voices of experience to offer not so much a coordinated big picture as a crowdsourced mosaic of what every programmer should know. This ranges from code-focused advice to culture, from algorithm usage to agile thinking, from implementation know-how to professionalism, from style to substance.

Adversary Tactics: PowerShell
SpecterOps: Our goal is to teach our methodology for using PowerShell effectively as a security professional, recognizing when it’s the best tool for the job or no, and discovering and mitigating security feature bypasses. This course should serve as a launchpad for continued research! Why did we choose PowerShell? As attackers it’s flexibility. It was not getting caught at the time. Our other tools were. Few were talking about it at the time. There weren’t well-established PowerShell capabilities. Why learn PowerShell as a defender? Nearly all the same reasons it’s good for an attacker. Affords the opportunity to introduce minimal additional forensic artifacts when performing live response and threat hunting. Enables investigations to occur at scale with PowerShell Remoting. PS Remoting does not introduce interactive logon tokens unlike RDP. When everything is represented as an object, it enables easy, efficient filtering/analysis. Attackers still love it!

Beginning Python From Novice to Professional
Magnus Lie Hetland: This 3rd Edition is intended to suit a wide audience, from neophyte programmer to advanced computer wiz. If you have never programmed before, you should start by reading Chapter 1 and continue until you find that things get too advanced for you (if, indeed, they do). Then you should start practicing and write some programs of your own. When the time is right, you can return to the book and proceed with the more intricate stuff. The last ten chapters present ten programming projects, which show off various capabilities of the Python language. These projects should be of interest to beginners and experts alike. Although some of the material in the later projects may be a bit difficult for an inexperienced programmer, following the projects in order (after reading the material in the first part of the book) should be possible.

Beginning Ruby From Novice to Professional
Peter Cooper: This 3rd Edition is designed to cater both to people new to programming and to those with programming experience. Ruby’s culture is different enough from other languages that most of this book will be of use to both groups. Any large sections that can be skipped by already proficient programmers are noted in the text. In any case, I’d suggest that all programmers at least speed-read the sections that might seem obvious to them, as there are some surprising ways in which Ruby is different. If you already know some PHP, Perl, BASIC, C, or Pascal, some of the concepts in Ruby will be familiar to you, but the different perspective Ruby takes could throw you at first. Like the differences between spoken languages, Ruby differs from most other programming languages not only by syntax, but by culture, grammar, and customs. In fact, Ruby has more in common with more esoteric languages like LISP and Smalltalk than with better-known languages such as PHP and C++.

Building Telegram Bots
Nicolas Modrzyk: This relatively short book is about Developing Bots in 12 Programming Languages using the Telegram Bot API. Why not use one and stick to it? you might ask. Well, because there’s not one answer to all questions, and what’s right for others might not be suitable for you. Exploring different programming languages is also a fun way to examine the strengths of each language while performing the same tasks. Each of the Telegram concepts can be introduced one after the other, in a simple fashion.

C++17 From Novice to Professional
Ivor Horton, Peter Van Weert: In this 5th Edition, we have gone through great lengths to bring it back in line with the new, modern era of C++ programming we’re living in. As before, we of course do so in the form of a gradual, informal tutorial. We’ll introduce to you all the shiny blades and pointy things C++ has to offer—both old and new—using many hands-on coding samples and exercises. But that’s not all: more than ever before we’ve made sure to always explain which tool is best to use for which purpose, why that is the case, and how to avoid getting cut. We’ve made sure that you will begin C++, from day one, using the safe, productive, modern programming style that employers will expect from you tomorrow.

C# 7 Programming with Visual Studio 2017
Benjamin Perkins, Jacob Vibe Hammer, Jon D. Reid: This book is intended to teach you about all aspects of C# programming, including the language itself, desktop, cloud, and cross-platform programming, making use of data sources, and some new and advanced techniques. You’ll also learn about the capabilities of Visual Studio 2017 and all the ways that this product can aid your application development.

Cloud Computing and Digital Media Fundamentals
Kuan-Ching Li, Qing Li, and Timothy K. Shih: Fundamentals, Techniques, and Applications covers the fundamentals of cloud and media infrastructure, emerging technologies that integrate digital media with cloud computing, and real-world applications that exemplify the potential of cloud computing for next-generation digital media. Specifically, this book covers resource optimization for multimedia cloud computing, a key technical challenge in adopting cloud computing for various digital media applications. It also contains several important new technologies in cloud computing and digital media such as query processing, semantic classification, music retrieval, mobile multimedia, and video transcoding.

