The Red Team Mindset is not always easy to understand or even being to describe, and since red teams today are being employed not just on the information security world I thought it would be good to have a list of non-computer-related books that will help in the understanding of the Mindset and the way of red teaming.
This is by no means a complete list. Expect it to be updated from time to time. Please send your book recommendations as well. Also, check the Red Team Journal's Bookshelf for more great books.
Here's the list:
- The Mission, The Men, and Me: Lessons from a Former Delta Force Commander, Pete Blaber
- Inside Delta Force, Eric Haney
- Human Intelligence, Counterterrorism, and National Leadership: A Practical Guide, Gary Berntsen
- Silent Warfare: Understanding the World of Intelligence, Abram N. Shulsky
- Red Teams and Counterterrorism Training, Stephen Sloan
- The Book of Five Rings, Miyamoto Musashi
- Escape the Wolf – Personal Security Handbook for the Traveling Professional, Clint Emerson
- Killer Elite: The Inside Story of America's Most Secret Special Operations Team, Michael Smith
- Chosen Soldier, Dick Couch
- KODO: Ancient Ways: Lessons in the Spiritual Life of the Warrior/Martial Artist , Kensho Furuya
- Man in the Shadows: Inside the Middle East Crisis with a Director of Israel's Mossad, Efraim Halevy
- The Essence of Aikido: Spiritual Teachings of Morihei Ueshiba, Morihei Ueshiba
- Let My People Go Surfing: The Education of a Reluctant Businessman, Yvon Chouinard
- Emergency: This Book Will Save Your Life, Neil Strauss
- The Art of Deception: Controlling the Human Element of Security, Kevin Mitnick
- The Rock Warrior's Way: Mental Training for Climbers, Arno Ilgner
Here's an soon to be published book by Richard Bejtlich: The Practice Of Network Security Monitoring
Richard Bejtlich is the Chief Security Officer at Mandiant and was previously Director of Incident Response for General Electric, where he ran, among other things, their red team.
Escape the Wolf – Personal Security Handbook for the Traveling Professional has a wealth of information about how to recognize, assess and avoid threats. Highly recommended to anyone not only traveling, but working ona red team.
Escape the Wolf mitigates risk by preemptive threat assessment, recognition and avoidance for companies and government agencies whose employees travel internationally.
Terrorist attacks. Natural disasters. Domestic crackdowns. Economic collapse. Riots. Wars. Disease. Starvation.
What can you do when it all hits the fan?
Beyond the seemingly silly description this book contains a wealth of information about urban survival, tactics, and a lot of info.
I highly recommend Sloan’s book Red Teams and Counterterrorism Training. It provides a good insight into what it takes to do this at a law enforcement and military levels.
One of the questions people keep on sending my way is about what books I recommend. Well, there are several out there that are good and worth reading. I'll list a few here:
- Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp.
- Social Engineering: The Art of Human Hacking by Christopher Hadnagy
- Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam
- The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
- Red Teams and Counterterrorism Training by Stephen Sloan
- Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others.
- Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor
- The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors
- Snort IDS and IPS Toolkit (Jay Beale's Open Source Security) by several authors
- Schneier on Security by Bruce Schneier
There are many more, but these will get you started.
This time, we feature titles from the Red Team Journal editors and advisors as well as suggestions from external thought leaders in the red teaming community. Please note that the list is an admittedly eclectic sample rather than a comprehensive catalog. We encourage RTJ readers to join the discussion and add their favorites.
These are good books to always have around. You can get the digital versions and carry them on your phone.
Highly recommended: Violent Python.
It’s an great introduction to writing fast attack code and exploits using python. It focuses on penetration testing and quick and dirty hacks. A good book to have in the collection.