On a good Sunday morning, I was flipping my kindle to read a book related with my job. I went to Amazon store to check books under Threat Intel & Hunting domains. There is not a lot of options as other Cybersecurity domains, especially in the ones published recent years. I got a wild idea of buying a bunch of them to read through to review the content of the books and the ideas. This is a brief review of these books for anyone who wants to purchase to read it. My main job responsibility is taking care of threat landscape and input to risk management. The reviews are given to reflect which level of knowledge required for each books and content coverage.
Just for a sanity check and unbiased judgement, I don’t have any of these authors’ works and pick these books with ZERO effort in reading other reviews.
A mix of both domains
This is the first book I read back in 2021 and a technical oriented content with practical examples and tools that the beginner level can kick start threat intelligence and hunting tasks. However, this book might not be relevant in near future with new tools and technology available. If you want to have hand-on knowledge and how to use tools such as MITRE CAR, CALDERA, & Atomic Red Team, this is a good book to start with.
- Level: Beginner
- Content: Technical
- Recommended Reader: technical person that wants a basic introduction of threat intel/hunting and some of the - tools to perform the tasks
- Published Date: February 2021
Threat Intelligence
This books layout in an interesting way for the reader to understand not only about Threat Intelligence with practical tools and execution, but also walk through incident response procedure, DFIR concepts and how Threat Intel can support throughout investigation steps.
- Level: Beginner to Intermediate
- Content: Technical and Procedural
- Recommended Reader: technical person that wants to dive into Incident Response and Threat Intelligence.
- Published Date: May 2022
Probably, this is one of the best book that covers foundation of threat intel, threat actor campaigns, threat intel lifecycle with examples. The book sits in a good balance between technical, theoretical and operational aspect of how to start a proper intel program for enterprises. A recommended book if you want to invest on ONLY 1 book to have a gist of threat intelligence.
- Level: Beginner to Intermediate
- Content: Technical and Theoretical
- Recommended Reader: Anyone who works in SOC, CERT and risk management and my recommendation if you ONLY want 1 book to cover Intel lifecycle
- Published Date: June 2022
The book has academic style layout and presentation that highlights the past severe incidents and how Threat Intel plays a role in preventing it. If you are already in the industry and not seeking detailed technical explanation of protocols and how the attacks layout, this book is a bit over-killed. I wish I read something like this last 5 years ago. Each chapter topics are not quite coherent and presents a new topic.
- Level: Intermediate to advance
- Content: Theoretical
- Recommended Reader: technical person that wants to dive into
- Published Date: 2018
The book content is not designed for procedural level of “hows”. it explains what is Threat Intelligence program and the benefits of it. It also walks through intel life cycle and other important ‘must know’ topics such as analytic frameworks and techniques.
- Level: Beginner to Intermediate
- Content: Managerial
- Recommended Reader: anyone who wants to understand the importance of threat intel program and from managerial aspects
- Published Date: 2021
Another good book with dive-in practical approach to establish intel program and how to turn into actions. The book is not long and covers most aspects that need for consideration to kick start. For a guy with technical background, I found this book easy to swallow and the use of diagrams and pictures saves a ton of words. Some idea, the author uses a odd analogy but it kind of stick in your brain.
- Level: Beginner to Intermediate
- Content: Technical and Procedural
- Recommended Reader: anyone who wants to tailor intel process and practical methods to execute but needs some ideas
- Published Date: March 2018
Threat Hunting
The first book under Threat Hunting that I decided to read is “The Foundations of Threat Hunting”. It’s a theoretical book that dive into the process of how to establish threat hunting program of the organization. The needs of people, process. technology and management approval is layout nicely with good scenarios. A very good book for team lead or even technical personnel to understand the core principles and concepts of Threat Hunting Program.
- Level: Intermediate
- Content: management and non-technical concepts for team formation and program establishment
- Recommended Reader: Team lead or managerial position that wants to understand the value and requirements of Threat Hunting Program
- Published Date: June 2022
The 2nd and 19th chapter of this book have a special place in my mind as the author reflects his or her own personal experience in digging underground threat actors’ motive with cover profile and actual conversation examples with the path he took. The rest of the book is heavily cover on tooling and techniques for OSINT. It can be a good holiday read for some hardcore OSINT guy that wanna dive into another level down.
- Level: Intermediate to Advanced
- Content: Technical
- Recommended Reader: The investigators and analysts on the ground hunting and tracking e-criminals
- Published Date: 2020
I don’t know who is Dan Borges but he is a philosophical security guy. He describes things in a non-fiction way, which is quite intriguing for some deep level thinkers but might be a throw-off for practical guys. I suggests you gives a preview read at Amazon or somewhere before purchasing it.
The book covers paradigms and aspects to understand in theoretical level of cybersecurity attack and defense “competitions”(actual terms used by author).
- Level: Intermediate to Advanced
Content: Theoretical
Recommended Reader: For L4 analysts or threat hunters that want to advance and align with modern state of the warfare
- Published Date: June 2021
Other books I read in the past and found useful
I don’t want to list any books that can be vendor basis but this book gives me a solid background for my understanding of threat intel domain and applications for different security functions. The latest release is 4th edition and a lot of fine-tune and upDate to catch up.
It is also FREE with an exchange of your contact information, so the affiliated vendor can contribute to your mail inbox with emails about how the platform can make you a ninja.
TaHiTI Threat Hunting methodology is my choice of threat hunting approach and this free available resource from Dutch financial institutions bring me joy and kick start of a systematic approach on performing routine threat hunts.
Any of your favorite books missing out in the above list? I want to know. Shout out at comment section and I’ll spend my good money to invest.