Common Sense Guide to Mitigating Insider Threats
Carnegie Mellon University: This 6th Edition provides the CERT National Insider Threat Center’s most current recommendations from the CERT Division, part of Carnegie Mellon University’s Software Engineering Institute. These recommendations are based onour continued research and analysis of an expanded corpus of over 1,500 cases of insider threat. The problem of insider threat impacts organizations across all industries. Though the attack methods vary depending on the industry, the primary types of attacks we have identified theft of intellectual property, sabotage, fraud, espionage, and unintentional incidents continue to hold true. This edition of the Common Sense Guide also considers workplace violence incidents as these types of threats have been fully incorporated into insider threat programs across the U.S. government, Department of Defense,and most of industry.

Cybersecurity Essentials
Charles J. Brooks, Christopher Grow, Philip Craig, Donald Short: This book is designed to provide a solid theory and practical platform for cybersecurity personnel. Key information provided in this edition includes: Critical infrastructure security systems and devices, Security for local intelligent computing, and controlling devices and systems, Security for local area network components and systems, Cybersecurity for users and networks attached to the Internet. Each chapter begins with a list of learning objectives that establishes a foundation and systematic preview of the chapter. A wealth of graphic diagrams and screen shots are included in each chapter to provide constant visual reinforcement of the concepts being discussed.

Cyber Operations: Building, Defending, and Attacking Modern Computer Networks
Mike O’Leary: This 2nd Edition is a gentle introduction to cyber operations for a reader with a working knowledge of Windows and Linux operating systems and basic TCP/IP networking. It is the result of more than 10 years of teaching a university capstone course in hands-on cyber security. It begins by showing how to build a range of Windows and Linux workstations, including CentOS, Mint, OpenSuSE, and Ubuntu systems. These can be physical or virtual systems built with VMWare Workstation or VirtualBox. Kali Linux is introduced and Metasploit is used to attack these systems, including EternalBlue and attacks against Internet Explorer, Firefox, Java, and Adobe Flash Player. These attacks all leave traces on the target and the network that can be found by a savvy defender, and these methods are demonstrated.

Gray Hat Hacking
Ethical Hacker's Handbook 5th Edition: This book has been developed by and for security professionals who are dedicated toworking in an ethical and responsible manner to improve the overall security posture ofindividuals, corporations, and nations. The purpose of this book is to provide individuals the information once held only by governments and a few black hat hackers. In this day and age, individuals stand in the breach of cyberwar, not only against black hat hackers, but sometimes against governments. If you find yourself in this position, either alone or as a defender of your organization, we want you to be equipped with as much knowledge of the attacker aspossible. To that end, we submit to you the mindset of the gray hat hacker, an ethical hacker that uses offensive techniques for defensive purposes. The ethical hacker always respects laws and the rights of others, but believes the adversary may be beat to the punch by testing oneself first.

How TCP/IP Works in a Modern Network
Walter Goralsk: The Illustrated Network 2nd Edition allows you to see what is happening on amodern network when you access a Web site, write an email, download a song, or talk on the phone over the Internet. From that observation you will learn how a modern network works. This book is about what actually happens on a real network running the protocols and applications used on the Internet today. We’ll be looking at the entire network—everything from the application level down to where the bits emerge from the local device and race across the Internet. A great deal of the discussion will revolve around the TCP/IP protocol suite, the protocols on which the Internet is built. We’ll have to look at link types and topologies that are not on the network, because many newer elements of TCP/IP apply to more specialized deployments such as packet optical networks, large data centers, and virtual machines. Nevertheless, we can fit them into the overall architecture as needed.

Internet Infrastructure: Networking, Web Services, and Cloud Computing
Richard Fox & Wei Hao: Why did we write this textbook? We generally see these books taking one of three forms. The first are the computer science and business-oriented texts that are heavy on networking theory and usage with little emphasis on practical matters. They cover Transmission Control Protocol/Internet Protocol (TCP/IP), Internet servers, and the foundations for telecommunications but do not provide guidance on how to implement a server. The second are the books that take the opposite approach: strictly hands-on texts with little to know the theory or foun-dational material. In teaching computer information technology courses, we have found numerous books that instruct students on how to configure a server but not on how the server actually works. Finally, there are books on socket-level programming. This textbook attempts to combine the aspects of the first and second groups mentioned previ-ously. We do so by dividing the material roughly into two categories: concept chapters and case study chapters.

Adrian Kaehler & Gary Bradski: This book documents OpenCV in a way that allows the reader to rapidly do interesting and fun things in computer vision. It gives an intuitive understanding of how the algorithms work, which serves to guide the reader in designing and debugging vision applications and also makes the formal descriptions of computer vision and machine learning algorithms in other texts easier to comprehend and remember. This book contains descriptions, working code examples, and explanations of the C++ computer vision tools contained in the OpenCV 3.x library. Thus, it should be helpful to many different kinds of users: Professionals and Entrepreneurs, Students, Teachers, Hobbyists. We have a strong focus on giving readers enough intuition, documentation, andworking code to enable rapid implementation of real-time vision applications.

Linux Essentials for Cybersecurity
William “Bo” Rothwell & Denise Kinsey: Our goal with this book is to provide you with the skills a Linux professional should have. The approach we take is a typical “ground-up” approach, but with the unique methodology of always keeping an eye on security. Throughout this book, you will find references to security issues. Entire sections are devoted to security, and a strong emphasis is placed on creating security policies. Linux is a very large topic, and it is really impossible to cover it entirely in one book. The same is true regarding Linux security. We have made every effort to provide as much detail as possible, but we also encourage you to explore on your own to learn more about each topic introduced in this book.

Linux+ 3rd Edition
Richard Blum & Christine Bresnahan: This book covers the material that someone new to Linux will need to learn the OS from the beginning, and it continues to provide the knowledge you need upto a proficiency level sufficient to pass the two exams. You can pick up thisbook and learn from it even if you've never used Linux before, although you'll find it an easier read if you've at least casually used Linux for a few days. If you're already familiar with Linux, this book can serve as a review and as a refresher course for information with which you might not be completely familiar. This book is written with the assumption that you know at least a little bit about Linux (what it is and possibly a few Linux commands). We also assume that you know some basics about computers in general, such as how to use a keyboard, how to insert a disc into an optical drive, and so on.

Machine Learning for Hackers
Drew Conway, John Myles White: To provide a more complete reference on machine learning for hackers, therefore, we need to compromise between providing a deep review of the theoretical foundations of the discipline and a broad exploration of its applications. To accomplish this, we have decided to teach machine learning through selected case studies. We believe the best way to learn is by first having a problem in mind, then focusing on learning the tools used to solve that problem. This is effectively the mechanism through which case studies work. The difference being, rather than having some problem for which there may be no known solution, we can focus on well-understood and studiedproblems in machine learning and present specific examples of cases where some solutions excelled while others failed spectacularly.

Machine Learning & Security
Clarence Chio, David Freeman: Protecting Systems with Data and Algorithms — If you are working in the security field and want to use machine learning to improve your systems, this book is for you. If you have worked with machine learning and now want to use it to solve security problems, this book is also for you. Our examples are in Python and we provide references to the Python packages required to implement the concepts we discuss, but you can implement the same concepts using open source libraries in Java, Scala, C++, Ruby, and many other languages.

Machine Learning with H2O
Darren Cook: Powerful, Scalable Techniques for Deep Learning and AI — H2O is very easy to install. First I will show how to install it with R, using CRAN, and then how to install it with Python, using pip. After that we will dive into our first machine learning project: load some data, make amodel, make some predictions, and evaluate success. By that point you will be able to boast to family, friends, and the stranger lucky enough to sit next to you on the bus that you’re a bit of an expert when it comes to deep learning and all that jazz. The examples in this book are going to be in R and Python. So you need one of those already installed. And you will need Java. If you have the choice, I recommend you use 64-bit versions of everything, including the OS.

Machine Learning with Python
Andreas C. Müller, Sarah Guido: A Guide for Data Scientists is for current and aspiring machine learning practitioners looking to implement solutions to real-world machine learning problems. This is an introductory book requiring no previous knowledge of machine learning or artificial intelligence (AI). We focus on using Python and the scikit-learn library, and work through all the steps to create a successful machine learning application. The methods we introduce will be helpful for scientists and researchers, as well as data scientists working on commercial applications. You will get the most out of the book if you are somewhat familiar with Python and the NumPy and matplotlib libraries.

Machine Learning with R
Scott V. Burger: Rigorous Mathematical Analysis — This book is ideally suited for people who have some working knowledge of the R programming language. If you don’t have any knowledge of R, it’s an easy enough language to pick up, and the code is readable enough that you can pretty much get the gist of the code examples herein. This book is an introductory text, so we don’t dive deeply into the mathematical under pinnings of every algorithm covered. Presented here are enough of the details for you to discern the difference between a neural network and, say, a random forestat a high level.

Mind Hacking - Reprogram Your Thinking
Sir John Hargrave: Mind Hacking teaches you how to reprogram your thinking -- like reprogramming a computer -- to give you increased mental efficiency and happiness. For the first time in history, we humans live in two worlds: the physical world of objects, and the digital world of websites, apps, and video games. We may still call the physical world "the real world," but that's just a figure of speech: the digital world is no less "real" than the physical world, just different. Similarly, our mental world is no less "real" than the physical world, just different. Computers have given us an excellent model for thinking about the mind. Our thoughts are like bits: they're transient, ephemeral, invisible. And with some basic tools, they can be manipulated to do new and amazing things, an epiphany like Woz had in his cubicle all those years ago. Mind hacking is like hooking up a keyboard to your head.

Network+ Guide to Networks 7th Edition N10-006
Network+ Guide to Networks 8th Edition N10-007
Jill West, Jean Andrews, Tamara Dean: These books introduces the fundamental building blocks that form a modern network, such as hardware, topologies, and protocols, along with an introduction to the OSI model. It then provides in-depth coverage of the most important concepts in contemporary net-working, such as TCP/IP, Ethernet, wireless transmission, virtual networks, cloud computing, segmentation, security, and troubleshooting. After reading this book and completing the end-of-chapter exercises, you will be prepared to select the network design, hardware, and software that best fits your environment. You will also have the skills to build a network from scratch and maintain, upgrade, troubleshoot, and manage an existing network. Each chapter opens with an “On the Job” story from a network engineer, technician, or administrator. These real-world examples, along with Applying Concepts activities, Hands-On Projects, and Capstone Projects in each chapter, make this text a practical learning tool.

Nmap: Official Project Guide to Network Discovery and Security Scanning
Gordon “Fyodor” Lyon: From port scanning basics for novices to the type of packet crafting used by advanced hackers, this book by Nmap's author and maintainer suits all levels of security and networking professionals. Rather than simply document what every Nmap option does, Nmap Network Scanning demonstrates how these features can be applied to solve real world tasks such as penetration testing, taking network inventory, detecting rogue wireless access points or open proxies, quashing network worm and virus outbreaks, and much more. Examples and diagrams show actual communication on the wire. This book is essential for anyone who needs to get the most out of Nmap, particularly security auditors and systems or network administrators. While Nmap is extremely powerful, it is also complex. More than 100 command-line options add expressiveness for networking gurus, but can confound novices. Some of its options have never even been documented. This book documents all Nmap features and, more importantly, teaches the most effective ways of using them. It has taken nearly four years to write, with constant updating as Nmap has evolved.

Pentest+ PT0-001
Mike Chapple, David Seidl: Pentest+ PT0-001 provides accessible explanations and real-world knowledge about the exam objectives that make up the PenTest+ certification. This book will help you to assess your knowledge before taking the exam, as well as provide a stepping stone to further learning in areas where you may want to expand your skill set or expertise. Successful test-takers will prove their ability plan and scope assessments, handle legal and compliance requirements, and perform vulnerability scanning and penetration testing activities using a variety of tools and techniques, and then analyze the results of those activities.

Project Management Body of Knowledge Guide
PMI 6th Edition: This guide is different from a methodology. A methodology is a system of practices, techniques, procedures, and rules used by those who work in a discipline. This guide is a foundation upon which organizations can build methodologies, policies, procedures, rules, tools and techniques, and life cycle phases needed to practice project management. The PMBOK Guide provides more detail about key concepts, emerging trends, considerations for tailoring the project management processes, and information on how tools and techniques are applied to projects. Project managers may use one or more methodologies to implement the project management processes outlined in the standard.

Project Management Templates List
Hosted on Google Drive by various authors. Work Scheduling, Project Planning, Work Breakdown Schedule, Time Sheets, Project Charters, Communications Plan, Risk Management Plan, Risk Register, Project Status Reports, Project Budgets, Project Timelines, Issue Management, and To Do Lists.

Scan With Virus Total before using one within your office suite software.

Reverse Engineering for Beginners
Dennis Yurichev: This book is about reverse engineering of software: researching compiled programs. x86/x64, ARM/ARM64, MIPS, Java/JVM are discussed in-depth. Topics touched upon are Oracle RDBMS, Itanium, copy-protection dongles, LD_PRELOAD, stack overflow, ELF10, win32 PE file format, x86-64, critical sections, syscalls, TLS11, position-independent code, profile-guided optimization, C++ STL, OpenMP, and SEH. Unless you are an OS developer, you probably don’t need to code in assembly—modern compilers are much better at performing optimizations than humans. Also, modern CPUs are very complex devices and assembly knowledge doesn’t really help one to understand their internals. That being said, there are at least two areas where a good understanding of assembly can be helpful: First and foremost, security/malware research. It is also a good way to gain a better understanding of your compiled code whilst debugging. This book is therefore intended for those who want to understand assembly language rather than to code in it, which is why there are many examples of compiler output contained within.

SCRUM! The Ultimate Beginners Guide
Adam Vardy: The Ultimate Beginners Guide To Mastering Scrum To Boost Productivity & Beat Deadlines. This book contains proven steps and strategies on how to learn Scrum fast and how to use this framework in order to conserve time and budget while hitting targets in a timely manner. This book will also show you what kind of products are worth developing and how you can use Scrum principles within a large group to create projects that are measurable, efficient, and reliable when it comes to delivering customer satisfaction and good return of investment. With this book, you will learn how to use Scrum to cut the time you need to plan and organize in order to submit deliverables way before the deadline. By learning Scrum, you would be able to generate more products that meet customer satisfaction and have efficient use of your resources to meet organization goals.

Server+ SK0-004
Troy McMillan: If you want to acquire a solid foundation in servers and the storage systems they use, and your goal is to prepare for the exams by filling in any gaps in your knowledge, this book is for you. You’ll find clear explanations of the concepts you need to grasp and plenty of help to achieve the high level of professional competency you need in order to succeed in your chosen field. If you want to become certified as a Server+ holder, this book is definitely what you need. However, if you just want to attempt to pass the exam without really understanding the basics of personal computers, this guide isn’t for you. It’s written for people who want to acquire skills and knowledge of servers and storage systems.

Social Media Protection: A Handbook for Privacy & Security Settings
US Army Criminal Investigation Command: Cyber-enabled financial fraud is a sophisticated scam often targeting unwitting individuals who do not have a good understanding of the military construct, benefits, or rank structure. Because of this lack of knowledge, threat actors use the digital identities of U.S. service members to carry out their scam. Threat actors conduct Open Source Intelligence (OSINT) operations on Social Media Networks and the Internet to harvest photographs and biographies of the individuals who they are going to impersonate. The best way to combat these threat actors is to strengthen the security and privacy settings of the top social media networks. This handbook is a step-by-step guide covering good cyber-hygiene practices and the steps you need to take to strengthen the security and privacy settings for Facebook, Instagram, Twitter, and LinkedIn.

The Shellcoder’s Handbook: Discovering and Exploiting Security Holes
Chris Anley, John Heasman, Felix “FX” Linder, Gerardo Richarte: 2nd Edition is mostly concerned with arbitrary code execution vulnerabilities, by which we mean bugs, that allow attackers to run code of their choice on the target machine. Most of the content of this book is concerned with the raw meat of security bugs — assembler, source code, the stack, the heap, and so on. These ideas allow you to write tools rather than just use tools written by others. Finally, there’s a question of focus and attitude. It isn’t written down in any particular paragraph, but the message that shines out through the whole of this book is that you should experiment, explore, and try to understand the systems you’re running. You’ll find a lot of interesting stuff that way.

Threat Modeling Designing for Security
Adam Shostack: This book describes the useful models you can employ to address or mitigate these potential threats. People who build software, systems, or things with software need to address the many predictable threats their systems can face. Threat modeling is a fancy name for something we all do instinctively. If I asked you to threat model your house, you might start by thinking about the precious things within it: your family, heirlooms, photos, or perhaps your collection of signed movie posters. You might start thinking about the ways someone might break in, such as unlocked doors or open windows. And you might start thinking about the sorts of people who might break in, including neighborhood kids, professional burglars, drug addicts, perhaps a stalker, or someone trying to steal your Picasso original. In this introduction, you’ll learn about what threat modeling is and why individuals, teams, and organizations threat model. Those reasons include finding security issues early, improving your understanding of security requirements, and being able to engineer and deliver better products.

Wireshark and the Metasploit Framework
Jessey Bullock, Jeff T. Parker: Wireshark for Security Professionals hopes to meet three goals: Broaden the information security professional’s skillset through Wireshark, Provide learning resources, including labs and exercises, to apply what you learn, Demonstrate how Wireshark helps with real-life scenarios through Lua scripting. In short, this book is a hands-on, practice-oriented Wireshark guide created for you, the information security professional. The exercises will help you to keep you advancing your Wireshark expertise long after the last page.